SUMMARY:

• Accomplished IT Security and Compliance professional with 12+ years’ experience leading enterprise and global - level program initiatives.
• Lead concurrent project teams through all phases of critical IT Security and Compliance projects to ensure issues and risks are mitigated throughout the project life cycle.
• Provide hands-on leadership to ensure the security, compliance and integrity of data, data systems, and data networks across the enterprise computer environment.
• Design and implement disaster recovery processes, business continuity procedures in the event of a disruption, both minor and catastrophic.
• Collaborate s with regulatory compliance officers to ensure organizational compliance with State, Federal, and Local regulations. Conduct audit reviews, create and revise departmental procedures, ensure effective training and providing information to team members.

AREA OF KNOWLEDGE:

• Cloud Governance
• Audit Review and Coach
• Vulnerability management
• Vendor Management
• Antivirus/McAfee
• Regulatory/Compliance
• Mobile/AirWatch/ForeScout
• DMZ (demilitarized zone)
• Developed policy and procedure
• Tipping Point/Riverbed-Appliance
• Sources Fire/FW Logger/Load balance
• FireEye/Encryption/Palo Alto Networks
• Secure Tracker/Policy & Procedures
• Data Leakage Prevention/IDS/IPS
• Database Monitoring/Imperva/ Guardium
• Symmetric/Asymmetric Encryption
• Developed policy and procedures
• Project Management Methodology
• Data Analysis, Reports & KPIs
• Software Development Life Cycle
• ISO 27001/PCI/SOX/Safe Harbor/PII/HIPAA
• Access Control/Prevent/ Detect /Correct
• DLP Email Prevent/Symantec DLP
• JIRA/Daptive/HP PPM/RFI/ROI/Clarity
• Assessments / R emediation Plan
• Identity and User Management Process
• Cisco Prime/Cisco D evices

PROFESSIONAL EXPERIENCE:

Confidential, GLENDALE, CALIFORNIA

Cloud Governance Compliance Auditor/Coach/Project Manager (Consultant)

Responsibilities:

• Member of Cloud Audit Team resulting in successful audit by parent company auditors.
• Performed PCI, PIA and Cloud Compliance audit review and completed GAP Remediation Review for all solutions.
• Worked closely with internal stakeholders, customers, vendors and team members to address risk issues.
• Facilitated User Management and Password Recertification for Cloud solutions.
• Reviewed Cloud Security Alliance Questionnaire for assigned solutions.
• GAP Remediation Review for all solutions and registering with ISMS for risk treatment action.
• Developed and maintained security, compliance and privacy documentation.
• Developed policies, procedures, and activities to support cloud security, compliance and privacy.
• Partnered with Legal and Security departments to review Contracts, SLA Review, Exit Procedures, Privacy Impact Assessment documents, Cloud Security Alliance (CSA) Questionnaire, PEN Test, SSL Test Results, user name & password.
• Led development of vulnerability and threat management processes to safeguard the entire range of Nestlé’s cloud information assets

Confidential, Culver CITY, CALIFORNIA

Senior IT Security Project Manager

Responsibilities:

• Assisted with risk assessment activities, including analyzing the results of audits to produce recommendations of acceptable risk and risk mitigation strategies.
• Managed various IT Security and Compliance projects (team of 8 Globally) to establish and obtain acceptable security and compliance operational measures and practices as well as improving and managing IT Security Operations.
• Worked with Confidential and Compliance Team to implement a system of internal controls, compliance policies/procedures and compliance reporting/monitoring tools.
• Managed Network Restoration and Disaster Recovery projects, creating well-defined action plans with weekly project status reporting to leadership (Global Project)
• Led team to resolve critical global compliance issues, worked closely with IT executives in EMEA, minimized risks and saved the organization from receiving fines.
• Played a senior compliance role in various security project initiatives, prevention solutions, and addressing security threats, risks, and attacks in response to the major data breach of November, 2014.
• Used JIRA and SCRUM boards to track completion of deliverables and provided Project Plans to executives.

