SUMMARY:

Dynamic IT security professional with more than 15 years experience building industry leading security and privacy risk management and various compliance programs. Internationally recognized pioneer, visionary and thought - leader in the security risk and compliance arena. Skilled communicator with a talent for translating complex concepts and strategies into easily understood value statements. Highly effective business and technical partner with unique insights, globally-aware perspectives and an affinity for identifying opportunities to deliver solutions that drive business enablement. Always strives for kaizen, drives business process improvements and organization-wide continuous improvement. Pays attention to stakeholder needs & priorities and the bottom line business benefits.

SUMMARY OF SKILLS:

• Project & Program Management (Agile/Scrum, RUP, RAD, Waterfall, PMBOK)
• Software Development (SDLC - Waterfall ⁄ Incremental ⁄Scrum/Agile)
• Strong Leadership and Management Skills
• Human Performance, Coaching & Mentoring
• Managing distributed matrix teams with on- and off-shore resources & cross functional teams
• Planning & Scheduling (Trend/Variance Analysis)
• Product & Strategic Planning
• Broad Technology Base (Web ⁄ Embedded ⁄ Enterprise, etc.)
• Process Improvement, Change Management & Risk Management
• Budget & Multi-Site Management
• Deployment, Release management and Implementation
• Continuous Organizational Improvement
• Departmental training needs consolidation, capacity planning and budgeting
• Disaster Recovery and Business Continuity Planning

WORK HISTORY:

Confidential, Redmond, WA

Sr. Program Manager

Responsibilities:

• Lead Identity and Access Management (IAM) team in Information Security and Risk Management (ISRM) group for the enforcement of access management.
• Use agile and waterfall methodologies for managing the projects(s) and coordinating with the program.
• Lead MFA initiative including phone registration and 2FA enforcement across the company for internal users related to PCI compliance.
• Identify and evaluate business and technology risks, develop internal controls to mitigate risk, and recommend solutions to improve systems governance
• Supervise security and risk governance body activities including the scheduling/prioritization of review /assessment material and provide appropriate approval or request further inquiry. Lead the projects related to changes in ADFS and ADDS components of AD
• Follow the guidelines, steps and framework of ISO 27001/27002 series, NIST and COBIT for Information Security Management.
• Lead the roadmap activities for company-wide initiatives for migration to Azure AD framework with emphasis on security and Identity and access component.
• Communicate the strategic vision and agenda to business partners to ensure alignment and support; provide insightful advice and skillful execution, leverage risk management activities to safeguard IT's support of the delivery of business performance
• Provide end-to-end expert leadership on how to effectively achieve and sustain compliance with regulatory, industry and contractual obligations, as well as information security policies and practices. Provide direction and guidance to IS leaders regarding best practices and solutions that support business goals and objectives.
• Lead and direct security risk assessments and management testing of IT controls. Direct Internal Audit programs, including scoping, planning, reporting, remediation and follow-up
• Drive continuous improvement in IT governance, risk, compliance and security practices based on expert knowledge in domain areas, industry best practices, business objectives and risk tolerances.
• Lead initiatives to regularly assess the adequacy and effectiveness of IT controls, security policies, and direct remediation activities and initiate actions to ensure that compliance and security gaps are successfully addressed
• Lead organizational awareness of compliance, risk, security and privacy concepts and best practices. Demonstrate the organization how effective IT risk management practices and controls enable compliance and business process efficiency. Lead an ongoing communication and education forum for the exchange of ideas and information across all IT senior executives and functional areas, as well as its business partners .
• Coordinate data center activities for hardware and software upgrades and make sure BCDR plan is updated and the plan works for the redundant data centers.
• Follow SSAE 16 SOC 1 & SOC 2 guidelines for internal audit.

