SUMMARY:

• IT Security Professional with over 20 years’ experience and a proven track record of delivering both process/financial results.
• A resourceful leader with 20 years’ experience in all phases of IT Security and IT Risk.
• Highly experienced in identifying, building cross - functional internal and external customer relationships, maximizing internal resources, and innovating leading-edge IT processes.
• Deep experience in identifying bottleneck IT processes and implementing cost-effective solutions with rapid results.
• Results driven, excelling even under the most difficult conditions.
• Effective communicator with experience negotiating with and building consensus amongst stakeholders.
• Always driven to produce the best ROI.

CORE COMPETENCIES:

• IT Security Controls & Design
• GLBA, SOX, HIPAA, TOAF, NIST, PCI
• Gap Analysis / Presentation
• Vul. Testing (Social Engineering)
• Vendor Security Risk Assessments
• Governance, Risk, & Compliance (GRC)
• Risk Assessments & Audits
• Key Performance Metrics
• IT Security Policy Dev.
• Regulatory Compliance
• COBIT / TOGAF, ISO 27001
• ITIL v3 Process
• Technical Documentation
• Information Assurance
• Disaster Recovery
• Data Loss Prevention
• Server Room Design
• GDPR

TECHNICAL PROFICIENCIES:

Platforms: Kali Linux, Microsoft Windows

Applications: Solar Winds Engineering Tool Kit, Wireshark, Nessus, Net Scan Tools Pro, Nmap, MacAfee Symantec Security, MS Office (Word, Excel, PowerPoint, Visio), Oracle VirtualBox, VM Ware

Networks: TCP/IP, ATM, PPPoE, PPPoA, IPX/SPX, Microsoft Visio for network maps, Netcom 2000, RedBack 1000 SMS, IP Addressing, CAT5 / Fiber, ITIL v3

PROFESSIONAL EXPERIENCE:

Confidential

Responsibilities:

• Contracted by various Confidential 500 Companies to conduct and provide security profile/analysis reports and recommend new IT department policies and strategies that streamline operations and reduce costs over entire departments.
• Worked with security teams to define security requirements (where are we now), identify vulnerabilities, risk frameworks, track specific issues/concerns, and provide solutions to create a secure environment (where do we want to be) & (How do we get there).
• Communicated across all business units to conduct security audits and risk assessments; analyzed and identified potential threats; devised policies and procedures to resolve issues.
• Client facing responsibilities including:
• Designing and presenting security presentations with Critical Success Factors (CSF) & Key Performance Indicators (KPI) to C-Level Executives and Upper Management that answer questions like: “So What?”, “Did we get there?” & “How do we keep the momentum going?” question regarding investment in multi-million-dollar initiatives
• Working closely with each client to devise and implement corporate-wide security architectures and disaster recovery plans and plan testing procedures.
• Having a record of being nominated by the clients for Excellence Awards for delivering outstanding outcomes and results that mattered.
• Interfacing with a diverse range of clients to perform IT system audits, feasibility studies, risk assessments, business continuity, and disaster recovery initiatives.
• Team Leader, working directly with client managers & other stakeholders to define project scope, gather requirements and devise implementation strategies to achieve the customer's outcomes and rapid ROI.
• Served as trusted advisor and liaison between management and Confidential 500 client accounts to ensure customers IT Security requirements were correctly understood, communicated and required outcome achieved.
• Led teams in conducting client specific Business Impact Analysis (BIA)/Risk Assessments (RA) and the authoring Disaster Recovery Documents (DRD) and Business Continuity Plans (BCP).
• Lead and directed teams conducting Root Cause Analysis (RCA) to identify and resolve incidents quickly and successfully promptly and met SLA requirements.
• Identified numerous IT bottlenecks and successfully implemented process changes with rapid ROI.
• Documented all security and emergency policies, procedures, and testing strategies for clients.
• Taught/led classes on ITIL v3 Foundation - Managing Across the Lifecycle (MALC) to private, public and government sectors.
• Advised companies on ITIL Best Practices and real-world situation with proven financial benefits.
• Experienced in explaining, demonstrating and implementing ITIL best practices in real work situations with proven financial benefits.
• Skilled collaboration with vendors to interpret and translate technical needs into solutions, coordinating efforts of internal/external resources to realize deliverables.
• Adept at overcoming obstacles, identifying and appropriating resources, while guiding sizeable, internationally based cross-functional teams to achieve business positive solutions
• Impeccable written and verbal communication skills

