SUMMARY:

• Skilled with Jira and Confluence, proficiency with MS Word, Excel, MS Project and SharePoint.
• Strong understanding of project management fundamentals and best practices and experience with recognized industry techniques for project management life cycle methodologies fundamentals and best practices.
• Network & System Security, Teammates, Shared Assessments, Risk Management, Vulnerability Assessments, Authentication & Access Control, System Monitoring, Regulatory Compliance, System Integration Planning, Multitier Network Architectures.
• Security Risk Assessment & Management, Business Continuity and Disaster Recovery, Policy Management and Compliance, Security Operations, Security Program Management, Security Architecture & Engineering.

PROFESSIONAL EXPERIENCE:

Confidential, New York

Senior Security Manager/ Sr. Project Manager

Responsibilities:

• Administer Cybersecurity intelligence process to ensure security threat information, system log information, and sources of external intelligence are combined to provide real time response to cyber events.
• Responsible for leading, directing and facilitating the successful completion of a large multi - department program to deliver new Policy Administration and Workflow systems.
• Engaged in developing awareness and understanding of agile methodology to ensure synergy of plans and inter dependencies of technology deliverables.
• Performed PCI-DSS and PA-DSS assessments.
• Created and refined processes for performing PCI and PA DSS compliance verification efficiently.
• Develops Cybersecurity processes and procedures, and support service-level agreements (SLAs) to ensure that security controls are managed and maintained.
• Develop and implement process for ongoing monitoring of IT processes to ensure compliance with SOX audit controls.
• Reviewed security risk and vulnerabilities as they pertained to the PCI compliance across multiple processing platforms with various agencies. Provided guidance to client on the PCI requirement guidelines and how to meet said compliance standard. Assisted client in development of security compensating controls when required.
• Perform operational, security, financial and compliance IT audits in accordance with COSO and COBIT internal control framework.
• Assisted clients with developing information security programs and assessing compliance with information security frameworks.
• Work with project manager to organize project plans, site meetings, and compile agendas and meeting notes.
• Provide independent audit support in conjunction with the Company's SOX assessment.
• Test and document financial and information systems for data integrity and quality.
• Review of SOC 1 Type 2 report, execute SOC 1, 2, PCI DSS HIPAA audits. Good knowledge of SSAE18.
• Coordinated and monitored CAIS team activities with other remediation project teams
• Conducted third party information security assessments which include leading process improvement activities, participating in information security assessment special projects and other assessment related activities.
• Execute cyber security audit with focus on preventative, detective, corrective and compensating controls.
• Demonstrates an influential relationship measured by business and IT feedback.
• Splunk experience is a plus
• Perform web application, mobile application and network penetration tests
• Develop processes and implement tools and techniques to perform ongoing security assessments of the environment
• Analyze security test results, draw conclusions from results and develop targeted testing as deemed necessary
• Providing technical consultation on Security Tools and Technical Controls
• + Development of ‘rules of engagement’ with partners
• Develop security standards, policies, automation scripts
• Perform security reviews of application designs and source code review
• Experience with shared assessments, gap analysis with extensive hands on with leading process improvement activities, participating in information security assessment special projects and other assessment related activities
• Assisted with a successful GDPR readiness program and matrix reporting relationship to the VP Information Security. Also executed the IT Information Security strategy and manage concurrent IT project activities to support new IT business processes, integrations & other technology initiatives that are required to be in compliance with the EU General Data Protection Regulation (GDPR).
• Executed IT & vendor risk assessments, controls reviews and recommending, designing and advising on applicable IT controls, as well as regulatory and compliance requirements
• Execute IT infrastructure audit of Databases, Network Devices and Operating System and establish controls to mitigate risk.
• Conduct audit using (COSO and COBIT frameworks) to conduct practical system testing.
• Perform IT General Controls and IT Application Controls testing employing a risk-based audits approach.
• Monitor and review computer security logs and security systems.
• Periodically reach out to vendors hosting data regarding current threats to ensure they are taking necessary steps to reduce exposure.
• Provide recommendations for bringing applications, infrastructure, data centers, etc. into conformance with cyber-security standards.
• Conducting audits of cyber-security controls for clients in the life sciences industry and supporting organizations, e.g., IaaS, PaaS, and SaaS providers.
• Assist in the preparation and periodic review of a comprehensive Company risk assessment.
• Liaise with external auditors to perform annual SOX compliance audit.
• Experience with daily IT operations and best practice frameworks (ISO 27001/2, CIS Critical Controls, NIST 800-73) in one or more areas, such as system administration, networking and information security.

