Summary:

Security Risk Architect Analyst for Information Technology. Able to address all Ten Domains defined by CISSP CBK from a technology perspective. Over thirty years of IT security covering application and system software, various hardware platforms, networking, standards and policies. Skilled devotion to reducing zero day risk, compensating controls, identifying gaps, ensuring compliancy and stopping all future compromises in the delivery of technology solutions. Overall knowledge of financial security regulations, TPMs and compliance frameworks. Worked on threat, vulnerability management, filtering reducing false positives and algorithm encryptions. Continuously researching emerging threats, vendor services and products. Performed monitoring CVE, IDS/IPS, scoring systems, logging, forensics, SIEM, Pen testing and more. Technical Recoveries for 911, East coast power outage and Sandy.

Regulations: COBIT, COSO, DIACAP, FED, FINRA, FISMA, ICD503, IEC, ISO, ITIL, NIST, PCI, SEC

Environments: DHCP, DNS, Hercules, HTTP, IaaS, ICMP, IHS, IIS, IPv6-IPv4, Kerberos, LDAP, Linux, Load Balancers, OSI, .com, .net, PaaS, SAN/NAS/DAS, SaaS, SYSBII, TableBase, TCP/IP/UDP, Unix, VPN, WAS, Web services, Web sphere, Windows, z/OS.

Languages: ACL, C , COBOL, CICS, DB2, HTML, Java IDE, J2EE, Python, PHP, SQL, XML.

Tools: ACF2, Changeman, Clarity, Clear Quest, CVE, CVSS, ETL, DB-Protect, Endeavor, FW/NGFW, MAP, Micro Focus, MS, Nessus, Nexpose, NVD, OWASP, Qualys, RACF, ReqPro, SharePoint, Synergy, Tivoli, Visio, WB.

Vendors: Access Data FTK , AlienVault, Amazon ATT, Cisco, Citrix, Dambella FailSafe, Dell, Event Tracker, Fortinet, Guidance Encase , Helix, HP, IBM Appscan , LogRhythm, McAfee, Oracle, RSA EMC GRC , Site Minder, Splunk, Verizon.

SDLC: Agile, CMMI, FSDM, Hybrid, Incremental, Iterative, RUP, UML, Waterfall.

Confidential

Cyber Architect Security and Risk advisory manager.

Projects: Short term advice for seminars, consulting agencies, vendors, and financial institutions. Security evaluations and setups for small businesses, LAN, WAN, Wireless, cloud and internet connections. Assistance with understanding vulnerabilities, virus software, malware, policies and upgrades. Create security training documentation for small business groups. Identify procedures to prevent exploitation. Create alert systems based on environment vulnerabilities. Clean and install virus software and firewalls. Set firewalls, proxy servers, DNS and host IP to URL tables, blocks and Certificates.

Confidential

IT Architect Security and risk/Assistant to Executive Director, Consultant

Projects: Improve then Manage and lead security and risk for all of IT Mainframe/distributed/networks and more. External Vendor tools, environments, utilities, products evaluation and recommendations. System Solution, Implementation, compliance and incident reviews and board meetings. Built, wrote and approved standards into Firm wide Dev Central Portal. Move gateways, firewalls, IDS/IPS for performance and reduce false positives. Mainframe simulation for a distributed platform. Cloud research for public/private SaaS/PaaS/IaaS.

Tools: SharePoint firm wide technical portal, Dell, HP, IBM, Tivoli, Asset Manager, Synergy, Changeman, SYSBII

Highlights: Sandy recovery. Several Smith Barney applications lift and shift from Citi to Morgan Stanley. 50 Smith Barney external client VPN connections. SB Performance and capacity environment considerations, ensuring MS compatibility. SB Batch, On-line, MQ, Connect direct, Data transmissions, Table Base setups and builds on and to MS standards. Moves for data, source and more. Time and tests for all aspects of day one turnover. SB RTM Real Time Margin move to MS, IIS, WAS, CICS, CA, Port allocations and security restriction controls, Firewalls, Gateways, ACL, encryption, DNS, LDAP. Load Balancing, Security systems, SiteMinder, Kerberos and Encryption processes.

Confidential

IT Security Project Manager

• Applications: Enhance SDLC for security of all financial information platform feed processes.
• Projects: Thompson Reuters - Security and risk Alerts. Multiple data transmission feeds for multiple Financial Organizations.
• Resources and Budget: On/off global sites of over 31 projects ranging 5 to 20 resources.

Confidential

IT Security Technical Project manager, Consultant

Applications: Created Dash board Report process for upper management on SDLC related to the security policies and security monitoring of all platform financial market data transmission feeds.

Confidential

IT Architect Assistant to Managing Director, Consultant

• Applications: Global financial statement systems, security, regulatory, and compliance reporting for all products.
• Projects: CICS M204 DB2 conversion. Security and Risk, Data center move. Consolidation Household number.
• Resources and Budget: On/off site staff of 10. 3 million.
• Tools: 3 tier plan presentations. SDLC docs, Websphere, Porthole URL for project documentation
• Highlights: Significant Cost reduction due to reductions in run time, and output.

