SUMMARY

• Experienced IT Security Manager with a demonstrated history of working in the Information Technology and Services industry, who supports the management of IT Security Risks/Cyber Security exploring authorization of the information system to support the mission and operations of an organization in accordance with legal requirements and regulatory.
• Over 10 years of experience in NIST Management Framework, utilizing the popular industry framework and guidance such as RMF, FISMA, FIPS, ISO 27001 Series, SOX, COBIT, GDRP, PIA, PCI/DSS, SSAE 18 review, System Security Assessment and Authorization, Policies and & Procedures Development, Internal Controls Compliant, IT Audit, IT Security Program Management, and Project Management experience with a successful history.
• Skillful IT Security Manager with Over 10 years of experience in IT Security/Risk Management, IT Audit, Information Security Management, SOC Management, Program and Project Management.
• Knowledge of the System Development Life Cycles, awareness of vulnerabilities and methods for mitigating them.
• Experience in Risk Management Framework (RMF), Applying the NIST Framework as guidance for Categorization, Select, Implement, Assess, Authorize and Monitor with NIST 800 Series, FIPS 199, FIPS 200.
• Utilizing these popular industry frameworks, guidance, and standards ISO 27000 Series, GDRP, PIA, FISMA, FIPS, PCI/DSS.
• Maintain an Information Security Risk Management Program that identifies, manages, protects the organization’s assets while aligning Information Security Strategy with organizational goals and objectives supporting an effective security posture, and (A&A).
• Establish Security Baselines by Characterization, Threat Management, Vulnerability Identification, Control Analysis, Likelihood Determination, Impact Analysis, Risk Determination, Implementation of Controls, VPN, IDS and IPS, DLP activities, Controls Recommendation, Reporting on Controls and Document Results of threats and Vulnerabilities.
• Strong knowledge in Microsoft (O365) Suite Products, GSuite/GCP, Microsoft Azure, AWS, and Microsoft Great Plains.
• Excellent organizational, English - speaking, People skills, Interpersonal and supervisory, Analytical, Written/Verbal Communication skills with the ability to multi-task and follow projects to completion skills, Knowledge Transfer, Coordinating Training Initiatives, Emphasis on Customer Service, Problem Solving, Analytical and Critical Thinking Abilities.

TECHNICAL SKILLS

• PaaS
• SaaS
• OWASP 10
• App Scan
• Nessus
• Retina
• MBSA
• ESET
• Beyond
• Symantec
• Windows Defender
• Formulas
• Pivot Tables
• VLOOKUP
• Macros
• HLOOKUP
• Reporting. Expert in Word
• Visio
• Power Point
• Project
• Access
• MGP Dynamics
• and Cisco Jabber.

