EDUCATION 

Master of Information Technology 
Internet Security

Bachelor of Business Administration 
Management

CERTIFICATIONS 

Certified Information Systems Security Professional (CISSP) 
Certified Information Privacy Professional (CIPP) 
Certified Information Privacy Professional in Information Technology (CIPP/IT)

WORK EXPERIENCE 

August 2010 – July 2011 Confidential. Pomona, CA
Director of Information Security Departure due to layoffs

• Created Information Security Program, Identity Theft Program and Risk Assessment Program.
• Managed and successfully completed SAS 70 Type II certification engagement.
• Managed and successfully completed PCI DSS SAQ D certification.
• Planned and managed two business continuity/disaster recovery tests at a designated disaster recovery secondary location.
• Performed client support services for questionnaires, RFPs and on-site visits.
• Created and executed a companywide Information Security Awareness Week.
• Created and presented PCI DSS and OWASP Top Ten training for business and IT departments.
• Analyzed and interpreted Federal & State laws in relation to various business activities.
• Dictated recommended application security and support for internal and external facing sites and products.
• Reviewed firewall settings, penetration testing results, RSA Envision alerts, and various other PCI DSS related activities.

November 2009 – August 2010 Confidential Costa Mesa, CA
Information Security Specialist, Expert
October 2008 – November 2009 Confidential Irvine, CA
Information Security Analyst, Senior

• Co-managed Agiliance GRC tool administration, application and implementation.
• Created Agiliance GRC training for global security team.
• Performed client support services for questionnaires, RFPs and on-site visits.
• Provided support for asset inventory collection.
• Provided support for Information Security policy review and creation.
• Assisted in activities around achieving PCI DSS 1.2 compliance
• Maintained quarterly Risk Register metrics.
• Created the Red Flags Identity Theft Prevention Program for Experian Consumer Direct and Experian Interactive Media.
• Designated as Information Security representative for Experian Interactive Media.
• Created and updated Minimum Baseline Standards and Hardening Guides.
• Developed training and internal communications about Information Security policies and procedures.
• Managed Information Security activities for multiple high profile projects.
• Assisted in completing Information Security vendor and client risk assessments.
• Lead for the Verizon SMP assessment engagement at Experian Interactive Media.
• Lead for performing EnCase forensic examinations and investigations.
• Performed Experian Interactive Media risk assessments and SWOT analysis.
• Monitored state and federal regulatory requirements in relation to security and internet operational activities.
• Maintained Information Security Incident Response Program.

December 2007 – April 2008 Confidential Los Angeles, CA
Vice President, Compliance Officer III

• Enforced HIPAA, GLBA, COPPA, AML, BSA, FCRA & SOX related regulatory requirements.
• Company representative for HIPAA, GLBA, SOX and Information Security Compliance.
• Managed and assisted in creating an Export Control Compliance Program.
• Responsible for all daily privacy related activities.
• Created and implemented enterprise-wide compliance training.
• Responsible for maintaining compliance with Intranet and Internet security of sites, portals and applications.
• Developed proprietary compliance violation database.
• Identified year-end projects and goals with Information Security for the compliance information security projects and programs.
• Assisted in constructing compliance monitoring and risk assessments.
• Analyzed and interpreted Federal & State laws in relation to various corporation activities.
• Dictated recommended application security and support for internal and external facing sites and products.

April 2007 – September 2007 Confidential Santa Ana, CA
Information Security Manager Departure due to layoffs

• Managed and created information security policy & procedure standards for creation enterprise-wide.
• Assisted in managing audit staff in Bangalore, India for information security / compliance audits.
• Enforced creation of policies, procedures, programs & processes consistent with corporate policy and ISO standards (27001 / 17799).
• Participated in SAS70 audits and managed preparation and execution of SAS70 requirements.
• Established and maintained enterprise risk management monitoring and processes.
• Supervised a compliance coach team of 25 employees and designed enterprise information security and business continuity strategies.
• Developed and managed approximately 30 business continuity and disaster recovery plans, both national and international.
• Oversaw the maintenance and execution of enterprise system architecture changes for network security and deployed infrastructure protocols consistent with Change Control and company processes.
• Managed and addressed client product and audit questionnaires and RFPs, covering data center, production, network and employee security.
• Worked with Oracle billing in establishing PCI DSS compliance.
• Dictated recommended application security and support for internal and external facing sites and products.
• Implemented data classification schema and assigned assurance levels to information assets.
• Helped implement programs to support the development of secure code to protect against code development practices that violate privacy.

April 2005 – March 2007 Confidential Orange, CA
Information Security Privacy AnalystDeparture due to layoffs

• Analyzed and interpreted Federal & State privacy laws in relation to the enterprise information and information systems.
• Co-organized & managed a privacy & information security launch team of 20 individuals enterprise-wide.
• Designed an enterprise privacy plan, including mission, objectives and strategies.
• Implemented privacy practices in the company, including collaboration with all the necessary divisions (e.g. Executive, Legal, ADS, Marketing, HR, OD, etc.).
• Created detailed policies for the company and coordinated with all the functional areas to manage enterprise-wide implementation consistent with COBIT.
• Assisted in creating CSIRT program and procedures.
• Acted as CSIRT incident response team lead coordinator and lead forensics investigator & examiner across the enterprise.
• Supervised incident response and forensics teams for investigations.
• Supervised approximately 25 Information Security & Privacy risk assessment team members across the enterprise.
• Enforced the privacy and SOX compliance process to all affiliated and non-affiliated third parties.
• Performed the 2005 and 2006 Information Security & Privacy risk assessments, and produced executive management reports.

September 2004 – April 2005 Confidential Cypress, CA Regulatory Affairs Ethics & Integrity Privacy & Security Project Manager

• Analyzed and interpreted Federal (HIPAA, SOX, GLBA, COPPA, & National Do-Not Call Registry) and State privacy laws.
• Created and designed enterprise-wide instructional / training materials for over 8,000 employees in relation to the HIPAA Security Rule.
• Managed all activities for HIPAA Security Rule within the organization.
• Acted as supervisory liaison between Regulatory Affairs and Information Security for compliance with privacy and security.
• Managed assessments for privacy and security with an enterprise-wide staff.
• Assisted in drafting and finalizing business associate agreements and security addendum.
• Created crosswalks and reports on market and regulatory preemptions on privacy, security, and mental health legislation.
• Performed privacy & security policy gap assessments.
• Assisted in drafting information security policies & procedures and enterprise-wide online guidance documents.

January 2002 – September 2004 Confidential. Irvine, CA
Peer Review Network Technical Writer Supervisory Lead/HIPAA Compliance Officer

• Supervisory liaison between upper management and the clients, vendors, and employees.
• Responsible for co-managing a 16-employee department providing workers’ compensation peer reviews for national insurance companies and self-insured / third-party insurers.
• Main contact for all clients and vendors for process improvement, Q&A, and peer review requests.
• Responsible for designing training and policies & procedures for the HIPAA Privacy Rule.
• Responsible for designing and implementing training and policies & procedures for Workers’ Compensation Peer Review Network Technical Writing.
• Assisted in training data entry, copy reviewers, and team leads within the Peer Review Network Department.
• Responsible for increasing work-flow and peer review profits for 2003 by almost 40%, with current 2004 numbers already rivaling previous years.
• Responsible in assisting in increasing the employee department size from 8 people during March 2004 to 32 people during June 2004.
• Positions also designated within the company include, the company’s HIPAA compliance officer and Peer Review IT Representative accredited with implementation of securing patient files, both electronically and in the form of in-house hard copies.