SUMMARY:

• Enterprise Information Security Technologies experience with focus on Cyber security, Information Security, Application Security, IT Governance, Risk Management, Compliance and IT Audits with specialization in Security analysis, design, development and testing of applications in n - tier architecture and Systems Security
• SANS GIAC certified in Information Security Policy (GFSP)
• Experience with IT Compliance and Audit Standards of ISO 27000 series, SOC and SSAE
• Experience with Data Protection and Data Privacy- GDPR, DPIA, CCPA, Privacy Assessments
• Managed Regulatory Compliance implementation with OWASP, FISMA, HIPAA, PCI- DSS, GLBA, SOX, COBIT, COSO, FFIEC, NIST, ISO 27001, ISO 27002, DFARS NIST SP 800-171 and GDPR
• Knowledge of 21 CFR Part 11, Annex 11 Regulations and Good Manufacturing Practice (GMP)
• Governance and Compliance experience with ISO 31000, COBIT, ISO 27001, ISO 13485, ISO 27017, ISO 27018, ISO 22301, PA DSS, PII and PHI
• Strong understanding of information technology controls and security experience in a widely used financial application environments like (SAP, Oracle, JD Edwards, PeopleSoft, etc.)
• Provided Project Management and Continuous improvements, defined ITIL Project goals, managing resources, project time lines and lead multi-discipline teams while fostering input from various levels
• Experience in Enterprise Risk Management frameworks - COSO ERM, ISO 31000, ISO 27005, NIST 800-30, FAIR, OCTAVE
• Experience with NERC CIP and SSAE-18 Compliance, ERP Systems
• Incident Management, Cloud Security (AWS, Azure), Business Continuity/Disaster Recovery, Access Control, Asset Management
• Managed and lead Business Continuity (BCP) and Disaster Recovery process (DRP)
• Experience with Cloud technologies and implementation of SAAS based security controls.
• Experience managing Projects based on Agile Methodologies including ITIL, COBIT and CMMI
• Experience leading and managing IT Risk, Governance, Security and Audit frameworks (COBIT, COSO, ISO 27001/2/5, NIST 800-53, NIST SP 800-171, SSAE 18, SSAE 16, Basel II)
• Experience in developing a compliance schedule tailored for SSAE 16/SOC and ISO 2700x Audits
• Experience and strong knowledge of Internal Controls over Financial reporting including SOX 404, SOC 1 Audit reports, COSO, US GAAP, ITGC, PCOAB and IIA Standards
• Managed and lead Regulatory & legal security standards such as PCI DSS, Sarbanes-Oxley, HIPAA
• Managed and provided regulatory expertise and solutions on complex risk and compliance issues.
• Managed and lead projects involving Security best practice frameworks - COBIT, NIST 800.x, ITIL, ISO 27001, ISO 27002, ISO 27005, HITRUST, PCI, SOX, FED RAMP and FFIEC
• Several years of technical experience in Information Security, in an environment certified and compliant with globally recognized Security Frameworks and maintained Compliance with GDPR, PCI, COBIT, SOX, NIST, ISO 27001 and ISO 27018 Controls
• Experience with Web App Security tools with an understanding of Application security
• Experience with Cyber Security compliance and regulations and knowledge of NY DFS Cyber Security rules and regulations.
• Experience with computer security procedures and protocols and experience with Security Information Event Management tools (SIEM), Intrusion Detection & Prevention Systems (IDS/IPS), Firewalls & Log Analysis, Network Behavior Analysis tools, Antivirus, and Network Packet Analyzers and malware analysis. Monitored Security State and managed continuous monitoring
• Experience with Web application development using Java, .NET (C#)
• Implemented Security Controls, Common Security standards, Practices and Risk frameworks - FAIR, ISF, NIST, OCTAVE, STRIDE, ISO 27005 and ISACA
• Experience with Payment Card Industry (PCI DSS, PA-DSS, P2PE)
• Knowledge and understanding of Cryptography - PKI, PGP, SSL, SSH
• Involved in Risk Assessment and GAP Analysis performing GAP analysis w.r.t. Security, Privacy and Compliance of regulatory standards and reported Risk factors.
• Experience with Cloud Security Alliance (CSA) and cloud technologies in implementation of SaaS based security controls.
• Exposure to Threat Modeling using STRIDE, Penetration, Security testing, Code Security reviews
• Application Security Planning and Security Architecture

TECHNICAL SKILLS:

Project/Program/Portfolio Management: ITIL, COBIT, ISO

Project Management: Agile, PMI, JIRA, SharePoint, SDLC, Agile, Kanban, MS Project, MS Office

