SUMMARY:

• I am a successful and recognized IT Security and Fraud Risk and Accountancy professional in the IT analyses of complex networks within multiple industry sectors and cyber - security. Regulatory Compliance and complex financial systems include manufacturing, print publishing, investment/retail banking, plastics, Life Sciences, energy, and healthcare.
• Major skill areas include Cyber security Operations Engineer, Software Engineer, Business Systems Analyst, IT Auditor, Accountant, Developer, Tester, Management, and Tools/Systems/Utilities/Applications. My success is measured by client audits and no deficiencies results as well as no breaches.
• Recently, I have been accepted as a member of the Federal Information Systems Security Educators organization.
• Expert Developer in Database Connectivity, CSS, forms, HTTP, HTML resulted in #1 Rank in Google and Yahoo and many other search engines. goNetSite.com using JAVA for forms and secure log .
• Knowledgeable in SQL development (for data loss prevention and verification and validation) and JavaScript languages. MSDOS command line exposure.
• Mapped data elements in COBOL language to data fields in data sets per JCL program file.
• Performed web application development through contributions to the design process for conversion from MS Access database to Siebel and through MS Visual Studio (.Net), MS SQL Report Builder 2012
• Privileged access management solution(s)

TECHNICAL SKILLS:

• Tenable Nessus Professional Vulnerability Scanner
• Visual Studio Code web application editor
• IBM QRADAR SIEM
• IBM z/OS COBOL
• Solar Winds Patch Manager
• Zerto DRaaS
• OWASP ZAP penetration tool
• Nessus Professional Vulnerability Scanner
• DataLink
• Rackspace
• Trading Management Systems SunGuard Trading System, Bloomberg, Reuters
• JIRA, HP Quality Center, Quick Test Professional, and Use Case modeling tool: IBM Rational ReqPro (Rational Unified Process) for a multi-team cross business line project. SnagIt tool, SAS systems. SaaS architecture hands-on experience and testing.
• Microstrategy,Wintel Servers, IBM Websphere (middleware), MS .NET, NetIQ Security Manager Agent, MS ACCESS, ORACLE 10g database, ORACLE EBS, TOAD ETL, JDE Enterprise One, ORACLE ‘PeopleSoft’ General Ledger, DB2, Extract Transform Load, PACS, SharePoint, MS EXCEL, CICS, Mainframe, UNIX, LINUX, MS Windows 2003, MS Active Directory; NETIQ Security Manager; XML, SQL database, IBM AS400, NOVELL, MS VISIO, MS PowerPoint.
• Sterling data transfers and EDI, MS Active Directory Domain GPO structure, Encryption protocols TCP/IP. BankNet, Bridger IDV (ChoicePoint), IncSpot, PowerBrief (CSC), SUMMIT, CardMap, Sailpoint, Checkpoint, Virtual Private Network VPN, Data Center infrastructure, Check Point firewall and threat prevention gateway appliance and web security appliance.
• XLMiner, ACL, BindView Data Analytics Tools. For testing (floating error): SQL Console, AutoAudit, HP LoadRunner, HP Test Director QC.
• Business Intelligence Reporting Tools such as Business Objects and Cognos, VB Studio (.NET) and Network Rules Engine, DOORS, Encryption methods such as tunneling, PKI, SSL/HTTPS, FTP Authentication, RSS feeds

PROFESSIONAL EXPERIENCE:

Information Security Engineer

Confidential, MA

Responsibilities:

