- A solid foundation in IT Security (CISSP), auditing, Project Management (PMI) and IT Infrastructure Library (ITIL). Expertise in process re - engineering and systems design capitalizing on the Six Sigma methodology and thought process.
- Experienced with systems designs and compliance for HIPAA/HITECH, GLBA, ITAR, Safe Harbor, PCI, IRS-1075, SOX, CJIS and FISMA.
- Managed globally dispersed teams, working multiple projects in a cross-functional environment.
- GRC- Archer 5.1, and Symantec Compliance & Control Suite,
- Security Assessment packages - Fortify, AppScan, BurpSuite, Nessus, Appdetective Pro and Core Impact.
- Security Information and Event Management (SIEM) - LogRhythm ,
Risk and IT Compliance Manager
- Lead efforts to revamp Harman's IT Security Policy portfolio to conform to ISO, COBIT and NIST frameworks. Facilitate the creation of Standards, Procedures and Guidelines in support of new policies. Implement and enforce new IT security policies by driving compliance to IT processes and regulatory compliance frameworks.
- Using automated and manual tools such Symantec Compliance Control suite and AD Audit plus ensure adherence to adopted controls.
- Design workflows for efficient Active Directory accounts/access management.
- Direct the annual scoping, daily execution, monthly testing and reporting on IT controls.
- Work with the various IT units to identify and implement best practices around key process areas and maintain the knowledgebase for Harman’s global IT operations compliance to applicable regulatory bodies.
- Manage the internal audit program for IT Operations as well as the relationships between Harman and its 3rd Party Auditors. Provide management responses to open audit and compliance findings as well as formulate and facilitate the implementation of appropriate remediations.
- Build, manage and maintain the compliance training matrix for Harman, reflective of its global regulatory, compliance requirements.
- Conduct IT systems audits and regulatory reviews of prospective candidate firms for merger and acquisition decisions.
Information Security Manager/Information Security/Compliance Officer at
- Created and updated S24 policies, standards and procedures to align with best practices, ISO and NIST standards.
- Oversaw the administration of the Archer 5.1 GRC Platform with modules for Policy, Compliance, Enterprise and Business Continuity Management.
- Managed the biannual SOC 1, SOC 2 and SOC 3 Type II engagements. Ensured annual ITAR and Safe Harbor re-certifications. Oversaw the internal monthly testing of controls in support of the SOC1, 2 and 3 audits.
- Developed S24s compliance and procedural templates for the FedRAMP certification.
- Ensured organizational adherence to S24s policies by conducting training and awareness programs related to HIPAA/HITECH, ITAR, Safe Harbor, 21CFR, PCI, IRS-1075, SOX and FISMA.
- Provided ongoing audit and compliance support for customers (reflective of their governing regulations) through objective evidence collection and responses to external auditors.
- Developed systems hardening procedural documents for Linux, Windows and Networking components aligned to NIST and other regulatory requirements (PCI, IRS-1075, CJIS, HIPAA etc.) ensuring consistency across all environments.
- Managed a rolling portfolio of 25 plus infrastructure and application security assessment projects with 4 projects closing each month. Lead collaborative efforts with development teams to ensure that new and existing infrastructure, software, hardware, architectures and/or applications were developed, assessed and deployed in a Confidential manner.
- Directed the application risk assessments process which involved manual and automated testing (using tools such as Fortify, Web Inspect, Burp Suite, AppDetective Pro and AppScan). By utilizing cross functional teams and third party Subject Matter Experts (SMEs) identified, validated and facilitated in the remediation of systems vulnerabilities.
- Ensured that security processes were embedded in to each phase of the System Development Life Cycle (SDLC) and audited at each gate review.
- Conducted Vendor Security Risk Assessments reviews to ensure the protection of BCBSMs interests.
- Performed reviews on web deployments based on the Open Web Application Security Project (OWASP) top 10 issues. Identified several incidences for the potential exposure of Protected Health Information (PHI) through the Web Portal and Interactive Voice Response (IVR) telephone systems.
- Utilizing lateral thinking, averted delivery delays of two critical initiatives by implementing a Portable Document Format (pdf) conversion utility for virus mitigation in uploaded files.
- Compiled questionnaire tools, best practices and project templates. Designed SME collaboration framework and reporting interface.
- Utilized the Delphi technique to anonymously interview industry leaders and project managers on tools, templates and processes to be used for incorporation in to the project portfolio management and monitoring dashboard.
- Directed IT due-diligence activities, which included evaluating controls around application development, operations, compliance, business processes, project management, physical security and infrastructure.
Project Manager at
- Launched site complete with the implementation of an all new IT infrastructure (Data Center, Servers, Network (cabling of Main Distribution Frame (MDF) and Independent Distribution Frame (IDF), Workstations, Security systems and timekeeping system). Served as the IT liaison to the plants management providing scorecards and updates on progress.
- Designed the framework for proactive, economical network monitoring and support. Conducted Make or Buy Analysis to identify cost savings opportunities. This diligence resulted in a 30% saving in network monitoring costs (by recycling hardware and using open sourced traffic monitoring software) and the elimination of a $1500 per network drop cost for future networking projects by using slack in site resources.
- Prepared the Disaster Recovery and Site Operations Processes documentation that aligned with ITIL Infrastructure best practices. Designed a Crash Cart process to mitigate risk in a Just-In-Time (JIT) manufacturing environment. By guaranteeing continuous production reliability saved Visteon from being charged back $125K Per Minute (with no cap) for down times incurred by its customer Chrysler Corporation.
- Utilizing inputs from the Remedy dashboard, process flow observations, focus groups, and user interviews uncovered the cause of high trouble ticket count and low customer satisfaction at the site. Created the business case for the resolutions implementation.
- Lead development and User Acceptance Testing (UAT) of a site specific desktop client targeted to the users work function. Optimized efficiencies in client deployment by a 50% reduction in the rollout delivery time. Awarded Six Sigma Green Belt for this project.
- Analyzed the Total Cost of Ownership for IT products and services. Saved over of $250,000 by recommending alternate solutions.