PROFESSIONAL EXPERIENCE

Confidential, Ashburn VA

Program Manager/Project Manager/ IT Risk Assessment Analyst/ISSO

Responsibilities

• Responsible for Global Technology Solutions (GTS) Security & Risk Management Team for Mobile Portfolio for CIO Engagement.
• Coordinated CPI-810 compliance requirements for all applications within the organization for Mobile Portfolio.
• Collaborate closely with the Risk Management team, and the Application Development teams, Application Owners (Custodians) to ensure compliance with corporate security policies and ensure that support is in place for audits and compliance exceptions that remediation plans are met on time per corporate requirements and build high performing relationships with peers from Corporate Information Security, Development, and Stakeholders for success.
• Schedule and run recurring program meetings, Identify, and monitor program issues and risks associated with program deliverables, Create, and maintain the action plans to resolve issues in a timely manner.
• Planning and managing projects to successful completion and ensure project activities are well communicated, produce Security Details Report, Security Scans and Tracking: SAST/Fortify, DAST/Web Scans, OSS/Black Duck Scans, IP Scans/Nessus, identifying business and services required by key stakeholders, management to prioritize it.
• Collaborate with team to ensure usage of IBM Security Guardium whichoffers the organization comprehensive visibility, actionable insights and real-time controls to help comply with regulations, preserve privacy and secure sensitive data,, including Discovering and classifying sensitive data automatically, Analyze and assess risk with contextual analytics, Convert raw security data into actionable business insights, Monitor data access patterns, encrypt data and respond to threats in real time, Simplify data privacy and security compliance.
• Present weekly report to management on the success of projects, comply with company’s Global IT Policies and Procedures guidance CPI-810 compliance requirements for all applications.
• Collaborate with Mavens and Custodians to evaluate the current operation to remediate vulnerabilities identified, prioritizing it in the order of critical, High, Medium, and Low of Corporate Information System Security by performing Assessment and Scanning of Vulnerabilities for IP, OSS, DAST, SAST, RASP, IBM Guardium, Vulnerability Management and Application security tools including Qualys for Mobility Portfolio.
• Conduct Risk Assessment in compliance with SEC501-11, 520-02, and 520-3 standards, Conduct Risk Assessment according to the Project Timeline (ETA), Interview System Owners, System Administrators and Developers based on a set of predefined questions and Document Information Collected,Analyze System Documentations and the Results, Draft system Risk Assessment Report and Risk Treatment Plan, Assess the Risk and Document Risk Findings in the Risk Assessment Template, Follow up by Email or Virtual Meeting.
• Schedule Risk Assessment Virtual Meeting with System Owners to Review Risk Finding, Review Results with the ISRM Team and Finalize the Report, Disseminate Report to System Owners and Security Focal Point.
• Update Risk Register with Risk Findings, Complete each IT system with a Risk Assessment Questionnaire, Risk Assessment Template, Risk Assessment Report, and Risk Treatment Plan.
• Utilize GSuite/Google Workspace to custom email which includes collaboration tools like Gmail, Calendar, Meet, Chat, Drive, Docs, Sheets, Slides, and Forms to collaborate with stakeholders.
• Managed projects throughout its lifecycle, both large and complex projects including the scoping, schedule management, resources management, ensuring quality, control costs, budget management, and change management.
• Generating Status Report for the Mobility Portfolio applications for vulnerabilities remediated in the order of priority - Critical, High, Medium, and Low. Prepare status reports (weekly status, monthly CIO updates) for IP, OSS, DAST, SAST, RASP Implementations completed, CART/CPI-810-I Assessment Completed, Sluice Status, CCPA/PIA assessment, Missing Inherent resolved, ETA/Status for Vulnerabilities, IPs moved to TLS <1.2 and above, and report any issues to SFP for Mobility Portfolio, Create and Maintain Timelines (ETA) to ensure Assessment of applications and vulnerabilities are remediated timely.
• Analyze compliance risks and develop response plans, provide regular reports directly to the leadership team to keep stakeholders, management and other teams informed of progress and obstacles, Utilize Penetration Test on cyber-attacks against computer systems to check for exploitable vulnerabilities in relation of web application security, also used to augment aweb application firewall (WAF), Create and maintain project plans for corporate policy compliance and internal audit initiatives, including defined tasks, task owners, deliverables, and dependencies.
• Track, and monitor Cyber Security solution of all applications based on on-going activities, Provide Program Status, and progress.
• Ensure the Tracking of Expiring Certificates, Applications Never Certified, Compliance Expired, Inherent Failures, PCI Questionnaire Status, Reviews of Firewall Tickets, and IP Servers to a higher version of TLS are performed by team.
• Create documents in google doc, grant access to Google Drive, Use Excel - Macros, Charts, Pivot Table, VLOOKUP, HLOOKUP to create documents for team, Use Power Point to prepare presentations, Word for documents Organize WebEx, Meetex, Jabber, GoMeeting and Hangout for virtual meetings.

