SUMMARY

• Information Security professional available for strategic and tactical roles. Was responsible for security operations management of tasks, projects, and security team staff members. Developed, implemented and monitored a strategic, comprehensive enterprise information security programs to ensure confidentiality, integrity and availability (CIA) of information owned, controlled or processed by the organization.
• Facilitated information security governance through the implementation of a governance program, including the formation of an information security steering committee or advisory board.
• Consulted and developed, maintained and published up - to-date information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies and using best practices.
• Created, communicated and implemented a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers.
• Developed, managed, and monitored information security budgets related to security initiatives.
• Created and managed information security and risk management awareness training programs for all employees, contractors and approved system users.
• Provided regular reporting on the current status of the information security program to enterprise risk teams, senior business leaders and other stakeholders as part of a strategic enterprise risk management program.
• Created a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection.
• Developed and enhanced an information security management framework working directly with C-Levels and global business units. Provided advisory services to C-Levels and Board Members.
• Hands-on experience serving Fortune100/500 companies around the globe, coupled with industry benchmarking practices from the Big Four, KPMG and Ernst &Young LLP.
• Managed all aspects of large scale projects with high degree of complexity and large customer impact
• Responsible for end-to-end project management, i.e. all phases of project from concept, project planning, development, execution, monitoring to project close down.
• Sample frameworks and standards utilized: HIPAA, ISO 270001/27002, NIST, ITIL, SOX (COBIT, COSO, ITGC), PCI (DSS), SAS70/SSAE16/SOCII, ISO17799, HITRUST, FCPA, and NERC CIP and Data Privacy Regulations.
• Managed and trained a staff of more than twenty (20) senior level professionals from government and private sectors including the FBI, CIA, and DHS. Created tangible/measureable metrics, provided regular feedback on performance, provided coaching and development, and worked with HR to operate within Company parameters.

PROFESSIONAL EXPERIENCE

Confidential, San Francisco, CA

Project Risk Advisor/Solution Analyst

Responsibilities:

• Worked for a $50 billion California energy supplier, to minimize interruption for mission critical entities with regulatory impact covering multiple lines of business (LOBs).
• Launched and Project Managed the Cybersecurity Consulting Services practice to enhance Cybersecurity involvement and service offerings across the organization. Also created strategy, artifacts, processes and procedures, and assisted with the rollout.
• Worked with Project and Program Managers, and project teams to provide Risk advisory for multimillion dollar projects; engaged with projects at every level from inception to go-live and proactively identified risks to address in parallel to project development.
• Worked with security architects for vulnerability scanning and penetration testing, and created vulnerability reports to address IT security threat vectors.
• Worked with Solution Analysts and Security Architects to ensure information security standards were followed and controls were incorporated in the solution to mitigate any identified risks.
• Helped create Risk Acceptance and Corrective actions plans for Compliance.

Confidential, Chatsworth, CA

Management Consultant

Responsibilities:

• Evaluated which regulatory compliance Framework would suit client need for globalization and expansion preparation for an Ecommerce tool.
• Conducted a full gap analysis using ISO27001/ISO27002 and provided strategic guidance for compliance, and business process improvement (BPI). Worked with offshore and onshore team members.
• Reviewed existing information security policies/procedures and processes, and technology to assess the existing controls environment.
• Delivered executive summary and a detailed roadmap to address current gaps.
• Managed the project and delivered on time within budget.
• Performed risk assessments and conducted information security and operational audits.
• Conducted vendor evaluations and reviewed SOCI/SOCII reports. Helped client close gaps to ensure full coverage of controls.
• Provided business advisory services in business process improvement (BPI) and at times addressed external auditor needs directly.
• Assisted with implementation of the GRC tool.
• Constructed methodologies and provided compliance structure.
• Reviewed reports before final executive management review.
• Interfaced with global, complex matrix teams.
• Led corrective action plans to closure.

Confidential

Transformation Consultant

Responsibilities:

• Managed the project and delivered on time within budget, and exceeded client expectations.
• Developed business relationships with Ventura County Clients.
• Partnered with clients to complete Audit, Finance and Accounting projects with senior level resources.Managed the project and delivered on time within budget.
• Worked on Siri localization project in Chinese, Japanese, German, French, and English and other major languages of the world.
• Simulating real world transactions occurring around the globe to generate real-time test data.
• Reviewed information security practices around safeguarding data.
• Managed the project and delivered on time within budget.
• Reviewed information security practices and guidelines. Provided industry benchmarking.
• Mapped client processes to the enterprise Governance, Risk and Compliance (GRC) software to help clients conduct more than (75) diverse audits per year using a single audit tool.
• Prepared for, lead and conducted solution requirements gathering sessions with customers and technical SMEs and suggested best practices.
• Worked closely with onshore (U.S. based) and offshore (India based) resources for product delivery and ongoing customer support.
• Reviewed risk assessments of fifteen (15) senior level resources.
• Reviewed information security practices and guidelines. Provided industry benchmarking
• Reviewed documentation for IT areas of access, change management, program development and computer operations.
• Created structure for project deliverables and devised methodologies and trained auditors.
• Reviewed audit and compliance processes/documentation and provided industry benchmarking for business process improvement (BPI).

Confidential, Redwood Shores, CA

Responsibilities:

• Managed the project and delivered on time within budget.
• Conducted risk assessments to evaluate scope of coverage.
• Identified stakeholders, facilitated all discussions and created a simple, repeatable audit structure.
• Trained resources in information security.
• Performed risk assessments and conducted information security audits.
• Provided business advisory services in business process improvement (BPI).
• Constructed methodologies and provided compliance structure.
• Reviewed reports before final executive management review.
• Led corrective action plans (CAPA) to closure

Confidential, San Francisco, CA

Manager

Responsibilities:

• Managed the project and delivered on time within budget.
• Conducted risk assessments across relevant business units.
• Handled the compliance of all internal and external audits.
• Collaborated with internal and external stakeholders and provided advisory services.
• Improved business processes, with better processes and automations and created economies of scale.
• Managed the ITIL framework, tools and processes.
• Brought all vulnerabilities to closure.Managed the project and delivered on time within budget.
• Aligned GBB information security practices with Wells Fargo Bank
• Provided business advisory on best practices for information security methodology and deliverables