SUMMARY

• Accomplished 25 plus year, experienced IT & Project Management Professional with ability to set strategic direction and develop IT solutions that support top - priority business needs.
• Excel in directing complex, cutting-edge technology initiatives to successful outcomes.
• Skilled in cyber security, pen & vulnerability testing system, software & process implementations, validations, outsourcing & ERP strategies.
• Proficient in training, mentoring, and motivating cross-functional teams.
• Proven analyst, facilitator, problem solver, and communicator at all organizational levels, C-level through skilled workforce.
• Managed security and compliance initiatives for separation and transition of Confidential split including: BCP, DR, eDiscovery, DLP, Pen & Vulnerability Scanning, Server Logging, Anti-Virus, Malware
• Managed access of resources for divesture of administrative processes to Cognizant: Systems; email; secure corporate data.
• Managed security and compliance of ATOS divesture of company assets and resources: network segmentation; firewall rules and ACLs; registration and licensing of divested assets and verification of all assets and personnel moved to new ownership.
• Vetted 3rd party vendor implementation for adherence to compliance to company and regulatory requirements: BCP and DRP - SunGard Assurance; eDiscovery and DLP - Symantec & Ciber Technology; Pen Testing/Vulnerability Management - Tenable Nessus & Off Shore 3rd part; Client-Vendor Self-Assessment and Remediation Tool - RSAM; Server Logging - Hawk eyeCon-BDSA; SEIM - McAfee ESM; Encryption - Symantec and Anti-virus Malware - McAfee
• Directed, managed, planed and administered the operational and administrative efforts associated with vendor/client information security risk governance and compliance programs in accordance to the corporate Security Policy, Global, Federal and Local Requirements. Key member of team for procurement and modification of RSAM Self-Appraisal Application.
• Harmonized Security documentation, standards, policies and procedures of ACS acquisition with the existing Confidential data. Developed, reviewed, revised and disseminated security policies, standards, guidelines, procedures and security awareness communications to ensure the confidentiality, integrity, and availability based on PCI DSS and HIPAA/HiTrust regulatory compliance.
• Lead Nessus Scan Solution installation, provided client configurations and scheduling needs, managed and automated tracking and reporting of Vulnerability Scans (Nessus & Qualys), providing remediation planning and monitoring.

TECHNICAL SKILLS

Hardware: Laptops; Desktops; Servers; Switches; Routers; Firewalls; Load Balancers; IDS/IPS; SANs; NAS

Operating Systems: Unix (SCO; Solaris; HP; IBM) Windows (DOS to Current) Linux (Red Hat; Fedora; CentOS; SuSe; Debian; Unbutu); VMWare ESX

Networking: TCP/UDP; Novell; IPS/SPS; VPN; SSH SSL; Token Ring; PGP; Bit Locker; FTP; SFTP; POP; SMTP; IP; VLAN; VoIP

Security Processes: DLP; eDiscovery; Business Continuity; Disaster Recovery; Encryption; Anti-Virus; Anti-Spam; Access Control Lists; Back-up; SIEM; Penitration/Vulnerability & Remediation

Security Frameworks: NERC CIP; PCI; NIST; HIPAA; HighTrust; ITIL; ISO 27K; COBIT; CIS; FISMA & SOX

Programing Languages: Quick Basic; Unix Scritping; HTML

Applications: Microsoft Office; Word Perfect; Photoshop; Dreamweaver; Roxio Apps.; Symantec and McAfee Security Apps.; Veritas Netbackup;

PROFESSIONAL EXPERIENCE

Sr. PCI Audit, Risk Governance, Vulnerability and Remediation Consultant

Confidential

Responsibilities:

• Member of an Expert Staff of PCI Consultants, answering to the Vice President of IT Support, Providing Advice on Audit Governance, Support, Vulnerability and Remediation Management.
• Reviewed, analyzed, and presented management with clear and meaningful findings, assessment reports, work papers and presentations, for improvement of PCI Security posture.
• Lead meetings to deliver PCI DSS, vulnerability, remediation and status reports to business compliance leads and management
• Interfaced and worked with card brands, merchant banks, third party service providers such as data centers and call centers.
• Demonstrated ability to identify gaps relating to key IT security processes and implemented best IT practices.
• Collaborated with key business and IT leaders to develop security policies, standards, guidelines and procedures to ensure the confidentiality, integrity, and availability based on frameworks: COSO, NIST CIP,ISO 27001,ISMS,COBIT, OWASP, SANS, ITIL, 21 CFR part 11, FISMA.

