SUMMARY:

To find a challenging and dynamic opportunity that will allow me to utilize my diversified Technical depth and experience. I am seeking a Sr Project Manager or Program Manager Position with my experience and ability to understand the Business, Functional, Technical and Security considerations for delivering Global Enterprise Projects.

TECHNICAL SKILLS:

Compliance expertise: Corporate and regulatory requirements (PHI, PCI, ITIL, COBIT, ISO, NIST, OCTAVE, SOX, HIPAA, HITrust, HITech, PCI). Encryptions, PKI Authentication (RBAC). Reported on compliance to C level audience based on SIM / SEM discovery. Built and delivered Slide decks, Excel pivot tables and Access databases representing status, compliance, exceptions and health.

Hardware/ software expertise: Risc, Intel platforms, Hardware: such as Confidential, Nokia, Dell, HP, Compaq, Inflow, Cisco, Nortel, Splat, F5, Imprivata, Imperva, Inflowblox

OS Expertise: Windows NT 4.x / 2k / 2k3, 2008 Adv Srvr Pro, Micrsoft TMG, XP / Vista, XP, Vista and Windows 7, Solaris 6 - 10, HPUX 10x - 11i, Redhat 6-10, Mandrake, Suse, SAN, NAS, Confidential AIX 4x - 52-L, VMWare ESXi v5x, Luna, Rackspace and Dell Cloud services

Firewall expertise: Sidewinder 6 / 7, Bluecoat, Cisco Pix, Cisco ASA, Netscreen (NSM), Checkpoint (2000, NG and Provider1)

Web Expertise: IIS6 / 7, WebSphere, Websense, Imprivata Open SSO, CA (Etrust, Siteminder and Identity Minder), Oracle IdM (Access Management, Waveset, Confidential Tivoli ITM, Powerbroker, Sudo, Netskope

Vulnerability Assessment / Pentest expertise: Mcafee IPS, Foundstone, Qualys, Rapid7, NMAP, Nessus, Qradar, Imperva, Wireshark, Solarwinds, AWstats, Smarts, Wily, Optier, Opsware, Athene, Confidential (Critical System Protection) Tripwire, Netcool, Loglogic, SumoLogic, Smarts and Splunk, RSA Archer 4x - eRisk Manager, nCircle, Cisco IPS / IDS, Venafi, Ncircle, Netsparker, Burp Pro

Software Expertise: Microsoft Outlook, Visio, Project, Windchill, Access, Word, Powerpoint and Excel (200x), SharePoint, PKI, IIS, Apache Tomcat, WebSphere

EXPERIENCE:

Confidential

PM / SR Security Analyst

Responsibilities:

• Analyzed and create and review Business Requirements for Netskope cloud applications, built and implemented into existing cloud infrastructure.
• Analyze and create Technical and Security Requirements and Functional Requirements and created upgrade remediation solutions for sensitive prioritized corporate assets.
• Forensic Audit remediation plans for targeted infrastructure based on Internal controls, PII, PCI, HIPAA and SOX Internal Security controls and compliances.
• Forensic Researched Office / 365 Application DLP / ERM / ECM audit risk to corporate servers, applications, application owners databases (Oracle, SQL, MySQL, Sybase, DB2, Informix and MS Access) and migrated targeted servers holding sensitive data.
• Analyzed and create and review Business Requirements for Netskope cloud applications, built and implemented into existing cloud infrastructure.
• Analyze and create Technical and Security Requirements and Functional Requirements and created upgrade remediation solutions for sensitive prioritized corporate assets.
• Discover, analyze and review SIM / SELM tools (Netcool, Loglogic, SumoLogic, Smarts, and Tripwire, RSA Archer / Netwitness).
• Established links between events and incidents.
• Audit Client Security Information management using (Qualys, Rapid7, and Qradar).
• Pre - audit remediation plans for targeted infrastructure based on Internal controls, PCI, HIPAA and SOX Internal Security controls and compliances auditing risk to corporate servers, applications and migrate targeted servers holding sensitive data.
• Review and or created Security Disaster Recovery / Incident response best practices plans based on NIST 800-53 (Rev 4) guidelines. Participated in incident response events, determine RCA and suggested improvements to network and security design.

