SECURITY, RISK COMPLIANCE

Information Security Policies, Processes and Practices for the Enterprise including Technology Risk Management program, Security Baselines, Security Policy Management, Threat and Vulnerability Management, Security Awareness and Education, Application Security, Key Controls Testing SOX , Key Risk Indicators, Vendor Security Assessments, Security Monitoring and Event Correlation, Security Risk Assessment, Security Incident Response, LifeCycle Management, Security Architecture and Security Operations among others.

ITSM, ITIL, FISMA, NIST SP, ISO 27001:2013, FFIEC, COSO-ERM, COBIT, SOX, J-SOX, STIGs, CIS, HIPAA-HITECH, FedRAMP, STRIDE, HITRUST, OWASP, OCTAVE, Cloud Security Alliance, LM Kill Chain, STIX TAXII, among other frameworks and standards.

TECHNOLOGY

Qualys, ArcSight, Palo Alto Firewalls, McAfee Firewall, McAfee Web Gateway, NetIQ, Snort, TrendMicro, Nessus, Nexpose, Metasploit, Control Compliance Suite, BlueCoat, Dragon, Checkpoint, Tuffin, EdgeSite, Cisco Routers, Cisco Switches, SAN, VMWare, NMAP, MS SQL, Citrix Netscalers, MS Visio, IPSec SSL VPNs, MS ISA Server, SolarWinds, Cisco ACS, MPLS, TrendMicro Products, TripWire, VNC, Cisco ASA, Cisco VPN Technologies, Cisco IPS, Cisco Identity Services Engine, Cisco Network Access Control Technologies, Cisco IronPort Web Email Security Appliances, Cisco TrustSec Architecture, Cisco SAFE Reference Architecture, Cisco Wireless Products, RSA SecurID, Websense, CVSS, among others.

AUDIT COVERAGE

Remote Access, Boundary Infrastructure, Collaboration Infrastructure, DataCenter Facilities Management, Information Security, Branch Office Infrastructure, Derivatives Core Infrastructure, Equity Order/Trade Capture Routing Systems, Capacity Management, Change Management, SDLC, DataCenter Operations, Corporate Networks, Platform Infrastructure Audits, Data Storage, etc

PROFESSIONAL EXPERIENCE:

Confidential Vice-President ITSO Responsible for managing Information Technology Security processes, controls, people and technologies among others

Security Project Management

• Designed, syndicated and implemented the IT Security Strategy for the Bank's Information Technology
• Built a rolling 3-Year IT Security Roadmap to support the IT Security Strategy for the Bank
• Currently implementing a robust risk focused and prioritized annual IT Security Program based on Industry leading standards geared towards ensuring the security and safety of the Bank's customers, data, processes and technologies

IT Security Projects

• Responsible for planning, executing and reporting of the annual IT Security projects that support the IT Security Strategy and RoadMap
• Managing project staff and consultants to deliver on the IT Security project deliverables

IT Security Architecture Engineering

• Design and Management of operational IT Security processes and controls derived from the IT Security Strategy such as Vulnerability and Exploits Management, Layered Malware Protections management, Intrusion Prevention management, Firewalls Management, Security Patch Management, Applications Databases Security Management, Platforms Hardening Management, Security Incidents and Event Management among others

IT Security Governance, Risk Compliance

• Implementation of security and risk management projects
• Information security strategic risk assessment and reporting
• Confidential Manager III IT Risk Security Provide Information Technology Security and Risk Management consultancy services to finance and health industries. Services provided among others include the following
• Drafting, syndication and implementation of IT Security policies, standards and procedures based on Industry standards and frameworks
• Liaising with Federal and State regulators, external and internal auditors on examinations and audits of IT Security to ensure a clean bill of health of the IT Security Program, controls and processes
• Presenting providing IT Security reports and metrics to Executive and various IT Steering Committees
• Remediation of technology security deficiencies to realign with industry best practices using a risk based approach that balances cost, functionality, environment and culture
• Security architecture and design review of perimeter networks
• Review and implementation of strategic Security Monitoring processes and technologies
• Application security design, implementation and monitoring controls through SDLC and operational stability
• Review of Vulnerability Management processes and implementation of strategic Life Cycle procedures and tools that incorporate security baselines, patch management, among others
• Cyber security infrastructure reviews and remediation of infrastructure and process deficiencies

Confidential

Sr. IT Security Architect/Engineer

Responsible for leading enterprise security architecture, engineering and operations to meet the enterprise security strategy. Alignment with Business and IT to drive and manage enterprise security strategies and operations with the goal of securing the enterprise.

