We provide IT Staff Augmentation Services!

Information Risk Manager Consultant Resume

4.00/5 (Submit Your Rating)

SUMMARY:

  • IT Risk and Security Manager/Leader/SME: Scopes and manages Risk Assessments for Infrastructure, Applications and Processes in Financial and Healthcare space utilizing appropriate frameworks. Worked on projects totaled $ Confidential at many Fortune 500 entities wif global reach.
  • Quantify inherent and residual risk, judge effectiveness of controls and determine Risk Appetite threshold of organization. Enumerate discovered gaps and formulate remediation or acceptance strategies.

TECHNICAL SKILLS

  • Manage staff and set organizational strategy for Risk Management and Regulatory compliance
  • Risk Analysis for Large Scale Technology Projects for Enterprise
  • Authentication Standards and Access Control (Re - certification) (Multifactor and Biometrics) Need to know, Segregation of Duties Principals, Maker Checker, Encryption of Data in transit and rest (Remote Access, Vendor Privileged Access)
  • Vulnerability Management program (Cloud Services, Servers, Mainframes and End User devices)
  • Malware Defense-Anti Virus- Endpoints-Data Leak Prevention, Data Classification, Retention and Destruction (controls)
  • Logging and Incident Response for Forensic Investigations and Ongoing Compliance/Privacy Validation
  • Disaster Recovery/Business Continuity (Test Security Systems periodically)
  • Information Security Policy and Standards Management/Training/uplifting
  • Vulnerability Remediation and Patch Scheduling Processes Firewall configuration Optimization IDS/IPS, Systems hardening
  • Continuous Improvement/Innovation in Risk Arena (New Technology Evaluation/Adoption)

PROFESSIONAL EXPERIENCE

Confidential

Information Risk Manager Consultant

Responsibilities:

  • Conduct NYSDFS Risk Assessment for ADPIA Insurance Agency Inc. Affiliate
  • Document Technology Controls Gap Analysis on Infrastructure and Applications

Confidential

Technical Risk/Controls Consultant

Responsibilities:

  • Oversee Document and Design Control Domain Process Flows and RACI Chart for entire Organization
  • Manage Operational Activities for Policy and Standards Steering Committee Globally
  • Manage Infrastructure Control Assessment Framework for Global Technology Infrastructure
  • Organize Uplift/Retire Policies, Standards and Control Procedures for Entire Technology Organization
  • GDPR Regulation Project Liaison

Confidential

Operational Risk Consultant (short term contract)

Responsibilities:

  • Manage Application and Project Risk Assessments wifin Enterprise Retail Group Organization
  • Improve/Optimize Processes and Systemic work flows in the Risk Assessment Methodology
  • Build/Organize Application Risk Assessment Methodology wif Line 2 and Regulatory Requirements
  • Resolve Regulatory Audit Deficiencies wif Comprehensive/Remediation Action Plan

Confidential

Senior Business Security Lead Consultant (short term contract)

Responsibilities:

  • Financial Systems Redesign of Risk and Security Frameworks (Payroll of 2 Trillion US dollars per year), work which was appreciated and complemented by Chief Business Vice President
  • Collaborate on Big Data utilization strategy wif TEMPPrincipal Data Scientist (De-Identification Project) of 35 Million Records
  • Design CIO Security Metrics Presentations (Documented EOL Remediation strategy of Critical Servers)
  • Conducted Webinars for Audit and Risk wif Audit Director educating the staff on Audit and Risk Strategy (Presentation was lauded for being engaging, informative and delivered superbly)
  • Manage and Quantify operational, legal/compliance, reputational security risk for various Business Units including GDPR Regulation Compliance Strategy
  • Process Enterprise and Local Risk Exceptions and Risk Acceptance Requests in Archer GRC Tool
  • Present to Executive C-Level Leaders the Security Strategy for Organizational Units (File Access Schema etc.)
  • Formulate Technical Security Strategy for RPA (Robotic Process Automation for entire Company-New Initiative)

Confidential

Senior Information Risk Analyst-AVP (Full time-promoted)

Responsibilities:

  • Manage Information Security and Risk Assessments for SDLC for Large Projects for IT Systems (On time and wifin budget)
  • Document and optimize process flows, for EIS department utilizing UML diagrams via Microsoft VISIO resulted in saving 300 hours of extraneous work
  • Coordinate Senior Management wif Risk Metrics and develop Strategy (Resulted in tracking enterprise risks better, saving many ma hours and money)
  • Coordinate risk assessments for large scale Technology Projects for the Bank, ($50 million-Combined Scope)
  • Monitor and strategize compliance wif SOX, GLBA, PCI-DSS, GDPR and FFEIC Regulations
  • Defined use of Security Frameworks ISO 27000, NIST, COBIT, COSO

Information Security Risk Analyst

Confidential

Responsibilities:

  • Metrics and Analytics Dashboards for Executive Management (Resulted in better informed Executives and better decisions)
  • Liaise wif Compliance and Legal Departments on Risk Management issues (Completed the Salesforce.com project wif great analysis on the fields that needed encryption and one that did not, made performance optimized)
  • Manage Risk Register Database for Enterprise Risk - (Review Risks initially and update status after Remediation if verified and confirmed wif evidence)
  • Train staff and consultants on Information Security and Risk Mitigation best practices and policies
  • Build, Test and Deploy the Archer Governance Risk and Compliance tool for entire Risk Management Process

Confidential

Information Security Analyst/Consultant

Responsibilities:

  • Penetration Test technology infrastructure and advise on gaps and areas of remediation for mission critical systems at hospital data centers
  • Implement Project Tracking Mechanisms, scheduling and forecasting technology throughout the organization to maximize resource utilization. Company saved $200,000 due to better resource and staff utilization
  • Perform Hi Trust Common Security Framework risk assessments at premiere hospitals and medical centers (Robert Wood Johnson Confidential Hospital, Hackensack Confidential Medical Center, Holy Name Medical Center, St. John’s Riverside Hospital, Capital Health Network Centers, and Somerset Medical Center Hospital etc.)
  • Engineer Enterprise Technology Program (HIPAA and CARF) Technology/Data Regulatory Compliance
  • Devised Mobile Computing strategy
  • Designed risk management processes, policies and procedures and conducted safety trainings

Confidential, Somerville, NJ

Systems Analyst/Administrator

Responsibilities:

  • Implemented the quadrupling of company’s computer network throughout three states during organizational growth and infrastructure expansion, including mobile devices
  • Researched, designed and implemented a comprehensive disaster recovery, backup system and facilitated an advertisement serving technology service throughout the entire network of 200 websites
  • Coordinated the technical and logistical aspects of five website acquisitions and coordinated the process flow of a video health content website which was largest on internet in 2003
  • Organized new staff work flows and wrote operational document to serve as guide book for practice
  • Designed marketing plan to attract new patients through community mailing initiative
  • Ordered Medical supplies, managed laboratory contracts and Medical Waste and OSHA compliance

We'd love your feedback!