- Strong leadership, communication, analytical and large project management skills.
- Extensive experience in enterprise information security infrastructure, cyber security threats, identity and access management, infrastructure strategic planning and implementation, security compliance, GRC tools, policy management, security policy gap analysis, network security risk assessments, security attack pathology, electronic crime laws, information security regulations and privacy laws, penetration test plan development and execution within large organizations, analytics, Advanced Persistent threats (APT) and breach readiness, incident response and discovery, SOC/CERT operations, security and technology solution design, roadmaps and implementation.
- Extensive international experience and possessing a sustained record of success with several leading global multinational companies. Held substantial roles in managing and formulating security policies and procedures and creating strategic plans, has proven success in implementing information security systems management
- Strong ability to teach and mentor with extensive experience in business case justification and approaches while maintaining business owners and key executives relationship and ability to communicate technical information to non - technical audience.
- Key role participant in national and international information security groups such as I-4, IETF, IEEE, CSI, ISACA, SANS and others with global network within the information security community.
- Extensive experience in risk management, cyber security, network security, RFP process and vendor management, Data Security, APT, CERT operation, security solutions design, network assessments, privacy laws and regulations compliance and audits such as SEC regulatory requirement, OCIE, PCI-DSS, HIPAA, HITECH, JSOX, GLBA, ISO/IEC 27001 and NIST.
- Threat readiness and Incident response management programs, security programs development and implementation within common frameworks such as COBIT, ISO and NIST, security vulnerabilities, attack pathology and defense methodologies. Operational security management including monitoring and filtering, DLP, firewalls, application security, proxy servers and tools such as Netflow, network security assessments approaches, methodologies, tools and audit response and vulnerabilities mitigation.
- Extensive experience with computer and network analysis tools including log file analysis, and packet analysis. Endpoint security and integration with DLP, infrastructure security, firewall systems, computer and network forensics, application security, SDLC concepts and threat modeling.
- Design, implementation and management of information Security best practices and tools.
Confidential, Tampa, FL
- Manage and lead various information security and risk contracting engagements including PCI-DSS Gap & Security assessments, ISO 27001, OCIE and security infrastructure assessments and controls design and implementations.
- Manage IBM’s client’s relationships internally and externally focusing on risk management, IAM, PCI-DSS network security, cyber security, DLP, and privacy.
- Led a team of security professionals advising clients on risk management, IAM solutions, network security designs, improvement and providing enhancements to security processes, services and policies.
- Participate in contract reviews and negotiations with fortune 1000 and 500 clients.
- Provide technical expertise and support to security solution design, delivery and the implementation of appropriate information security controls, processes and products.
- Managed client delivery teams and projects deliverables.
- Led engagements focused on risk management, network security, incident response and organizational impact and compliance requirements.
- Presented deliverables and recommendations to client’s business units and executives to help project sponsors obtain support and business unit’s buy-in.
Confidential, Clearwater, FL
Chief Information Security officer
- Established the Information security function. This included and not limited to; budgeting, defining strategy, short and long term projects, capacity planning, and setting roles & responsibilities.
- Serve as the primary information security advisor and advocate for policies and controls.
- Create, manage, and allocate budgets, and conduct contract negotiations.
- Provide technical expertise and support to IT management and staff in risk assessments and the implementation of appropriate information security policies, procedures and products.
- Managed client delivery teams providing HIPAA, PCI-DSS, assessments & incident response and provide technical expertise and support to clients engagements and the implementation of appropriate information security procedures and products.
- Lead and deliver security engagements focused on risk and security operations & organizational impact and compliance requirements.
- Managed billable resources delivering strategic vendor sourcing, regulatory compliance programs and security technology integration.
- Advised client’s executives on risk and security best practices that would meet business and compliance goals and regulatory requirements.
Confidential, Mountain View, CA
Senior Manager, Global Risk and Compliance
- Served as a program manager for a $ 40 million information security project in Dubai. Re-designing the current information security methodologies, policies and infrastructure of a leading UAE telecommunication company.
- Advise clients as ombudsman for risk management and compliance gaps with enterprise-wide information systems security policy, practices, and related strategies.
- Assist organizations as an expert advisor to executives in the development, implementation, and maintenance of information security infrastructures and controls.
Confidential, St. Petersburg, FL
Manager, Global Information Security Program
- Lead the design, implementation and development of information security governance policies, strategies, and compliance procedures. Periodic self-inspections to detect information security policies gaps, as well as the dissemination of Information Security Policies and best practices across all businesses.
- Complete and respond to Internal and external audits of local, regional and global security standards, procedures and deployments to ensure that global security standards are followed.
- Analyze and present key compliance metrics and perform continuous monitoring of Information Security programs to ensure compliance with objectives, policies and procedures;
- Manage a staff of security professionals across 3 continents (Americas, Europe and Asia)
- Lead and managed the global intrusion monitoring program, false/positive risk mitigation, rule sets and filtering controls and strategy designs effectively minimizing intrusion and vulnerabilities to the global Franklin Templeton infrastructure.
Confidential, Islandia , NY
Director, Worldwide Information Security Services
- Managed Identity management and security-focused products and service teams, working with sales team’s initiatives, pre-sales client proposals, RFP responses, engagement delivery and product architecture design and analysis.
- Participates in engagement leadership management and provided guidance and mentoring to staff.
- Effectively managed and built relationships with client’s key executives.
- In-sourced and lectured CISSP training and certification process in house in order to broaden CA’s consultant industry knowledge, improve credibility base in eyes of customers and to provide incentive to retain the most senior consultants which led to recognition as top consulting employer of CISSPs while saving over $400K in outside consulting and training costs annually.
- Developed new line of business for delivery of security assessments resulting in five standards-based offering for security capability evaluations in light of regulatory requirement and sale of 31 packages, valued at over $6M in service revenue and $13M in add-on product revenue during the six months following the program introduction.
Confidential , Dallas, TX
Senior Manager, Enterprise Risk Services
- Nominated Information Security Practice Leader for the Enterprise Risk Services practice in The Southwest Cluster.
- Key Participant in the IMAP identity management solution design offered by Confidential to fortune 1000, 500 and 100 clients.
- Developed and managed clients’ relationships, information security deliverables and solutions within the information security practice to global enterprise clients such as Fleming, ExxonMobil, Blue Cross Blue Shield and TXU. These solutions encompass items throughout the security realm - from HIPAA security assessments and architecture design to security regulations compliance, e-commerce security controls, privacy compliance, penetration testing and PKI Design and Implementation.
- Created and supervised the implementation of Information Security practice policies, methodologies and knowledge base management tools to improve process within the client’s enterprise environments.
- Lead and coordinated security engagements and project management while managing staff.
Confidential , New York , NY
Network Security Manager
- Implemented enterprise secured network systems including perimeter and internal network solutions, access lists, traffic logging and monitoring and security auditing.
- Developed and implemented network security policies, documentations and information security awareness programs.
- Managing of Network operation center and security audit controls implementations.
- Liaise with corporate management on purchasing, budget and roll outs of information security tools and products.