We provide IT Staff Augmentation Services!

Information Security Analyst Resume Profile

SUMMARY

  • C CISO, CRISC, CISA, CISSP-ISSAP
  • 16 years cyber security and risk experience.
  • 7 years experience managing a residential construction company.
  • Regulatory and industry compliance and guidance FISMA, HITECH, HIPAA, PCI-DSS, ISO 27001/27002, SOX, FIPS, NIST, COBIT, OWASP, GLBA, EUDPD, Safe Harbor, NCQA, and The Joint Commission JCAHO .
  • Major solutions in the areas of IT Security, Risk Management, Business Continuity/Disaster Recovery, and Incident Response.

EXPERIENCE

Confidential

Present

Team Leader, Security Operations Center

  • Projects FISMA-Readiness, Network Segmentation, Network Access Control, PCI Compliance, Data Loss
  • Prevention, GRC, SIEM, IDS/IPS, Two-Factor Authentication
  • Reported to the AVP/CISO of a nonprofit financial services provider supporting 20B loan portfolio of 3 million borrowers and managed team of 3.
  • Served as acting CISO during absence of CISO.
  • Delivered bi-annual performance reviews, development plans, staff / project resource allocation, and assisted with departmental budget projections.
  • Developed and presented to the Senior Management Team, including the CEO, CFO, and SVP-IT, the strategic direction for the new Security Operations Center, the mission statement, overall goals, roadmap, individual roles and responsibilities.
  • Consulted on controls effectiveness for portfolio planning, objectives, and delivered resilience KPI metrics, cost-benefit, Security SWOT, Economic Value Add, and Total Cost of Risk analysis.
  • Chartered security projects, issued RFPs, performed solution evaluations, designed, deployed, and integrated architecture.
  • Streamlined inter-departmental operations, tactical processes, and improved 3rd Party assessment quality. Economic Value Added: US 129K annually.
  • Directed the delivery of SIEM solution. Economic Value Added: US 103K annually.
  • Directed the Vulnerability / Configuration Compliance Management and Continuous Monitoring Programs including code analysis testing and reviews, penetration testing, data loss prevention, file integrity monitoring, intrusion prevention, and web application firewalls.
  • Delivered transition security architecture artifacts leveraging SABSA and TOGAF, including designs for Architecture Review Board proposals, and updated System Security Plans SSPs mapped to NIST SP800-53 controls.
  • Delivered risk assessments during the Plan of Action and Milestones POA M projects.

Confidential

IS T Security Engineer

  • Projects Minnesota Health Information Exchange, PCI Compliance, HITECH Compliance, SOX
  • Compliance, VMWare Virtual Desktop Infrastructure, Data Loss Prevention, Single Sign-On, F5 ASM Web
  • Application Firewall, Full Disk and Media Encryption, SSLVPN, Remote Assistance, Controlled Vendor
  • Access, SIEM, IDS/IPS
  • Reported to the Director of Security Management of a 3.5B nonprofit healthcare system including 4 hospitals, 70 clinics, and insurance plans supporting 1.4 million members with 12,000 employees.
  • Established an ISO 27001 ISMS-based enterprise security program resulting in a 148K increase in security project funding.
  • Delivered quarterly risk, vulnerability, and compliance reports to IS T Senior Leadership, including the VP of Applications Decisions Support, Sr. Director of IS T Services Delivery, and Sr. Director of Technology and Infrastructure Support.
  • Established formal Risk Assessment Methodology and BITS Shared Assessments of new major business partners, service providers, and joint ventures resulting in reduced costs of common controls and improved alignment with business objectives.
  • Delivered the Vulnerability / Configuration Compliance Management and Security Monitoring Programs.
  • Chartered security projects, issued RFPs, performed solution evaluations, designed, deployed, and integrated architecture.
  • Delivered the Information Security Policy Framework and associated development lifecycle with Legal, Corporate Compliance, Privacy, Audit, Human Resources, and IS T.
  • Delivered nCircle Benchmarks for relative performance reporting.
  • Delivered security architecture artifacts including 3 frameworks, 17 policies, and 26 standards.

Confidential

Information Security Analyst

  • Projects SSLVPN, Antivirus Migration
  • Reported to the Information Security Officer of a 1.5B global adhesives manufacturer with 3,000 employees.
  • Delivered risk assessments and security oversight of outsourced domestic and offshore resources.

Confidential

Information Security Analyst

  • Projects Identity Management, Password Synchronization and Reset Self-Service, SSLVPN, Remote
  • Platform Security, Security Workflow, SIEM, Web Content Filter, Enterprise Patch Management, Global Active Directory and Domain Consolidation, Novell NetWare Phaseout, Token Ring-to-Ethernet Conversion,
  • Site Server Authentication, Change Control, Two-Factor Authentication
  • Reported to the Director of Security and Risk Management of a 5B Fortune 500 international sanitation provider with 20,000 employees.
  • Delivered solutions and architectures for identity access management, remote access, password reset self-service, website content filtering, data encryption, patch management, and event monitoring.
  • Delivered security architecture artifacts including 8 policies and 9 standards.

Hire Now