We provide IT Staff Augmentation Services!

Security Program Director & Advisor Resume

SUMMARY:

  • Leader with twenty years of accomplishments in analysis, design, and delivery of enterprise business and technology solutions
  • Certified and proficient security and program management professional
  • Last fifteen years focused on computer security - most recently program/project management, security architecture, assessments, business continuity and disaster recovery management
  • Excellent mentor and communicator at all levels
  • Adept at facilitating sessions defining user requirements, conducting Needs and Risk Assessments (Project and Security), developing and delivering end-user training, creating and maintaining project schedules, and preparing and presenting project briefings up to C-level executives
  • Great people skills
  • Successfully completed projects ranging from $50,000 to $100+ million
  • Authored and presented a wide variety of program/operations and assessment reports to many state, agency, and corporate executives as a business, information technology, and security professional
  • Taught CISSP andPMP courses

PROFICIENT IN:

  • Program Management
  • Application Security
  • IDAM/RBAC Control
  • Security Assessment
  • COOP/DR/EOC
  • Security Architecture
  • Risk/Issue Mitigation
  • Vendor Negotiations
  • Agile Development
  • Security Controls
  • PMO& SLA Processes
  • Network Security
  • Author Security Policies
  • Regulatory monitoring
  • Threat & Vulnerability
  • Incident Response
  • Governance/Compliance
  • Data Encryption
  • Operations Security
  • High Availability
  • Security Analyst

PROFESSIONAL EXPERIENCE:

Confidential

Security Program Director & Advisor

Responsibilities:

  • Oversee staff in excess of 100 IT Infrastructure, Compliance, and Security personnel that maintains and monitors IT security, advises IT staff and management throughout organization on security status, policies, and practices
  • Lead teams of security analysts, architects, partners, consultants, and developers in the daily management of outsourced security for this very large, diverse, and dispersed health care organization
  • Lead teams that monitored, updated, measured, remediated, 150 Firewalls, sixty IPS/IDS, email filtering, Symantec End Point Security, RSA Envision SIEM, WebSense and Palo Alto web filtering for 110,000 users, including VPN’s, URL Filtering, and all Security Domains on a 7 by 24 hour basis with SOC
  • Communicated technical issues/ISO/NIST/HIPAA standards to technical and non-technical business representatives
  • Daily reported on operations, performance, and risk metrics to senior business management
  • Reviewed and rewrote SLA’s with client to ensure they encompassed all the security tracks
  • Brought the security program within SLA’s in 3 months, 6 months ahead of contract/schedule
  • Worked with Network and Server towers to find and close process, roles, and responsibilities gaps to improve incident response and root cause analysis
  • Advised and updated business leaders on the importance of information security in achieving their goals, while adhering to and improving information security standards, policies, practices, and procedures
  • Constantly reviewed privacy, data security within organization while providing data as needed and allowed by HIPAA and other standards
  • Identity & Access Management: Reviewed/redesigned processes/procedures/guidelines/escalations for 85,000 users
  • Improved user experience in the onboarding and change access processes and streamlined number of processes based on constant user feedback
  • Reviewed and changed the onboard and ticketing process to reduce delays and gaps
  • Improved user feedback from 2.4/7 to 6.5/7 (still improving)
  • Lead the Lean Process improvement of user experience and provided current state, future state design, and future state roadmap to executive management and user groups
  • Expanded IAM processes from local entities and moved to enterprise where value, scope, and user needs warranted
  • Governance, Risk, Compliance and Vulnerability Management: Expanded and improved the existing Risk & Vulnerability Identification and Management program to stay within multiple compliance requirements
  • Integrated threat modeling practices into the Vulnerability Management program including PCI and HIPPA compliance
  • Oversaw multiple vulnerability management analysts tasked with identifying vulnerabilities within the multiple, diverse, and distributed environments to obtain and maintain varied compliance requirements and standards
  • Identified, remediated, and monitored security weaknesses across a variety of computer systems
  • Coordinated with client the Business Continuity Plan/Disaster Recovery (BCP/DR) documentation of enterprise-wide applications (521 Applications, 920 Modules and 5364 Active instances) for business resiliency
  • Leadership: Moved Security team into Agile practices including daily standup meetings, team and individual task assignments, individual accountability, and mentored leaders on the need for speed and value in operations and mitigations
  • Organized training activities and kept the teams up-to-date with emerging security related issues
  • Improved performance, practices, procedures, and accountability (allowed 25% more devices monitored, measured, and remediated with 10% reduced resource count)
  • Coordinated/collaborated with leadership regarding technical vulnerabilities that may have the potential to impact enterprise operations. Reviewed risks and mitigations of operations on a daily basis and prioritized for executives
  • Oversaw the transitions of many new hospitals and medical centers to national enterprise
  • Hired, coached, motivated, and mentored team members; shared knowledge associated with tools and practices utilized for security operations management and vulnerability assessment and remediation
  • Upgraded patch and vulnerability monitoring practices in other infrastructure domains to prevent the exploitation of vulnerabilities

