Information Security Officer Resume
5.00/5 (Submit Your Rating)
NA
SUMMARY:
- Senior IT Professional with proven track record in IT leadership, Service Delivery and Security governance.
- Certified ITIL V3 Expert and CISSP and PMP trained with strong focus in continual service improvement (CSI) and improving security posture.
- Successfully transitioned tkMNA IT security governance from shared services by auditing key people, processes and remediate current state and existing security controls.
- Collaborated with cross functional team to develop EOL remediation plan for 100+ windows 2003 servers across tkMNA to drive compliance with tkMNA Germany.
- Planned, designed and led tkMNA hardening pilot patching initiative for all workstations, 450+ Windows and Citrix 6.5 environment and release a 2018 monthly rolling plan.
- Implemented 20+ IAC global InfoSec controls from compliance focused to promoting awareness and change.
- Implemented change control globally within IAC Tech. group; Emergency changes decreased from 23% to 11%
- Planned, managed and executed 25+ successive monthly system hardening projects at IAC with100% coverage and 96% efficiency.
- Expanded enterprise applications support services from 4 to 70+ and reduced IT service delivery costs by 12% YOY by implementing ITIL service operations guidelines.
- Collaborated with cross functional business units, vendors and increased high availability of critical applications from 99.830 to 99.991 by service reviews, RCA, run books & IRPs.
- Implemented business process alignment by partnering with Service Desk, NOC, Prod Support, QA & Engineering and built ITIL support capability roadmaps.
- Drove communication and managed relationship with CTO/CIO, PMO, Change Control Board.
- Managed IT budget of $1.7 million for application delivery and service improvement programs.
TECHNICAL SKILLS
- Sound understanding of IT platforms, applications, network, security and related technology.
- Sophos End Point AV, Websense proxy solutions, DLP, Symantec Phishing Readiness, SAINT, Nessus Vulnerability Management, SIEM/SOC Log analysis, CERT Management.
- MS Exchange mail servers, Office 365, Windows IIS & Apache Tomcat web servers.
- WAN, SAN, NAS, Windows, Unix, Linux OS along with UNIX, Power Shell Scripting.
- Enterprise Active Directory / LDAP, TCP/IP, SMTP Authentication, Cisco Firewalls, Routers and Switches in a datacenter environment; Oracle / MS SQL RDBMS, HTML, CSS.
- ITIL, ISO 27002, NIST SP 800 Security Controls, PCI, HIPAA, ITAR, EAR compliance. Strong familiarity to European data privacy laws.
PROFESSIONAL EXPERIENCE:
Confidential, NA
Information Security Officer
Responsibilities:
- Successfully transitioned tkMNA IT security governance from shared services by auditing key people, processes and remediate current state and existing security controls.
- Planned, designed and led tkMNA hardening pilot patching initiative for all workstations, 450+ Windows and Citrix 6.5 environment and release a 2018 monthly rolling plan.
- Established tkMNA CAB security control for infrastructure changes in the role of change manager.
- Collaborated with cross functional team to develop EOL remediation plan for 100+ windows 2003 servers across tkMNA.
- Designed HLD and LLD security plan for QTS Suwanee Hybrid cloud data center migration.
- Collaborated with counterparts in Germany to remediate key vulnerabilities by standing - up tkMNA Nessus vulnerability management system.
Confidential
Project Manager
Responsibilities:
- Developed global policy roadmap based on gap analysis with ISO 27002, HIPAA and performed numerous documentation deliverables to assist Chief Information Security Officer(CISO)
- IAC InfoSec policy, Data classification, Info security handbook, Remote vendor management
- AD network account disablement, Email account de-provisioning, Encryption and key management, Information lifecycle, Software development and Mobile device security policy
- Implemented information security controls to address ransomware and phishing.
- Phishing security plan; Phishing assessment.
- Global file server backup policy, Global application server backup policy.
- Established core steering committee for policy review, oversight and governance reducing policy go-live time from 44 to 18 days.
- Decreased end user phishing rate by 17% through a well-designed awareness campaign.
- Planned, executed phishing readiness security assessments to baseline exposure to phishing
- Follow-up remediation training to end users and re-follow up testing to measure exposure.
- Translated phishing posters and InfoSec handbook to 14 different languages.
- Collaborated with HR and IT managers to implement Info. Security handbook for onboarding.
Corporate IT Manager
Responsibilities:
- Established several global IT policies in collaboration with business, IT and regional managers
- Data center escalation, Hardware weekend procedure, Operating system patch management
- Problem management, Email encryption policy, Monthly reboot procedure
- Planned, managed and executed 25+ successive monthly system hardening projects with100% coverage and 96% efficiency.
- Implemented change control globally within IAC Tech. group; Emergency changes decreased from 23% to 11%
- Tracked several key security and IT metrics and collaborated with regional managers for remediation
- End of life windows 2000, 2003 servers and XP clients
- Systems with QuickTime Installations and no antivirus
- Audited and served as a SPoC for the weekly SUDO log reviews to review privileged accounts.
Confidential
IT Consultant
Responsibilities:
- Documented deliverables such as RACI charts, roles & responsibilities and accountabilities.
- Defined policies and procedures for IT security, SSL based website encryption and CERT.
- Actively led and participated in organization planning, leadership and governance to meet business objectives.
Confidential
Senior Manager
Responsibilities:
- Accountable for driving cross team collaboration with SD, PS, Dev, QA to improve MTTR, MTBF
- Collaborated with cross functional business units, vendors and increased high availability of critical applications from 99.830 to 99.991 by service reviews, RCA, run books & IRPs.
- Performed numerous documentation deliverables including, but not limited to the following:
- IT policy and procedure for major incident management, escalation, remediation
- IT change management policy in collaboration with change process owner & PMO.
- Vendor IT governance policy in partnership with IT operations and vendor leadership team.
- Led & coached a team of 20+ team with focus on employee development & performance management
Confidential
Manager
Responsibilities:
- Implemented ITIL incident, problem, change management - cost per incident reduced from $37 to $11.
- Accountable for transitioning shadow IT services and documenting the policy and procedures
- Responsible for defining process for creation, review, approval of IT knowledge base.
- Documented several key IT policies - LDAP/AD administration, Windows/Citrix remote assistance, triage & escalation, server administration, application controls, network security and platinum user policy.
Confidential
Project Manager
Responsibilities:
- Documented business requirements through workshops in 6 countries.
- Collaborated with IT architecture team for gap analysis and documented high level design.
- Documented the UAT plan, test cases and engaged key IT stakeholders for ‘buy-in’.
- Chosen for PARTNER award for functional delivery and project documentation excellence.
Confidential
Lead Business Analyst
Responsibilities:
- Global Roll Out for Confidential, London
- Documented business requirements document for fuels order management business process.
- Converted business requirements and documented IT functional specifications for gap analysis
- CUSTOMER award for managing stakeholder expectations during requirements gathering
Confidential, Chicago
Business Analyst
Responsibilities:
- Documented business requirements; performed gap analysis & high-level design for Siebel sales.
- Documented IT procedure for access management, application admin., end user training manual.
- Set-up and led onsite application support team resulting in improved IT service quality.