Professional Summary

• Over eighteen years of IT consulting and Security management practice role with security and controls, network infrastructure management, data centers operational security, and global audit, highlights include:
• Over twelve years of financial services network security, audits, and operations experience.
• Notable data center management and security experience: VMWare, Cisco Systems, Fannie Mae, Accenture Consulting, United Health Group, Harman International, Anheuser Bush, Caterpillar, DuPont, National Canada Bank, United States Steel, Royal Dutch Shell, Cooper Industries, JP Morgan Chase global datacenter, Hewlett Packer HP , Board Gias Ireland , Dannon France , Veolia Eau Ile de France , Compagnie d'Affr tement et de Transport France , INPS-HS Italy ,Jefferson Pilot Financial, PMVTechnologies datacenter MI , Graphtech managed services Chicago , Synoptek CA , Jefferson Pilot Financial FLFS , and State of Michigan Treasury Project MAIN .
• Audit and Compliance: ISMS Controls, SOX HIPPA and PCI Personally Identifiable Information PII Controls, Application Security Assessment, Supplier Security Assessments, Network and Application Security Penetration/Ethical Hacking, United States and European Union Enterprise Data Privacy and Protection Controls
• CISSP, CISA, CRISC, CISM, and ISO/IEC 27001 certified.
• Managed level four data center enterprise security and IT operation for JP Morgan chase, Jefferson Pilot Financial, State of Michigan State Treasury Department and other financial institutions
• Performed analytical, technical, and operational security work in the planning, design, installation, and on-going administration of server, network, storage, and related datacenter infrastructure and services.
• Extensively involved in implementing IS Security Policies and practices based on COBIT and ISO frameworks.
• Enterprise risk assessment and management for financial institution audit, fraud risk assessment and management, IT audit for applications, networks, infrastructure, data centers, general controls, and business-continuity plans to identify risk areas.
• Developed System Security Authorization Agreements and System Security Program

Technical Skills

• Operating Systems: Windows 2008/2003/2000/Windows 7/Vista/XP/NT/9x/3.x, Unix, VMware, MS Terminal Servers, DOS.
• Network Infrastructure: HP Mainframes, IBM Risc 6000 servers, Cisco Firewalls, Cisco VoIP, Cisco Routers and Cisco WAP Wireless Access Points , Remote Monitoring tools Cacti, Nagios .
• Client/Servers: Dell/Compaq/IBM Servers, RAID, UPS, VERITAS Backup systems, Symantec/Cisco PIX/ASA, HP Mainframes, Asterisk/Televantage/Cisco/Switchvox VoIP Servers.
• Security Tools: SEIM, Cisco PIX/ASA firewalls, vulnerability scanners Retina, Qualys, Nessus , Cisco Mars, Radius and TACACS servers, ARCsight SIM/SEIM, Blue coat proxy, RSA, , Snort, Fraud detection data analysis ACL, Kirix Strata , Ethical hacking/Pen testing tools.
• Applications: Microsoft Project, MS Office, Visio, MS Access, MSSQL, My SQL, Acrobat Professional, ERP QAD, SAP , MS Project, Enterprise Windows 2003 Servers, Active Directory Implementation and Management, VoIP, Sun Solaris Unix, Red Hat Linux, Wireless LANs and WANs, Cisco Routing, Access Controls, Disaster Recovery, VMWare ESX /ESXi 4.x., eGRC Metric Stream, Archer

Experience

Confidential

• Manage and operate Security Consulting Services practice
• Perform enterprise risk assessments, baseline security posture and metrics and ensure compliance.
• Manage compliance work with control owners and leadership to mitigate and remediate risks, audit findings through consulting, coaching and self-assessments and gap analysis to incorporating industry specific and general controls.
• Manage security and compliance audits, application security assessments, fraud analysis, enterprise security, IT infrastructure, and projects for Fortune 500 and mid-size companies individually and in the team environment for technology platforms, applications, and controls.
• Infrastructure and Applications platforms include Unix, Linux, MS Windows, NOVELL, Wireless, VoIP, ERP SAP, QAD lifecycle management, enterprise storage management, enterprise backup systems, firewall IDS/IPS, and identity management.

