SUMMARY:

• Certified Business Continuity Planner (CBCP) with extensive experience in Business Continuity, Disaster Recovery, Emergency Management, Crisis Management and Risk Management.
• Ability to apply technology to deliver business results and develop and build great relationships.
• Skilled Planning and Recovery Implementation, along with Enterprise wide communication, with an ability to express technical concepts in business terms (nerd translator) Accomplished senior IT professional relied upon to deliver sustainable solutions to critical business IT platforms in multiple industries.
• Extensive experience with IBM Guardium information security software, at both the server and database level.
• Surpassing strategic goals of installs and upgrades at both levels without compromising productivity.
• Ability to apply technology to deliver business results as a Certified Business Continuity Planner (CBCP)
• Delivered proven wide - ranging business analysis and project coordination/management in multiple fields
• Extensive experience with IBM InfoSphere Guardium 9.5 and 10.1.3 Vulnerability Assessment (VA) and Database Activity Monitoring (DAM) information security software, at both the server and database level.
• Proficient in MS Windows, MS Office Processional (Word, Excel, PowerPoint, Access, Project, Visio, FrontPage, and SharePoint)
• Living Disaster Recovery Planning System (LDRPS), SQL/Crystal Reports

PROFESSIONAL EXPERIENCE:

Confidential, Olympia, WA

Senior Security Analyst

Responsibilities:

• Designated lead to implement IBM InfoSphere Guardium v10 for VA and DAM for statewide Confidential .
• Create policies, user groups, alerts, and reports for all HIPAA, personal health information (PHI); and personal identifiable information (PII) data for mainframe (DB2/z and IMS) and distributed systems databases (MS Windows and DB2).
• Trained state employees on use and maintenance of Guardium.
• Assisted with and provided direction on the creation of the Confidential statewide disaster recovery (DR) plan; which is also part of the state government DR plan/COOP.

Confidential, Reston, VA

Information Security Senior

Responsibilities:

• Selected for the DAM team to remediate backlog of new installs and updates, and ensure forward progress maintained to mitigate vulnerability on enterprise-wide servers, by installing (and upgrading) IBM InfoSphere Guardium v9.0/9.5 software on multiple platforms (MSSQL and Sybase, and Linux/Unix (AIX, DB2, Oracle, and Sybase)), creating the inspection engines and ensuring the Guardium Collectors are monitoring traffic.
• Over 3-year period, performed 415 new production installs and over 400 non-production (test/development) installs, created inspection engines and worked with DBAs/database teams to ensure continued monitoring.
• Point of contact and subject-matter expert (SME) for Guardium DAM at Confidential .
• Project manager for weekend deployments (Guardium installs/upgrades).
• Performed daily and monthly enterprise-wide Sarbanes-Oxley (SOX) remediation on all production servers Vulnerability Management (VA).
• Monitored and remediated problem servers and provided senior management with reports based on company policy.
• Created tracking database (Excel) for all IBM help-desk tickets (PMRs) to ensure any patterns were remediated; for any audit requests; and installs/upgrades cross-referenced with daily and monthly SOX remediation, and audit requests.

Confidential, Indianapolis, IN

Information Security Systems Analyst

Responsibilities:

• Selected to remediate backlog of database vulnerability and ensure forward progress maintained to mitigate vulnerability on enterprise-wide databases and servers.
• Performed more than 325 databases certification scans on multiple platforms (MSSQL and Sybase, and Linux/Unix (AIX, DB2, and Oracle)), using IBM InfoSphere Guardium v9.0 software VA tool - to certify all databases prior to the databases’ deployment into the production environment and/or updates in the production environment - thereby assuring no vulnerabilities to the databases/servers.
• Analyzed results and provided certification status to requester, screening for enormous risks created by insecure database configurations, missing patches, weak passwords and other vulnerabilities.
• Processed Whitelist requests (requests that do not break policy), Exceptions (requests that are exempt from policy) (edited and executed scripts based upon platform) and Decommissions of data sources within databases (based upon platform) and maintained metrics.
• Worked with the Database Activity Monitoring (DAM) by actively watching collectors for capacity, problems and running and producing reports; monitored reports for user changes, policy changes, and database additions/deletions. Ensured reports were in alignment with audit guidelines.
• Created procedures for scanning, reports, metrics, and training - trained co-workers as back-up personnel.

Confidential, Carmel, Indiana

Business Systems Analyst (MS Access DBA)

Responsibilities:

• Modified existing compliance-related MS Access database queries and reports, correcting deficiencies to ensure database and structure were audit ready.
• Created new queries and reports for enterprise-wide reporting for status of Confidential required procedures collaborating with various departments and stakeholders.
• Administered user accounts/database security preventing compromising the data integrity.
• Trained new and existing database users on MS Access data entry and report execution; trained employees on use of various MS Office programs.
• Modified existing queries and reports and created new queries and reports in the MS Access Confidential -related training database; to ensure training records were in order, followed FERC/ Confidential guidelines, and corresponded with enterprise-wide reporting procedures.
• Created new MS Access database to store employee data provided from Human Resources (HR). From this database, linked employee information tables to both the compliance-related and Confidential -related training databases.
• Created procedures for new employee information database on importing data from HR provided MS Excel spreadsheet to MS Access.

