Summary

A highly skilled IT professional with more than 18 years' experience in project management, network/ application security administration or management, governance/ compliance analysis seeking a position utilizing skills, education and experience in the IT field with an emerging technology leading company or institution methodical with expert assessment, analytical, and organizational skills. Skilled project manager educated in different development methodologies overseeing multiple projects and resources at different development cycles. Veteran troubleshooter and cyber security consultant able to align network and security architecture with quality and security standards to identify any potential areas of vulnerability.

Specialties

• SOC Subject Matter Specialist AIM Subject Matter Specialist
• Project Methodology Subject Matter Specialist Project/ Program Manager
• MS Project/ Outlook/ Share Point Experience MS Word/ Excel/ Visio Experience
• Fortune 50 Company Experience Six Sigma White Belt
• Lean Experience ISO 9001:2008 Experience
• ITIL 2011 Foundation Experience ArcSight Logger Experience
• McAfee NSM ePO Experience Qualys Guard Experience
• Websense Triton Experience SCRUM Master
• Data Subject Matter Specialist Symantec DLP Experience
• Application Security Experience DB Vulnerability Manager Experience
• HIPPA, GBLACompliance Experience FFIEC, NCUA, PCI DSS Compliance Exp
• NIST SP 800-53 Rev. 4 Compliance Exp DHS CDM Program Experience
• ISO/IEC 27001:2013Compliance Exp COBIT 5, ISA 62443-2 3 Compliance Exp

Professional Experience

Sr. IT Security Compliance Analyst

Confidential

• Coordinate the delivery of IT security compliance-related services to internal clients and manage the delivery of multiple project initiatives designed to enhance IT security compliance services and level of support provided to the internal clients. Maintain responsibility for providing support of overall planning, organizing, and delivery of all projects prioritized in alignment with team's business needs. Govern audit files to ensure compliance, compile and analyze data, and maintaining reports of audits. Administer training and testing of compliance polices to staff during new hire onboarding and refresher programs. Create and present presentations on impact and risk mitigation. Assist with the efforts to shape the direction of compliance policies, programs, processes and procedures.
• Responsible for implementing Federal Financial Institutions Examination Council FFIEC National Credit Union Administration NCUA National Information of Standards and Technology NIST International Standards Organization ISO information security/ compliance standards and controls into actionable policies, programs, projects, processes and standards to ensure and maintain enterprise compliance.
• Sustainly managesPen Fed'sSecurity Continuous Diagnostics and Mitigation Program from existing topotential: hardware asset management software asset management vulnerability management and configuration settings management to ensure systems and related activities impacting Pen Feds IT Security posture by identifying and resolving areas of non-compliance.
• Created and controlling Pen Fed's Application Security Compliance Program to ensure secure coding standards and controls put forth in ISO/IEC 27034-1 ISO/IEC 27006 PCI DSS 3.0-6.3are met and followed for pre-production/ production.
• Created IT Security Compliance IR/ BC/ DR Program while incorporating: ISO/IEC 27035 ISO/IEC 27031.

IT Security Technical PM

Confidential

• Managed projects for Pen Fed's IT Security Department from conception to closure to ensure that all deliverables meet established quality/ compliance standards. Set and continually managed project expectations with team members and other stakeholders. Was responsible for identifying and managing project dependencies and critical path using appropriate tools. Developed and delivered progress reports and other appropriate communication tools. Identified risks and developed mitigation plans and proactively managed changes in project scope. Managed delivery of features in alignment with established priorities. Took ownership and responsibility for all department projects to ensure efficient use of capital resources, human and non-human while being deadline conscious. Participated in project development activities scheduling, budgeting, financial modeling, project design and planning, contract negotiating.
• Authored 'the lions share' of Pen Fed's IT Security Compliance Policies and Procedures to ensure proper compliance standards where followed audit findings where mitigated and risk to the enterprise was reduced or eliminated.
• Actively incorporated standards and controls from: ISO 27k NIST 800-53 REV4 PCI DSS 3.0 FFIEC NCUA GBLA and SARBANES-OXLEY ACT information security requirements and frameworks into project objectives to mitigate audit findings and reduce or eliminate risk.
• Created standardized requirements gathering, proof of concept and vendor product 'bake off' for evaluating IT product procurement for the enterprise while incorporating ISO/IEC 27003 standards.
• Designed project metrics along ISO/IEC 27004 standard to track and measure project estimates to determine PERT, actuals and deviation amounts to reduce creep which increased project productivity by 55 while reducing actual project completion time by -20 .