Confidential, Manassas, VA

Project Manager/Information Security Risk Manager

Responsibilities:

• Collaborated with team to Manage SOC, Design, develop, and maintain high quality operational support documents based upon functional needs, eliciting the materials in a collaborative effort with technical analysts, and team members. Review and Update the Security Assessment Plan (SAP), System Security Plan (SSP), Security Assessment Report (SAR) and Information Security System Control Policies in accordance with NIST Series, FIPS, FISMA, OMB App. III A-130. Follow industry best security practices to assess current security controls with recommendations, Coordinated Kickoff Meetings, Conducted Assessment Interviews and Testing according to NIST 800- Series and kept track of deadlines.
• Facilitated the Core Cyber Security Functions required of any Cybersecurity role, applying NIST RMF as guidance, ensure data is encrypted. Planning and developing key cybersecurity deliverables, which included Cyber security program plans, Ongoing Authorization Program Plan, Information Security Continuous Monitoring (ISCM) strategy and plan, Governance documents, Develop the strategy and process to manage the transition to Ongoing, Authorization, interview key organizational personnel, and compose requisite documentation for security categorizations, risk assessments, contingency plans, security test and evaluation reports, vulnerability assessment reports.
• Facilitated Security and Risk Assessment, Reviewed of Controls, Identification of Applicable Security Controls, Identification of Risks, Recommendations on Remediation, Reviewed Security Documents, Regulatory Requirements, Ensured Systems are compliant with IT organizational policies, Standards, and Procedures, maintained and execute network continuous monitoring plan.
• Facilitated IT audit processes, which include Planning, Coordination, Testing, SIEM Log Aggregation Tools, Scope Determination, Control Identification, Evaluation and Analysis of Results, Vulnerabilities Scanning using Nessus, Qualys, IBM Guardium, Retina, MBSA, McAfee, Kaspersky, Symantec, Risk Management, Risk Mitigation, Threat Management, Intrusion, Advance Malware protection and configuration, IAM, and Fixing of Patches. Collaborated with end-users and administrators to setup new accounts.
• Utilizing NIST 800-53 CM-7 (9) and related families ensuring the security and privacy safeguarding measures for Internet of Things (IoT) devices, including both security and privacy controls to protect the critical and essential operations of the assets, providing guidance on selecting security and privacy controls that reduce risk for specific technologies and sector-specific applications, including smart grid, cloud, healthcare, mobile, industrial control systems, and Internet of Things (IoT) devices, considering whether such mechanisms depend on the ability of the system component to support an agent or supplicant to be detected since some types of components do not have or cannot support agents (e.g., IoT devices, sensors), when acquiring and implementing automated mechanisms.
• Developed and implemented an effective Information System Security Education, Training and Awareness Program, participated in new technology evaluations and implementations of Information Security Systems, Researched, and evaluated impact of the implementation of the new security measures of systems and technologies that have been placed into the corporate infrastructure to ensure best security practices were met and maintained as intended to operate.
• Collaborated with Auditors on Internal Control Compliance to ensure Customer Data Confidentiality are adhered to performing Endpoint Security solutions with McAfee, Symantec and Perform Antivirus Scans including Implementation of Firewalls.
• Working Tool of Microsoft Excel (Expert in Microsoft Advance Excel including import/export Data, Formulas, Pivot Tables, VLOOKUP, Macros, HLOOKUP, Reporting, Word, Visio, Power Point, Project, Access.

