PROFESSIONAL SUMMARY:

• With 28 years of management & hands - on experience, 10 certificates in IT & security, and a doctor of management degree in Confidential -Commerce, cybersecurity, and privacy, I am looking for a management or consulting job in Confidential implementation, Data Shield Framework, PTA, PII, PHI, PIA, DPIA, data privacy & data protection, cybersecurity, identity theft prevention, security audit, assessment & authorization; cloud, IoT, blockchain, Confidential, and automotive security; IAM, digital forensic, training, asset protection, risk management, regulatory compliance, and IT business development.
• I am a subject matter expert in IT, IS, information assurance, Confidential, data security, data privacy, PII, PHI, identity theft prevention, cybersecurity, cryptography, public key infrastructure (PKI), digital signature, multi-factor authentication, single sign-on; ISO 27000 series, FIPS standard, Confidential & Confidential guidelines, FedRAMP, FISCAM, HITECH, FISMA, HIPAA; contingency plan & drills; president executive orders; OMB circulars & memorandums; IaaS, SaaS, Azure, AWS and cloud security; SOX, internal & external audit, CSAM; awareness & training; risk assessment & risk management; global acts, laws, regulations, policies, procedures, and industry best practices.
• I was a professor in the Cybersecurity Department of Confidential ( Confidential ) for 17 years. I have worked on security architecture, IV&V, gap analysis; Confidential, CSAM, ATO, SIEM, SOC, NOC, VPN, DMZ, firewall, red team, pre-sale, post-sale, CRM, agile, and secure software development life cycle (SSDLC). Also, I worked on risk management framework for a bank and digital forensic, imaging, Confidential -Discovery, chain-of-custody, reporting to court for a state organization.
• I am an expert in cryptocurrency, blockchain, malware protection & eGovernance; was responsible for organizational vision & strategy; developed security documents (SSC, SAR, CP, DRP, COOP, CMP, ISSP, etc.); conducted Confidential & Confidential & CP testing.
• Recently, I have served as the head of cybersecurity, privacy, IT risk management and regulatory compliance at Confidential Mahal Casino & Hotel. I was an architect in security vision & strategy, policies & procedures, identity theft, SOC, and Confidential implementations. I was a member of the Management Audit Compliance Committee of the Confidential Mahal Casino & Hotel and official liaison with the Casino Control Commission & Division of Gaming Enforcement of New Jersey.
• I have long experience in ISO 26262; Automotive Security & Safety; Internet of Things (IoT) & Network of Things (NoT) security; selecting, implementing, evaluating, continuous monitoring & governing information security controls ( Confidential -SP-800-53/53a/122/137); asset protection; pre-sales & post-sales services; customer relationship management; identity & access management; designing, developing, operating, and managing information systems; vulnerability scanning, incident response (IR), disaster recovery, continuity of operation, backup & recovery, business impact assessment (BIA), defense-in-depth, defense-in-breadth, and IT/IS business development.

RELATED SKILLS:

SME (Subject Matter Expert) in Confidential, data privacy, data protection, cybersecurity framework & strategic planning, critical infrastructure protection, SOX, security audit & assessment, ATO, multi factor authentication, cryptocurrency, blockchain, malware protection, cyber threat, cyber war, cybercrime, cybersecurity, identity & access management, risk management, compliance SME in Confidential, PII, PHI, data privacy, identity theft prevention, privacy impact assessment, healthcare information security, contingency plan, drills, IoT, ISO 26262 and automotive security SME in system security plan, security categorization, security testing & evaluation, plan of action & milestone, awareness, training, continuous monitoring, assessment & authorization, and C&A SME in digital forensics, imaging, Confidential - Discovery, chain-of-custody, presentation & asset protection SME in enterprise security architecture; backup; emergency preparedness; incident response plan, drills, incident response, COOP, disaster recovery and business impact assessment; NOC and SOC SME in security acts, circulars, memorandums, and regulatory compliance (ISO 27000 series, OMB, FISMA, FedRAMP, SOX, HIPAA, GLBA, COBIT, FIPS standard, PKI, AWS, and Azure) SME in secure software development life cycle (SSDLC), agile, policy, procedures, defense-in-depth, defense-in-breadth, IV&V, gap analysis, configuration management & intrusion detection SME in Confidential SP (Special Publications) guidelines (800-18, 800-30, 800-32, 800-34, 800-37, 800-39, 800-40, 800-41, 800-45, 800-46, 800-47, 800-50, 800-53, 800-53A, 800-60, 800-61, 800-83, 800-88, 800-94, 800-95, 800-101, 800-114, 800-115, 800-122, 800-124, 800-125, 800-125A, 800-128, 800-137, 800-144, 800-145, 800-147, 800-160, 800-161, 800-137, 800-160, 800-171, 800-171A, 800-175A, 800-175B, 800-177, 800-181, 800-183, 800-184, 800-190, and 800-197) SME in pre-sales & post-sales consultancy, customer relationship management (CRM), and BD 17 years in teaching Cybersecurity, Privacy, Security+, MCSE classes at Confidential

