• CISA – Certified Information Systems Auditor (COBIT & ITIL knowledge) – License #0979357
• CISM – Certified Information Security Manager (The BMIS knowledge) – License #1117025
• CRISC – Certified in Risk and Information Systems Control (NIST SP800–30) – License #1115698

RELEVENT CAREER HIGHLIGHTS

Business Development Project Manager with Confidential, (2/2012 – 12/2012)
Executed Project Manager Role in helping my parents establish a trucking/logistics business. This was a learning experience I believe will serve me well into my IT Business / Information Security career.

• Designed and managed the project plan
• Scheduled and managed in-person meetings and teleconferences
• Managed all relevant risks and provided solutions to issues and problems as they arise

Microsoft Certified Solutions Associate Student Trainee at Confidential, (7/2012 – 11/2012)
Formal training and certification in the areas of Microsoft Private Cloud Implementation and Risk Management as well as IT Service Management Theory and concepts.

• Practiced the installation and maintenance of Microsoft Private Cloud Technologies
• Explored lab exercises in identification of cloud risks and control objectives for security compliance
• Performed self-study of IT Service Delivery and Managements concepts (ITIL v3 Foundation)

Risk Management Project Consultant in contract with Confidential, (10/2011 – 1/2012)
Strategized and planned with the Director of Information Assurance at Barclays Bank Card Services in order to assist with the implementation of wireless networking and social media globally. The effort was successful in influencing the board’s approval of these sexy technologies that were once resisted by the bank.

• Developed the Risk Position Papers (Information Risk Briefs) on Social Media and Wireless Networking in preparation for the approval process by the Board
• Developed a Social Media standard, a Wireless Network standard, and Technical Security Standard
• Updated the Acceptable Use Policy to include social media and wireless network
• Participated in design and strategy discussions regarding wireless network and social media on a weekly basis
• Performed web vulnerability assessment using OWASP Top 10, NIST website, and Acunetix web scanner

Information Risk Assessor / Consultant in contract with Confidential, (4/2011 – 10/2011)
Lead the execution of onsite risk assessment projects of 3rd party suppliers/vendors around the United States. The scope of the assessments covered Information Security, PCI-DSS (where applicable), and Business Continuity. Each assessment took 2-3 business days and included corporate headquarters as well as SunGard datacenters.

• Developed a project a plan detailing all future assessment pre-onsite due diligence, travel, onsite assessment, reporting, and remediation strategy meetings
• Performed due diligence file review and personnel interviews prior to the onsite risk assessment
• Performed information risk assessments by getting through 325+ questions and answers with heads of Information Security Operations, HR, Legal and Compliance, the datacenter, etc.
• Prepared risk reports for submission to the vendor / supplier (relationship) manager, Vendor Portfolio VP, Vendor Assessment VP, line of business management, etc.
• Participated in relevant control remediation strategy discussions on a weekly basis
• Utilized BITS and NIST methods and techniques where to improve upon the Risk Assessment questionnaire used for the onsite risk assessment

Information Security Analyst & IS Audit Liaison: Confidential, (8/2010 – 3/2011)
Developed and managed information security awareness program as well as performed the role of IS Audit Liaison in a HIPAA and HITECH regulated environment in its infancy.

• Maintained Controls Remediation Tracking Report upon audits and scans, develop Corrective Action Plan (CAP) to address control deficiencies, and monitor and communicate internal and external IS Audit activities to IS management
• Lead efforts, as Project Manager, to merge both the Information Security Awareness and Privacy Awareness contents into a Data Protection Awareness online mandatory training. This reduced the mandatory training time and redundancies as well as increased the engagement of participants and kept CHOP compliant
• Utilized FISMA / NIST methods and techniques where HIPAA privacy and security requirements were unclear or lacked adequate guidance or recommendations
• Responsible for the branding of CHOP\'s Information Security Program in order to expedite the securing of knowledge workers, Information Security Awareness and Recognition mandatory training content development, and provide Information Security Awareness Training presentation during New Employee Orientation (NEO)
• Developed Information Security Policies and Procedures, document Information Security requirements during SDLC projects, serve as Project Manager on various medium security projects, and serve as general Information Security SME
• Developed an Approach Document, RACI Chart, Project Plan, and Communication Strategy for CHOP’s Security Awareness and Recognition Program while serving in the capacity of project manager & content developer for the merger of Information Security and Information Privacy mandatory training modules. Also, responsible for maintaining CHOP’s information security intranet site and the development of a library of security bulletins to be distributed bi-weekly
• Served as member of the Architecture Review Board, Change Review Board, and the Project Review Board

