SUMMARY

• Results - driven, analytical problem-solver wif extensive experience in identifying Information Security Risks and developing cost-effective solutions to meet business requirements.
• Skilled at defining security metrics and KPIs to track team performance against optimal targets.
• Established track record of working effectively across multiple business cultures, including Mexico, Colombia, and Europe.
• Natural communicator and team leader skilled in motivating and leading interdisciplinary project teams to systematically address business risk challenges.
• Experience in conducting IT risk assessments based on Information Security Risks and compliance wif requirements associated wifin a broad range of information technology platforms. Demonstrated ability to reconcile technical recommendations wif specific business needs, wifin agreed budgetary framework.
• Experience in auditing requirements of Payment Card Industry (PCI) standards and of regulatory associated wif Sarbanes Oxley (SOX) 404/GLBA, SSAE 16/18, BASEL II, HIPAA and related privacy and security standards.
• Experience in teh design and implementation of IS policies and governance improvement programs.
• Proven ability to effectively engage, influence, negotiate wif, and lead stakeholders at both technical and business levels into making effective security decisions throughout teh lifecycle of high profile technology projects.

PROFESSIONAL EXPERIENCE

Assistant Vice President

Confidential

Responsibilities:

• Performed Governance, Risk, and Compliance assessments.
• Managed IT compliance control activities, violations, and identified IT Audit findings to ensure their timely resolution.
• Implemented and managed teh IT and cybersecurity incident response plan.
• Managed monitoring/DLP, device control, vulnerability scans, SIEM (Security Incident Event Management) initiatives to avoid data leakage (DLP) and improved reporting and alerts.
• Managed GLBA Assessments.
• Performed cybersecurity risk assessments using teh Cybersecurity Assessment Tool (CAT).
• Managed vulnerability risk assessments of Information Technology.
• Interfaced extensively wif stakeholders to ensure compliance of IS policies, developing and maintaining information Security Architecture, Corporate IS Standards, Entity IS Procedures, Guidelines, and monitor teh development of teh Information Security Program based on COBIT, NIST, SSAE 16/18, PCI, ISO 27001/27002, SOX, and GLBA/FFIEC regulatory requirements.
• Managed and implemented Project Security solutions to satisfy privacy, monitoring (SIEM/SOC) and DLP requirements following teh established Project Management Framework to ensure projects stay on budget, on target dates, and defined scope including project risk management.

Corporate and Information Security Officer

Confidential

Responsibilities:

• Interfaced extensively wif stakeholders and IT leadership to ensure compliance of IS policies and monitor teh development of teh Information Security Program based on COBIT, NIST, PCI, SSAE 16, ISO 27001/27002, and instituting corrective actions where necessary to ensure compliance of GLBA/FFIEC regulatory requirements.
• Created and delivered presentations to technical and business stakeholders to communicate project objectives and milestones, including defined metrics to report successes and progress of teh security program.
• Managed IT compliance control activities and violations to ensure their timely resolution.
• Conducted cybersecurity risk assessments.
• Performed third/fourth party vendor risk assessments.
• Managed vulnerability risk assessments of Information Technology.
• Prepared and developed teh Information Security Awareness Program.
• Participated in initiatives addressed to improve teh methodology and procedures to prevent data leakage (DLP), avoid and improve fraud detection.

IT Audit Manager

Confidential

Responsibilities:

• Managed auditing projects on Premises and Cloud (AWS) for compliance of teh Banking Industry regulatory requirements and Information Security Standards based on COBIT, NIST, SSAE 16, PCI, and ISO 27001/27002 to ensure success of IS policies and adequacy and effectiveness of teh applied Information Security and ITGC including Identity and Access Management (IAM), Program Change & Development, and Computer Operations.
• Managed and conducted teh audit planning, execution, follow up, closing and reporting of IT Audit findings and concise recommendations during teh fieldwork and wrap up to teh leadership team.
• Participated in initiatives addressed to improve teh methodology and procedures of teh Integrated Risk Based Approach Audits to avoid fraud and improve detection.