Confidential

Project Manager

Responsibilities:

  • Led a team of analysts, architects, partners, consultants, and developers in the design of a Proof of Concept (POC) for a Role-Based Identity and Access control process
  • One of the very first OIM and OIA R2 POC implementations
  • Defined POC life cycle deployment plan, resources, and schedule for project implementation
  • Wrote business & functional requirements and developed test cases
  • Directed system and software customization design and review sessions
  • Led a matrixed technical team to mitigate and resolve over 8,000+ SSAE 16 audit findings
  • Solicited stakeholders input and analyzed each audit area for tactical and strategic responses
  • Reviewed audit findings for completeness based on ISO 27001/NIST and SSAE 16
  • Prioritized audit findings for best short-term mitigation and long-term process improvement
  • Revised processes and procedures for preparation of enterprise for a more consistent and proactive audit and ongoing support; scheduled resources to document new/revised processes and procedures
  • Created strategies for risk mitigation and contingency planning
  • Scheduled resources to mitigate and resolve security findings

Confidential

Program / Project Manager

Responsibilities:

  • Leda15-project program of requirement analysts, architects, partners, consultants, and developers in the design and migration of applications to a cloud structure for Sask Tel, a Canadian Telco
  • Champion edamulti-phasedef fort to establishanidentitymanagementinfrastructurefor Princeton
  • Universitybasedaroundacomplexset of multipleuniversityaffiliations,and the birthright access garneredbythoseaffiliations. Successfully implemented the infrastructurethatisinusetodayafter threefailedattemptsbypreviousvendors.Increasedapplicationanddatausage,saving millions
  • Pioneereda33-weeksecurityproject that reduced security breaches for the NYSE with worldwide implementation in over a dozen countries, saving millions of dollars in operational costs
  • Assistedstateandlocalgovernmentagenciesintheintegrationanddeploymentof Oracle’s IT Security solutions. Sold, designed, and led implementations for NYC health and hospital system, CAprisonhospitalandmedical services, TNeducational System, and other organizations

Confidential

Principal BCP / DR Consultant

Responsibilities:

  • Wrote disaster recovery plans for five locations and business continuity plans for four very complicated, nationwide, critical business processes and revenue streams
  • Improved client relationships by reducing systems down time and improving performance
  • Implemented amanageable,structured,versatile,andrepeatablerisk management, BCP/DR training, testing, and exercising program

Confidential

Senior Project Manager and Principal Consultant

Responsibilities:

  • Consulted the Confidential on post-Katrina continuityofoperationsanddisaster recovery, which established new evacuation processes credited with saving many lives. Reviewed pumping stations working procedures for viability
  • Conducted risk and security assessments of the State of Missouri’s security conditions, which reduced threats and improved operational efficiency based on ISO 27001
  • Led the Commonwealth of Virginia’s riskassessmentsandsecuritytestingofover50agencies, and oversaw massive risk and security audit with prioritization (65,000+ computer systems) based on ISO 27001& NIST
  • Consulted daily with Confidential of the Commonwealth of Virginia (60,000 users) on all aspects of Information Security & COOP/DR for over 50 agencies
  • Managed a team that produced 300 security and risk management policies which covered 60,000 users for the State of North Carolina, based on ISO 27001/NIST standards

Confidential

Senior Project Manager and Principal Consultant

Responsibilities:

  • Wrote the program plan to modernize the U.S Strategic War Planning System in to an integrated, collaborative, and responsive environment for future missions. PhaseII, $580+ million dollars.
  • Authored Risk Management Plan for Risk Reduction Phase to determine risk and mitigation
  • Wrote majority of Program Plan for use in Phase II and reengineered processes including timeliness, flexibility, and integrated quality control
  • Managed teams that configured and optimized the key business processes of business& professional services companies
  • Led several teams in improvingbusinessprocessesandimplementinginfrastructureupgradesfor
  • RR Donnelley &Sons that included acquiring and merging new companies
  • Led a team to review and improve processes for charging and billing clients for CSG Systems (Telecom)
  • Performed all duties as interim Director of Information Technology post-merger and selected permanent director

Hire Now