Confidential

• Audit, Assessment, and ISMS Services.
• Application Security Assessments and Penetration Testing OWASP based and Network Security Assessments/Ethical Hacking
• Manage and audit Access Controls and Identity Management Internal Controls and Projects
• Managed Global Application and Client Data Protection Security Teams.
• Provided risk advisory, consulting services, audit, global security, and compliance services.
• Client engagements across multiple industries include financial services, manufacturing, insurance, and automotive.
• Global team lead for protecting Accenture's 270,000 employees based ONE network global infrastructure.

Confidential

Senior IT Security Auditor, Risk Advisory Service

• Provided risk advisory services consulting, audit, security, and compliance.
• Client engagements across multiple industries include financial services, automotive, and process.
• Enterprise risk assessment and management for financial institution audit, fraud risk assessment and management, IT audit for applications, networks, infrastructure, data centers, general controls, and business-continuity plans to identify risk areas.
• Quality assessment review, section 404 SOX regulatory compliance assessment, testing and reporting, documentation, and ongoing monitoring.
• Identified risks that impact integrity of IS and technology infrastructure.
• Controls and associated risks that could affect ability to rely on IT processes.

Confidential

Senior IT Auditor and Risk Professional

• Risk based Security controls and SOX compliance.
• General security controls testing.
• Assessments testing included problem management, change management, and identity management for infrastructure, applications, and databases.

Confidential

Senior IT Auditor for the Global Operation

• Planned, organized, and independently executed audit work including on-site observations, personal interviews with management and staff, analytical procedures, and detailed analysis.
• Served as a subject matter expert in implementation of Identity and Access Management initiative, supporting, administering and managing multiple disciplines and identity and security platforms for the corporate enterprise.
• Developed risk-based internal audit mandate and audit programs for business units.
• Provided risk-focused guidance to business units and shared services on policies and control procedures.
• Assisted in IT Annual Risk-Assessment and Controls testing.
• Lead on complex IT internal control assessments across a variety of application and system environments including QAD, PeopleSoft, COTS applications, Oracle, SQL, DB2, Progress, Windows, and UNIX focused on information security, application, and system software development and information systems operations.
• Provided insight around the development and implementation of a centralized identity and access management IAM solution for a large manufacturing services client.
• Delivered technical Windows assessments as a subject matter expert focusing on security and controls, segregation of duties, business process reviews, and Governance Risk and Compliance GRC .
• Performed IT governance and advisory control assessments utilizing industry governance standards e.g., COBIT .
• Delivered internal control assessments on a variety of IT and business processes including IT secure infrastructure, VMware, Citrix servers, firewall, IDS/IPS, HR/Payroll, Hyperion, QAD, HR/payroll, data analysis for fraud detection, Windows, Unix, Linux and VoIP infrastructure, datacenters, reporting, and consolidations.
• Implemented complex Sarbanes-Oxley SOX internal control programs and advising on program sustainability.
• Gained exceptional cultural and client service experience through managing global engagements in Europe, South America, and Asia.
• Fraud Analysis using ACL data analysis tools.

