SUMMARY

• Results oriented with over 18 years of accomplishments in the IT profession, 12 yrs. predominantly in Information Security Policies, Procedures, Compliance, Network, and Application Support. An analytical and intuitive problem solver who has a strong sense of dedication driven towards accomplishing challenging goals with persistent commitment. Dependable team player: with excellent work ethic, creativity, organization, time management, written and oral communication and presentation

TECHNICAL SKILLS

Leadership skills.: Product Experience - HP ArcSight, HP Logger, HP Juniper IPS/IDS, Cisco Mars, Cisco ASA, IBM QRadar, IBM Proventia IPS/IDS, SecureView, Symantec DLP, RSA DLP, WAF- Imperva, IronPort, IronMail, Symantec Web Gateway, Qualys, Nessus, Microsoft Active Directory, NetIQ, RSAM, Microsoft Office, SharePoint, Lotus Notes, Blue Coat, Trustwave 8e6, Thawte SSL Certificates, McAfee EPO, HIPS, HIDS, EMR- Allscripts PM

PROFESSIONAL EXPERIENCE

Confidential, FL

Information Risk Analyst/Sr. Business Analyst

Responsibilities:

• Performs independent hands-on risk assessments to identify significant information security risks and oversee compliance with numerous regulatory and industry control requirements.
• Determines compliance with Bank Policies and Standards, financial laws and regulations such as GLBA, SOX and FACTA along with the FFIEC Information Technology Examination Handbooks.
• Identifies and communicates recommended/required security controls for business units. Documents and monitors the implementation of controls for technology and business project plans.
• Manages Information Security projects from beginning to end.
• Participates in business and vendor project meetings and provide guidance on appropriate security controls.
• Provides security consulting services to business units.
• Reviews vendor contracts for compliance with Bank security and availability requirements and recommend appropriate language as necessary.
• Maintains broad knowledge of best practices and trends in the field of Information Security.

Information Security Engineer

Confidential, FL

Responsibilities:

• Provided Professional Services Support for implementing a new RBAC/Identity Management Solution for Internal and External Customers specifically designed to their role and responsibilities within the company.
• Remediated vulnerabilities within Qualys to help close out Security gaps from implementing vulnerability scans. This was all geared towards Compliance with various audits needs.
• Create use cases based upon the client’s need, and leveraging out of the box rules to help customize a real snap shot view of real time attacks hitting their networks.
• Created documents that help customers work with cases to help remediate and reduce potential threats within their environment.
• Worked with Microsoft AD to help meet the goals and objectives of going to a more in-depth view pinpointing the end user back to the IDM solution.

Confidential

Information Security Analyst ll

Responsibilities:

• Responsible for remediating gaps identified by the third party vendor addressing invalid SSL Certs on the WAF. That would require working with LOB’s and Infrastructure to close these out.
• Responsible for working with a new vendor/migration for encryption of all assets to address DLP and PCI compliance.
• Responsible for provide admin support for Proxy URL support. Blocking and Unblocking URL’s that deemed business critical and monitoring violators of internet usage.
• Assist in the documentation of control narratives as well as IT policies and procedures.
• Responsible for initiating vulnerability scans for ports and also applications in the environment to reduce risk and exposure to unknown perpetrators.

Sr. Business Analyst

Confidential, GA

Responsibilities:

• Identified security gaps and mitigated risks as related to Symantec/ RSA DLP to ensure that previous audit findings were closed out before the target deadline date set by the third party vendor.
• Identify and assess the adequacy and effectiveness of IT controls related to SOX, PCI, HIPAA, GLBA and minimum IT security and control requirements.
• Identify control ownership and refine control attestation and review processes. Identify control gaps and improvement opportunities.
• Assist in the documentation of control narratives as well as IT policies and procedures.
• Assist in the design and preparation of metric and scorecard reporting on IT compliance and governance.
• Responsible for creating a Change Ticket weekly making sure that all the testing and validations are completed and submitted before the initial deadline for the change to be completed. Implement the change within the change window and provide a status update after the change was completed.

Confidential

Information Security Analyst II

Responsibilities:

• Conduct in-depth analysis based on Unified Threat Management (UTM) {SEIM, Symantec DLP, IDS (NIDS & HIDS), Gateway AV & Anti-Spam, VPN}, alert trends and correlated event data (Anomaly detection, System alerts, Malwares and Advance Persistent Threats (APT))
• Responsible for the strategy, design, implementation and day-to-day operation of WAF and PCI compliance tools
• Identify configuration changes needed for SIEM, Symantec DLP, Coordinating all activities for remediation
• Perform IT risk assessments and communicates all known security risks associated with any and all systems, processes used by the company (High Valued Asset system, PCI Scope system and Web Facing Application - ITIL Framework)
• Assist with the annual PCI assessment to include vulnerability assessment Penetration Testing quarterly (Audit of FW change management )
• Provides input to corporate plans, procedures, policies and standards for the acquiring, implementing, and operating of new security systems, equipment, software and other technologies
• Create weekly Change tickets for the Security group to ensure that patches, updates, equipment were implemented during the change window for Network Security and Vendor Access.
• Identify security incidents, provide supporting information to clients, and support the client through containment and remediation
• Differentiate valid alerts from false positive, tune the UTM Tools configurations, update device policy establish filters and install updates
• Interact/Interface with other stakeholders including vendors, application development and technical support staff

Confidential Dunwoody, GA

Business Analyst II-Contractor

Responsibilities:

• Formulate and define system scope and objectives using knowledge of information technology and industry knowledge/requirements using industry best practices and methodology.
• Act as a liaison between client and technical solutions/support groups, using strong communication skills to elicit, document, analyze and validate business processes, systems, and solution requirements.
• Support and conduct visualization, user experience and configuration elements of solution design.
• Document requirements specifications using high-maturity methods, processes and tools.
• Support requirements management and change management processes.
• Support aspects of the business cycle, including proposals, feasibility studies, and implementations.

Confidential Marietta, GA

Web/Security Administrator- Contractor

Responsibilities:

• Created a MS Office SharePoint Portal for the Web Group Administration Team which allowed employees the ability to view vital information communicated throughout the company and team
• Assisted users with MTD and YTD reports using Micro Strategy 8 forecasting and volume reporting for Coke Products.
• Maintained and posted updated materials to the Coke Portal for external clients.
• Managed user accounts for LDAP, Window Server, NW Admin, and other controls used throughout the Coca-Cola footprint.

Confidential, GA

Information Security Analyst ll- ETRM

Responsibilities:

• Project lead for encrypting all laptops and desktops for the SunTrust footprint across the South East Region to meet SOX compliance using Big Fix.
• Worked closely with the Service Desk and Baseline Support to ensure that BU’s had the right items needed to help ensure that Change Tickets matched with the correct Configuration Item, Assets Item, Attributes, and Applications.
• Represented ETRM weekly for ECAB-Enterprise Change Advisory Board for changes that were needed by Business Units to update and implement software and hardware changes to improve processes as a business need.
• Conducted technical risk evaluation of hardware, software, and installed systems and networks.
• Assisted with testing of installed systems to ensure protection strategies are properly implemented and working as intended.
• Assisted in incident response and recommend corrective actions. Communicated with personnel about potential threats to the work environment by creating Daily Threat Reports for SunTrust Bank and its subsidiaries for the latest Viruses, Worms, Trojans, Patches, and Vulnerabilities.
• Used McAfee EPO to run reports on assets that posed a risk in the environment that may cause a threat to the Network environment and remediated those assets.