SUMMARY

Information Security professional with 11 years of cumulative experience in the Information Security field. Areas of responsibility have included Data Loss Prevention, Intrusion Detection, Vulnerability Management, Governance, Risk, and Compliance. Highly motivated problem-solver that is extremely effective in fostering cooperation among a diverse constituency of IT professionals and stakeholders. Extensive knowledge and experience in leading teams, security programs, and compliance efforts.

EXPERIENCE

Confidential

Position: Consultant

• Responsible for deployment of the Vendor Governance System on the Archer Governance, Risk, and Compliance platform for Global Sourcing Procurement Services.
• Managed a team of Business Analysts focused on enhancing the initial build and bringing the program to a business as usual operational state.
• Work stream lead for Fed Readiness updates for audit, regulatory oversight, and program compliance.
• Responsibilities include daily interaction and analysis of Vendor Governance, Pipeline and Savings, and Procured Shared Services risk and compliance exposure.
• Liaison for managing business functions and technology teams to ensure program objectives were achieved in support of business objectives.
• Responsible for program oversight, milestones, and deliverables.
• Contributed to 2014 budget planning for program expansion and additional resources.

Confidential

Position: Associate Director

• Accountable for Data Loss Prevention, Intrusion Detection, and Vulnerability Management security programs at KPMG.
• Deployed the DLP program within the 1.83M IT CAPEX budgeted for solution delivery.
• Implemented the Symantec DLP solution and infrastructure throughout the United States to monitor 25,000 employees firm wide.
• Implemented comprehensive enterprise coverage that included Network, Email, Web, and Endpoint protection. Additional integration leveraged Active Directory, Single Sign-on, and LDAP custom user attributes.
• Oversaw policy controls, remediation efforts, enforcement actions, and awareness training.
• Implemented DLP protection for high profile engagements that included Goldman Sachs, RBS Royal Bank of Scotland , Ginnie Mae, and other corporate clients.
• Drove global DLP expansion by integrating the solution to extend protection to offshore operations in India.
• Assessed existing intrusion detection program and IDS placement for inefficiencies and enterprise coverage.
• Evaluated MSSP vendors to provide enterprise 24 / 7 IDS monitoring. Signed a 3 year agreement with SecureWorks to provide intrusion detection services.
• On-boarded SecureWorks IDS throughout the US and Sourcefire IDS for the NIST regulated Ginnie Mae environment.
• Supervised the deployment of cutting-edge IDS technology to gather Netflow information for advanced analysis and correlation in collaboration with the Counter Threat Unit at SecureWorks.
• Assessed existing vulnerability management program for inefficiencies and enterprise coverage.
• Evaluated VMS Vulnerability Management System vendors to provide vulnerability scanning and remediation tracking. Implemented Qualys as an enhanced MSSP service offering.
• Lead a coordinated response to diffuse an Advanced Persistent Threat APT . Incident response involved Mandiant, RSA, Secureworks, and the forensics practice. Countermeasures included the NetWitness forensics platform, Mandiant Intelligent Response, Cascade, Envision, and Encase.
• Managed multiple teams, business units, and security providers to facilitate a unified response.
• Chaired weekly PMO status meetings to review security projects, progress, issue resolution, deliverables, timelines, and associated milestones, with dedicated resources from cross functional groups assigned to each security initiative.
• Contributed to bi-weekly TVA meetings to assess and classify enterprise risk. Focus areas included Threat Vulnerability Assessment, Security Incident Management, and Policy Exception Management. Risk was analyzed, classified, prioritized, scheduled for remediation and tracked. Lead and directed cross functional teams to ensure timely response to TVA findings and active participation from stakeholder participants.
• Produced security requirements providing Office of the Chairman board members with secure mobile access from iPad devices to SharePoint servers containing board meeting materials and other sensitive documents.
• Contributed to additional strategic security initiatives that included Palo Alto Layer 7 firewalls, and Splunk as an adjunct compliment technology for filtering log content to Envision legacy SIEMs.
• Reviewed and provided input for Business Requirements, Business Impact Analysis, Functional Requirements, and Risk Register documents for core security programs and new security initiatives.
• Responsible for product and vendor selection. Reviewed vendor quotes, statements of work, master service agreements, and firm wide procurement purchase orders for core security programs.

Position: Manager

Confidential

• Responsible for the implementation and development of the Archer Governance, Risk, and Compliance program at KPMG.
• Worked with stakeholders and contributors to ensure process flow was developed to support the GRC program.
• Contributed throughout the GRC Policy Management life cycle to draft and publish policy.
• Reviewed and contributed to baselines, control procedures, and assessment procedures, to ensure content was kept up-to-date for supporting assessments, periodic audits, and regulatory requirements.
• Conducted risk reviews and assessed risk questionnaires, prioritized findings, and approved remediation plans to bring target groups into compliance with corporate policy standards.
• Chaired the Information Security Group weekly prohibited software meeting which focused on current and future compliance initiatives. Discussions centered around risk, prioritization, current status, and trending. Authorized non-compliance disconnects and handled out-of-band follow-up actions.

Position: Technical Manager

Confidential

• Developed a customized global vulnerability tracking system utilizing LAMP methodology. Leveraged Apache, PHP, and MySQL on a Sun Unix server to store vulnerability scans and track remediation efforts of member firms across 153 countries.
• Managed a high profile initiative to divest the security department of its current day to day operations responsibilities. Transitioned to a hybrid US / Offshore follow the sun helpdesk model that achieved 24 / 7 coverage.
• Supported international security assessments and audit reviews.
• Developed password change management software to control root and administrative access to all security servers and appliances.
• Evaluated enterprise Anti-Spyware solutions and provided recommendations to upper management using RFPs, a weighted comparison matrix, and cost benefit analysis to support my findings.
• Engaged in surveillance work using Nmap, Nessus, Snort utilities. Used tcpdump captures, network traffic analysis, security event analysis, and aggregating, parsing, and disseminating Firewall, SIEM, Cacheflow, DHCP, and SecurID logs to support investigative work.
• Recommended and established a SSH standard for inter server communications.
• Served as the Unix SME Subject Matter Expert for the Information Security Group.
• Developed a standard policy and procedure for hardening firm wide UNIX servers.
• Worked on the firms BearingPoint separation efforts.

Position: Project Leader

Confidential

• Managed a team of 8 direct reports with expertise in a variety of technical competencies.
• Responsible for delivering and managing 43 internal projects that were deployed in production.
• Deployed the NT domain infrastructure for the US firm.
• Responsible for the Atlas Tax compliance and assurance project. The Atlas system generated 600 million in annual revenue for the firm.
• Responsible for the Hyperion General Ledger/Consolidation/Accounting platform.

TECHNICAL SKILLS

• OS: Windows Server and Workstation, Sun Solaris OS, Linux Kali, Backtrack, other distros .
• Database: Oracle, MySQL.
• Programming: Windows PowerShell, Unix shell scripts, SQL, PHP, C, C .
• Unix utilities: Sed, Awk, Grep, VI.
• Productivity: Project, PowerPoint, Visio, and other MS Office applications.