Proactive team leader with superior troubleshooting ability. Enterprising and analytical, with a high level of integrity and loyalty. Previous DOD Secret Security Clearance. CISSP, CISA, PCI - ISA, PCIP, ITIL.
- Responsible for planning and executing onsite security/risk assessments for third party vendors.
- Engaging vendor contacts, planned /scheduled onsite assessments, traveling to vendor sites to execute the assessment, document findings and report to the remediation team at Confidential .
- Technical skills include the domains of information security and business continuity including Information Security Controls (Infrastructure Security, Access Management, Physical Security, Application Security, etc.), IT Compliance, SOX Compliance, Change Management, Enterprise Risk Management and a strong understanding of NIST, PCI, ISO, SDLC, COBIT, and ITIL standards.
- Using Clearwater Compliance and Service Now completed written security risk assessments and developed a risk register for all mission critical systems and applications.
- Identified system, application, web application and database risk and vulnerabilities.
- Recommended and assisted with the implementation of security controls to mitigate or remediate known risk and vulnerabilities.
- Implemented an enterprise-wide security awareness and program to include current IT security risk/threats, social engineering/phishing awareness and IT security incident reporting procedures.
- Coordinated with system administrators, security and desktop to assess and analyze vulnerability scans; provided guidance to management in predicting cyber threats and assesses/quantifies possible operational impact if an IT risk or vulnerability is exploited.
- Risk Assessments on Third Party Medical devices and Systems.
- Determined scope and recommendations for PCI kiosks within the hospital and in surrounding community medical offices.
Security Compliance Program Manager
- Use Service Now to coordinate all data for self-assessment, controls, mitigation and remediation items.
- Documenting processes for managing Incident, Request, Problem, Change Management and effective rollout of these processes across all GE IT Teams.
- Plan and coordinate PCI compliance assessments.
- Document Backup/Disaster Recovery/Business Continuity Plans / IT Risk Register / Security Awareness
Op Risk Consultant
- Create controls as onboarding new applications
- Perform quarterly testing for ITGC controls for SOX audit
- Perform all internal quarterly audits including SOC, 27K and PCI preparation. Created path to PCI for this limited scope.
- Create and update company Policies, Procedures and Guidelines and created and distribute Security Awareness campaign
Risk Management/Security Engineer
- Perform assessment and inventorying activities as part of Information Security Risk Management
- Perform the identification of assets, their associated risks, and any risk mitigating controls in place.
- Perform assessments, analyze, monitor, and report on information security risks: Follow the Information Systems Risk Management Program ‘s (ISRMP) processes and collect metrics that will allow Confidential to understand current risk states, trends, and control effectiveness
- Interview risk owners, process owners, project owners, and asset owners in pursuit of risk data and information
- Collect and update information as needed in Archer and Rally.
Security Solutions Manager
- Managed and supervised SOC monitoring customers systems using SIEM AlienVault
- Security consultant assisting in remediation and as an external auditor on multiple audits.
- Created a path to PCI with clients to ensure compliance without impacting production.
- Provided gap assessments, guidance and consultation for remediation for various third party clients. Establish security controls and procedures and track compliance against those controls.
- Performed Internal and External Audits including Physical Audits, NIST, ISO 20000, SSAE16 and PCI, COBIT
- ITIL Foundations Certified
Security Engineer / IT Auditor
- Maintained security of millions of stored credit card numbers (tokenization system) and level-1 transaction processing system.
- Monitor Network Security using RedSeal. Perform Scans using Nessus and Qualys.
- Perform daily review of operational and security logs using Zix, CiscoSecure, Websense, Imperva and Dell SecureWorks.
- Preparation of various policy, procedures and reports including Disaster Recovery, IT Operations Playbook and other policies as needed.
- Accountable for coordinating yearly PCI security audit and was the Lead ISA with the external auditors along with multiple other yearly audits. SOX, COBIT, ISO, NIST
- Measured and maintained quality standards by applying performance metrics, weekly audits, and data reports - presented findings to senior leadership.
Risk Management and Security Administrator
- Project Management for Areo vLAN project covering multiple locations across Arizona
- Audit labs and Data Centers over multiple sites to ensure compliance with standards