Confidential, New York

IT Staff Auditor/ Security Assessment Project Manager

Responsibilities:

• Performed ITGCs and IT Application Controls testing.
• Partnered with business and IT stakeholders at the program Sponsor, Steering and Advisory levels.
• Performed PCI-DSS and PA-DSS assessments.
• Developed spreadsheets, diagrams and process maps to document needs
• Prepare and present clear, concise, and timely communication; a strength to right-size the message to the audience.
• Coordinate internal resources and third parties/vendors for the flawless execution of projects
• Ensured that all projects are delivered on-time, within scope and within budget
• Assisted in the definition of project scope and objectives, involving all relevant stakeholders and ensuring technical feasibility
• Ensured resource availability and allocation
• Developed a detailed project plan to monitor and track progress
• Manage changes to the project scope, project schedule and project costs using appropriate verification techniques
• Measured project performance using appropriate tools and techniques
• Reported and escalate to management as needed
• Managed the relationship with the client and all stakeholders
• Performd risk management to minimize project risks
• Work with external vendors to perform penetration tests on network devices, operating systems, databases, and Applications as necessary
• Create and hold workshops illustrating the state of the art of various technologies and assessment strategies
• Work on improvements for security services, including the continuous enhancement of existing methodology material and supporting assets
• Communicate technical vulnerabilities and remediation steps to developers and management
• Be responsible for performing manual penetration testing and communicating your findings to both Business and Developers
• Provides assistance to system users relative to information systems security matters
• Work with application developers to validate, assess, understand root cause and mitigate vulnerabilities
• Designed online tools for managing ongoing PCI compliance management.
• Partnered on improving NIST Cybersecurity rating.
• Conducted vendor risk assessments, with a particular focus on Information Security, ITDR, and Privacy.
• Assisted to drive RP leads in organizing individualized action plans and materials.
• Reviewed company network diagrams in preparation for PCI project, providing QSA insight and guidance.
• Completed several annual PCI DSS Self-Assessment Questionnaire (SAQ)
• Managed and coordinated operational components of incident management, including detection, response and reporting.
• Conducted information systems audits which included ITGCs testing, Infrastructure audit Operating system, network device, databases and application Controls testing, in accordance with department and professional standards.
• Performed operational, security, financial and compliance IT audits in accordance with COSO and COBIT internal control framework.
• Performed statistical sampling to accomplish audit procedures as well as obtained, analyzed and appraised supporting data utilizing various software applications.
• Utilized COBIT and COSO framework in performing SOX testing and ERP system (oracle financials and Peoplesoft) audit.
• Performed testing and walkthrough procedures to determine company compliance with Sarbanes Oxley (SOX) processes
• Analyzed and reviewed the control structure, performed walkthrough and testing procedures, documented test results for further review by external auditors.
• Participated in new systems development and post implementation audits to ensure the System Development Life Cycle (SDLC) is followed through inclusion and implementation of adequate internal controls built into the system.
• Facilitated the communication of audit findings to senior management and relevant stakeholders.
• Provides second- and third-level support and analysis during and after a Cybersecurity incident.
• Perform security assessments and work with 3 rd party provider who performs the review.
• Lead controls oversight reviews to verify compliance with PCI-DSS by identifying IT Security related risks throughout in-scope areas including perimeter, network, host, application, data and physical security.
• Review daily reports for unusual and malicious system and user activity.
• Acted as a liaison between incident response leads and other functional subject matter experts Monitor system logs, SIEM tools and network traffic for unusual or suspicious activity. Interpret such activity and make recommendations for resolution.
• Investigated and resolved security violations by providing postmortem analysis to illuminate the issues and possible solutions.
• Performed PCI DSS, HIPAA testing, review SOC 1Type 2.
• Reviewed business, IT and operational risks, designs audit procedures to execute the annual audit plan.
• Involved in engagements, assist in defining the scope of the cardholder environment, conducting fieldwork, work with other PCI assessment teams, discussing findings and observations with clients, preparing work papers to support the testing and validation performed, and preparing applicable deliverables.
• Delivers program (projects) within defined scope, schedule and cost metrics.

