SUMMARY:

• Versatile, technology - oriented, 5C government cleared, Information Security Director with overall 19 years’ experience in leading IT Security programs.
• Special expertise in successfully navigating and maintaining Payment Card Industry (PCI), Federal Information Security Management Act (FISMA - NIST 800-53 Moderate), SSAE 16 SOC 1 and 2 Type 1 and 2, ISO 27001, Federal Risk and Authorization Management Program (FedRAMP) and Sarbanes-Oxley (SOX) compliance.
• Recognized for strong interpersonal skills and communication used for building consensus with supervisors and direct reports alike.

TECHNICAL SKILLS:

• PCI
• FISMA
• FedRAMP
• SSAE 16
• SOC 1 and 2 Type 1 and 2
• ISO 27001
• SOX
• Risk Assessment Program Management
• Security Program Management (Logical and Physical Security)
• Establishing a 24/7 Security Operations Center (SOC)
• Revamping and Documenting Policies
• SOP’s
• Standards and Guidelines
• Disaster Recovery/Business Continuity Planning
• Incident Response Program Management
• Project Management
• Role Based Access Control (RBAC)
• SIEM (QRadar)
• IDS/IPS (IBM
• Cisco)
• 3rd Party Vendor Oversight Management
• RFI’s/RFP’s
• HIPAA Compliance Auditing
• Computer Forensics
• Verint
• Aspect
• LiveVox
• Citrix
• RSA
• VPN
• AirTight Wireless Monitoring
• IronPort Data Loss Prevention (DLP)
• Varonis DLP
• Xenprise Mobile
• Microsoft PowerShell
• PeopleSoft HRMS
• PeopleSoft Financials
• Symantec PGP Encryption
• VigilEnt Policy Center
• Passlogix (and Oracle branded) V-Go Single Sign-On (SSO)
• Self-Service Password Reset (SSPR)
• Provisioning Manager (PM)
• Authentication Manager (AM)
• Session Manager (SM)
• Universal Authentication Manager (UAM)
• Shared Accounts Manager (SAM)
• Credential Manager (CM) and SSO On-Demand (ODE)
• Microsoft Active Directory (AD)
• Microsoft Active Directory Application Mode (ADAM)
• IBM Tivoli Identity Manager (TIM) and Access Manager (TAM)
• Bind View
• Symantec Enterprise Security Manager (ESM)
• Symantec Security Information Manager (SSIM)
• Microsoft Exchange
• Microsoft SharePoint
• Microsoft Windows Server(s)
• Microsoft SQL Server
• Microsoft Internet Information Services (IIS)
• Mailsweeper Certified Administrator
• SAP
• Console One (NetWare
• E-directory)
• Net IQ
• ISS
• Cognos ReportNet
• Remedy
• Lotus Notes
• Websense
• Scan Safe
• Blue Coat
• Encase Enterprise
• Webtrends with Netcache and Smart Filter (monitoring Internet activity and creating subsequent reports)
• McAfee Antivirus
• Sophos Antivirus (virus scanning on Server level)
• Siteminder SSO
• Microsoft Baseline Security Analyzer
• Livelink Administrator (repository for data)
• Sniffer and Wildpackets (LAN and wireless packet sniffers)
• Verisign Onsite Administrator (for both SSL and Messaging) and Security Administration (Windows
• UNIX
• AS/400
• Oracle
• Telnet
• Novell utilizing Console One
• SMS
• DPR
• Yantra and TMS).

PROFESSIONAL EXPERIENCE:

Confidential, Houston, TX

Director, Information Systems Security Officer

Responsibilities:

• Managed the Cloud Security Program related to FedRAMP (Moderate) compliance.
• As a part of this endeavor, developed into the principal point of contact for information assurance activities at the IT system level, thereby centralizing communications.
• Responsible for ensuring that management, operational and technical controls for securing National Security Systems are in place and are followed to ensure and maintain FedRAMP compliance.
• Established a 24/7 SOC to monitor infrastructure and report on potentials breaches. Created an escalation protocol as part of the overall Incident Response Plan and a requirement for regulatory compliance.
• Developed and implemented documentation outlining system operating environment, to include the overall mission, floor layout, hardware configuration, software, type of information processed, user organizations and security clearances, operating mode, interconnections to other systems/networks of users, their security personnel and associated responsibilities.
• Fostered the development and maintenance of the overall system security document, the Information System Security Plan, which contains all necessary security procedures, instructions, operating plans, and guidance.
• Participated in the development or revision of system-specific security safeguards and local operating procedures that are based on FedRAMP regulations.
• Provided IT security consulting to system owners, including security incident reports, equipment/software inventories, operating instructions, technical vulnerability reports, and contingency plans.
• Worked closely with Certifiers to navigate the Certification & Accreditation process and produce all appropriate accreditation documentation.
• Mapped FedRAMP Moderate controls to ISO 27001 controls to ensure efficiency during parallel audits of the same Cloud infrastructure.
• As part of the ISO 27001 endeavor, specified the requirements for establishing, implementing, maintaining and continually improving the Cloud-based Information Security management system and ensuring annual compliance.