Confidential, GLENDALE, CALIFORNIA

Senior IT Security Project Manager

Responsibilities:

• Provided project management support to ensure software development projects were coordinated and met all internal processes and practices.
• Built credibility and established rapport for Global Compliance department and maintained communication with multiple levels of internal and external stakeholders.
• Led, coached, and mentored IT personnel in a compliance-focused technical team environment.
• Held daily deployment stand-up meetings with project team to ensure all roadblocks and challenges were avoided or quickly remedied and set back on track.
• Tasks assigned by using JIRA and having daily 15-minute project briefings (Agile Methodology).
• Worked closely with vendors, InteliSecure, Symantec, Accuvant and Imperva to deploy projects.
• Completed the Symantec, Scanning Project using DLP and scanned 120TB of data with remediation plan.

Confidential, Las Vegas, NEVEDA

Information Technology Project Manager

Responsibilities:

• Critical role in securing the network infrastructure after the corporate-wide Cyber Security breach on February 10, 2014.
• Managed Global Compliance and Audit requirement projects (Singapore, Macau) relating to privacy Laws and access controls. Oversaw all social media audits, users and credentials.
• Project Management for Project Documents, Business Case, PPM, CER (Project Financials), ROI, Raid Log, Change Request, Project Plan, Project Charter, WBS (Work Breakdown Structure), Timeline, Technical Requirements, and continued communication with stakeholders, project Sponsor and Executives.
• Partnered with Regulatory Compliance Officer in review of policies, procedures and practices to ensure compliance with State, Federal and Internal regulations.
• Collaborated on a weekly basis with Corporate Compliance, Internal Audit Executives and General Counsel on conducting audits and evaluating current processes and procedures.
• Worked closely with Nevada Gaming Control Board on IT initiatives for final approval prior to deployment.
• Managed the technical implementation of Global, SCORM-compliant online/Ecommerce /compliance training across the Confidential enterprise for use by over 20,000+ team members.
• Collaborated with other Information Security and Information Technology staff to develop remediation plans addressing identified vulnerabilities.
• Perform security assessment, reviews, testing, etc. including evaluating, selecting, deploying and managing network and infrastructure security tools used to perform source code security analyses to identify vulnerabilities and attack vectors in web applications.

Confidential, CALIFORNIA

Vice President Information Technology

Responsibilities:

• Oversaw Compliance and Audit department, managed Confidential, PII and PCI requirements.
• Provided a full suite of PCI Compliance Security consulting and remediation solutions to conform to and maintain PCI DSS compliance.
• Created, defined and initiated IT projects; assigned project managers to manage budget, schedule, and performance of component projects, while managing the ultimate success and acceptance of the programs.
• Maintained continuous improvement and aligned program scopes with strategic business objectives.
• Recommended successful modifications to programs which enhanced effectiveness and made a positive impact on business results.

Confidential, VAN NUYS, CALIFORNIA

Project Manager/IT Director

Responsibilities:

• Responsible for all IT applications including supply chain, inventory, warehouse management and infrastructure, including servers (HP3000, Windows, UNIX) and Data Center.
• Worked with project sponsors, training, EDI translation, Trading Partner administration, software QA methods and testing.
• Oversaw the PCI compliance processes/projects that were rolled out by the IT team.
• Deployed a Business Continuity /Disaster Recovery program for 2 Mainframe Servers and 20 Windows Servers on time and within budget while leveraging an out-of-state data center.

Confidential, PASADENA, CALIFORNIA

Project Manager

Responsibilities:

• Led the development and institutionalization of precise project management process disciplines and continuous process improvement proactive thinking and action on existing processes.
• Managed a team of 32 technology professionals to complete an upgrade of the AIX Operating System on 6 servers while ensuring appropriate disaster recovery plans were in place after the upgrade by utilizing an out-of-state data center.
• Oversaw the migration of over one million clients to the newly upgraded AIX servers in accordance with PCI and PII compliance requirements.
• Managed a team of 8 technology professionals for a PC refresh initiative that included hardware/software changes for 600 employees.
• Led Web servers migration and DR planning with 300+ servers to new data center (Dallas)

Confidential, GLENDALE, CALIFORNIA

Director of Information Technology Infrastructure

Responsibilities:

• Reported directly to Confidential and managed a team of 138 people including application development, maintenance and infrastructure support for a healthcare software development company.
• Managed Confidential, providing Business Process Assessment, Requirements Gathering, Gap Analysis, Implementations and Testing.
• Successfully completed a two million-dollar client migration with a team of four professionals on schedule and within budget with zero defects reported.