Confidential, New York

Internal Auditor

Responsibilities:

• Defined security control requirements for the web environment and related infrastructure services to ensure that access to information, application functions, storage, networks, and data processing systems are adequately safeguarded.
• Performed PCI Security Assessment Review, PCI DSS, conducted interviews, collected data, and perform security audits reviews, scans and penetration testing. Generated deliverable that included security analysis. Made security recommendations, adjustments and remediation plans for organizations.
• Managed the team of five auditors to conduct the PCI DSS audit and safeguarding the systems that are used to process the credit card Information.
• Accomplished NIST and PCI DSS (Payment Card Industry Data Security Standard) compliance verification audits.
• Plan and perform financial, operational, and compliance audit in accordance with the annual internal audit plan.
• Conduct meetings/interviews/walkthroughs with management and personnel to assess how controls are functioning in specific areas; execute testing of specified area and identifies potential or reportable issues; communicate findings to line management responsible for the area audited and the department head; draft audit findings/reports; collect evidence or perform testing on corrective actions to ensure that remediation implemented is effective; document sample selected, fieldwork performed, conclusion and findings in a clear and concise manner; organize supporting documents to support audit conclusion.
• Performed application security testing to identify cyber risks for applications belonging to NBA League office and the teams
• Conducted vendor risk assessments, with a particular focus on Information Security, ITDR, and Privacy.
• Full understanding of the third parties IT control environment and assess the adequacy of IT controls.
• Provide metrics on a regular basis (KPI / KRI) .
• Performed continuous monitoring of key data elements to identify emerging trends with risk and control implications. Identified areas of risk and recognized whether related controls were operating effectively.
• Planned, scheduled and managed the lifecycle of penetration testing.
• Knowledge of Cyber risks and threats related to Cyber attackers.
• Analyzed root causes of issues identified during testing and made recommendations for improvement of the control environment .
• Utilized audit analytical team support and data tools to plan and design substantive testing and perform sample selection .
• Tracked open audit issues within the issue owner/management action plan, tested and validated responses/solutions for closure.
• Identified improvements to the audit processes, delivered quality audit work and met the completion deadlines of each audit (Commercial business operations, Corporate functions and compliance audits) .
• Identified and evaluated encryption processes, key management processes, system configuration standards, anti-virus, vulnerability scans, patch management, Penetration test etc., relating to PCI and recommended the controls and processes required to comply with PCI.
• Conducted and assessed external Third-Party party/vendor Risk Assessment.
• Understanding of business processes and technology used within the assigned areas to ensure that the business is in compliance with regulatory requirements and Information Security Policy and applicable procedures, processes and standards.
• Follow up on corrective action plans and review evidence for closure .
• Participated in moderately complex AML Program and Global audits related to AML Compliance.
• Performs moderately complex audits related to Consumer or Investment Banking, technology management; project/program management; or supplier management in accordance with corporate methodologies and professional standards, including drafting of audit reports, presenting issues to the business and discussing practical solutions.
• Assisted in scheduling and facilitate cross-functional team meetings on remediation projects, programs and activities to avoid duplication
• Maintained current and establish new reporting methods of Cybersecurity intelligence analysis; deliver situational awareness and making cyber intelligence actionable.
• Drove internal processes for prioritization and resolution of vulnerability findings