Confidential, Houston, TX

Director, Confidential

Responsibilities:

• Managed the Information Technology Security Program. This included developing, implementing, and maintaining proper security controls on all company computing systems in order to centrally manage physical access, logical access, educate users of roles and individual responsibilities and minimize the possibility of security breaches.
• As the CISO, led the company in PCI, FISMA and SSAE 16 audits to maintain regulatory compliance, client requirements, all the while increasing the security posture of the infrastructure.
• Performed assessment of risks, implementing security and changing the culture of the institution through training and education, coordinating closely with the various other IT teams on security issues, compliance and preparing and enforcing policies.
• Participated in the development, documentation, communication, testing, and periodic review and revision of Business Continuity and Disaster Recovery Plans.
• Oversaw the development of an ongoing education program regarding Information Security including the nature of and rationale for new policies as they are developed.
• Developed and followed an audit plan for assessing security risks in the company and for identifying solutions to mitigate or eliminate such risks.
• Matured the security architecture for the Information Security Team, including hardware and software components, definition of the network connectivity and a catalog of Information Security resources and assets.
• Maintained and maximized all budgetary aspects of the security program including expenditures, annual balance sheets, forecasts, staffing, training, new technology and carryover appropriations.

Manager

Confidential

Responsibilities:

• Worked closely with system, network, physical and PC managers in securing company data and other confidential information.
• Served as a project manager and project oversight for Information Security related projects.
• Assessed the organization’s security measures, such as firewalls, anti-virus software and passwords, to identify any weak points that might make information systems vulnerable to attack.
• Set up procedures and automated processes to monitor the status of computers and networks.
• Managed security team direct reports and ensure they are appropriately trained in latest security measures and best practices, ultimately to benefit the security posture of the entire organization.

Confidential, Houston, TX

Consulting Technical Manager - Confidential Services Manager

Responsibilities:

• Managed global team (Americas and Asia Pacific) responsible for providing Confidential Services to Passlogix customers. These tasks include hiring, assigning duties, training and evaluating employees. Additionally responsible for managing the resources that the service team had access to. Overall, ultimately responsible for efficiency, productivity and profitability of Confidential Services team.
• Coordinated scoping calls, quotes for services, creating Statement of Works, Master Software License Agreements and Confidential Services Agreements with customers, thereby ensuring that expectations for service engagements were properly set.
• Maintained and trained Confidential Services partners globally and utilized partners for engagements when internal resources were unavailable, thus ensuring that customer’s needs for service deadlines were met.
• Served as escalation point for all matters related to Confidential Services.

Technical Program Manager

Responsibilities:

• Managed project delivery per Passlogix implementation methodology. Globally managed project deliverables including project risks, issues, contingencies, communications, project schedules, project financials and change management plans to confirm project success.
• Defined and documented processes and procedures for the Confidential Services team, in order to maintain a standard methodology. Prior to my arrival, processes and procedures were mostly non-existent with no standard, repeatable methodology, when delivering services to clients.
• Developed and maintained detailed project plans and resource requirements for assigned projects to ensure project tasks, activities and milestones were met in a judicious manner. Performed all standard status reporting and communications, both internally and externally to guarantee issues addressed and timeline adhered to accordingly.
• Coordinated and performed project assessments (Business Needs Assessment) to define project scope and deliverables.
• Managed seamless transition of client from Sales to Confidential Services to Support, ensuring customer satisfaction and project sign-off.

Confidential

Services Engineer

Responsibilities:

• Led successful implementation of Passlogix solutions including SSO, SSPR, PM, AM, SM, CM, SAM and ODE to clients globally.
• Consulted and advised customers as to the capabilities of Passlogix products, based on knowledge of business operations of the client's industry.
• Demonstrated knowledge of consulting methods, tools and techniques to ensure that expertise was maximized.