• Lead and manage enterprise security architecture design including infrastructure and application security
• Create and maintain enterprise security policies, standards, baselines, procedures among others
• Project manage the deployment and integration of all security solutions and of any enhancements to existing security solutions in compliance with best security practices
• Perform threat assessments and forensic investigation into security incidents and communicate results to senior management
• Supervise, design and execute vulnerability assessments including penetration testing, remediation and reporting of security control risks
• Design and implement security log event collection and correlation leveraging SIEM tools to capture, analyze and action security incidents
• Provide security assessments and input into the application development process SDLC and release management
• Design and manage perimeter security components such as the DMZ, ASZ, IPS, Firewalls, DNS, Reverse Proxies, among others leveraging defense-in-depth layering solutions
• Design and manage security incident response for managing malware infections, lost/stolen devices and denial of service through mitigation processes and tools

Confidential

Assistant Vice-President

responsible for planning, performing and reporting the results of IT infrastructure audits, as well as IT application, product-line, and functional audits using the Audit Departments risk-based audit approach

• Analyzing and assessing the risks assumed by IT
• Identifying and evaluating the effectiveness of IT General and Application Controls designed to address those risks
• Providing practical, innovative, and value-adding solutions to issues identified
• Reporting review findings to senior management at local, global functional and Group level
• Collaborating with executives, peers, and subordinates in the furtherance of achieving mutually beneficial outcomes
• Monitoring results, risk and developments in the Investment Bank for the Americas and input into planning decisions
• The ability to identify key risks within a variety of Infrastructure platforms and processes
• Developing and maintaining an effective network of relationships within the bank
• Assisting with pre-implementation reviews, examining business, project and IT risks
• Proven ability to anticipate and provide solutions to complex problems
• Analyzing issues and developing and executing plans that contribute to significant improvements in financial and operational performance, asset management, and risk reductions

Confidential

Assistant Vice-President Team Leader

Responsible for governance, compliance, risk, security engineering solutions and also providing monitoring technologies for the bank among others.

Security Project Management

• Managed and supervised the implementation of various information security and risk focused technology solutions such as ArcSight, Qualys, Control Compliance Suite, McAfee Endpoint Encryption, KRI Mappers, among others

Security Architecture Engineering

• Provided customized security solutions within Active Directory for implementing delegation of roles, separation of duties and concept of least privilege by utilizing Microsoft Security Best Practices
• Provided vulnerability management by leveraging Qualys product to identify both threats and vulnerabilities within the bank's infrastructure and also managing the remediation process
• Managed various applications, databases and OS security issues through the leveraging of various tools such as ArcSight Security and Incident Management tools
• Provided consulting services to other departments with security assessments for their operations and projects in areas such as cryptology among others
• Designed security documents to be used as policies, standards, guidelines and procedures for enforcing access controls in various applications, databases and operating systems
• Managed and coordinated with various teams to ensure a secured network environment by reviewing change requests for various operations and projects

Technology Risk Management

• Performed periodic Risk Assessment as part of Heat Mapping process to identify, prioritize and manage the Bank's IT Risks
• Managed various audits SOX, External Internal and gap tracking issues with the mandate of resolving the issues and providing long lasting solutions for resolving identified process gaps
• Supervised periodic Penetration and Vulnerability Risk Testing Assessments
• Managed monthly KRI Risk Compilation, Assessment and Mitigation Programs
• Managed and Coordinated Continuous Self Assessment Risk Program
• Planned and coordinated semi-annual Information Security Planning

Confidential

Network Security Engineer

Responsible for architecting security systems and technology solutions among others.

