Experienced information security specialist and IT auditor with SECRET security clearance. Monitored network activity, investigated security events, and performed vulnerability assessments. Informed, trained, and sensitized associates on information security and data privacy requirements and performed audits to ensure compliance in related areas. Responsibilities included partnering with users and senior management to determine business needs and deliver business solutions. Excellent project management experience in ensuring corporate initiatives and projects are completed within required timeframes. Proficient in Spanish and German languages.
- Hardware Platforms - Large mainframe, mid-range, and client server platforms
- Operating Systems - Windows, Linux/Unix, OS/400, MVS, TSO/ISPF, JCL, Novell NetWare, and VMware vSphere
- Applications - Microsoft Word, Access, Excel, and PowerPoint Visio 4.0, mainframe and client
- server application systems
- IT Audit Tools - ACL and Easytrieve Plus programming languages
- IT Audit Areas - Departments, Application Control, Change Management, Client Server Technology, Data Center,
- Data Security, LAN Security, Network Security, System Software, System Development Life Cycle, Business Recovery/Contingency Planning, SAP, SAS70, and Sarbanes-Oxley
- Security - ACF2, Top Secret, Cobit, BS 7799, ITSEC, Secude, OSI, TCP/IP, FTP, Telnet, HTTPS, SSH, IPSec, SSL, IDS, IPS, VPN, S/MIME, PIX and ASA firewalls, 802.11 wireless, and SECRET
Information Security Manager
- Led the Information Technology Department in the annual testing of the organization's Disaster Recovery Plan.
- Served as the primary contact for all information technology audit-related activities with Internal Audit and external auditors, KPMG and EY.
- Monitored compliance with the organization's information security IS policies and procedures among employees, contractors, and third parties and developed other IS policies and procedures related to business applications reviews.
IA Network Architect
- As a member of the Phase II Architecture Team, participated in migrating the United States Military Entrance Processing Command's USMEPCOM enterprise application to a new consolidated, centralized and virtualized platform.
- Considered NIST 800-36 and government standards and regulations in developing criteria for selecting IT scanning tools to replace end-of-life systems.
- Served on committee to ensure USMEPCOM's disaster recovery operations were developed in compliance with the agency's Continuity of Operations COOP plan for the proposed infrastructure.
Principal Analyst Information Security
- Monitored network activity, investigated security events, and performed vulnerability assessments utilizing IDS/IPS and scanning tools within the Department of Veterans Affairs Network Security Operations Center.
- Summarized findings in reports to management, including events' history, status, and potential impact.
Senior Business and Management Analyst
- Assisted the Federal Aviation Administration with developing SOPs and identifying process improvements to satisfy requirements for ISO 9001 Quality Management Systems certification.
Senior Computer Security Systems Specialist
- Obtained the SECRET security clearance.
- Contributed to the initial phase of the Federal Aviation Administration's Information Security Systems certification accreditation C A process using FIPS and NIST 800-series standards for FISMA compliance.
IT Governance Risk and Compliance Specialist 2009-2010
- Performed extensive work updating the Bank's Business Continuity Plan and analyzing the Plan's compliance with FHFA and FFIEC regulations.
- Assisted with the review of software licensing for applications used by the Bank to identify process improvement and expense reduction measures.
- Pursued formal training toward the CCNA and CCSP certifications obtained knowledge and skills required to install, configure, operate, and troubleshoot networks and secure and manage VPNs, firewalls, and intrusion prevention systems.
- Attended seminars and performed research on data privacy, SOX, auditing databases, PCI DSS, IT project management, e-commerce/e-business, Open Web Application Security Project OWASP , code review, XSS, HIPAA, Gramm Leach Bliley, NIST, SANS, ISO 27001.