Confidential, Bothell, WA

Sr. Program Manager

Responsibilities:

• Led auditing of the payment processing systems for PCI DSS compliance and enhancement of the payment transaction loggings for reporting and compliance purposes and minimizing risks of non-compliance.
• Successfully led several projects related to security tightening, access controls including Role Based Access Control (RBAC) and Oracle Identity Manager (OIM)
• Led auditing and risk analysis of e-commerce applications and web-site for possible security breach or vulnerability and look for security improvements.
• Led teams across broad technical, financial and business disciplines. Focused teams on business objectives and tracked progress to ensure project milestones were completed on time, on budget and with the desired results.
• Maintained Vulnerability Management program. Mitigated risk factors through careful analysis and auditing of financial and statistical data. Managed risks through the best risk management practices.
• Lead efforts to audit application program codes for security and sox compliance and gathered status from different groups and combined to make a single report to send to and maintain communication with stakeholders.
• Involved in Capacity planning, performance tuning, review DR/BCP architecture to assure it remains compliant with security controls
• Use agile and waterfall methodologies for managing the projects(s) and coordinating with the program
• Manage vendors and other security related service providers
• Used ISO 27000 series, NIST & COBIT framework for the ISMS processes & SSAE 16 for the internal audit.

Program Manager/Team Lead/Systems Analyst

Confidential

Responsibilities:

• Led program to audit the credit card processing systems to check end to end for PCI compliance and delivered PCI DSS compliance program (completed in 5 phases) on time and on budget with 0 DPMO.
• Provide guidance and assistance to maintain ongoing PCI compliance including robust vulnerability management.
• Provide strategic direction for IT Auditing related to Security, ranging from planning and budgeting to project management and executing activities related to information security
• Provide security risk assessments and recommendation on how to mitigate risk, successfully led several projects related to security tightening, access controls including Role Based Access Control (RBAC), Oracle Identity Manager (OIM) and company-wide SSO implementation using Hitachi ID Password Manager.
• Monitor and improve activities to ensure compliance both with internal security policies and applicable laws, regulations and SOX compliance
• Recommend and implement tools, functions, processes and policies required to complete certification and/or improve security
• Partner with Accounting group and Financial applications team to ensure Accounting activities are in compliance with audit requirements
• Establish, maintain, obtain approval of and enforce information security policies, standards, procedures, guidelines and controls, maintain Vulnerability Management and Risk Assessment program
• Form and oversee information security awareness, manage Learning and Training program under the VP for 200+ employees
• Work closely with the Loss Prevention team with regards to physical security and access systems
• Lead the efforts to maintain the organizations online and Cyber security activities
• Manage vendors and other security related service providers. Use ISO 27000 series, NIST and COBIT framework for the ISMS processes and SAS 70 for the internal audit.

Lead/Architect

Confidential, Montana, MT

Responsibilities:

• Acted as the lead architect to capture requirements, design and lead the code development process, do code review, help with integration testing, help with test plans and UAT testing. The environment was WebSphere Portal Server using Sun Access Manager as the Role Based Access Control Engine.

Confidential, Broomfield, CO

Responsibilities:

• Developed and integrated reusable EJB components for implementing business logic
• Did performance tuning of Java Code

Confidential, Wilmington, DE

Responsibilities:

• Developed API’s to form XML string according to the ACORD spec. And to parse XML result from the backend
• Developed Java Mail based notification to the customer support group for requirement of insurance card
• Did performance tuning of Java Code and WebSphere Server

Lead/Project Manager/Java Architect/Sr. Software Engineer

Confidential, Seattle, WA

Responsibilities:

• Responsible for requirement capturing & visualizing using UML Use-Case Notions & realizing the Use-cases.

Confidential, CO

Responsibilities:

• Responsible for designing the application in n-tier fashion as per MVC architecture standards, used AAA model for enhancing and customization of company logging requirements. Integrated Site-minder as the Single Sign On (SSO) Engine.
• Managed the project using MS-Project as the team was a small one.
• Involved in implementing a new concept of permission of GUI Components based on the role of users.

Confidential, Los Angeles, CA

Responsibilities:

• Developed a J2EE web based system where a patient could enter current readings of blood test and send the data to the monitoring doctor. The system had to be HIPAA compliant.
• Developed a J2EE intelligent system for psychological health evaluation for a person who is suicidal at a certain point of time. The system had to be HIPAA compliant.