Confidential

Datacenter Chief Security Officer

• Created and maintained a secure computing environment for internal and external consumers.
• Validated all LAN/WAN network designs for new clients and infrastructure changes.
• Developed and maintained information data security, physical security, business continuity, and disaster recovery planning and annual testing.
• Identified potential threats and vulnerabilities for business processes, associated data, and supported capabilities to assist in the evaluation of enterprise risk.
• Implemented IS controls to mitigate risk.
• Assessed and recommended tools to automate IS control processes.
• Developed and enforced IT policy for information assurance and performed vulnerability testing.
• Assessed the security of new and existing products and technologies and participated in the infrastructure architecture design life cycle from idea phase through release into post release and maintenance.
• Managed secure infrastructure that includes: access controls, firewalls, IDS/IPS, SEIM, malware protection, new client provisioning, compliance, risk management program, and virtual environment cloud computing .
• Maintained network integrity during numerous exploitation alerts.
• Controlled all IS security issues to ensure integrity and stability of WAN, LAN, and network services.
• Maintained internal and external security controls and insured users adhered to policies.
• Implemented IS Security Policies practices for information, security, computer, and datacenter infrastructure.
• Wrote user management procedures, system administration procedures, backup, incident response, configuration management, design methodology, and disaster recovery.
• Authored contingency plans and revised security policies.
• Managed and measured risk for vulnerability and threats.
• Developed a security awareness program based on SAN institution recommendations.
• Conducted IT security audits, and managed/measured risk for vulnerability and threats.

Confidential

Enterprise Site Security Engineer

• Managed level four data center enterprise security and IT operation.
• Performed analytical, technical, and operational security work in the planning, design, installation, and on-going administration of server, network, storage, and related datacenter infrastructure and services.
• Designed, developed, and deployed new security technologies, services, and underlying network infrastructure.
• Architected complex networks and multi-server systems.
• Worked with other engineering/development teams to create robust secure scalable datacenter solutions.
• Performed security audits, risk assessments, and provided strategic direction for network infrastructure and global datacenters.
• Evaluated new security products for network technologies.
• Defined recommendations and specifications for global line of business production implementation.
• Worked as the highest point of escalation.
• Performed Tier-III support requests for complex security, technical problems, and high-severity outages from other network engineers and business departments.
• Developed service specifications, internal security standards, and policies/procedures to adapt to evolving technology and business needs.
• Participated in development of technical training and documentation for secure network operations and support staff.
• Developed extensive tests and participated in testing and certification of new security network hardware, software products, and solutions.
• Performed physical and logical network vulnerability testing of the data center, advanced configuration, and maintenance of routers, switches, switch-routers, load-balancers, content-delivery devices, firewall/security devices, and other types of networking equipment.
• Planed, coordinated, and executed major/large-scale network operations, such as: critical maintenance, large-scale migrations, adjustments on the edge with backbone, global technology changes/additions, and major hardware/software upgrades.

Confidential

• Outsourced operation to Infowire Managed Security Services.
• Managed operational security including: infrastructure, firewalls, IDS/IPS, and monitoring systems.
• Planed, supervised, and conducted testing to confirm continuous efficiency and effectiveness of IT controls.
• Determined and remediated IS control deficiencies to ensure that deficiencies are appropriately considered and remediated.
• Performed gap analysis, risk assessment, and audits ITGC audits.
• Fraud Analysis using ACL and Kirix strata data analysis tools.
• Global IT Audits: SOX testing and monitoring, GLBA, Process audits, and General controls.
• Maintained network integrity during numerous exploitation alerts.
• ERP Lifecycle management: Implementation, maintenance, updates, and decommissioning.
• Controlled all IS security issues to ensure integrity and stability of WAN, LAN, and network services.
• Maintained internal and external security controls and insured users adhered to policies.
• Implemented IS Security Policies practices for information, security, computer, and Internet.
• Wrote user management procedures, system administration procedures, backup, incident response, configuration management, design methodology, and disaster recovery.
• Authored contingency plans and revised security policies.
• Managed and measured risk for vulnerability and threats.
• Developed a security awareness program based on SAN institution recommendations.
• Conducted IT security Audits, and managed/measured risk for vulnerability and threats.
• Used new or change existing, structured project methodologies using project management process best practices.
• Developed and managed complete IT Security program.
• Intrusion detection system implementation using sniffers, Host-based IDS, and network-based IDS.
• Internal and external network vulnerability scanning.
• MS Windows and Linux server hardening.
• IT project management using best industry's project management practices.
• CISCO: subcontracted to HP clients to implement Cisco routers, switches, and voice over IP telephony gear for multiple site operations.
• Implemented and maintained Cisco switches, routers, and Cisco telephony gear for several financial services companies and data center network sites using VPN, Frame Relay, and point to point T1 lines.
• Implemented several call centers in Pakistan using VoIP services.
• Call centers provided sales and marketing services to Vonage, Packet8, and Rogers Telecom Canada .
• Managed LAN and WAN services for HP contracts.
• Extensive use of TCP/IP protocols, SSH, FTP, FTP, DNS, NAT, and PKI certificates.
• Worked with client in developing contract documents, proposal development, and finalizing technical solution.
• Nine state conversion project for HP client, which included SAP servers updates, new Cisco VoIP servers, windows 2003 servers, Cisco routers and switches, and Cisco WAP installations.
• Managed team of eight engineers and telecommunication staff.
• Designed and managed multi-million dollar data center to the temporary location move operation for financial services company data center.
• Designed and implemented multi-branch VPN connectivity for financial services company eliminating frame-relay, and several Unix/Linux and MS Windows network servers for medium-sized businesses.
• Managed employees, contractors, and subcontractors for IT projects and disaster recovery solutions.
• Managed development team and centers responsible for web services and production.
• Provided technical lead for ground breaking projects.
• Directed web based e-statement, Document Management System, and Intranet projects.
• Online banking server management on Sun Solaris platform.
• Implemented change management process to track IT infrastructure changes, in real-time change activities to address the ever-changing business demands and regulatory compliance.
• Developed transition plan to support site relocation and implemented technology equipment to provide continuity of operations through transition.
• Managed FICS Mortgage Services for financial services clients running Sybase database.
• Managed web applications on MSSQL database.