Checkpoint Firewalls

• Implemented Managed NG FP3 on both Nokia IPSO Windows Platforms
• Performed daily backup of Checkpoint configurations, Windows OS and routing information on the servers

Microsoft, Cisco Juniper Technologies

• Managed Active Directory Domain Controllers with distributed Global Catalog servers
• Using GPO to integrate various security layered applications such as MS ISA Server 2006 among others
• Building WAN based DNS Servers as bastion servers in a master DNS architecture with secured and hardened configuration
• Building and managing MS ISA Server 2006 Enterprise edition integrated with Websense Security layered applications
• Managed Cisco Pix and Cisco 3000 VPN Devices providing various solutions architecture
• Managed access and providing solutions on Cisco Core switches such as 6500s 4500s
• Managed Juniper DX Load Balancers and Application Acceleration devices

Brocade Switches

• Installed and configured various fiber channel switches
• Managed firmware, licenses, patches, etc on the switches to maintain OS security
• Implemented LUN Masking and Zoning on the Fabrics to provide security

HP EMC Storage Arrays

• Implemented Disk Groups, VDisks Hosts on different HP EMC Arrays
• Implemented storage presentations to cross platform OS
• Integrated VMWare with HP SANs to ensure a robust infrastructure

VMWare Integration with SAN Technologies

• Implemented and managed VDisks, Groups Hosts with Storage presentation to HP MSA EVA storage devices on the backend
• Installed and configured ESX hosts in a cluster formation on HP Blade Servers
• Integrated VMs on VLANs enabling a robust infrastructure where tools such as VMotion can be employed
• Migrated VMs to different redundant clustered roots

Confidential

Manager Information Technology

Responsible for the regulatory body's telecommunications systems and security solutions among others.

Checkpoint Firewalls

• Installed and configured Checkpoint Endpoints on a distributed Windows Platform
• Performed OS hardening of Windows Servers for use with Checkpoint Endpoints
• Used Smart Clients to manage the management server, enforcement points and Policy Editor
• Employed tools such as FW Monitor, cpinfo, ethereal, among others to troubleshoot problems on the firewalls
• Created perimeter DMZs utilizing the enforcement points to separate various traffic into the network
• Provide secured encryption mechanisms for ensuring the integrity and confidentiality of transmissions

Windows Servers

• Planned, installed and managed two Active Directory Domain Controllers as failovers for the Agency
• Configured Group Policy to manage User Software security, domain software delivery and also to provide a locked down client environment
• Created and maintained Active Directory based User accounts for MS Exchange mailboxes
• Configured DHCP and Active Directory integrated DNS

MS Exchange Servers

• Installed and maintained Active Directory integrated Exchange environment
• Integrated Outlook Web Access for external access with Secure Socket Layer certificates
• Integrated AVG Anti-Virus for brick level scanning to patch vulnerabilities and minimize threats to the assets of the Agency

MS SQL Servers

• Installed and configured MS SQL as a back-end server for the Agency's Intranet web front-end and also the Operations Document Management System
• Maintained database tables ensuring database integrity and security at all times
• Performed backup of the data, log files and also the databases

Enterprise AVG Anti-Virus

• Designed, installed and maintained enterprise-wide anti-virus environment for desktops, windows servers and MS Exchange as an overall operations security posture

Infrastructure

• Planned and cabled access and distribution layers of the network
• Configured and maintained network switches and routers

Documentation

• Planned and documented the entire network using MS Visio for Infrastructure layers
• Drafted and implemented IT Security Policy for the Agency and its satellite units
• Documented security best practices for installed applications within the Agency
• Developed in conjunction with development partners stakeholders an IT Medium Term Strategic Plan for 2005 2008

Confidential

• Performed various IT security consulting assignments as per Clients' requests.
• These requests covered the following practice areas, network security perimeter design using Cisco Devices, Checkpoint Firewall installation, Vulnerability assessments, Security Incident Response, Security Baselines, Security Incident Event Monitoring, Infrastructure cabling, Enterprise Anti-Virus assignments, Windows 2000/2003 Domain deployment, Windows 2000/XP client assignments, deployment of MS Exchange 2000/2003, Network Security analysis, documentation of Security Best Practices, IT audits, among others.

Confidential

Lead Engineer - Boundary eCommerce Infrastructure

Responsible for planning and evaluation of enterprise security solutions based on the analysis, design and implementation of Information Technology Projects.

