SUMMARY:

• Knowledgeable in the security/risk field concepts, practices and procedures.
• Strong working knowledge and understanding of the Business Process, Project Management, and Change Management
• Information Security Frameworks and Standards knowledge
• Application Security, Vulnerability scanning reviews, Incident Response, Malware Analysis
• Working knowledge in security architecture, DLP, IPS, Encryption, SIEM, ACL, Log Management
• Monitoring and Prioritization knowledge (ArcSight ESM, Nessus, Splunk, RSA Archer GRC Platform, Cisco SourceFire)
• Experience in network analysis with packet capturing tools using Wireshark and What's Up Gold network monitoring solution.
• Knowledgeable in TCP/IP, End - Point Security, IDS/IPS systems, security related technology protocols, and 3rd Party Firewall Reviews/Security Risk Assessment methods.

EXPERIENCE:

Confidential

Information Security Risk Analyst

Responsibilities:

• Recommending security enhancements advice and solutions to personalize client’s needs, which include the Installation/configuration of firewalls and other security measurements.
• Working directly with clients to provide security awareness and documentation for security related Incidents
• Providing system upgrade and patch update recommendations per industry related standards
• Preparation for CISSP Certification

Confidential

Information Security & Risk Analyst

Responsibilities:

• Assisted Project Manager in maintaining working list and support to Business Line Projects.
• Assisted Technical Security Engineers in developing Specifications and Recommended Practices to enhance Project support.
• Contributions made towards improving Confidential security management programs within Confidential:
• Confidential - Industrial Control Systems
• Confidential Compliance & Conformance Risk Assessment
• Confidential Vulnerability Assessment
• Confidential Cyber Incident Drills
• Confidential Network Infrastructure Security
• Confidential Security Community of Practice
• Inventory Centralization for Confidential Networks ISA-99 / IEC-62443 & Confidential Standards
• Strategic Research and Technology Development

Confidential

Sr Security Risk and Compliance Analyst

Responsibilities:

• Coordinates dependencies with other teams for IT Risk and Compliance Initiatives
• Helped manage the day-to-day IT compliance management process to track and monitor various IT compliance Initiatives across Confidential (SOX, PCI, HIPPA and other regulatory examinations, audits, self-assessments, security assessments, key risk indicators etc.)
• Working with corporate and business unit IT compliance representatives as a relationship manager to analyze, communicate and articulate compliance trends and program requirements
• Monitored and tracked remediation efforts on issues by following up with senior management
• Assisted with documentation of RCSA assessments to ensure that Security Controls (DLP, Web Filtering, etc.) were implemented
• Performed quality reviews of RCSA documentation and reviewed logs and reports
• Partnered with Business Units to assess risk and identified risk gaps that needed to be addressed before audits were preformed
• Updated excel spreadsheets with macros and formula to assist with reporting
• Issued remediation solutions and validation (testing) for Log reporting

Confidential

Digital Security Risk Management Consultant

Responsibilities:

• Working with a specialized team of Security Risk Management Professionals with the responsible for defining and driving the processes, technologies and programs for action to mitigate disruption and loss to the global business.
• Assisting with Network infrastructure/Applications/Virtualizations and Architecture Risk Assessments (Firewall, IPS/IDS. Router, Switch).
• Accountable for conducting Digital Security Risk Assessments for Assets, Suppliers and Projects on behalf of the Upstream CISO. Prepared and presented reports and metrics to management, ensuring controls are accurately maintained and action plans are implemented within designated timelines for remediation
• Identified existing or potential security risks using the OWASP Top 10 concepts
• Assist Business Owners and Project Management in understanding penetration/vulnerability testing results for web applications with the following technologies: HTTP, HTML, and SQL
• Performed Critical Asset Security Compliance Reviews by Identifying and addressing any configuration change(s) that may impact the enterprise profile by analyzing network connects and Firewall rules.
• Staying current of emerging security information, while injecting the defense in depth concept into the design and Architecture for the current and new infrastructures
• Reviewed Firewall rules request for change and documented findings describing risk based on policy
• Helped to implement security controls such as Network Intrusion Detection Systems (NIDS) and Network Intrusion Protection System (NIPS), information security practices and ticketing procedures.
• Negotiated, planned and managed all critical release activities with BU managers
• Maintained/tracked project scope for progress to ensure any changes to the critical infrastructures were on schedule