Confidential, Houston, TX

Principal Security Consultant

Responsibilities:

• Implemented software (ESM) on multiple operating systems to automate audits for HIPAA, SOX and GLBA compliance.
• Assisted the Privacy Office and Audit groups in remediation of systems as a result of HIPAA, SOX and GLBA reports.
• Implemented software (SSIM) which provided the foundation for enabling a comprehensive incident response program by helping the client identify, prioritize, respond to and review incidents and threats in their environment.
• Crafted and implemented effective incident response plans and formed multiple Computer Security Incident Response Teams (CSIRT) for clients ensuring that the tools, procedures and processes were in place to respond to security threats.
• Performed risk/network assessments by reviewing client network technical requirements including technical specifications, high-level design documents and technologies in use. Additionally, identified network's business requirements with designated client business and technical representatives to identify the business drivers, service capabilities and specific areas with security concerns.
• Provided documentation and best business practice recommendations based on risk/network assessments. Documentation included “Best Practices” Implementation Guide and Daily Operations Guide outlining the day-to-day responsibilities of various IT groups, Roles and Responsibilities and Separation of Duties document(s) and architecture designs.
• Responsible for developing accurate statements of works, proposals and budgets along with maintaining project plan for duration of project. Identified potential delays, milestones, tasks and escalation protocol for the length of the project.
• Facilitated technical discussions with business and technical staff to ensure effective technical solutions that positively impacted service delivery.

Confidential, Houston, TX

Information Security Analyst

Responsibilities:

• Assisted the corporation and its supporting operating companies with assessing, reporting, mitigating, overtesting and monitoring the IT controls associated with the financial accreditation for SOX compliance.
• Developed methodologies and procedures for monitoring, reporting, tracking and over testing of IT controls. For SOX 404: Track and report progress of reporting companies; Initiate status meetings to monitor progress of document completion and clarification of expectations; Develop procedures for companies to submit deliverables; Develop methodology and procedures for over testing application controls; Develop evergreen cycle for ongoing compliance monitoring; Create pass/fail findings reports based on reporting locations and over test results; Develop documentation for remaining compliance.
• Performed periodic operating system and application security assessments and tracking resolution of findings and preparing reports.
• Monitored computing resources for evidence of compromise and reporting security incidents. Analyzed compromised computing resources of routine to moderate complexity to assist in improving security design, policy compliance, and to understand and document new threat profiles.
• Created solutions and alternatives that support the business needs while ensuring the safekeeping of proprietary, customer, and employee data. Building consensus across interests/key parties regarding solutions and controls to mitigate the identified risk of a project.
• Evaluated security strengths and weaknesses of new network and system security technologies.
• Maintained awareness of security threats and common attacks and providing regular communication and awareness to the business and IT groups.
• Provided input in the development of Confidential policies, standards, and guidelines. Subsequently monitoring and enforcing compliance with security policies, standards and guidelines.

Confidential, Houston, TX

Senior Technical Analyst - Team Lead

Responsibilities:

• Performed audits on all IT systems on the network, including but not limited to NT, Novell, UNIX and Mainframe ensuring compliance of security standards and policies.
• Drafted security standards and policies for merger of IT departments of Confidential and Confidential .
• Provided assistance to IT project teams in the establishment of security requirements for applications and the design and acquisition of security components.
• Monitored for the occurrence of security incidents using logs and other sources. Investigate and report on incidents detected.
• Developed and maintained security awareness on the part of IT functional units and other business units. Work closely to provide advice, education and assistance in developing and implementing their security policies and procedures.
• Protect logical security associated with all systems and platforms, including applications, networks, LAN's, workstations, mid ranges, and Mainframes. Validate ownership of resources, the documentation of changes and appropriate approval for all requests processed.
• Coordinated the installation and acceptance testing of upgrades and/or changes to security systems.
• Monitored the various operating system environments and their security systems, their use, exits and options.
• Created RBAC by consolidating user accounts via organizational roles, thereby limiting access to unneeded resources. Effectively increased efficiency by decreasing superfluous provisioning and deprovisioning security administration time by 50%.

Confidential, Houston, TX

System Security Analyst

Responsibilities:

• Assisted in development of Access Management department, ensuring we meet SLA while maintaining high customer satisfaction.
• Performed and fulfilled security administration requests of services/applications including, but not limited to, NT (W2K), Microsoft Exchange, file shares, UNIX, SAP and VMS.
• Monitored for IT Security breaches and following up with appropriate action as needed.
• Completed requests via Remedy, seeking appropriate approvals of resources, roles and privileges prior to granting or modifying access.
• Utilized ADUC, User Manager for Domains, Courion Identity Manager, Telnet and Powerterm to perform administration duties.