Confidential

PM - Sr Systems Security Systems Analyst / PM

Responsibilities:

• Established and built documentation, operational delivery, Business Continuity / Disaster Recover, Incident management for State Street Bank
• Reviewed and recommended improvements for Security firewall policy management (Checkpoint, Cisco, Netscreen) for State Street Bank
• Performed assessments for Security Information management (router, switches, load balancers, etc… updates, Rapid7, Qualys, Imperva, Languard), State Street Bank
• Built SIM / SEM Security Event management (firewall, router, etc… Policy updates, Loglogic, Nagios, Splunk) for State Street Bank
• Matured Security Disaster Recovery / Incident response processes / procedures for State Street Bank

Confidential

PM / Sr Systems Security Analyst

Responsibilities:

• Multiple million dollar projects, 10 - 25 resources and project timelines and reporting
• Research business, technical, functional security risks based on HIPAA, HITRUST, SOX and PCI, network and Identification segregation and security.
• Created, reviewed and analyzed change request for networks and firewalls aligned with project deliverables.
• Participated in Change Incident and escalations when needed.
• Security Disaster Recovery / Incident response best practices. Participated in incident response events using (Loglogic, Splunk and SumoLogic) determine RCA and suggested improvements to network and security design.
• Created Project plans (Scrum, agile) designed to meet project objectives based on budget and deliverables.
• Performed VLANing network segmentation objectives focusing on budget deliverables and Security.
• Performed Pen tests and VA Assessments using Qualys, Rapid7 and Nessus. I built gap and risk remediation against SOX, PCI, HIPPA and NIST 800-53 (Rev 4) / Octave guidelines. I analyzed and performed network route updates to support firewall changes for enterprise application changes and incident response.
• Analyzed, standardized and improved Datacenter Server provision using VMWare ESXi. Researched and developed VMWare and Cloud Proof of Concept for desktop optimization for (Windows XP to Windows7).
• Analyze impact request for firewall changes (Juniper SSG, ASG’s, Checkpoint NG, Pix and IPS technologies). Directed firewall changes based on business needs and security risks.
• Security Information management, (DLP-Vontu, Confidential, McAfee ePolicy Orchestrator (ePO)).

Confidential

PM / Sr Systems Security Analyst

Responsibilities:

• Analyze impact request for firewall changes (Juniper ASG’s, Checkpoint NG and Pix). Implement firewall change based on business needs and security risks.
• Created, reviewed Business Requirements, Technical Requirements and Functional Requirements.
• Created Project subk plans (scrum, agile and jad) designed to meet project objectives based on budget and deliverables.
• Created, reviewed and analyzed change request for networks and firewalls aligned with project deliverables.
• Submitted change request to CCB and ensured successful implementations.
• Participated in Change Incident escalations when needed.
• Security Disaster Recovery / Incident response best practices. Participated in incident response events using (Smarts, Loglogic and Splunk) determine RCA and suggested improvements to network and security design.
• Security Incident Management. Participated in incident response events, determine RCA and suggested improvements to network and security design.
• Information Rights Management (SAN, NAS, DR and BR).
• Design / built Confidential based on Corporate Segregation of duties. Design / build IdM solutions based on Core AD authentication mechanisms.
• VA / Pen Testing and Remediation.
• Perform PCI Compliancy assessment / SOX tests (using Confidential Tivoli discoveries along with Qradar and Rapid7 to evaluate and remediate risk., measure and improve all around security controls based on Octave, ISO and OCTAVE / NIST 800-53 (Rev 4) / 27 practices / principles.

Confidential

Sr Systems Analyst

Responsibilities:

• Firewalls, proxies, routers and switch configuration management. Confidential DETAILS.
• Security Incident Management, Confidential DETAILS.
• Information Rights Management, Confidential DETAILS.
• Messaging services (Exchange 200x) Confidential DETAILS.
• IT Security Consulting (vulnerability and penetration assessments), Confidential DETAILS.
• Project Management / SDLC - Application Integration Architecture Confidential DETAILS.

Confidential

PM / Sr Systems Security Analyst

Responsibilities:

• 3 Subprojects, with 2 resources and project timelines and reporting
• Research business, technical, functional security risks based on SOX and PCI, network and Identification segregation and security based on SDLC -NIST 800-53 Application Integration Architecture.
• Analyzed, designed and implemented an ITIL like Structure of: Security.
• Subk technology projects for datacenter migrations, vulnerability and application risk management.
• Created, review and analyzed change request for networks and firewalls.
• Submitted change request to CCB and ensured successful implementations.
• Participated in Change Incident escalations when needed.
• Security Incident Management. Participated in incident response events, determine RCA and suggested improvements to network and security design.
• Information Rights Management, Analyzed, designed, test AD forests based on RBAC, PKI, CA infrastructure.
• Role Based Access Controls / Segregation of duties. Evaluated network designs of AD, authentication schemes and recommended redesigns based on Security compliances.
• I worked across the enterprise to communicate project objectives, documented and detailed all project dependencies and system requirements for ITIL change controls and support purposes including CCB review and acceptance, etc.
• Data Rights Management. Analyzed Visio’s, SOW and vendor contract to determine SLA / OLA and metrics.
• Data Loss prevention. Investigates Vendor SLA / OLA to suggest Mcafee, Confidential - DLP providers based on Project business and technical objectives.
• SDLC - Application Integration Architecture. Worked closely with SDLC project to ensure SLA / OLA’s.
• Compliance PM for (SOX, PCI, HIPAA and FISMA). Reporting on VA status and SAN / ISO compliances based business and project objectives.
• VA / Pen Testing and Remediation.
• Perform PCI Compliancy assessment / SOX tests (using Confidential Tivoli discoveries along with Qradar and Rapid7 to evaluate and remediate risk., measure and improve all around security controls based on Octave, ISO and NIST 800-53 (Rev 4) / 27 practices / principles).