IT (Security) Service Delivery Analyst: Confidential,NJ (11/2007 – 4/2010)
Evaluated and properly documented business impacts as well as ensured effective communication and analysis for timely resolutions in the event of a major incident or request for configuration changes at client site

• Performed secure connections to customer production environment in order to identify Business Impact when application failure or error disrupts the efficiency and flow of the supply chain.
• Coordinated incident response to disruptions in the supply chain of clients and manage the flow of communications during the remediation process.
• Adhered to FISMA and FIPS requirements to ensure security compliance as a government contractor by utilizing NIST recommended methods and techniques as necessary.
• Provided overall assurance that the service management and task practices will ensure the delivery of the level of service required to meet contract agreements.
• Analyzed risk, incidents and interdependences to determine their impact on the organization
• Collected and validated data that measures key-risk-indicators (KRI) to monitor and communicate their status

Information Security Consultant in contract with Confidential, (1/2002 – 11/2007)
Recruited to perform audit remediation as well as design, develop and deploy business continuity / disaster recovery plans allowing clients to recover within approximately one-half business day.

• Reconstructed entire security control policies and procedures of a major REIT, enabling client to pass Sarbanes-Oxley compliance target schedule.
• Performed Netscreen VPN/Firewall administration duties for a large New York Catholic Diocese
• Researched and implemented an IIS 5.0 web server high-availability configuration for a major relief / fundraising client, providing 99% uptime and significantly increasing availability of server supporting e-commerce, donor database and IT operations.
• Protected user / setup privacy by configuring firewalls, anti-virus applications, encryption features, etc.
• Developed and maintained a risk register to ensure that the organization account for all identified risks
• Analyzed risk, incidents and interdependences to determine their impact to the organization
• Identified and reported on compliance risks to initiate corrective actions and meet regulatory requirements
• Ensured all controls are assigned control owners to establish control accountability
• Assessed and recommended tools to automate IS control processes
• Collected Information and review documentation to identify IS control deficiencies
• Provided IS control status reporting to relevant stakeholders to enable informed decision making

SELECT SECURITY TECHNICAL SKILLS AND TOOLKIT

Cloud Computing Security Risk Management • OWASP Top 10 • BackTrack Security Auditor Toolkit • Acunetix web scanner • Virtualization • Social Media Risk Management • Data Loss Prevention (DLP) • Routing • Switching • Firewall • IDS • IPS • Hardening Windows and SQL Server 2008 • IT Assurance Guide • Risk IT Framework • COBIT 4.1 Framework Working Knowledge • IS Audit Process • IT Service Delivery and Support Methodology • Active Directory Security Administration • Wireless Network Configuration • NMAP • Nessus / Nessus WX • Snort • SQL Server 2008 • MS Project 2010 / 2007 • Visio 2010 / 2007 • SharePoint 2010 • Office 2010 Professional: Outlook / Excel / Word / PowerPoint • Sales Force • Remedy

PROFESSIONAL DEVELOPMENT PLAN

• ITIL v3 Foundation – (IT Service Management Foundational Knowledge) – Candidate 1/2013
• CobIT5 Foundation – (IT Governance and Management Framework Foundation) – Candidate 6/2013
• CobIT5 Implementation – (IT Governance and Management Framework Pro) – Candidate 12/2013

PROFESSIONAL AFFILIATIONS

ISACA – Information Systems Audit and Control Association (Philadelphia Chapter)
ISSA – Information Systems Security Association (Delaware Valley Chapter)

EDUCATION

BS in Computer Information Systems (CIS) Candidate