CAREER SUMMARY:

• IT Security professional with many years of experience in strong problem solving and program execution skills in security technologies - security architecture, data privacy, risk mgmt., operational risk, audit, laws & regulations, governance and compliance to secure and safeguard corporate data & Information systems.
• Strong track record of partnering with various corporate business units, IT, HR, Legal, Sr. management and third parties to identify and resolve risks.
• Streamline IT operations, IAM, on/off boarding of accounts, enhance security, build better security culture and improve overall productivity.
• Evaluate security posture; enhance security policies and procedures; execute new security technologies; update and maintain infrastructure to ensure security
• Develop IT security/privacy strategies to ensure that the infrastructure meets existing and future requirements based on corporate needs, cyber threats and laws, regulations, governance and compliance - IT GRC
• Drive and participate in RFI/RFQ proposals, research, select security products and services.
• Work with business units to develop an effective business risk control program.

CORE COMPETENCIES:

CIA - Security/Privacy: Discover and identify gaps in the security policies and use of best industry practices; develop/update/enhance outdated policies; align polices with that of firms strategic and tactical goals. Perform internal assessments on procedures and controls, identify gaps, conduct pen tests, propose security solutions and develop a project in support of overall security program.

IT GRC: Governance, PII Risk & Compliance - RSA Archer eGRC, LockPath Keylight.

IAM: Identity and Access Management - On-boarding/Off-boarding of IDs, SSO, ISO 27001/2, ISO 27005, ISO 9001, NIST, FISMA/NISPOM

IT Audits: Attestation & Certification -- ISO 27001, SSAE16, SAS70, PII

Cyber Security: Incident Management, Risk Management and risk Mitigation

Laws & Regulations: PCI, HITRUST, ITIL, COBIT, FFIEC, GLBA, EU Privacy

SOX: Application Security, Change management, Segregation of Duties

BCP/DR: Business Continuity Plan Management and Disaster Recovery, LDRPS

PMI: Project Plan & Management, Scope, work breakdowns, Technical Writing, RFI/RFQ, Manage Pen Test/Ethical hacking, Analyze results and mitigate resolutions, Work with sr. management presentations, receive inputs to get their buy-ins

SOFTWARE/HARDWARE/STANDARDS/TOOLS:

Windows XP, 7, 8; UNIX, SunOS, Solaris, AIX, HP - UX

LAN/WAN, Intranets/Internets/Extranets/VPN, Client/Server/Cloud

Cisco, Checkpoint/Nokia, AA, IAM, Active Directory, On/Off boarding

RSA/McAfee DLP; McAfee Virus scan, Pen-Test/Ethical Hacking, AML

SOX, GLBA, FFIEC, BCP/DR, ISO 27001/2, NIST, HIPAA, PCI, NISPOM/FISMA

EMC- Archer eGRC 5, SharePoint, Remedy, etc.

PROFESSIONAL EXPERIENCE:

Confidential

IT Security Director/Sr. Consultant

Responsibilities:

• Managed and supported ISO 27001 Attestation programs for 200 + client facing applications using Archer eGRC 5 platform to manage risk and compliance in support of confidential, sensitive and PII Data
• Worked with various sr. level managers in support of user access - IAM verifications.
• Coordinated and conducted meetings with sr. management to get their buy-back
• Managed and executed Information Security Programs: IT Security, administration, architecture, risk management, pen test, documentation, training and attestation.
• Managed security projects: defined scope, identified risk factors, documented, tested, implemented monitoring of systems and maintained for performance
• Developed RFI/RFQ for ethical hacking (Pen Test), tests out sourced to third parties; managed ethical hacking processes, presented findings to sr. management; identified risks, mitigated risks; and enhanced overall IT security posture and compliance
• Developed security policies and procedures in support of HIPAA/HITECH
• Evaluated, recommended and implemented Practice Management Billing system and EMR/EHR system for physician’s office via cloud - software and storage as a service.
• Trained staff with safe keeping of data records and HIPAA compliance
• Developed BCP/DR program for backup and recovery of mission critical data
• Assisted in the research and recommendation of a secure system for email: - content filtering and classification of data for outgoing emails - to meet ITAR and EAR compliance guidelines.
• Managed Information Security Programs: IT Security, administration, architecture, risk management, documentation and training.
• Developed and enhanced security/privacy policies and procedures, conducted security awareness training for staff.

