- More than 10+ years of progressive experienced IS Consultant / Management professional with strong leadership and experience in IT G.R.C, Risk Management, IT Security
- Consulting/Management and Enterprise Defense/Architecture. With dynamic drive to build team(s) with a focus in delivering value to organization's objective.
- Project management Governance, Risk & Compliance (GRC)
- Budgeting and finance Risk Assessment & Compliance
- Conflict resolution Penetration Testing
- Team leadership Disaster Recovery Planning
- Staff development Risk management processes and analysis
- Information Protection and Analysis.
Confidential, Deerfield, ILIT Security / Risk Consultant
- Researches, design, and oversees implementation of information technology, systems and policies for information security in support of business needs.
- Working with ITIL processes such as Incident, Problem and Change management.
- Scheduled Pre - Confidential meetings and attended Confidential ( Confidential ) Meetings to provide approval for change management.
- Working with oversight committees and privacy, legal, and compliance stakeholders to develop enterprise-level information security compliance policies that address purpose scope, and policy directives.
- Taking leads in developing and managing information security programs, including, but not limited to; information security awareness, vulnerability management, vendor risk management and risk management.
- Working directly with departments, clients, management to achieve results aligned with rganization goals and objective.
- Assisting the development and knowledge transfer to IT team members, as well as other enterprise groups while promoting a culture of information security across all business units.
- Provided governance and leadership in all aspects of organizational security (Cyber Network, Physical, People, Operational, Computer Systems Validation and Compliance).
IT Security / Risk Consultant
Confidential, Dallas, TX
- Promoted a culture of information security across all business units for client's enterprise.
- Assisted in the development and knowledge transfer to IT team members, as well as other enterprise groups.
- Liaised with Clients corporate compliance, audit, legal and HR management teams as required, including overseeing annual audits and reporting as required.
- Developed, maintained and published up-to-date security policies, standards and guidelines while overseeing training and dissemination of security policies and practices.
- Took a lead role in developing and managing information security programs, including but not limited to; information security awareness, vulnerability management, vendor risk management and risk management for Clients.
- Understood and applied common cyber security, privacy or technology industry standards / regulations e.g. ISO 27001/27002 , NIST 800 series, COBIT, PCI-DSS, ITIL HIPAA / HITECH, EU Safe Harbor, CAN-SPAM especially as it relates to building a program and/or managing internal controls, risk assessments, business process and internal IT control testing or operational auditing.
- Collaborated with clients internal team members regarding potential business issues and potential solutions.
- Developed, implemented and monitored a strategic, comprehensive enterprise information security and IT risk management program to ensure the integrity confidentiality and availability of information owned, controlled and processed by the organization.
Director, IT Risk Advisory/Compliance and Audit
- Conducted regular technical risk assessments/audits of systems and infrastructure.
- Ensured the Encryption Process of the Bank is Strong and Compliant with international standard.
- Handled IT advisory and regulatory assignments within the entire Bank.
- Interacted with Bank Executives and Investors on Compliance, Risk, Budgeting and
- Standard Practices.
- Oversee and directly participate in the installation, configuration, and monitoring of new information security technologies.
- Managed project teams while providing Information Technology Risk Advisory services assessing the technology landscape and technology processes of the company.
- Managed the IT security dept., consisting of direct and indirect reports including hiring training, staff development, performance management and annual performance review.