Confidential, Avanade, Chicago

Lead Enterprise Risk Assessor | ITIL Instructor | Lead Risk Assessment Process Architect

Responsibilities:

• OneTrust Development Team Security Risk Assessment Section
• GRC Team Security Risk Assessments
• Works Council Security Risk Assessment
• ITIL v3 Foundation & ITIL v3 Practitioner Instructor for internal Avanade Employee (Remote/On-Site)
• Re-Designed risk assessment processes (reducing size by 66%)
• Co-Lead developing new Risk Assessment Methodology
• Lead for weekly Senior Level Security Meetings
• Lead Security Assessment Process Documentation & Instructions Initiatives
• Lead Security Risk Specialist team member on updating Risk Assessment Process Project for the enterprise
• Lead Security Risk Specialist performing high-risk risk assessments
• Risk Assessment Subject Matter Expert (SME)
• NIST SP 800-53 Control Alignment Project No.2 on team
• Strategic Road Map for Risk Assessment Process FY18-FY19 Team Member
• Metrics for Risk Assessments evaluated/created/retired
• Complex technology risks, identify and evaluate internal controls which mitigate risks and related opportunities for internal control improvement
• Facilitate the use of technology-based security testing tools or methodologies, synthesize results and make recommendations for technical remediation

Senior Security Analyst, Walgreens, Deerfield

Confidential

Responsibilities:

• Developed and implemented successful Kan-Ban board for Security Project Monitoring
• Received a letter of recognition for above and beyond performance sent to CISO for security work on large enterprise financial project
• Oversaw numerous enterprise initiatives and evaluated, recommended and documented necessary security controls
• Verified security requirements were being met regarding HIPAA and PCI initiatives
• Performed contract reviews regarding proper IT security language
• Worked on solutions to security issues regarding numerous enterprise initiatives

ITSM/IT Security Professional Private Contractor

Confidential, Chicago, IL

Responsibilities:

• Interfaced with a diverse range of clients to perform IT system audits and conduct feasibility studies, risk assessments, business continuity, and disaster recovery initiatives.
• Served as project team lead/manager, working directly with client managers to define project scope, gather requirements and devise implementation strategies to achieve customer objectives.
• Worked individually and with security teams to define security requirements, identify vulnerabilities, track specific issues/concerns, and provide solutions to create a secure environment. Manage multiple projects simultaneously and conduct project QA reviews. Report directly to stakeholders regarding project status and achieved benchmarks
• Conducted and provided security profile/analysis reports and recommend new IT department policies and strategies that streamline operations and reduce costs
• Drove process to design, build and implement SCO UNIX server that supported the migration of proprietary custom warehouse management system to FreeBSD Custom built high availability server
• Led team in conducting client specific Business Impact Analysis/Risk Assessments, authoring Disaster Recovery Documents and Business Continuity Plans
• Devised and implemented backup systems, schemas, and procedures to ensure security and operation of critical business applications, systems, and infrastructures
• Led and directed teams conducting Root Cause Analysis to identify and resolve IDM environment issues
• Assisted numerous clients in “overhauling” existing IT infrastructures, while maintaining Quality of Service and reducing operating costs
• As trusted advisor and liaison between management and three Confidential 500 client accounts. Performed risk assessments and system audit to ensure confidentiality, integrity, and quality of information. Identified attack vectors and recommended changes to resolve issues based on new data. Trained and educated users in understanding security protocols, thus ensuring system security and improving server efficiency. Documented all security and emergency policies, procedures, and testing strategies
• Designed and presented security metrics to C-Level Executives and Upper Management that answered, “So What?” question regarding investment in multi-billion-dollar pharmaceutical company
• Designed a custom metric tracking spreadsheet that is automatically populated by a custom written SQL query and utilized 24+ unique formulas and pivot tables to yield actionable metrics
• Led the development of enterprise-wide security infrastructure designs; researched, developed and recommended architectural policies and practices to support current and future infrastructure growth
• Planned and coordinated server architecture migration project, moving from mixed Microsoft Server / Apple environment to the Microsoft Windows Server platform and defined and documented the school’s IT security program, policies, and procedures
• Oversaw the development and implementation of two secure mobile laptop laboratories, authoring operating procedures that met and adhered to security baselines and the school’s technology operating standards