Confidential, New York, NY

First Vice President / Chief Information Security Officer

Responsibilities:

• Managed, administered and maintained ongoing security projects and instituted appropriate governance for the security functions. Developed, implemented, enforced policies, guidelines and procedures in support of security, data privacy, risk reduction and compliance.
• Evaluated existing security architecture and modified to safeguard security and privacy of data.
• Implemented security policies, standards and procedures. Reviewed existing policies in support of laws and regulations, revamped and developed and instituted new policies.
• Managed IT risk and compliance issues: PCI DSS, GLBA, BSA/AML, CIP, OFAC, SAR, etc.; fraud solution programs. Managed and administered mission critical applications for Foreign Exchange and coordinated security architecture
• Reviewed and resolved audit findings - MOU from FDIC/NY State Banking, in support of risk mitigation and IT Security / privacy compliance.
• Managed, tracked and resolved remediation projects under IT Security, Ethical hacking, BCP/DR, Application Administration, and Incident management.
• Worked with internal and external auditors in support of risk and compliance
• Reviewed pre-audit findings from Internal auditors and mitigated issues
• Managed BCM/DR plans and processes with LDRPS; and conducted annual DR tests and manual reviews with status reports to auditors and to sr. management. DR test process consisted of people, processes, services, networks and technologies required to support the advancement of the overall bank security infrastructure based on BIA
• Led key IT projects, streamlined information security initiatives. Chaired Incident Management Control meetings: evaluated and managed security requirements
• Led incident identification, management and mitigation of security events; gathered internal and external intelligence; coordinated the incident response with technical support groups - SOC/NOC, businesses units, risk management, HR, legal and IT
• Chaired IT Security Operational Team meetings to address enterprise wide risk management issues and concerns.
• Managed the maintenance, evaluation and testing of bank’s IT infrastructure. Developed and executed RFI/FRQ for ethical hacking. Coordinated annual vulnerability assessment and pen-test to enhance overall security posture. Managed implementation of the Pen-Test recommendations with status reports to senior management.
• Managed and coordinated departmental budget; managed third party sourced projects, staff and vendors. Hired, managed and trained staff; conducted technical training; supervised and performed staff evaluations
• Implemented and administered reduced sign-on for mission critical applications using AD, with Password Reset to enhance overall Identity and Access Management (IAM) with ease of on/off boarding of end-users.

Confidential

Sr. IT Security Consultant

Responsibilities:

• Conducted Security audits. Managed enterprise-wide risk assessment and implemented adequacy of controls in support of client’s SOX initiatives
• Worked with internal and external auditors in support of IT infrastructure security along with governance, risk reduction and compliance
• Coordinated and managed IT security projects and implemented training and documentations across the IT infrastructure
• Managed and administered periodic BCP/DR tests to ensure mandated DR plans are in place and ready in the event of DR situation
• Managed security Authentication and Authorization for on-boarding and off-boarding of end-user accounts and network accounts
• Managed security incidents and developed anti-piracy (AP) and content protection (CP) polices and guidelines.
• Coordinated and conducted Ethical hacking/Pen-Test.
• Chaired incident management team meetings to analyze post-incident events and to develop security controls to mitigate identified risks

Confidential, New York, NY

Vice President / Information Security Officer

Responsibilities:

• Managed implementation of an ongoing security process and instituted required security tools.
• Developed, implemented and enforced policies, guidelines and procedures in support of IT security, data privacy and risk mitigation
• Managed Securify /Ektasis and managed IT Security Operations and applications administration for IAM, AAA, AML, BSA and FX transactions
• Managed security architecture, trained dept. staff on security tools and procedures; and end-users on security awareness; managed budgets and security operations.
• Evaluated products/vendors, sourcing, selected and managed - Proposals: RFIs/RFQs for ethical hacking. Managed ethical hacking and mitigated inherent IT risks.
• Developed/enhanced security policies and procedures, conducted security awareness sessions and trained users
• Tested and implemented reduced sign-on via AD for various WIN applications

Confidential

IT Security Consultant

Responsibilities:

• Various IT Security, Risk management, IT Policy, Risk, and Audit Assignments
• Managed IT security audits: ISO 17799/27001 and 27002, SOX, HIPAA, FFIEC, GLBA, BCP/DR. Documented some of the security processes
• Interfaced with internal/external audit teams on security posture; and gave presentations to sr. management.
• Assisted clients on SOX testing, risk mitigation, documentation and re-certification of ongoing SOX efforts
• Developed BCP program, established BCP/DR processes and tests for various business units and departments based on BIA, and RTO.

Confidential, Bethpage, NY

Senior Data Security Analyst/Project Manager

Responsibilities:

• Analyzed security requirements for infrastructure, developed and implemented security and privacy policies in support of administration, technology, physical access controls, and data security requirements for various departments: BUs, HR, eMedia, Legal, Compliance, NOC, SOC, Engineering, Optimum iO / DSTB products.
• Coordinated and managed distribution of SSL certificates; installed and configured SSL Certificates for servers
• Managed IT security projects; selected, coordinated and managed consultants & vendors and managed dept. budgets for Optimum IO products and services.

Confidential, Islandia, NY

Information Security Manager

Responsibilities:

• Developed security architecture in support of tools for tracking DMZ events
• Developed, enhanced, maintained, and implemented Data Privacy and IT Security Programs to minimize risk factors. Performed tests and evaluations on security products and services. Assisted and Participated in BCP/DR processes and tests
• Tested, verified and implemented CA’s e-Trust SSO to ensure login interoperability between Legacy systems and various windows platforms via AD and SunOS.