PROFESSIONAL EXPERIENCE:

Vice President of Information Security and Third - Party Risk Management

Confidential, Dallas, TX

Responsibilities:

• Discover vulnerabilities through careful analysis of Network Architecture and Infrastructure.
• Audit Low, Medium, and High-Risk Vendors for flaws in Security Evaluations to aide and recommend corrective actions.
• Advise new technologies and software to improve the risk rating of Vendor Network Architecture and overall security posture.
• Audit Incoming Vendors and Partners, to verify compliancy with Bank and Industry Standards.
• Provide assistance and instruction on Security technologies available to better secure Network Infrastructure.
• Work with Developers and Process management to create a portal for successful Audit workflow, using Archer, SPEAR and R-Sam.
• Develop Confidential Master Procedures manual that covers all facets of Audit Departments.
• Train and Mentor new employees and junior staff to complete all Audits with 100% accuracy and effectiveness.
• Possess strong, hands-on, technical knowledge of a wide range of Information Security and Business Continuity Controls and the processes used to evaluate the design and effectiveness.
• Capability to adopt and learn new technologies that are utilized between enterprise-level and sole-proprietary vendors, based on the size and financial requirements.
• Communicate clearly and concisely to all levels, including Vendor Managers, Lines of Business and up to Executive Level management to explain the need for key controls to technical and non-technical resources.
• Technical skills within Infrastructure Security, Business Continuity and Disaster Recovery, Access Management, Physical and Logical security, Application security, IT compliance, SOX Compliance, HIPAA Compliance, International Law Compliance, Change Management and Enterprise Risk management. Develop the understanding of Confidential.
• Communicate with Multi-Lingual vendors utilizing Spanish, Portuguese, and French to interface with Non-English Speaking Partners and employees.
• Demonstrate and explain Data flow, monitoring, scanning, IDS, DLP, Access Management and other High-Level security principles to staff and stakeholders that might not be familiar with these technologies and policies, to better improve affiliate’s protection and in-part harden Confidential ’s Assets.
• Effectively Communicate Audit results to management with concise audit reports.
• Gather Documentation and Evidence to support Audit results on the effectiveness of technologies that were tested.
• Understand the Standards and Concepts that cover Insurance, Financial, Technology, Transportation, Software, Infrastructure, and Marketing fields.

Senior Security Engineer

Confidential, Las Vegas, NV

Responsibilities:

• Supervise and oversee All McAfee Endpoint suite installations and implementations for Host Based Security Systems and solutions for the Confidential through different classifications of networks.
• Supervise the Mass virtualization of all Physical machines within our environment, thus leading to a 100% conversion to reduce the cost of maintaining Hardware based Machines.
• Implement and manage DLP, NIPS, HIPS, Firewall systems covering multiple networks, in areas around the world.
• Train users and host lectures to ensure proper training with McAfee and Security solutions for multiple branches of the military.
• Monitor multiple networks and maintain redundant network connections to maintain 100% connectivity at all times.
• Maintain 100% visibility and manage automatic signatures and updates on antivirus and other centrally managed solutions.
• Provide Subject Matter Expert advice on McAfee Endpoint software and technologies, to include; HBSS (Host Based Security Systems) modules, McAfee Agent, Host Intrusion Prevention System (HIPS), Data Loss Prevention (DLP), Policy Auditor (PA), Virus Scan Enterprise (VSE), Rogue System Detection (RSD), Asset Baseline Monitor (ABM), and Asset Configuration Compliance Module (ACCM).
• Monitor results through Query reports McAfee provides while scanning systems and networks for any Risks or Findings present, as well as create alarms that give complete descriptions of the issues along with risk and criticality.
• Experience with configuring primary operating systems, including Microsoft Windows, UNIX, and LINUX while retaining 100% effectiveness of Government and Military Security protocols and Security Technical Implementation Guides (STIG).
• Develop and Manage Confidential Security Technical Implementation Guides (STIG) for implementation throughout the Enterprise.
• Manage and oversee Network and Security Classification Audits to maintain complete accuracy and eliminate Data breaches and leakage.
• Conduct Network Security Assessments and Audits to verify compliance with auditors and other third-party auditing agencies.
• Manage Firewalls, Routers, Switches, and other network infrastructure devices to run to Government and Industry level security specifications.
• Create and Document policies, procedures and standards related to Network and Information Security.
• Designed the Datacenter and oversee the implementation of Physical and Software Security to meet Government and International requirements.
• Verify and edit Access Control Lists (ACL) and Firewall rules, to correspond with Military-Grade Network Security standards quarterly.
• Troubleshoot video feed provided from Unmanned Aerial Vehicles remotely, using IP-Based multicast streams that users have access to around the world through Virtual Private Networks and other B2B connections.
• Provide end-user support to IPTV hardware solutions across multiple networks, from end-user employees to Corporate Staff and stakeholders.
• Complete and maintain Confidential certifications for Certified Ethical Hacker, McAfee Full Suite Product Specialist, and Symantec Endpoint Protection.
• Serve as a member of the security council to review the Security of all projects and implementations.
• Collaborate with System and Network Engineers to Architect and manage Projects to install systems, servers, and infrastructure devices across Confidential Facilities and locations around the world.
• Responsible for the Forensics and Forensics procedures of media for Potential Virus and Intrusion software to be in compliance within military network, as well as manage centrally managed security solutions.
• Deployed and managed clients and servers on VMWare, Dameware, and HyperV and other virtualization solutions, to provide any levels of support to Confidential users and employees locally and virtually around the world.
• Create and manage Ticketing system on Sharepoint and JIRA for accountability of Lifecycles, issues, tasks, and project management.
• Schedule and maintain monthly PMI (Preventative Maintenance Inspections) and Lifecycle Management on all Hardware and Software solutions for the Confidential Enterprise around the world.
• Monitor outage reports and analyze potential threats to prevent Future Outages from occurring to sustain a 100% network uptime with No security incidents.
• Manage and create Developmental Environments to evaluate Test Security and Vulnerability scenarios with High Degrees of security to test real-life incidents.
• Maintain High-Degree of security with no Security Incidents while working in Top Secret and Sensitive Compartmented Information Facilities (SCIF).