• Knowledge and experience with Federal Information Security Management Act Confidential
• Regulatory matters pertaining to CMS Center Medicare Medicaid Services Confidential Governance Risk and Compliance controls
• Executed Enterprise Architecture logic for the existing business processes. Authored IT Security requirements of multiple systems/products
• Project Managed SOC11 Audit including for PCI-DSS, Payment Card Industry Data Security Standards, compliance of more than fifty client assessment/audits
• Created scan tests specific to PCI-DSS compliance, web-facing applications in multiple environments, internal and external scans with reports to IT Teams and Executive Management
• Responsible for 53 client audits/risk assessment/SIG including those with protected health data
• Responsible for the enforcement of Security Committee Meeting and Security Policies
• Conducted security compliance and privacy investigations
• Conducted development and implementation of audit monitoring to internal departments and multiple external clients
• Information Security leadership and management
• Continuous quality improvement
• Determined and responded to PCI Self-Assessment Questionnaire
• Identified and attested to PCI Assessment
• Reported to Executive Management on PCI Risk Readiness
• Wrote IT privacy and security Policy and Procedure, Security Requirements including PCI-DSS compliance and standard requirement for a Compliance Team tracked with ORS
• Managed multiple teams in addition to IT for on-site client audits including remediation on production and security audits to create operational security solutions and policies.
• Developed cyber-security governance model using ISO 27002, NIST Cyber Security Framework, US CERT, SEI, NCCOE, SANS, NIST 800-53/88, and others
• Standardized Information Gathering SIG questionnaire with analyses
• No deficiencies success
• Responsible for creating governance policies, procedures, requirements, risk control matrices integrated with regulatory compliance and schedules, documents, communications on security remediation activities.
• ZERTO DRaaS and cloud LAN computing networks
• Created the company’s vulnerability methodology - responsible for routinely executing and reporting on scans.
• Risk Assessment including Gap Analysis, program, KPIs, firewall scans
• Network analysis and policy/procedures artifacts including forensic and exception policies
• Designed cyber security solutions based on NIST, CVSS, CVE, SANS, CERT, ISO design solutions as applicable to maintain patches and configurations based on NIST CVEs and other library APIs (vulnerabilities).
• Created and established management of Threat Reports
• Social Media creation
• Managed and established formal routine Threat Alerts to report to Senior Management
• Penetration Testing designs and recommended tools such as OWASP ZAP
• Regulatory Compliance integrated security controls to support financials and health care clients
• Success rate evidenced in Client Risk Security Assessments, Client IT Security Audits
• Knowledge and understanding of Service Oriented and web architectures
• Knowledge and understanding of secure configurations for hardware and software on hosts, sql clusters, laptops, desktops, servers, SAN/NAS and IP networks
• Scrum regression analysis methods and calculations for agile testing. Capacity to react quickly to dynamic environment
• High-degree of creativity and strong analytical mindset
• Responsibility to maintain and manage incident response and forensic teams for security controls
• Research and report current threats, vulnerabilities and countermeasures
• Participate in internal audits, metrics reporting and compliance assurance
• Audit test of Anti-Virus software tool and on call accurate analysis and response to security alerts and events
• Manage vulnerability lifecycle and associated detection platforms
• CEO requested of me to review and assess CEO contractual client obligations on IT Security matters and controls
• Access control management
• Fraud prevention and analysis
• Design and configurations using cutting edge information security for software architecture, infrastructure and development
• Research and Training of IT Management and Staff for Development and Applications to ensure information security

Senior Software Engineer / IT Specialist

Confidential, MA

Responsibilities:

• Tracked RAID risk, actions, issues, decisions based on ownership
• Worked on the MMIS Medicaid Management Information System
• Responsible for the Writing and approval of the PO&AM Plan of Action and Milestones
• Knowledge and experience with Federal Information Security Management Act Confidential
• Knowledge and experience with Confidential
• Knowledge and experience with Confidential
• Knowledge and experience with Confidential
• State-based Marketplace Health Care Plans implementations including QA and UAT analysis and data mapping (Fund Accounting). Knowledgeable in Oracle SQL queries.
• Project Management Office member for IT privacy and security.
• Lead for Key Performance Indicators metrics/CMS framework, Centers for Medicare and Medicaid Services
• Wrote IT privacy and security policies and procedures.
• Created PMO templates for KPIs and Excel Dashboards with visual basic scripting and macros, updated charts. Created MS Powerpoint slide deck for KPIs. Used SharePoint repository to create, edit documents.
• Reported to Client Executives on KPIs; took meeting minutes; contributing member of PMO Team on risks, Issues, and independent verification and validation.
• QA Tested SQL database using SQL queries for Confidential state verification to regulatory changes by state.
• Worked with Confidential and Confidential Teams.

Senior Fraud Analyst

Confidential, MA

Responsibilities:

• FICO implementation
• Authored The ACH and WIRE Transaction Profiling Procedures Manual (published)

Senior Actuary Auditor

Confidential, MA

Responsibilities:

• Security and Change Management operations Audit for Confidential compliance of Actuarial Business Line and Financial Products

Senior IT Quality Assurance Analyst Tester

Confidential, MA

Responsibilities:

• IT Quality Assurance Analyst / Tester Enterprise Network Security, Telecommunications and Data Centers
• XPATH verification repository and its nodes including attributes and elements and processing instruction.
• Single Sign On Cobit 5 Security access controls

Senior It Auditor

Confidential, NJ

Responsibilities:

• Perform Confidential testing of multiple insurance business units (including Mutual Funds and Hedge Funds) for Access Security.
• Quality Access Reviews, Key System Risks, Current User Testing, and Controls Testing for Confidential Compliance. Tests were performed by me and results reported.
• My audit work papers and test results were reviewed by three IS Managers and formally submitted to Confidential by IS Audit Managers.
• Referenced the SSAE16 as a guide.
• I held numerous formally scheduled interviews of Business Units’ BUSOs, System Owners and Business Data Owners as scheduled by the IT Project Manager for specific line of business such as JH Life, VA, UPL and LTC (and Fund Accounting).
• I tested for access authorization and authentication, security controls for distributed (web and intranet) applications/systems; and Confidential Group membership reports for authentication of access to mainframe applications such as STOV. I created a set of questions that were asked of each attendee across all applicable business units.

Senior IT Auditor

Confidential, MA

Responsibilities:

• IT Security and fraud audits for Healthcare industry Applications, Project ERP. Healthcare industry Security, Applications, Project ERP system audits. Platforms/Servers Unix, Windows 2008 server, AS400, SQL server. Supervised Staff Auditor and graduate intern.
• SharePoint tools were developed in-house for document retention and retrieval; and, AutoAudit.
• Peoplesoft Payroll for HR, Procurement A/P, A/R, G/L project to its current version. Performed validation of Gap Analysis and tested GUI and database functionalities to business requirements including access security. Tested report writing tools and BI e.g. Cognos.
• Other IT audits included Oracle PeopleSoft for HR, JD Enterprise One, Microsoft Navision, and Data Center Security.

Project Business Systems Analyst/ Tester/ Test Team Lead

Confidential, MA

Responsibilities:

• Application Testing: Lead verified GUI (event loops) to application executable programs that service an event for user human actions such as text boxes, drop down boxes, submit buttons and so on. Applied CMM methodology to SIT phase (level three defined to level four quantitatively managed to level five process improvements).
• Verified triggers for auditing database logging events such as dropping or altering tables
• Application Testing: Lead verified that all requirements by test case/scenario using business line customer types for end user application were successfully executed or zero defects. Scripts were manually written by me and team.
• Application Testing: worked with business line to identify dependencies
• Application Testing: Organized, implemented, and executed my defined testing processes within the test team as Test Lead
• Application Testing: Identified, recommended and implemented mitigation strategies to keep testing work on track as Test Management for Project Deliverable
• Monitored and supervised QA work and escalated issues when appropriate to Senior VP and VP.
• Ensured status of Quality Center as solely responsible for edits and deletes and defect tracking for audit purposes as well as granting user’s access.
• Validated defects and triage Severity 1, 2, and 3 defects for the release base versions.
• Test Lead: designed and executed my validation testing model for a traceability matrix and gap analysis (SIT/FST, QA functional requirements and non-functional requirements); responsible for overall success of new systems to meet regulatory compliance and corporate governance standards across multiple technical services teams. Analyzed complex infrastructure and systems, VB Studio (.NET) and Network Rules Engine, encryption methods such as tunneling, PKI, SSL/HTTPS, FTP Authentication.
• Created and executed Logical Test Tree Structure for all phases: System Integration Testing, Component Integration Testing, and Functional System Testing with multiple iterations using ASTME 1169 Standard Practice for conducting Ruggedness Tests best practice for both new and existing commercial accounts. Wrote and included identification and documentation requirements including Business Continuity Planning and Disaster Recovery as well as change management in Test Strategy document, Test Plan, Traceability Matrix, Test Completion Reports, Test Readiness Reports; QA’d test cases and test sets; data mapped data fields and types against landing page data fields; identified how data is transformed or loaded into the data warehouse against the new data model logic (objects) from functional requirements.
• Test Tools: HP Quality Center, Quick Test Professional, and IBM Rational ReqPro for a multi-team cross business line project. Wrote Test Strategy document, Test Plan, Traceability Matrix, Test Completion Reports, Test Readiness Reports
• Responsibility to Senior Management for the successful launch of the new systems for the all multiple testing areas out the Product Development Life Cycle. Chaired multi-team recurring meetings and staff meetings. Mentor/Supervisor/Train Business Analyst on staff. Integration of new systems with third-party vendor core technology (SAS Corporation). Work-out Facilitator.
• Test Manager to global resources both on-shore and off-shore India. Test Lead and ultimately responsible to a team of three that will expand to 12 resources. Designed management tools such as ScoreCards that I submitted to Senior Vice President(s).