SUMMARY:

• Senior IT Professional with proven track record in IT leadership, Service Delivery and Security governance.
• Certified ITIL V3 Expert and CISSP and PMP trained with strong focus in continual service improvement (CSI) and improving security posture.
• Successfully transitioned tkMNA IT security governance from shared services by auditing key people, processes and remediate current state and existing security controls.
• Collaborated with cross functional team to develop EOL remediation plan for 100+ windows 2003 servers across tkMNA to drive compliance with tkMNA Germany.
• Planned, designed and led tkMNA hardening pilot patching initiative for all workstations, 450+ Windows and Citrix 6.5 environment and release a 2018 monthly rolling plan.
• Implemented 20+ IAC global InfoSec controls from compliance focused to promoting awareness and change.
• Implemented change control globally within IAC Tech. group; Emergency changes decreased from 23% to 11%
• Planned, managed and executed 25+ successive monthly system hardening projects at IAC with100% coverage and 96% efficiency.
• Expanded enterprise applications support services from 4 to 70+ and reduced IT service delivery costs by 12% YOY by implementing ITIL service operations guidelines.
• Collaborated with cross functional business units, vendors and increased high availability of critical applications from 99.830 to 99.991 by service reviews, RCA, run books & IRPs.
• Implemented business process alignment by partnering with Service Desk, NOC, Prod Support, QA & Engineering and built ITIL support capability roadmaps.
• Drove communication and managed relationship with CTO/CIO, PMO, Change Control Board.
• Managed IT budget of $1.7 million for application delivery and service improvement programs.

TECHNICAL SKILLS

• Sound understanding of IT platforms, applications, network, security and related technology.
• Sophos End Point AV, Websense proxy solutions, DLP, Symantec Phishing Readiness, SAINT, Nessus Vulnerability Management, SIEM/SOC Log analysis, CERT Management.
• MS Exchange mail servers, Office 365, Windows IIS & Apache Tomcat web servers.
• WAN, SAN, NAS, Windows, Unix, Linux OS along with UNIX, Power Shell Scripting.
• Enterprise Active Directory / LDAP, TCP/IP, SMTP Authentication, Cisco Firewalls, Routers and Switches in a datacenter environment; Oracle / MS SQL RDBMS, HTML, CSS.
• ITIL, ISO 27002, NIST SP 800 Security Controls, PCI, HIPAA, ITAR, EAR compliance. Strong familiarity to European data privacy laws.

PROFESSIONAL EXPERIENCE:

Confidential, NA

Information Security Officer

Responsibilities:

• Successfully transitioned tkMNA IT security governance from shared services by auditing key people, processes and remediate current state and existing security controls.
• Planned, designed and led tkMNA hardening pilot patching initiative for all workstations, 450+ Windows and Citrix 6.5 environment and release a 2018 monthly rolling plan.
• Established tkMNA CAB security control for infrastructure changes in the role of change manager.
• Collaborated with cross functional team to develop EOL remediation plan for 100+ windows 2003 servers across tkMNA.
• Designed HLD and LLD security plan for QTS Suwanee Hybrid cloud data center migration.
• Collaborated with counterparts in Germany to remediate key vulnerabilities by standing - up tkMNA Nessus vulnerability management system.

Confidential

Project Manager

Responsibilities:

• Developed global policy roadmap based on gap analysis with ISO 27002, HIPAA and performed numerous documentation deliverables to assist Chief Information Security Officer(CISO)
• IAC InfoSec policy, Data classification, Info security handbook, Remote vendor management
• AD network account disablement, Email account de-provisioning, Encryption and key management, Information lifecycle, Software development and Mobile device security policy
• Implemented information security controls to address ransomware and phishing.
• Phishing security plan; Phishing assessment.
• Global file server backup policy, Global application server backup policy.
• Established core steering committee for policy review, oversight and governance reducing policy go-live time from 44 to 18 days.
• Decreased end user phishing rate by 17% through a well-designed awareness campaign.
• Planned, executed phishing readiness security assessments to baseline exposure to phishing
• Follow-up remediation training to end users and re-follow up testing to measure exposure.
• Translated phishing posters and InfoSec handbook to 14 different languages.
• Collaborated with HR and IT managers to implement Info. Security handbook for onboarding.

Corporate IT Manager

Responsibilities:

• Established several global IT policies in collaboration with business, IT and regional managers
• Data center escalation, Hardware weekend procedure, Operating system patch management
• Problem management, Email encryption policy, Monthly reboot procedure
• Planned, managed and executed 25+ successive monthly system hardening projects with100% coverage and 96% efficiency.
• Implemented change control globally within IAC Tech. group; Emergency changes decreased from 23% to 11%
• Tracked several key security and IT metrics and collaborated with regional managers for remediation
• End of life windows 2000, 2003 servers and XP clients
• Systems with QuickTime Installations and no antivirus
• Audited and served as a SPoC for the weekly SUDO log reviews to review privileged accounts.

Confidential

IT Consultant

Responsibilities:

• Documented deliverables such as RACI charts, roles & responsibilities and accountabilities.
• Defined policies and procedures for IT security, SSL based website encryption and CERT.
• Actively led and participated in organization planning, leadership and governance to meet business objectives.

Confidential

Senior Manager

Responsibilities:

• Accountable for driving cross team collaboration with SD, PS, Dev, QA to improve MTTR, MTBF
• Collaborated with cross functional business units, vendors and increased high availability of critical applications from 99.830 to 99.991 by service reviews, RCA, run books & IRPs.
• Performed numerous documentation deliverables including, but not limited to the following:
• IT policy and procedure for major incident management, escalation, remediation
• IT change management policy in collaboration with change process owner & PMO.
• Vendor IT governance policy in partnership with IT operations and vendor leadership team.
• Led & coached a team of 20+ team with focus on employee development & performance management

Confidential

Manager

Responsibilities:

• Implemented ITIL incident, problem, change management - cost per incident reduced from $37 to $11.
• Accountable for transitioning shadow IT services and documenting the policy and procedures
• Responsible for defining process for creation, review, approval of IT knowledge base.
• Documented several key IT policies - LDAP/AD administration, Windows/Citrix remote assistance, triage & escalation, server administration, application controls, network security and platinum user policy.

Confidential

Project Manager

Responsibilities:

• Documented business requirements through workshops in 6 countries.
• Collaborated with IT architecture team for gap analysis and documented high level design.
• Documented the UAT plan, test cases and engaged key IT stakeholders for ‘buy-in’.
• Chosen for PARTNER award for functional delivery and project documentation excellence.

Confidential

Lead Business Analyst

Responsibilities:

• Global Roll Out for Confidential, London
• Documented business requirements document for fuels order management business process.
• Converted business requirements and documented IT functional specifications for gap analysis
• CUSTOMER award for managing stakeholder expectations during requirements gathering

Confidential, Chicago

Business Analyst

Responsibilities:

• Documented business requirements; performed gap analysis & high-level design for Siebel sales.
• Documented IT procedure for access management, application admin., end user training manual.
• Set-up and led onsite application support team resulting in improved IT service quality.