We provide IT Staff Augmentation Services!

Security Consultant/project Management Resume

3.00/5 (Submit Your Rating)

Atlanta, GA

SUMMARY

  • Subject matter expert and representative on all issues related to enterprise information security program
  • Establish and maintain an organization - wide security management program to ensure that information assets, network perimeter and applications are adequately protected against malicious attacks
  • Ability to collaborate wif business units and vendors to implement practices that meet defined policies and standards for information technology during application development, network, changes, transformations and builds, and implementation of network devices
  • Process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partners, employees and business information in compliance wif the organization's information security policies
  • Oversees IT risk management and internal audit activities
  • Ability to perform risk assessments and analysis to identify areas of risks and developing information security measures and controls for mitigation
  • Develop corrective action plans to mitigate risks and audit gaps from conception through total implementation for state and federal regulatory laws (NIST, FIPS and HIPAA, HITRUST, SAMHSA, FISMA PCI and SOX)
  • Ability C-level executive leadership through oral and written reports and presentations identified risks and remediation requirements
  • Ability to plan, implement, manage and coordinate security measures and write policies for information systems to regulate access to computer data and prevent unauthorized modifications, destruction, or disclosure of information

PROFESSIONAL EXPERIENCE

Confidential Atlanta, GA

Security Consultant/Project Management

Responsibilities:

  • Responsible for creating and implementing the Authority-wide Security Strategic Plan and Governance Framework
  • Responsible for developing proactive actions plans and researching technology and resource requirements to increase the security posture of the Authority
  • Responsible for investigating current Authority technology for appropriateness and usefulness to determine if products need upgrading, expanding or sunsetting
  • Manage multiple projects wif broad scope, ambiguity, and high degree of difficulty
  • Manage project financials in partnership wif cross functional teams to meet budget goals
  • Take responsibility for tracking and measuring our performance and meeting key business metrics as they pertain to products and services
  • Partner closely wif cross functional teams to successfully address security issues that arise and bring new features/enhancements to market. Involves integrating efforts of product management, other organization units and vendors in development, implementation and maintenance of programs while ensuring programs adhere to compliance/privacy regulations and policies
  • Use quantitative and qualitative methods to analyze business situations in a strategic manner by ensuring tools are not single purpose and single use
  • Expert in demonstrating proficiency in a wide range of information IT security technologies, embedded security, and platforms
  • Maintain a working noledge of cybersecurity principals and elements
  • Establish business initiatives to ensure incident management processes and risk management processes and techniques are incorporated into business and technology functions

Confidential, Atlanta, GA

Security Architect

Responsibilities:

  • Responsible for the planning, creation and management of security architecture, components, policies and standards for all applicable platforms and environments
  • Built roadmap for acquiring, integrating, and implementing high-value technology and processes
  • Oversaw efforts (e.g. proof of concepts) to measure and prove new technology value
  • Ensured that all acquired or developed security systems and security architectures integrate wif enterprise security architecture
  • Drove technology direction on security principals and tenets such as confidentiality, integrity, availability, authentication and non-repudiation
  • Designed and ensure data architectures and compliant wif data classification standards
  • Documented reference architectures, patterns, templates, and roadmaps
  • Documented design specifications, installation instructions and other system security-related information
  • Performed security reviews, identify gaps in security architecture and develop security risk management plans including Cloud\SaaS Infrastructure and Business Applications architectures to address the unique security considerations of secure Cloud computing
  • Evaluated existing or emerging technologies to consider factors such as cost, security, compatibility and usability
  • Assisted in ongoing evaluation and management of major vendor relationships, outsourcing arrangements and alliance coordination

Confidential, Atlanta, GA

Senior Analyst Information Security Officer

Responsibilities:

  • Developed implements and enforces IT system security plans, policies, programs, projects and initiatives to ensure that information systems are maintained in a fully functional and secure mode according to NIST and FIPS guidelines
  • Developed and implements information security disaster recovery and business continuity plans
  • Responsible for the Security Awareness Training Program implementation, updates and compliance
  • Responsible for the creation security review program to ensure security product evaluations, vendor selection, technology implementation and upgrades to improve the security posture
  • Responsible for designing and implementing solutions to protect the confidentiality, integrity and availability of sensitive information
  • Responsible for advising and guiding a junior level Information Security Officers and Security Analyst to balance ongoing and upcoming projects through completion
  • Creation of audit program to ensure ongoing evaluation of critical systems, data governance, user access control and network security protection
  • Conduct testing and audit log reviews to evaluate the effectiveness of current security measures
  • Identifies, evaluates and reports on information security risks discovered during network monitoring in compliance wif regulatory requirements and alignment wif and in support of the risk posture of the enterprise
  • Use noledge of state and federal regulatory laws (NIST, FIPS and HIPAA, HITRUST, SAMHSA) and standards to safeguard sensitive information and remain compliant to all federal laws
  • Provide technical support in the areas of vulnerability assessment, risk assessment, network security, product evaluation, and security implementation in a large corporate enterprise

Confidential, Atlanta, GA

Senior Security Business Analyst

Responsibilities:

  • Performed technical leadership role in providing direction, tools, process support and incident handling to teams for various applications; SAP (WM, MM, HR), SAP IdM, BASIS, Active Directory, Hitachi Password Manager, AS400 and CA Technologies SiteMinder
  • Participated in the Architectural Review Team for privileges assigned to functional roles and elevated access roles for AD, Basis, Kronos, SAP and SharePoint
  • Determined access, software/tool and process flow needs of first, second and third level support teams in reference to security access request and provisioning
  • Reviewed, updated and created documentation for tools used by support level analyst and security requirements for SAP IdM role creation, access request, access review and HR permutation creation
  • Reviewed job title for appropriateness of assigned functional role, when appropriate, correct mapping of SAP HR (R/3) permutations to IdM roles
  • Role creation/maintenance and user provisioning/administration for SAP HR (R/3) and SAP IdM
  • SAP IdM user administration including user provisioning, reprovisioning, history views and submission of application access request

Confidentiall, Atlanta, GA

Senior Security Administrator

Responsibilities:

  • Provided security solutions through identification, investigation and resolution of security events and incidents detected by IDS / IPS real-time monitoring systems
  • Researched attempted efforts to compromise security protocol and recommends solutions using IBM ISS IDS/IPS Proventia Appliances and Site Protector, Bluecoat Web filtering ProxySG solution and Cisco AIP-SSM-10 Intrusion Prevention modules using Cisco Security Manager (PIX, ASA, IPS) and provide analysis and reporting for security events using Cisco MARS
  • Managed Cisco Access Control Server (TACACS), DLP/Antivirus/IPS via McAfee ePolicy Orchestrator (ePO), wireless network detection, sniffing and IDS via Kismet, and Unix and Windows OS changes via Tripwire
  • Managed RSA enVision SIEM for log correlation and incident response investigations and decode traffic flow at packet level traces (TCPDUMP, PCAPs, traffic generators) from various applications including Check Point Firewall, Juniper, Oracle, SQL, Unix, and AS400 logs
  • Used regulatory and audit mandates remediate compliance issues, track issues to completion to ensure environments meet PCI, FFIEC, SOX and corporate standards
  • Discovery, evidence gathering, and internal compliance checks for accounts, access, data stores, firewall rules, and log storage subject to PCI, FFIEC and SOX audits
  • Used noledge of TCP/IP, HTTP, FTP, cookies, authentication, virus scanning, web servers, SSL/encryption and reporting packages for security detection and prevention
  • Updated documents and created procedures for handling new threats discovered that require on-going evaluation and/or monitoring according to PCI, SOX audit compliance
  • Managed RSA enVision SIEM platform for application/device logging and report/alert creation and configuration
  • Configured REGEX expressions for policy exception processing
  • Configured DLP collection technology (Symantec, Code Green, McAfee) to finger print databases and files
  • Configured and manages DLP discovery and scanning