Confidential

IT Architect Manager Pharmaceutical financial systems, Consultant

• Applications: New security regulations for the billing and charging systems.
• Projects: 3 infrastructure HIPPA developments, maintenance and coordinate technical work at 3 sites. Yearly reporting/classification of production abends, down time, customer effect, corrections and preventions. Developed yearly budgets capital and operational expenditures, forecasts for resources and funding approvals.
• Resources and Budget: On/off site and off-shore staff of 15,
• Tools: PERT, SDLC, UML, Remedy, PTS, Microsoft. PID, RFI, RFQ, RFP. JAVA, CICS, SQL, COBOL, Teradata
• Highlights: Improved procedures off-shore. Video/audio on-line meetings, time management, resource workload distribution, time reporting, budget monitoring, staff status reporting to upper management, billing and estimates.

Confidential

Senior IT Architect Manager, Systems Development Management

• Applications: Web security for Fidelity.com, Advisorchannel.com, .net, securities lending, fixed income, corporate actions, Swift, Fed wires, collateral management, derivative reconciliation, electronic trade confirms, settlement, production alerts systems for voice activated, BlackBerry, and email notifications.
• Projects: 5 New/Enhancement/Compliance, regulation, maintenance and production support.
• Resources and Budget: On-site, off-site Boston, Texas, NC, off-shore India, Ireland staff of 23. 100k to 1 million.
• Tools: UML SDLC FSDM Req. Pro, Clear Quest, Microsoft Office suite, MAUI, CICS, COBOL, SQL JAVA

Highlights: Evaluations, suggestions, solutions, presentations, Security and Risk evaluations, video/audio on-line meetings, for technical projects. External client contact to attract new vendors, new advisors, new plan administrators, external company and broker-dealer plans. Excel yearly project budgets and forecasts for resources and funding approvals, gathering of external interfacing systems, UAT, QA, Data Architecture, and Performance. Monitoring and identifying milestones among different resources. UAT, QA test cases, Installation schedules, call plans for technicians and users, back-out plans, go no go times, and balancing alerts on QA and production moves. Recommended installations and software deployment for new equipment such as work station special printers. Coded modules researched and reviewed GUI definitions, Load balancing. Reuters and Bloomberg downloads and data extracts to Excel macros spreadsheets for users and auditors for FED, SEC, and FINRA. Upper management status reporting. Metrics gathering, presentations.

Confidential

IT Security Manager - Trades, Consultant

• Applications: Electronic trades, stocks and dividends. Fixed income, regulatory compliance enhancements
• Projects: Production Support, Help Desk, enhancements, and maintenance. Listened, empathized, analyzed, and responded to Corporate Action demands. Gathered data from external systems. Recommendations to obtain information, internal and external Chase . Trades, securities lending, broker-dealer, fixed income solutions.
• Resources and Budgets: On-site, off-shore India staff of 20. 10k to 100k.
• Tools: Microsoft Office suite, CICS, COBOL, SQL Mainframe, Internet.
• Highlights: Reduced run times, response times and Database access overall reduction in cost.

IT Security Manager - Pending Trade Date Settlement Project

• Applications: Security for the applications pending, settled trades, collateral management, derivatives, securities lending, fixed income.
• Projects: DB2 warehouse for Global Stock Record. Front-end Web technology, middle-ware mainframe. Design web pages, drill down connections to external systems, Batch builds for data warehouse feeds from other systems. Migrate pending trades to settled corrections. Retention archiving of warehouse data on previous yearly dates.
• Resources and Budgets: Staff of 10, including off-shore India . 10k to 500k.
• Tools: IBM, SDLC, RUP, Microsoft Office suite, Web, COBOL II, DB2, SQL, IMS, CICS, MQ.
• Highlights: Reduction of overhead.

Confidential

IT Architect Manager, Consultant

Applications: The security for 3 tracks of Avis buyout of Budget full global technology merge... In scope/out of scope allocations. Global allocations all aspects of project management, feedback to senior management and development staff. Interviews, project, resource time management, Client meetings for business requirements, specifications and status, Team meetings for technical tasks. Up front systems analysis, Code review, Technical problem resolution, full life cycle, producing, maintaining, reviewing, validating and executing test scripts, schedules, and plans, developing and enforcing Quality Assurance test methods and procedures, generating defect reports, metric reports, QA Entering/updating to defect tracking.

• Projects: East Coast Power outage recovery. The project initiative was to convert and merge Budget onto the Avis systems under the Cendant umbrella.
• Resources and Budgets: 20 resources 6 interviewed and hired. 3 million-dollar range.
• Tools: COBOLII, DB2, stored procedures, IMS, Microsoft Office suite, Panvalet, and Endeavor.
• Highlights: On time, Under Budget.

Confidential

IT Architect Manager - Pending Trade Date Settlement Project

Applications: Security and risk on applications pending, settled trades, collateral management, derivatives, securities lending, fixed income.

Projects: 911 recovery. DB2 database warehouse for Global Stock Record department. Front-end Web-based technology, middle-ware mainframe. Design of web pages, GUI, drill down connections to external existing detail systems, Batch builds for data warehouse feeds from other systems. Migration of pending trades to settled corrections. Retention and archiving of warehouse data based on previous yearly dates.