RELATED WORK EXPERIENCE:

Confidential, Silver Spring, MD

IT Director & Data Protection Officer

Responsibilities:

• Working on Confidential (General Data Protection Regulation) & Privacy Shield Framework; data privacy policies & procedures, strategic decisions, data discovery; consents, lawful collections, and obligations; data completeness, accuracy, and data reliability; data integration, data sharing & communications, and data governess; data confidentiality, integrity, and availability (CIA); lawful data processing & data management; privacy threshold analysis (PTA), personally identifiable information (PII), protected health information (PHI), data privacy, identity theft prevention (ITP), data minimization, privacy impact assessment (PIA) & data protection impact assessment (DPIA), awareness & training, and data protection ( by design & by default through embedding safeguards in the early phase of the data management life cycle ); disciplined execution, dispute resolution, protection of natural person, and Confidential compliance.
• Working on Payment Card Industry Data Security Standard ( Confidential ), cryptocurrency, and blockchain security; ISO 26262 & automotive security; security Operation Center (SOC), Internet of Things (IoT), Web, and cloud security; internal & external security audit, independent verification & validation (IV&V) and gap analysis, security testing & evaluation (ST& Confidential ), plan of action & milestones (POA&M), authorization to operate (ATO), certification & accreditation (C&A), assessment & authorization (A&A), IT risk management, and regulatory compliance.
• Protecting digital assets & corporate resources. Ensuring confidentiality, integrity, and availability (CIA). Leading projects on agile and secure software development life cycle (SSDLC). Working on pre-sales & post-sales services, revenue & market share enhancement, customer relationship management (CRM), critical infrastructure protection (CIP), and IT business development (BD).
• Provided consulting services to a national Information Communication & Technology (ICT) Agency in digital forensics; policies & procedures; identity & access management (IAM); cryptography, public key infrastructure (PKI), digital signature, multi factor authentication (MFA), and single-sign-on (SSO); contingency plan (CP), disaster recovery (DR), continuity of operation (COOP), exercises, incident response (IR), and business impact assessment (BIA); vulnerability & threat analysis, cyber risk, cyber-attack, cybercrime, cyber warfare, cybersecurity, cloud security, secure communication, and risk assessment; digital imaging ( EnCase, Confidential, Tableau); Confidential -Discovery, chain-of-custody, legal documentation & court presentation, and IT risk management.

Confidential, Atlantic City, NJ

IT Director

Responsibilities:

• Member of the Confidential Management Audit Committee. Was responsible for the cybersecurity, privacy, risk management, internal & external audit, digital forensics, regulatory compliance. Safeguarded the personally identifiable information (PII) & protected health information (PHI). Constantly interacted with SOC & NOC to ensure the confidentiality, integrity and availability of the information & information systems.
• Developed Confidential implementation guidelines; strategies, standards, policy, and procedures on information security, Confidential, data privacy & protection, PIA, rules of behavior, and training contents on security & privacy.
• Developed system security plan (SSP), configuration management plan, risk assessment plan, change management plan, vulnerability scanning plan, penetration testing plan, contingency plan (CP), emergency evacuation plan, incident response (IR) plan, disaster recovery (DR) plan, and continuity of operation plan (COOP). Conducted CP & IR test and exercises, privacy threshold analysis, privacy impact assessment, identity & access management (IAM), incident response, and business impact assessment. Implemented privacy on casino data, change control board, agile, and secure software development life cycle (SSDLC).
• Managed, monitored, and inspected to ensure regulatory compliance to the Privacy Act, HIPAA, HITECH, Confidential, FedRAMP etc. in recruiting, training, medical & family leave, player database, and jackpot distribution in Casino Cages. Implemented & ensured cloud security, risk assessment, multi factor authentication, single sign on, customer interaction, IV&V, gap analysis, security testing & evaluation, plan of action & milestones, assessment & authorization and certification & accreditation of the Confidential Mahal Enterprise Information System, and Surveillance System.

Confidential, Silver Spring, MD

IT Director

Responsibilities:

• Designed secure architecture; managed IT, information security, SOC, NOC, pre-sales, post-sales, agile & secure software development life cycle (SSDLC), cybersecurity, cloud security, data privacy & data protection, identity theft prevention, PIA, network & wireless security, Confidential -Commerce, Confidential -Governance; Confidential, EnCase & TableAU imaging; ProDiscover, digital forensics, Confidential -Discovery, chain-of-custody, penetration testing & ethical hacking, CSAM, internal & external audit, risk management, and regulatory compliance. Implemented secure communication, multi factor authentication, public key infrastructure (PKI), and identity & access management.
• Administered firewalls, DMZ, intrusion detection & prevention systems, and virtual private network. Monitored personally identifiable information, protected health information & data breaches.
• Developed organizational strategies standards, policies, procedures, and guidelines.