Checkpoint Firewall Management

• Design, implement and manage multiple distributed Checkpoint firewalls on Nokia IP and Windows platforms.
• Built on Nokia IP 330, 560 650s on IPSO 3.6 Operating Systems
• Implemented VRRP QoS for different gateways
• Deployed Horizon Manager to manage both Checkpoint and IPSO components for Nokia IP devices
• Hardened Windows NT 4.0 sp6 Windows 2000 Server OS for deployment of Checkpoint products
• Migrated CP 2000 modules to NG FP3
• Utilized Voyager, Iclid, few monitor, tcpdump, ethereal and other tools to manage and troubleshoot Checkpoint Firewall issues

Site Security Consolidation Project

• Review existing security modules and Implement new security measures to ensure the security and stability of the site

E-Commerce Site Expansion Outsourcing Project

• Increased the number of Web Servers and their availability at Provider's Hosted Environment
• Migrated cluster databases to a new and improved cluster platform
• Re-Design Site availability with Akamai EdgeSuite Platform

DNS Re-Positioning Project

• Re-design current and future corporate DNS requirements with business objectives supplying the architecture for the new model

Network Infrastructure Projects:

• Reviewed and designed Enterprise Wireless Infrastructure implementing the latest security best practices
• Provided Quality of Service implementation for Enterprise Wireless Infrastructure based on new corporate SLAs
• Enterprise Virus Control System Project
• Analyzed, designed and implemented a total virus control system for all segments of the enterprise
• Managed rollout of anti-virus products for over 5000 clients, 250 servers, and various gateways among others
• Reviewed any future requirements for securing the enterprise environment
• Internet Security Accelerated Servers ISA Cluster Project:
• Reviewed and recommended a phased out plan for all existing Proxy servers
• Designed and Implemented an Active Directory enabled array of ISA Servers to provide proxy and security access to the intranet and internet

Virtual Private Network Project

• Provided new tiered VPN architectures to replace existing RAS platform for corporate users
• Coordinated with corporate vendors to provide secured vendor
• Extranet based on both VPN and web-enabled technologies

Confidential

Lead Technical Consultant

• Identify and resolve, risk management issues in consultation with project partners and stakeholders among others. This responsibility also included.
• Supervising the installation and configuration of SQL 7.0 2000
• Supervising the building of Quad Processor Servers for Client/Server implementations
• Responsible for liaising with project partners and stakeholders on the planning, evaluation and implementation of projects. In addition, prepare and manage budgets and also coordinate the activities of the project team.
• Servers for Data Warehouse and OLAP Implementation at various client sites
• Supervising the installation and configuration of Windows 2000
• Family Servers for enterprise level client/server implementation
• Responsible for implementing industry best practices for troubleshooting and streamlining clients environments
• Responsible for resolving and recommending network solutions for all projects being managed by the consulting division among others.
• Provided expertise in the capabilities and limitations of various layered applications and systems
• Provided expertise in the detection, analysis and resolution of problems associated with IP based architectures
• Research and provide technical recommendations on Firewalls, NAT, IP among others
• Provided SQL and Analysis Services system and log analysis and also perform monitoring and database tuning
• Provided security support for new and existing projects and also develop technical documentation
• Communicate technical issues effectively to both technical and non-technical personnel

Confidential

Senior Systems Technologist

Responsible for maintaining and managing the network infrastructure. This responsibility also included among others:

Checkpoint Firewall Servers

• Installed and maintained Checkpoint Firewall Servers
• Designed DMZs to implement security modules to protect network communication and more to provide VPN transmission in collaboration with subsidiaries in the Corporate Holding Group

MS SQL Server

• Installed and configured SQL servers in the organization
• Managed the introduction of new MS SQL servers in the organization
• Maintained Web based ActiveX application Front-End which included Crystal Reports, VB files and Stored Procedures
• Performed data updates to the databases on the SQL servers which involve making ODBC calls to the BPCS AS400 application via
• Access link tables and queries
• Performed data recovery procedures using MS SQL scheduled jobs and ARC Serve database agents

Exchange Server 2000

• Planned, installed and maintained messaging servers
• Planned and migrated old production Exchange Servers to new Quad Processor servers without any service interruptions

Windows NT Domains

• Managed Windows NT PDC and BDCs
• Built and managed DHCP DNS

Confidential

Systems Technologist

Certifications Project Leader:

Responsible for managing and setting policy guidelines for products certification and deployment using Microsoft Cisco technologies. Responsibilities included the following

• Corporate Builds' imaging with Ghost
• Automated software deployment and packaging
• Establishing, maintaining and documenting hardware and software standards for over 6000 clients. Also designed and wrote technical documents
• Reviewed certifications with other technical specialists to ensure quality and compatibility with existing products
• Project planning, technical walkthrough and implementation of various client/server applications
• Provided 2nd and 3rd level network support for clients