Confidential

PM / Senior Systems Security Analyst

Responsibilities:

• Perform a full enterprise / datacenter asset and vulnerability discovery; then classify systems and critical resources based on lines of business, technical functional application requirements and data segmentation based on PCI ( Confidential and SOD / IdM).
• Completely replacement of all LAN and datacenter network infrastructure with an enterprise class routing and switch infrastructure. Segment JD Edwards, SAP, PCI, SOX, COBIT, ITIL, HIPAA and other sensitive systems. Analyzed business and technical needs based on lines of business, technical functional application requirements and data segmentation based on PCI ( Confidential and SOD / IdM).
• Based on lines of businesses and asset / data demographics; redesign VLAN to segment PCI and HIPAA data from general access using based 802.1x requirements and Octave practices / principles.
• Analyzed, designed and implemented an ITIL like Structure of: Security.
• Subk technology projects for datacenter migrations, vulnerability and application risk management.
• Firewall evaluation / re-design, LAN and Wan re-design based on quarantine, guest and vendor demographics, and VLAN redesign based 802.1x requirements.
• Identity and document data flows sensitive zones, replication paths and backup access / strategies.
• Redesign wireless access to support quarantine and guest and vendor WLAN access based 802.1x requirements.
• Defined and assessed and recommended ITIL change controls to support data segmentation based on SANs, ISO, VLANs and firewall changes.
• Build Project WBS and negotiate project finances. Negotiate vendor sows to create and ensure product / technology support. Develop training and expertise in assigned new services and licensing security components within Compassion (Juniper IC4000, Netscreen FW, Checkpoint NG and Pix, Juniper IPS, Confidential ISS, RSA Authentication / token and WXC accelerators, Qradar).
• Perform PCI Compliancy assessment / SOX tests, analyze, measure and improve all around security controls based on Octave, NIST 800-27 practices / principles.
• Create and implement an Identity and Access Management enterprise application strategy to support enterprise and datacenter data segmentation and roles based access based on NIST 800-30 principles.
• Created and implement and Overall Security Governance program to enterprise and datacenter data segmentation based on NIST 800-53 (Rev 4) and CoBIT practices / principles.
• I worked across the enterprise to communicate project objectives and documented and detailed all project dependencies and system requirements for ITIL change controls and support purposes.

Confidential

Sr Systems Security Analyst

Responsibilities:

• Subk, build MS Project WBS and negotiate project finances (SAP / ERP Systems - subsystems). Negotiate vendor sows to create and ensure product / technology support.
• Work with enterprise applications and datacenter network call center security groups to engineer and optimize Verizon’s customer service solutions consisting of 3rd party security product offerings such as:
• Cisco (Security Manager, Firewall, Intrusion Detection & Protection).
• Netscreen (Security Manager, Firewall, Intrusion Detection).
• Nokia (IPSO / Checkpoint NG), Sidewinder (Enterprise Manager, Firewall).
• Websense (URL Filtering), Qualys & Trendmicro (Anti-Virus Management System), Message Labs (Secure Managed e-Mail).
• I assisted in firewall Re-designs, WAN redesigns to support Verizon’s security solutions to support these technologies.
• I defined and assessed enterprise Security Operation Center and Network Operation Center ITIL COBIT, CMMI change controls detailing project dependencies and system requirements using Octave practices / principles.
• I used PCI / SOX and HIPAA Compliances, Qualys and Configuresoft ECM scanning tools to baseline, test, analyze, measure and improve all around security controls based on Octave, NIST 800-27 practices / principles.
• I implemented and overall security governance improvement to the enterprise and datacenter based on NIST 800-53 (Rev 4) and Cobit practices / principles.
• I document and detailed all project dependencies and system requirements for enterprise and datacenter ITIL change controls and support purposes.
• I worked across the enterprise to communicate project objectives and documented and detailed all project dependencies and system requirements for ITIL change controls and support purposes.