IT Risk and Information Security Officer

Confidential

Responsibilities:

• Managed, implemented and supported SAP Identity and Access Management (IAM) wif User Access Control of GRC SAP following teh defined project management (PMI) framework.
• Interfaced extensively wif stakeholders and IT leadership to ensure compliance of IS policies.
• Managed Auditing Projects for compliance of GLBA/FFIEC regulatory requirements and Information Security Standards based on COBIT, NIST, SSAE 16, and ISO 27001/27002 to ensure success of IS policies.
• Managed and support of teh Endpoint Security Solution to update teh existing Network Security Platform including policy definition, network visibility, advance analysis, DLP and forensics, device control, vulnerability scans, system and user behavior and improved reporting and alerts.
• Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
• Implemented and regularly reviewed Infrastructure and Servers Security Guidelines.
• Created and delivered presentations to technical and business stakeholders to communicate project objectives and milestones.
• Managed teh Computer Security Incident Response Team (CSIRT) and owned teh Information Security Incident Response Plan.
• Performed third/fourth party vendor risk assessments.
• Managed IT compliance control activities and violations to ensure their timely resolution.
• Managed vulnerability risk assessments of Information Technology

Information Security Manager

Confidential

Responsibilities:

• Conducted risk assessments of Information Technology business processes highlighting risk areas that required additional controls.
• Implemented and managed teh IT security incident response plan.
• Interfaced extensively wif stakeholders and IT leadership to ensure success of IS policies.
• Developed methodology and conducted risk evaluation of IT infrastructure and business applications including third/fourth party vendor risk assessments.
• Prepared and conducted teh Information Security Awareness Program.
• Implemented Business Continuity Management (BCP/DRP) based on COBIT, SAS 70, ISO 27001/27002, ITIL, and CMMI.
• Increased Information security awareness from 45% to 85%, satisfying key target of Disaster Recovery project.

Information Security Manager

Confidential

Responsibilities:

• Managed teh development, monitoring, and sustainability of teh information security and compliance management program (including Sarbanes & Oxley requirements) to protect teh privacy and confidentiality of information and assets of teh corporation.
• Implemented Group Information Security Standards based on NIST, PCI, SOX COBIT, ISO17799/27001/27002, ITIL, and CMMI.
• Implemented and regularly reviewed Infrastructure and Servers Security Guidelines.
• Interfaced comprehensively across teh organization to monitor teh development and maintenance of Information Security Architecture, IT Policy Management processes, and instituting corrective actions where necessary.
• Managed and implemented project security solutions to satisfy monitoring (SIEM/SOC) requirements following teh established Project Management Framework (PMI) to ensure projects stay on budget, on time, and scope.
• Conducted applications and infrastructure risk assessments using CITICUS ONE (based on FIRM- a research-based methodology for measuring and managing information risk across enterprises of all types and sizes).
• Conducted third party vendor risk assessments.
• Managed teh IT security incident response plan.
• Managed Compliance and IT Audit findings to ensure their timely resolution.
• Consulted wif IT technical services staff to evaluate, select, install, and configure hardware and software systems wif appropriate security functionality.
• Prepared and Developed Information Security Awareness Program.
• Increased Information security awareness from 35% to 55% (2009 AXA World-wide Staff Evaluation).

Information Security Systems Auditor

Confidential

Responsibilities:

• Managed teh risk based Audit Information Systems Program using COBIT, ISO17799, ITIL, and CMMI.
• Reported regularly on individual project milestones via formal presentations to business and technical leads.
• Performed risk assessments using well known frameworks and methodologies such as COBIT and OCTAVE.
• Managed IT Auditing Projects for compliance of Information Security Standards.
• Contributed to improved ITIL and ISO17799 compliance of Information security systems from 60% to 75% based on annual audit process.