Confidential, Fairfax, VA

Business Analyst / Project Manager / Consultant / Recovery Coordinator

Responsibilities:

• Defined and implemented Disaster Recovery (DR) solutions in partnership with resource managers of a client hosting data center operation that provides Cloud, dedicated, and shared hosting services.
• Defined and implemented Business Continuity (BC) solutions for tier 1, 2, and 3 business-process outsourcing operations.
• Implemented services according to the Operations Management Framework, which includes Service Level Agreements, Memorandum of Understandings, Confidential framework and client specific policy and procedures.
• Led solution development using a process approach that conforms to National Institute of Standards and Technology (NIST) guidelines for Medium and High Impact environments.
• Provided project direction in planning for continuity and recovery of services in the event of an interruption to the facility or business process/infrastructure
• Collaborated with internal and external clients to identify, recommend and implement procedures and controls that improved the client's contingency planning posture.
• Performed risk assessments (RA) and business impact analysis (BIA), developed and enhanced contingency (BC and DR) solutions, exercised associated plans and produced post-mortem reports.

Confidential, Indianapolis, Indiana

Service Continuity (SC) Management Specialist

Responsibilities:

• Coordinated activities with IS Operations, Application Development, Quality Assurance, IT Compliance, and Project Manages to ensure continuity planning was part of all IS systems and included required HIPAA, SOX, and/or Data Security modules.
• Verified the completeness and timeliness of documentation; updated and maintained Service Continuity (SC) plans and templates.
• Audited software application DR plans/performed plan review; and contacted business, technical, and infrastructure departments for explanation/verification of data.
• Updated and ensured the on-going integrity and completeness of the SC information; Key Performance Indicators (KPI), plan details and related SC mechanisms.
• Coordinated, convened and facilitated SC DR meetings and exercises; recorded decisions made during SC meetings and exercises; and maintained a schedule of documents and exercises of IS systems.
• Facilitated the resolution of SC scheduling conflicts and deviations with/and between software applications.
• Coordinated and liaised SC efforts with Confidential Emergency Response Planners and liaised with external IS partners.
• Member of the ITIL Change Management team to ensure DR was part of all changes.

Confidential, Carmel, Indiana

Business Analyst / Business Continuity Disaster Recovery Analyst / Project Manager

Responsibilities:

• Redesigned/reengineered, instituted and deployed the Scenario-Based Tabletop Walkthrough (Walkthrough) for enterprise wide business, technical, and infrastructure departments and all training documentation to include: Business Impact Analysis (BIA), Data Gathering Worksheets, Recovery Strategy document, pre-Walkthrough emails/documents, and scorecard to measure Walkthrough participants.
• With improved Walkthrough and BIA, completed 277 BCDR plans the first year the Walkthrough was implemented; compared to 42 the prior year.
• Maintained more than 500 BCDR plans for three (3) companies (Conseco, Bankers Life & Casualty, and Colonial Penn Life) in three (3) states (IN, IL, and PA).
• Assisted BCDR Manager with required updates to company BCDR policy and procedures.
• Created and maintained department intranet site (via MS FrontPage) on BCDR policy, procedures, and semi-annual exercise information.
• Trained entire departments and/or individual one-on-one on gathering requirements to complete the BIA, Data Gathering Worksheets, pre-Walkthrough and plan Maintenance documents.
• Worked with business units/end users (front and back office) to understand and document their KPI/functions to assist them in creating inter-dependencies with other business units.
• Coached business and technical/infrastructure units on the completion of BIA to identify Recovery Time Objectives (RTOs) and Recovery Strategies for the continuation of mission critical business functions during an outage or disaster.
• Engaged business/technical units and infrastructure to research methodologies to mitigate their respective department risks, such as HIPAA, SOX, and/or Data Security.
• Documented detailed requirements in Process flows (using MS Visio).
• Entered deliverable data BIA, Data Gathering Worksheets, and Maintenance information into Living Disaster Recovery Planning System (LDRPS) software and Access database. Created department training manual for LDRPS and Access database data entry.
• Created semi-annual email notifications to business and technical units advising them of updates due to detailed information supporting the Business Continuity plan and procedures (e.g. teams and team member reports, software and equipment requirements, vital records inventory lists, customers and vendors, etc.). Distributed electronic copy of the Business Continuity plan(s) to business and technical unit contact for appropriate distribution.
• Audited plans/performed plan review; and contacted business, technical, and infrastructure departments for explanation/verification of data.
• Flawlessly executed the company’s semi-annual Disaster Recovery (DR) exercises by: coordinating travel (including air, transportation, lodging, and meals), and catering for three DR sites (IN, IL, and PA), assisted in review of DR exercise Test Scripts, population of DR Issue’s database, coordinated DR exercise pre-test meetings and training sessions.
• Confirmed required equipment (telecom, servers, storage, network and infrastructure) with IT department and Hot-Site vendor (Strohl then IBM).
• Produced reports and status of business, technical, and infrastructure departments as to readiness for DR exercise.
• Coordinated with BCDR Manager, business, technical, and infrastructure departments during DR exercise, updated exercise dashboard, produced post-test reports and summaries, and coordinated post-test meetings.
• Supervised and trained Confidential and contractors on all aspects of BCDR.
• Maintained DR off-site recovery box inventory; worked with business, technical, and infrastructure departments on DR box requests via Help Desk tickets to obtain and return DR boxes to off-site storage for DR exercises, and as needed.
• Member of Crisis Management Team (CMT) for Crisis Command Center, React Team for Confidential, and Vendor Management and Communications. Provided updates to senior and C-level management on events and event status.