Information Security Compliance Manager Resume

SUMMARY

Security/Technology Analyst with 12 years experience. Collaborate effectively with business controllers to resolve risk and vulnerabilities, ensuring controls are being met while identifying opportunities for improvement and remediation when necessary.
Computer proficient in AppScan, UNIX, Windows, Symantec DLP, Cisco, AS400, PeopleSoft, RSA, POS, Remedy, Heat, Legato, Tivoli, VERITAS Backup, Networking and Active Directory.
Acute knowledge and understanding of industry wide IT security standards and processes as it relates to compliance regulations.

PROFESSIONAL EXPERIENCE

Confidential

Information Security Compliance Manager

Responsibilities:

Lead cross functional teams in education, implementation and compliance of internal and external regulatory (FFIEC, HIPPA, PCI) requirements
Created compliance scorecard reporting spreadsheets health checking and technical appendices
Perform security assessments on all hardware and software being implemented into the Business Unit infrastructure to ensure compliance with security policy and standards
Formalize and maintain a security awareness program
Monitor security mechanisms (audit trail, firewall, etc.) for compliance to security standards
Manage quarterly re - certification process for all ASCA and client-based applications
Ensure appropriate controls are applied to information assets based on risk of compromise

Confidential

Security Risk Assessment Analyst

Responsibilities:

Notified the Global IS community of existing vulnerabilities in need of remediation
Created statistical reports for using (SSIM) Symantec Security Information Manager
Ensured compliance of IS and IT internal controls & policies are being meet
Created statements of work for Confidential and UPS Symantec DLP projects
Perform process documentation and testing of key SOX, HIPPA and PCI-DSS controls
Critical Incident Response Team (CIRT) of contact for Data Loss Prevention security breaches
Logged DLP incidents into Confidential corporate SSIM database
Performed application security monitoring and penetration testing using Rational AppScan

Confidential

Senior Information Security Analyst/Penetration Tester

Responsibilities:

Performed audits by assessing web application threat, vulnerabilities and defense programming
Performed risk assessments to ensure corporate compliance
Developed and prepared audit program and agenda’s
Conducted security event monitoring for corporate wide in-scope applications
Performed application security and penetration testing using Rational Appscan
Managed the quarterly employment verification process

Confidential

Security Analyst/IT Auditor

Responsibilities:

Implementation of UNITY compliance tracking system
Developed SOX and IS training program for offshore team
Conducted installations of Trend Micro DLP product
Created SOX and PCI quarterly documentation and tested evidence submitted by control owners
Managed account provisioning for employee access to internal and external applications
Performed application security and penetration testing using Rational Appscan
Served as the process owner for training and awareness program by developing, implementing, and deploying an effective IS security education, training, and awareness program

Confidential

IT Risk and Control Project Manager

Responsibilities:

Reviewed SAS 70 documentation to ensure corporate compliance
Conducted internal audits on a monthly basis
Made appropriate recommendations to management to address all risk found during quarterly audit
Conducted interviews with Process/Control Owners to ensure that all security controls are in place and testing evidence is submitted within allotted testing period
Conducted risk assessments of DLP and SOX controls