Confidential, Atlanta, GA

Security Analyst

Responsibilities:

  • Governed the architecture, design, and development of the Coke One Risk and Compliance and Access Controls wifin the security and controls area
  • Contributed critical noledge and deep subject matter expertise to the security designs of SAP security (ECC, HR, MDM)
  • Documented security procedures for Coke Cola Enterprise (CCE) and vendor applications according to SOX regulations and corporate policies
  • Created and terminated of all user accounts, administration of user and group permissions in RACF/ACF2, UNIX, BASIS, Windows Active Directory, SAP HR (R/3), Exchange 2007 and other proprietary systems
  • Performed configuration and testing of security solutions and related integration
  • Delivered noledge transfer to targeted teams to ensure the solutions are in compliance wif related CCE standards
  • Created documentation according to SOX audit guidelines for procedures on template creation, access approval, provisioning and access removal
  • Provided training for offshore employees on handling accounts that fall outside of SOX and CCE guidelines for access authority

Confidential, Tampa, FL

Security Analyst

Responsibilities:

  • Collaborated wif teams members that researched, tested and implemented new technology onto Confidential ’s network including P Synch Password Management, Exchange 2003, Geographical Information System (GIS)
  • Documented security procedures for Confidential and vendor applications according to Sarbanes Oxley (SOX), PCI, NERC/FERC regulations and corporate policies
  • Created new documentation, where applicable, for new implementations of software, for access right approval, provisioning, granting and removal according to NERC/FERC, PCI and SOX requirements
  • Discovery, evidence gathering, and internal compliance checks for accounts, access, data stores subject to NERC/FERC, PCI and SOX audits
  • Streamlined auditing process for accounts and access not in accordance wif policies auditable by NERC/FERC representatives
  • Designed SharePoint security through Active Directory group membership
  • Managed Windows Server Update Services (WSUS) for client/server patch management
  • Incident response/investigation of security incidents involving internal users wif various tools including Windows audit logs, McAfee ePO, Checkpoint firewalls and RSA enVision SIEM software
  • Managed Group Policies to centralize and automate the enforcement of access control to network resources
  • Administered user and group permissions in RACF/ACF2, Oracle 9 and 10, SQL Server 2000/2005, UNIX, Novell, Windows Active Directory, SAP HR (R/3), Sybase, GroupWise and Exchange 2007
  • Administered SAP HR/Payroll user and role authorizations using various transactions as required (PFCG, PA30, PO13, SU01, PPOME, HRPROFL0 etc.)
  • Provided training on NERC/FERC and SOX audit procedures and evidence gathering, provisioning, backups, emergency incident response, and incident ticket handling to new employees and contractors

Confidential, Tampa, FL

Technical Consultant

Responsibilities:

  • Managed a rotating team of 13 people on second and third shift
  • Configured, maintained and supported the following technologies in a large corporate environment: Outlook POP/SMTP and Exchange configuration, Lotus Notes 5.0/6.0/6.5, Mainframe (RACF, ACF2, DB2, TPX and UNIX), Solaris, Blackberry, Sametime, LCS, McAfee, Cisco Trust Agent, Symantec Client Security, MS Office, Extra Attaché Mate, Hummingbird, Reflections, Remedy, PcAnywhere, VNC, URC, NetMeeting
  • Implemented of new software onto Verizon’s Network including Lotus Notes/Exchange 2003/Single Sign On (SSO)/Secure Remote Software/SAP and laptop encryption software
  • Supported, configured and administration of remote access wif two factor authentication via certificates and synchronous tokens
  • LAN, TCP/IP, DNS, WINS, DHCP network connectivity troubleshooting and fundamentals
  • Managed accounts for SAP, PeopleSoft, Windows, UNIX, IDM, Novell, RACF/AFC2 and UNIX mainframes, SSO
  • Installed, setup and managed of encryption protection software for laptops

We'd love your feedback!