Confidential

• System administration and security for financial services for twenty-five branch offices in fifteen states.
• Performed Internal Audits of Information Systems to ensure that they were operating securely and that data was protected from both internal and external attack.
• Conducted security assessments to ensure adherence to company specific security policy, procedures, and industry standards.
• Monitored, evaluated, and maintained security systems according to industry best practices to safeguard internal information systems and databases.
• Assisted with the review and definition of security requirements and reviews systems to determine if they were designed to comply with established standards.
• MS windows and Linux server hardening.
• Investigated security violations and breaches.
• Prepared reports on intrusions as necessary.
• Reviewed firewalls logs across the assigned area.
• Configured firewalls, intrusion detection systems, and other network security devices across assigned area.
• Provided IT training to staff.
• Developed System Security Authorization Agreements/System Security Plans.
• Performed threat vulnerability assessments and provided certification recommendations.
• Directed and conducted security tests and evaluations.
• Provided technical support in the evaluation of security products.
• Developed information systems security studies and reports that addressed areas of information system security concerns.
• Created, edited, and reviewed certification and accreditation documents.
• Provided consultant services in all areas of information system security, including physical security, administrative security, personnel security, computer security, operations security, and industrial security.
• Designed and managed Client security, VPN server, Internet Servers, and Internal LAN in the main office.
• Implemented and maintained Microsoft Exchange email server.
• Managed user services, exchange directory services, and event services.
• Group scheduling for Enterprise network and anti-virus.
• Regular maintenance of upgrades and patches and backups.
• Developed and manage custom-built MS SQL, MS Access, and MySQL database management/marketing applications.
• Web based applications design and implementation, using MS Intradev, MS SQL 2000, and ASP/ADO.
• IT infrastructure management.
• Managed all IT projects and IT department annual initiatives using industries best project management practices.
• Managed task schedule to ensure milestones were met and projects stayed on track.
• Maintained currency on governing directives.
• Promoted company services and products, and provided input and direction to company developed products.
• Designed and managed Client security, VPN server, Internet Servers, and Internal LAN in the main office.
• Implemented and maintained Microsoft Exchange email server.
• Managed user services, exchange directory services, and event services.
• Group scheduling for enterprise network and anti-virus.
• Regular maintenance of upgrades and patches and backups.
• Project Management: project delivery throughout the entire life cycle.
• Used new or changed existing, structured project methodologies using project management process best practices.