Confidential

Project/IT Manager/Procurement Manager

Responsibilities

• Developed standard policies and procedures in compliance with the organization's security policies, System Security Audit, Coordinated the Regulatory and Internal Control Compliance to produce quarterly SOX reports for application and Database Accounts, Reviewed Controls, Monitored Results of Risk reduction, ensuring Customer Data Confidentiality, Integrity, Authentication, and Availability as intended, ensure regular backups, encryption of data using the DLP tool, Privacy, Authentication, Integrity, Non-Repudiation, identification of Threats for Attacks, Techniques in Risk Management, Risk Mitigation, Threat Management, Intrusion Detection, Advance Malware protection and configuration.
• Managed IT Infrastructure: the technological components that contribute to and drive the business functions, organization's technology systems, ensuring that both the physical hardware and software networks and resources are working optimally and driving the success of the hardware, software, networks, tools that are required to develop, test, deliver, monitor, control, or support IT services. Processes and documentation, underlying the foundation or basic framework as of a system or organization, and the permanent installations required.
• Developed Training materials for Technical Staff on Information Security Technologies, Trained Staff on Phishing, Computer Incident Investigations, Installation of Antivirus, Ensured Operating System received an Automated Update, Fixed Patches, Data Encryption, Development of Maintenance of Formal Documentations and Procedures for Information Security. Developed Strategic Plans, Security Policies, Standard Operation Procedures, Comprehensive Disaster Recovery Plans.
• Supported HR/Admin, Finance /Accounting for the preparation of Final Accounts and administer their day-to-day activities.
• Identified business and services required by key stakeholders, business units, developed list of services required by management and prioritized, developed work plan, executed, measured service delivery,and enabled continuous improved service delivery.
• Supported HR to reconcile anomalies in the Payroll System, Migrating the Payroll System to MGP, assisted in an Automated Payment Voucher, Fixing of Patches, and update of MGP, End User Computing (EUC), Preparation of Final Accounts, P&L and Balance sheet, MGP and Microsoft Suite Facilitator.
• Assisted with appropriate steps needed to be taken for integrating employee relation with Associates, Assisted in Hiring of Technical and Information Security staff and Outsourcing, delivery of large-scale projects, management of Budget and forecasting, managed assigned projects resources, Advised People Leaders, and employee representatives.
• Managed high-profile, fast-paced Cyber Security programs for Banking operations of the business and maintained awareness of Banking Security Policies and Regulations in Information and System security.
• Managed Matrix Resources and disciplines to collectively achieved the goal of the project on time and managed resources using project management best practices within budget, utilizing internal delivery methodology.
• Effectively Interacted with Managers and Executive Management on General Security Management to create and maintain the enterprise’s security architecture design, Administered Investment and Business Development Programs and Banking Products.
• Utilized Personal Computers with Word Processing, Spreadsheet, and related software to effectively complete a variety of administrative tasks with reasonable speed and accuracy.

Confidential

Project Team Lead

Responsibilities

• Microsoft Great Plains (MGP Dynamics) ERP Project Team Lead for its Implementation, Deployment of multiple Projects, Process Improvement Time, and Collaborated with Vendors, delivered large projects including MGP on timely basis with (PwC).
• Consultant for PwC, Delloitte & Touche, Joe Hyde & Sons during every Final External Auditing, Assisted in Implementation of New Technologies for Finance and Administration, End User Computing (EUC), Assisted HR/Admin, Finance /Accounting in the preparation of Final Account, Prepared Organization’s total Asset for sale to Vodafone, Preparation of weekly Balances, Preparation of Forecast, Performance Contact, and Power Points for Presentation, and Stock Count Sheets.
• Managed end-to-end MGP Dynamic Activities, Assisted the Implementation of Hyperion Software Managed Updates, administered backups for MGP/ERP, Assisted to Migrate Payroll into MGP, Test Plans for User Acceptance Testing (UAT), Managed a Nation-wide portfolio of projects simultaneously and drive stakeholders to the desired outcome.
• Interacted with Developers, Technicians, Project Managers, and Senior Management daily, Run Meetings, Created and Maintained Timelines (ETA), and kept large diverse groups informed of progress and obstacles of the project.
• Managed the Administration of MGP/ERP, Access Control Lists (ACLs) and performed the Installation of Vulnerability scanners and Applications for Symantec, McAfee, Assigned Roles, Usernames, Created New Companies and Groups, Assisted to Process top-up Cards, Approval of Purchase Orders, Pre-Audit of PVs to be submitted to CFO and any other Financial System Assignment.
• Facilitated Training for MGP Dynamics users and Office Suite (Excel, Word, PowerPoint, Publisher, Manage Budget Resources, Using Excel to prepare and managed Budget and Forecasting, Created Budget and Forecasting Templates for end-users).