IT Risk management: COSO ERM, ISO 31000, ISO 27005, NIST 800-30

IT Governance: ISO 31000, COBIT, FFIEC and COSO

Compliance & Audit: ISO 27001/2, COBIT 5, GDPR, Fed Ramp, DFARS, FFIEC, SOX, NIST 800-53, NIST SP 800-171, PCI DSS, HIPAA, NERC CIP, FISMA, PCI PA DSS, PCI DSS, P2PE, SSAE 18 SOC 1, SSAE 16

IT Security Tools: FTK, Wire Shark, Nessus, Encase

Vulnerability scan tools: Qualys, HP Fortify, IBM AppScan, Vera Code

Data Bases & Data Analytics: SQL Server 2008/2012, Oracle, PL/SQL

Languages & Web: JAVA, C#, Ruby, PHP, C, Pascal, COBOL, HTML, XML, TCP/IP

Reporting Tools: Oracle Reports, Crystal Reports, SSRS

Operating Systems: UNIX, Linux, Sun Solaris, Windows XP/98/NT/2000

PROFESSIONAL EXPERIENCE:

Confidential, New York, NY

Sr. Manager/ Sr.Security Architect

Responsibilities:

• Manage and lead PCI DSS and NYDFS 23 NYCRR 500 Cyber security/ application security requirements for Confidential .
• Enhance SDLC to S-SDLC and participate in Design Reviews, TOGAF/SABSA architecture review
• Technical Manager in doing Cyber security engagements and Risk Management
• Manage and support a team of Technology Staff in doing application security and Project delivery on time responsible for security assessments
• Schedule and lead project team meetings to maintain adherence to project timelines and requirements
• Manage Annual Privacy Risk Assessments and conduct Privacy assessments as needed ensuring appropriate controls are in place to mitigate Privacy risks
• Experience with Data Protection/Privacy and Security requirements under NIST, ISO 27001/2, HIPAA, PCI, NYDFS, CIS and other relevant legislations.
• Manage Compliance and Audit projects of ISO 27001/2 and its derivatives - (HITRUST, Shared Assessment), SOC 1, SOC 2 Security Trust Principle Audit, Consulting and collaboration around an ISO 27001 Information Security Management System.
• Manage Projects involving NIST 800-171/FISMA framework and its derivatives - (Fed RAMP, CMS Information Security Program), HIPAA as clients serve government customers.
• Responsible for IT Security and Compliance programs, Data Protection and GDPR and CCPA
• Manage and support Applications, Project roadmaps, SSDLC, and Regulatory compliance
• Provide Consulting for NERC compliance related Power Projects using ISO 31000 Risk Management
• Validate Control measures including KRIs, KPIs and Audits
• Identify and Assess Operational Risk and Audit systems using Risk management frameworks - ISO 31000, COSO, COBIT and NIST

Environment: NYDFS 23 NYCRR 500, Application Security, ITIL, PCI DSS, CCPA, HIPAA, GDPR, GRC Archer, NIST RMF, FED RAMP, Wire Shark, PKI, NIST CSF, ISO 31000, Cyber security, COSO ERM

Confidential, Atlanta, GA

Sr. Manager IT

Responsibilities:

• Manage and Direct a team of Cyber security Professionals, mentor and coach the team members both as a People Leader and Technical Manager in doing Cyber security engagements with different clients of Coal fire
• Manage Federal and State IT and Security Compliance requirements
• Develop, manage, monitor and report on all Project/Program tasks, activities, expectations, controls and deliverables
• Manage and support a team of Technology Staff in doing Project delivery on time and within Budget
• Responsible for performing Security Risk Assessments, managing Vulnerability Management Program and implementing Controls with Regulatory requirements of HIPAA, PCI DSS, GDPR
• Provide Project Management and strategy in all aspects of IT, Business risks and Audit engagements
• Experience implementing IT Governance Frameworks of ISO 31000, COBIT, FFIEC and COSO
• Manage and deliver IT Risk Assessments and Audits on various projects involving IT Governance and Strategy, DRP, BCP Change Management and Cyber Security areas
• Managed IT Compliance and Security of Audits, Compliance checks and assisted external assessment processes for Auditors, Payment Compliance Industry (PCI), Personally Identifiable Information (PII), General Data Protection Regulation (GDPR), HIPAA and SOX Compliance
• Responsible for ensuring Privacy and Data Protection programs of GDPR, HIPAA, CCPA and working towards implementing Privacy by design in creating solutions
• Experience with PCI DSS, ISO 27001, HIPAA, HITRUST, SOC II security and privacy requirements
• Experience Managing Cloud Security Assessments and Audits over Cloud (AWS, Azure)
• Support and Manage CCPA Assessments and CCPA response
• Managed GDPR Protection, GDPR Compliance overview, Road mapping, Program development and Implementation, BCR, Model Clauses, Regulatory/Privacy Shield, DPIA, Privacy Assessments
• Worked with Top Payment Application Clients in the industry for PCI and HIPAA, HITRUST CSF, and Compliance to meet Information Security requirements and Security Maintenance
• Managed, developed and executed Annual IT Audit Plans as well as Testing IT Processes
• Created and managed Cyber Security Policies along with 23 NYCRR 500 cybersecurity requirements
• Experience with Internal Controls, Risk Assessments, Business Process and Internal IT Control testing and Operational Auditing
• Involved in performing Audits and Internal testing of Controls annually around ISO 27001, FISMA audits and other IT Risk areas as needed
• Experience in performing Auditing and other testing of Security Controls, developing Audit Plans and Procedures and reporting the results of such audits
• Manage and lead GDPR Program Management, Regulatory Compliance mapping and monitoring
• Experience in Payment Card industry, Credit card transactions and Audit of Payment Application logs and ensure PAN is rendered unreadable
• Managed Projects with Data Governance, Data Privacy, Created Plan of Action, Milestones (POA&M)
• Managed and Lead Business Continuity and Disaster Recovery Program including Business redemption, System Recovery and restoration and provided overall IT Support for Internal Clients
• Experience with regulatory environment for utility clients including NERC-CIP Compliance and ISO 31000 Risk Management
• Managed and lead development, implementation of relevant Metrics to measure the efficiency and effectiveness of ISMS, Governance, Risk Management and Compliance programs across Coal fire
• Experience working with Risk, Security and Audit frameworks (COBIT, COSO, ISO 27001/2, ISO 27005, NIST 800-53, SSAE 16) and ISO 27018 controls
• Experience in Governance and Compliance for PCI PA-DSS, FISMA, PII and GDPR
• Assisted in the analysis of PCI Assessment findings, owner identification, remediation planning
• Experience in Information Security Policy creation and acceptance
• Experience working with Technical, Security Policy decisions affecting Security Posture of Clients and their Compliance requirements with DFARS, NIST SP 800-171 requirements
• Experience in meeting PCI, PII and PHI requirements and ISO 13485 Compliance
• Involved in maintaining Data Privacy for GDPR, HIPAA, FDR and lead SOC 2 and HITRUST Audits
• Implemented Data Protection Governance Practices, Privacy Impact and Gap Assessments
• Involved in Cybersecurity Controls Assessment delivered using best practice frameworks including NIST CSF, COBIT 5, CIS and other frameworks
• Implemented SaaS based Cloud security Controls and compliance using ISO 27017, ISO 27018
• Involved in working with Information Security Analysts and application & service owners with PCI-DSS compliance tasks such evidence preparation, gathering and submission to the PCI-DSS assessor for annual compliance
• Involved in working with Payment Card Industry (PCI DSS, PA-DSS) and P2PE relevant projects.
• Evaluated Customer Network and Data Flow Diagrams
• Created White Papers through Client Documentation and review
• Involved in implementation of System Security Software and other Forensic tools
• Evaluated Payment Applications using Wire Shark Forensic Tools.
• Exposure to PKI and Asymmetric and Symmetric encryption
• Utilized Control Routines and Risk Management Policies to identify and analyze risks

Environment: ITIL, PCI DSS, CCPA, P2PE, HIPAA, GDPR, FTK, GRC Archer, NIST RMF, OCTAVE, STRIDE, FED RAMP, Wire Shark, PKI, NIST CSF, ISO 27005, Cyber security, NERC CIP, ISO 31000, SSAE-18 SOC 1, ISO 27018, COSO ERM, DFARS, NIST SP 800-171

Confidential, Fort Lauderdale, FL

VP Senior IS Tech Analyst

Responsibilities:

• Manage and Direct Technology Teams of Cyber Security Risk and Compliance and work with Short term and Long-Term Initiatives, Goals of Security Strategy and improve the Security Posture of Confidential
• Identify key stakeholders and management strategy for each of activities involving communication, influencing and decision making towards Projects schedule and time lines
• Managed and Direct a team of Globally outsourced and geographically dispersed teams on Security Initiatives and GRC programs at the bank, Teams are laid out in different countries
• Manage and Provide reasonable assurance that Security Program and IT Governance processes and Controls are properly implemented and Corrective actions are taken where needed.
• Managed BC/DR program including BIA Analysis, DR Plan documentation, BC and DR exercises, emergency management communications across Banking divisions during Cyber events/outages
• Manage and support IT Governance and Risk Management projects to manage technology Risk
• Managed Audits in meeting SOX compliance with COBIT, GLBA Compliance, and FFIEC Compliance
• Managed and supported Combined US Operations Enterprise Wide Risk in assessing areas for improvement and Gaps related to internal standards, new and existing rules and regulations
• Managed and supported all aspects of Governance, Risk and Compliance within the CUSO
• Managed Bank IT Audit implementing best practices and meeting Regulatory Compliance needs and provided Audit reports to improve Bank IT Security Program
• Managed Bank IT Compliance and Risk assessments, IT Audits, and Internet Banking Audit,
• Managed Bank Disaster Recovery Plan and Bank’s Business Continuity Program
• Manage Risk Assessments internally and externally and support a large-scale global enterprise and set direction as a leader working through three lines of defense (3LoD)
• Involved in ensuring Risk Management in coordination with different Stake holders of Risk, IT Risk Management Group, OPC, Compliance, Regulatory affairs and Supervisory relations
• Involved in implementing Safeguarding Standards and provided implementation in relevance with NIST Cyber Security Framework (CSF) incorporating it into Risk Management.
• Evaluated Applications using Static Coding analysis tools - Vera code, IBM AppScan Tools and provide Application Vulnerability Assessment services (Dynamic and Static) to all Confidential businesses
• Involved in evaluating current risks and provide recommendations for Risk Tolerance and Mitigation.
• Collaborate with Stakeholders to document and implement necessary Policies and Procedures to comply with ISO 27001 Standards and to obtain Certification.
• Implemented Cloud Security Controls to meet Security and Compliance requirements for IaaS, PaaS, SaaS
• Participate with leaders in definition and implementation of Information Security Policies, Strategies And Involved in creation and maintenance of new Policies and Procedures enhancing security
• Source Code Reviews and OWASP Secure Coding Practices, SABSA, TOGAF, DODAF Architecture Framework/Methodologies
• Experience in Security Policy development, writing, security education, Application Vulnerability assessments, Risk Analysis and network penetration testing
• Worked with Policy and Standards team to execute PCI Program across Confidential Units and to integrate PCI Compliance aspect into Confidential ’s current Policy and Risk Management Process.
• Managed and involved in all aspects of Risk Management including implementation and monitoring Risk Management process in the organization.
• Managed Audit activities including a portion of Annual Audit Plan, and Annual Audit Work Plan
• Managed IT Audits, Information Technology Risks and Controls, Information Security & Governance
• Overseeing and implementing the Global SOX, ISO 27001 Control Frameworks across Confidential Global IT
• Managed and developed Information Security Standards, Procedures, Policies and guidelines along with Application architecture and threat modeling

Environment: ITIL, ISO 31000, ITIL, SOX, COBIT, IBM AppScan, Vera code, PCI Compliance, ISO 27001, GRC Archer, FAIR, STRIDE, OCTAVE, NIST RMF, ISF, NIST CSF, ISO 27005, COSO

Confidential, New Orleans, LA

Applications Security Analyst

Responsibilities:

• Manage a Team of technology Staff with or without direct authority to produce results in a timely manner and manage high complex Application Security Operations, Cloud Security and Vulnerability Program Management for Confidential Capital
• Manage Technology teams and work with outsourced global teams in doing Application development and testing for new Confidential Products
• Responsible for Internal Controls and Risks of Confidential Technology network
• Involved in Planning and execution of Internal Audit procedures and creation of Internal Audit reports.
• Experience in Audit Log reviews and SOC Operations support
• Managed Security Policies, Procedures and responded to security reviews
• Reviewed system Audit logs in accordance with the SSP
• Managed and involved in performing manual Security architecture risk analysis, thread model reviews of applications and assess their design against known or emerging threats
• Managed, driven remediation efforts related to Information Security, Remediation for Incidents, Vulnerability Scans, Pen tests, Internal and external Audits and Critical Practice assessments.
• Lead Vulnerability remediation efforts with System Owners for identified issues on Systems
• Assisted in managing an outsource relationship for 3rd party application development and lead trouble shooting technical issues and identified modifications needed in existing applications risk with reference to NIST Cyber Security Framework (CSF) and mitigate Cyber Security events
• Responsible for analysis, design and implementation of System Security Software upgrades
• Enterprise level Information Security Architecture design and, coordinate Information Security procedures and controls, application testing and security incident response
• Analyzed and tested new and existing procedures, information systems and utility programs for security vulnerabilities and recommended remediation procedures.
• Coordinated application development with Code Scanning with HP Fortify for multiple projects.
• Assisted in Source Code Analysis, Remediation and troubleshooting of application security issues.
• Assisted System analysis and design of security requirements for Confidential Security & Operations division
• Managed and lead Security Development Lifecycle (SDL), system development life cycle and Programming with Internet facing applications using Java and C#
• Analyzed Action plans for application vulnerabilities and provided remediation plans
• Involved in Firewall Policy evaluation, review and design
• Recommended alternatives for application security and issue resolutions
• Deliver reporting to Security Leadership on Remediation efforts
• Assisted various divisions of Confidential in the implementation of Software Security and Systems software
• Involved in identifying Application Vulnerabilities and implementing Security Practices for Cloud Involved in educating Security awareness with end users
• Creates and generated documentation concerning security procedures and maintenance of Reports
• Assisted in maintaining a System Security Plan (SSP) and Security Testing
• Assisted in updating OS software and antivirus definitions in accordance with the SSP requirements
• Experience in running Vulnerability Management tools and utilize manual techniques to identify and validate closure of security issues.