Confidential

IT Security Analyst

Responsibilities:

• Introduced Security Concepts into the daily processes
• Windows Active Directory / Domain Controller Security
• Built project plan and metrics to track efforts which were communicated to Sr. Management.
• Analyzed and Documented a step by step preparation for application to be migrated the new system by utilizing methods of best known practices by PM and CISSP Body of Knowledge.
• Participated in the effort to convert requirements into comprehensive detailed design specifications

Confidential

IT Risk & Security Analyst

Responsibilities:

• Perform Information Security reviews to identify gaps with Information Security requirements.
• Collaborated with cross-functional business and IT teams to provide security best practice recommendations on architecture, design and requirements for multiple projects and initiatives
• Participate in IT risk assessments to identify key corporate security vulnerabilities that affect the confidentiality, integrity and availability of electronic information and other company confidential data and provided support to systems owners to address and implement solutions to identified security and risk issues.
• Negotiated/Submitted/tracked change request for User files, Configure Share, Secure folders, and Group Policy in Active Directory.
• Configured application, file, and Registry Access Control Listings (ACLs) to provide more granularities to users and groups file permissions, analyzed any suspicious account logins, multiple logins and initiated an incident tracking response
• Participate in system and network security management including risk assessment, audits, root cause analysis, incident management, access management, authentication services, vulnerability management, and anti-virus issues.
• Requested end users to send any suspicious error messages and emails in which an incident tracking response was initiated and followed thru to resolution.
• Created and enforced a strict logon credential policy for all users
• Monitored and preformed audits of file access and actions to identify any suspicious activities.
• Act as project liaison for Active Directory Shares remediation, Executed remediation of 10Qtree over a 2 week period, gathering shares data including classification, description, ownership, access, and user rights
• Deploying Symantec agents to systems and devices in order to ensure effective monitor and reporting for the purpose of maintaining DLP
• Partnered with CTS and Active Directory Engineering to create ACE tool to be utilized for share permissions.
• Assisted with newly designed tools for our project; tested tools like, SAM (Share Access Monitoring), ACE (Access Control engine), DO (Data Ownership) in both Development and Production environment.
• Utilized Perl, ARS, Python, Local Admin, RoboCopy, and iCacl scipts to create, and permission files.
• Migrated over 200,000 user accounts and identified 90% of information owners associated to data for successful completion of Enterprise Password Vault (EPV) project using Python scripting.
• Classified data and partnered with LOB to identify functional accounts to be retained\off boarded.

Information System Analyst

Confidential

Responsibilities:

• Provided technical and programming support, maintenance and trouble-shooting on corporate applications. Working with end users and other IT staff to determine the cause of system and program problems.
• Partnered with IT team and users to create new tools and reports, and to fine tune processes.
• Established strong internal relationships with all other members of the Business Systems Group. Provided technical support to Business Analysts and collaborated with the Network and infrastructure group to install systems and implement solutions.
• Participated in the effort to convert requirements into comprehensive detailed design specifications (user interface, database, data flows, data models, etc.) for entire solution.
• Developed and designed logical, physical and views, T-SQL Scripts, triggers, functions, stored procedures, and other database modifications on objects to optimize physical data models and relational databases.
• Provided support for Disaster Recovery, configuration of client applications, and software deployments. Contributed to complex problem-solving that required thorough evaluation of utility programs to conclude with a recommendation to management. Assisted in identifying network issues as they arose.
• Handled all restricted software to ensure compliance using Active Directory.