We provide IT Staff Augmentation Services!

Director - Cybersecurity Resume

Houston, TX

SUMMARY:

  • Highly experienced and accomplished Information Security, Risk and Compliance professional with expertise in Enterprise - wide IT Security and Critical Infrastructure protection strategy development.
  • Track record of elevating Information security by building Information Security programs, leading Security Governance Councils and high performing Cybersecurity teams, and deploying forward thinking solutions to satisfy compliancy objectives and meeting business requirements.
  • Proven skills in building key partnerships with global cross-functional teams to deliver customer oriented security assurance services.
  • Established and managed security programs; Risk Assessment, Incident Response, Security Awareness, Vulnerability Testing and Threat Management.

CORE COMPETENCIES:

  • Security Management
  • Project Management
  • Risk Management
  • Team Building & Development
  • Budget Planning & Execution
  • Regulatory/Policy Compliance
  • Cyber Security SME
  • Public Speaking
  • Strategic Planning

TECHNOLOGY/ TOOLS:

  • FireEye NX 2400/4400
  • Bluecoat Web Security
  • PhishMe/Wombat
  • Risk Mgmt.- Modulo, Archer
  • App. Whilelisting - Bit9
  • VA - Rapid7/Nessus
  • Checkpoint/Palo Alto FW
  • Encryption - PGP
  • SIEM-Qradar/LogRhythm

PROFESSIONAL EXPERIENCE:

Confidential, Houston, TX

Director - CyberSecurity

Responsibilities:

  • Serve as a cyber leader in a global professional services firm with 45 offices in 18 countries that helps Global Confidential 500 & 100 companies with security strategies and data assurances.
  • Accountable for the development and implementation of strategic, business focused, IT security program to support organization's evolving needs in response to ever-changing cyber threats. Manage risk based cyber program development, implementation, and assessments.
  • Interface with and brief senior leaders and executives on threat landscape and organization's risk profile.
  • Participate in development of policies, standards, and programs; risk assessments, security awareness, incident response, penetration testing, and business continuity/ disaster recovery.
  • Build and chair Security Governance Council to address risks and preserve investment on compliance mandates such as PCI and HIPAA.
  • Responsible for developing and leading high performing cyber security team.
  • Serve as Confidential for various organizations (Retail and Healthcare).

Confidential, Sugarland, TX

Chief Information Security Officer

Responsibilities:

  • Provided technology vision and leadership in developing and implementing Enterprise- wide Information Security program.
  • Developed and evangelized multi-year Cyber Security roadmap and strategies in alignment with business objectives.
  • Accountable for the development and implementation of Enterprise-wide IT, OT (Operational Technology), and HIPAA Security Policies, Standards & Procedures, Business Continuity and Disaster Recovery Program.
  • Founding member of the IT Risk Management Committee to address risks and develop strategic plans for data assurance and business alignment.
  • Led a team of highly skilled Cyber Security professionals and managed a $4M annual security budget.
  • Effectively implemented network monitoring solution saving company $250k annually
  • Successfully implemented internal Vulnerability Management and Threat Management program to achieve $200k annual savings.
  • Effectively implemented IS Management System; built processes, deployed tools, and managed IT Security budget.
  • Achieved 90% audit remediation (HIPAA +SOX+ Cyber) within 12 months
  • Achieved 85% improvement in reporting of suspect Emails using Phishing Campaign.
  • Achieved 80% reduction in Security tickets reducing reliance on MSSP services
  • Reduced malware infections by 70% by implementing application whitelisting technologies.
  • Successfully built key partnerships to promote enterprise Security capabilities such as Vulnerability Assessments, Incident Response, Encryption, and Threat Management.
  • Drastically improved response to Security incidents by developing security incident response playbooks, documenting workflows, and key member of response team.
  • Developed organization’s 1st IT Risk Management Committee comprising of key leaders.

Confidential, Houston, TX

IT Security, Risk and Compliance Manager

Responsibilities:

  • Served as key member of enterprise IT Security Council establishing overall Security Strategy and Policy for Confidential Operations.
  • Supported the CIO in fulfilling Information Asset Protection and Assurance activities such as evaluating security impacts of proposed and emerging solutions, ensuring alignment with IT security roadmap, and defining metrics and reporting strategies to effectively communicate KPIs of Security Program.
  • Led the planning and implementation of PCI DSS controls to reduce compliance liability and improve security.
  • Identified, analyzed and reported IT risks to senior leadership on an ongoing basis.
  • Led development and implementation of Confidential based enterprise wide IT Security & GRC program.
  • Built key partnerships with senior stakeholders to develop and evangelize enterprise-wide IT security policies, standards, and procedures resulting in a 70% reduction of audit findings
  • Consolidated and automate risk assessment processes to reduce additional resource requirements resulting in $250k annual savings.
  • Effectively led development of Enterprise capabilities such as Vulnerability Assessments, Security Awareness, Threat/Risk Assessments, and Security Incident Response.
  • Effectively managed SOX processes reducing consulting costs of $200,000 annually.

Confidential, Houston, TX

Senior Security Architect

Responsibilities:

  • Trained IT groups on new processes to improve efficiency and reduce exposure.
  • Worked closely with key stakeholders and developed project plans to meet compliancy objectives.
  • Managed implementation of security solutions (Firewalls, IPS, Encryption, Logging, and File Integrity) to safeguard credit card, Private Identifiable Information (PII), & company information.
  • Created PCI DSS remediation plan and conducted regular progress reporting.
  • SME for scoping, policies, processes and tools required to comply with PCI DSS.
  • Analyzed results of penetrations tests, design reviews, source code reviews and other security tests. Assessed risk treatment options based on business risk appetite and security requirements. Determined where compensation controls were appropriate.
  • Completed and submitted Compensating Controls documentation and SAQ for Attestation

Confidential, Houston, TX

Principal Consultant/ IT Security

Responsibilities:

  • Led intrusion prevention, architecture development and implementation, application and ASP security assessments, forensics investigations, Vulnerability Management / CIRT implementation, and Policies development.
  • Created key processes to standup Information Security program (vulnerability management, forensics investigations, and third-party assessments).
  • Led the development of Enterprise Security Incident Response process resulting in $200k savings

Confidential, Houston, TX

Sr. Security Engineer

Responsibilities:

  • Led the evaluation, acquisition, and implementation of technologies / systems used to safeguard company information and computing assets.
  • Coordinated all internal and external compliance and auditing activities.
  • Effectively managed design and implementation of enterprise wide (700+) SSL VPN locations saving $1M annually
  • Successfully deployed secured business partner network to limit data exposure, and drastically reduced the number of security incidents.
  • Created strategic plans used in IT Security Roadmap for making sound investments in IT Security countermeasures.
  • Effectively implemented ongoing IT Risk Assessment process to better manage risks to assets.

Hire Now