SUMMARY:

Information Technology leader with experience in the management of information systems in multiple environments with an emphasis in security, risk management, audit interface, project, and business management.

TECHNOLOGY SUMMARY:

Security Technologies: Database monitoring; Dial - in authentication; Digital s; Development, and implementation of in-house monitoring tools.

Systems: Unix-based Systems; Windows; Mainframes.

Software: Sailpoint, Archer, Oracle Audit Vault; RSA Authentication; Verisign; Intrust

KEY SKILLS:

• Manager of the user Transfer, Privileged access, Revocation, and Termination processes
• Procedures process writer, and developer
• Authentication & Access Control implementer
• Management of Role Base Security (RBS) access process
• Data access remediation
• IBM - ACF2, and Top Secret manager
• System monitoring across various platforms, and products
• Lead consultant of System Security process
• Risk Management Interface between Data Security function and the internal Audit department including Banking and State regulators - ISO 27001 standards
• Regulatory Compliance
• Consulted in the In-house data security product development, and implementation process
• Conducts security risk assessments
• Gathered security requirements for web based products based on clients’ needs
• Developed, documented, tested, and gave the final approval prior to the implementation of these products into production
• Addressed client issues with the new, and current web products

WORK HISTORY:

Confidential

VP - Identity and Management IDAM) - Manager

Responsibilities:

• Managed, and staffed the IDAM transfer, Privileged access, Termination, and Revocation processes
• Developed, enhanced and wrote policies and procedures for Transfers, Privileged access, and Terminations using daily HR data feeds.
• The information compared current with previous day’s HR data, and various reports for processing were generated daily. Guidelines were set to ensure the data was reviewed by the user’s management team within the timelines established by corporate policy. Failure to meet the established deadlines resulted in the suspension of the user’s access.
• Co-chaired a process to semi-annually review users RBS, and Privileged access data stored in Sailpoint in keeping with the corporate guidelines
• Maintained a hotline to assist security managers with questions pertaining to Transfers, and Privileged access issues.
• Participated in a team effort to develop a local security manager’s online program.
• The purpose of the program was to train new and current local security managers as to the process of maintain their staff access, and become familiar with the review processes.
• This became mandatory for new Local security managers, and must be reviewed yearly for all Local security managers.

Confidential

AVP - Data Security Operations/Monitoring Manager

Responsibilities:

• Developed, and executed the IT Identity Management, and data access administration staff geared at granting approved resources to both staff, and external clients
• Managed the security interface between Data Security, and HR PeopleSoft, and Top Secret
• Co-chaired a project actioned to replace PeopleSoft with Workday
• Identified the need to monitor the assignment of resources, and created a monitoring function to review access granted across platforms, databases, dial-ins, and UNIX, LINUX, and REDHAT servers
• Actioned the need to restrict access to production resources, and proceeded to establish an Emergency user-ID process whereby developers, DBAs access was restricted to read only privileges. A process was implemented to grant the required access via senior management’s approval
• Developed and executed the Security and Administration’s security policies, and procedures
• Participated in the company BPC planning for the data security group
• Liaison between the data security function, and the Auditing, and Risk management departments
• Managed, supervised, and evaluated personnel, and data security software
• Actioned and participated in the Change management solution
• Teamed with technical staff to implement Oracle Audit Vault across all production Oracle, and SQL databases
• Managed a remediation across to removed old user-IDs, and limit access to current user-IDs from all production databases
• Chaired an attestation project to define each job per department, and limit access to staff, consultants, and temps on a need to have basis
• Demonstrated the ability to work successfully in a self-starting environment with little supervision, or guidance
• Spearheaded Risk assessments pertaining to regulatory requirements via ISO 27001 standards
• Establish a relationship with DPOPS as a backup to the administration staff during non-banking hours
• Ability to generate meaningful metrics to senior management pertaining to security services in support of clients, and identified areas where improvements are needed

Confidential

Manager - Data Security Operations manager

Responsibilities:

• Established the Identity management, and access control staff in support of access granted to staff, and clients
• Managed an RSA token project to distribute 25,000 tokens to domestic staff
• Managed the security interface between Data Security, and PeopleSoft
• Documented the Data Security Administration security policies, and procedures
• Coordinated for each Administration staff member to ensure redundant staff backup to each job function
• Co-chaired the Confidential BPC recovery plan
• Actioned the BPC plan twice within two days to restore the database, and technology due to two mutually exclusive outages

Confidential

AVP - Data Security Operations manager

Responsibilities:

• Managed data security processing in a mainframe Top Secret environment
• Managed the NT security processes
• Managed the security of a 3rd party Trust security product developed for Confidential Bank, and Confidential Bank
• Created data security procedures for the Trust environment
• This function grants/updates/removes company-wide staff access to resources based on Senior management’s approval
• Organized the Monitoring, and Reporting function to ensure the approval, and accuracy of access granted across:
• Mainframe Active Directory
• Oracle databases SQL databases
• High Risk applications RSA Tokens
• In-house Web products 3rd party products
• Sailpoint User access
• Instituted company-wide Attestation program to define the access required for each company staff member to perform their jobs effectively via predefined access
• Installed, in conjunction with Technical staff, Oracle Audit Vault across 100 Oracle, and SQL databases, and complexes. The end result was 75 daily reports, and numerous pre-determined alerts of high risk findings
• Instituted a vendor control process to limited access granted to each vendor, and monitor their activities, and Action their separation date. Negotiated the vendor rates saving the company 25% per contract
• Developed a process combining Adobe, and EPAD technology to eliminate the retention of hardcopy audit documents resulting in a cost saving to the company
• Acted as interface between Auditing, and Data Security departments pertaining to the closure of noted auditing findings
• Developed, and implementation an Emergency ID process whereby developments access to production was limited to read only access. High access IDs were granted pending Senior management’s approval
• Executed, and completed the Oracle database remediation project to validate user-IDs (Schema, user, system IDs) and the removal of excessive access