Environment: ITIL, NIST RMF, STRIDE, UNIX, HP Fortify, Vera code, Qualys, Java, .Net, C#, Oracle, Java script, SQL, HTML, Information Security, COSO, COBIT

Confidential, Maywood, IL

Contract Consultant Developer

Responsibilities:

• Managed a team of developers for Programming PHP back end web services for Remote Flash application.

Environment: Crystal Reports XI / 2008 / 2011, SSRS, PHP 5.0, Java, MySQL 5.0, Adobe FLEX 3.0, Action script 3.0, MXML, Flash, HTML/DHTML, Java script, XML, CSS, Subversion, Linux

Confidential, Meadows, IL

Developer / Consultant

Responsibilities:

• Implemented Product configuration management using Java

Environment: Crystal Reports XI, Java, Adobe Flex 3.0, ActionScript 3.0, MXML, Spring Framework 2.5, Hibernate 3.2, Flash, Oracle 10g, HTML/DHTML, XML, CSS, Flex Unit, JUnit, Java script

Confidential, Saint Louis, MO

Senior Developer/ Consultant

Responsibilities:

• Designed and developed all parts of the Web application-including configuring Spring and Hibernate
• Used JIRA to assign, track, report and audit the issues in the application

Environment: Core Java, Servlets, JSP, J2EE, Spring 2.5, Struts, HTML, Web services (using AXIS), Eclipse 3.1, UML, Maven, WebLogic 9.1, Oracle 10g, JUnit, Log4j, Hibernate, SQL

Confidential, Saint Louis, MO

Developer /Analyst

Responsibilities:

• Implemented collateral management using Java and MVC
• Involved in Creation of User interfaces and Action script development with Adobe Flex

Environment: Crystal Reports XI, Adobe Flex 2.0, Adobe Flash, ActionScript, XML, XSLT, HTML, JUnit

Confidential, Chicago, IL

Java Consultant / Developer

Responsibilities:

• Implementing enhancements in Enterprise level Java Application.

Environment: Crystal Reports XI, IBM WebSphere 6.0, MVC, Java, JSF, Servlets, Applets, JDBC, PL/SQL, Oracle 10g, JSP, JUnit, XML, XSLT, UNIX

Confidential, Saint Louis, MO

Consultant/ .Net Developer

Responsibilities:

• Involved in Programming using C#, ADO.NET and XML
• Created parameterized Sub Reports with various chart types for using Crystal Reports &SSRS

Environment: SSRS, C#, ASP.NET, ADO.NET, CLR, XML, Visual Studio 2003 Environment, PL/SQL, RUP, Oracle PL/SQL, Crystal Reports

Confidential, Lansing, MI

Java Consultant

Responsibilities:

• Designed and developed functionalities for the fixed assets management module in MVC Pattern
• Developed and maintained stored procedures (PL/SQL), SQL scripting

Environment: Java, Servlets, JSP1.2, EJB 2.0, HTML, Java script, XML, Struts, Oracle 9i, PL/SQL, Windows 2000, JUnit, UNIX

Confidential, Lansing, MI

Java Consultant/Contractor

Responsibilities:

• Programming Java, Servlets, JDBC, Design patterns
• Involved in Application Design and Development and generating Oracle Reports 2.5

Environment: IBM Web sphere, JAVA, Beans, JDBC, ORACLE 9i, EJB, JSP, SQL, PL/SQL, Oracle Reports 2.5, UNIX, JavaScript, JUnit