Lead Information Security Analyst

Confidential

Responsibilities:

• Supervised a Security and Network team to provide Operational support to the President of the United States, White House officials, and other Government officials of other countries, while providing transport to International locations. Provide on-site and remote support to internal users, as well as cleared and provisioned outside guests utilizing VPN’s and B2B connections.
• Managed Identity Access Management by provisioning end-users with access to classified and unclassified networks, as well as reviewing Security Backgrounds to comply with Confidential Security Protocols.
• Provided Expertise in Implementing McAfee and Symantec Endpoint protection software and solutions across the Confidential, to include; Army, Navy, Marines, and Air Force.
• Developed multiple classifications of Baselines and Gold-Standard baselines and hardening tasks in accordance with Confidential policies for systems, servers, and other network devices such as firewalls across the Confidential .
• Responsible for maintenance, troubleshooting and replacement of Life Cycle devices and applications by utilizing software such as Oracle based, JIRA, and GitLab.
• Provided instruction and mentored teams for implementation of Video Teleconferencing solutions to the Confidential .
• Served as the Lead for all Malware and Virus scanning solutions as well as remediation policies for the Confidential .
• Develop Policies for Implementation techniques and solutions dealing with Security and Security Audits, for instance SOP (Standard Operating Procedure) guide, and Process Playbooks to teach and expedite the onboarding and training process for new resources.
• Evaluate and Audit Vendors and other third parties for Software and Hardware Security Solutions to use throughout the Confidential Enterprise. Assign Criticality ratings to findings with specified remediation dates, for all levels of findings during Audits and other assessments. Formulated and led the Operations for relocating 30+ Facilities’ Network infrastructure without any Incidents or Mission Degradation. Evaluate and monitor external and internal threat levels through an IT risk frame work and other internally developed network monitoring solutions to assess the organization’s IT and Security risks, and ensure proper mitigating controls and action plans are in place. Serve as an Security Advisor to Leadership and Stakeholders of information security risks, IT Compliance issues, and industry trends that would drive innovation to safeguard data. Provided On-Premise support and troubleshooting for Security installations of Top-Secret Systems, endpoints, servers, networks, redundancy and development software support to users of the FBI, CIA, NSA, Confidential, Army, Marines, Air-Force and Navy.
• Lead a Quick Reaction Team that provides 24 hour support for Logical and Physical Security of Segregated and Classified networks.
• Tested, installed and managed technical support for CCTV and video recording cameras, recording servers and develop software used to monitor personnel and encrypt contents for distribution to Confidential Leadership and Government.