Business Information Risk Manager (BIRM)

Confidential

Responsibilities:

• Planning, purchasing, design, implementation and functionality of security applications, policies and processes into the new company, Confidential .
• Oversee the data format & entry, implementation and required testing of BCP and DRP plans.
• Directed, managed, planed and administered the operational and administrative efforts associated with the information security risk governance and compliance programs in accordance to the corporate Security Policy, Global, Federal and Local Requirements.
• Acted on a consultative basis in the design and modeling of security within all client RFPs, contracts, and contractor agreements units pertaining to all matters of information security, governance, and compliance.
• Managed the large security, risk and compliance initiatives of SOX-404 IT, PCI DSS and HIPAA/HITECH, Privacy Act, and FTC including security policies, procedures and controls
• Delivered and assisted incident response, analysis, and reporting according to policies and procedures.

President and Founder

Confidential

Responsibilities:

• Designed, installed, configured and administered VMware V-Center Operation Center across entire IRS network and data center environment.
• Provisioned primary and secondary dashboards for departmental monitoring and reporting across the enterprise. Obtained US government security clearance and IRS system access for the duration of the project.
• Established operational and security monitoring and system reporting templates for real-time statistics and analysis of the virtual environment’s health and performance.

Lead Infrastructure Engineer-Security/Regulatory Compliance

Confidential, Valhalla, NY

Responsibilities:

• Streamlined validation processes for regulated IT infrastructure projects, standardized IS validation documentation procedures, improved installation verification and value of retained records for trouble analysis, provided solutions for CAR, CAPA and NCR issue resolution and project triage.
• Recognized for professional excellence with indefinite contract extension and global responsibilities, expanding to collaboration with peers in Fuji Japan and other international units.
• Managed J-SOX and FDA validation solutions, delivered FDA compliance, authored, executed and verified manuals, RFQs, Validation Master Plans, work instructions and other deliverables (UFRSs, IQs, OQs, PQs, Ops, UATs).
• Exceeding current SAP implementation project goals by 15%, currently projecting beating implementation deadlines for 24-month global project.
• Reduced IT hardware capital expenditures by $175,000, implemented virtualization strategies and repurposing of existing resources, delivered ongoing cost and time savings.
• Project Manager - validation, configuration and installation of Astea CRM/Service Reporting application, scope included VMware/MS SQL server, network environment and related considerations and requirements.
• Project Leader for SAP Infrastructure Installation Team, validated business and application hardware and designed requirements and produced outline for Installation Qualification process and documentation requirements.

IT Director/Senior Systems Engineer

Confidential, White Plains, NY

Responsibilities:

• IT Director and Senior Systems Administrator for $350 million medical supplier.
• Provided organization, mentoring and leadership for staff of six, supporting infrastructure, purchasing and helpdesk functions across 18 national sites.
• Managed $1.27M Cap Ex and $800K operational budgets,
• Provided operational and administrative support for multi-site sub-netted AD/LDAP and development environment,
• Implementing security procedures for outsourced, vendor and client access. Verified and corrected compliance with Sarbanes-Oxley (SOX); Payment Card Industry Data Security Standards (PCI DSS); Gram-Leach-Bliley Act (GLBA); Communication Assistance for Law Enforcement Act (CALEA); Electronic Records Management (ERM), establishing vital policies and procedures.
• Reduced monthly recurring costs (MRC) by $40,000 ($480,000 annually) for telecom, data services and equipment. Increased bandwidth by 25% and negotiated active/active failover redundancy in same project.
• Increased processing speed and productivity by 15% and reduced electricity charges by 11%, re-engineered and documented network infrastructure.
• Restructured AD/LDAP/Samba architecture and provided for controlled future IT growth.