PROFESSIONAL SUMMARY

A career oriented professional with proven years of experience in information security management. Extensive experience in the field of information security, help desk technical support and internet customer support. Track record of accomplishments in international banking, federal banking and Software industry.

AREAS OF EXPERTISE

Logical/ Physical Security. Security Program. Data lost Prevention. Network Monitoring and Intrusion Detection. IT Audit. Risk Assessments. Identity Management. Risks Management. Security Awareness Program, Help Desk Support Customer Support.

TECHNOLOGY SUMMARY

• Security monitoring: Symantec- Network End Point Protection, CISCO-IPS .G100, RSA, NOC, GFI, ISA, VPN, Barracuda-
• Web-Filter, What-Up-Gold, ISA VPN Manager, Quest Script-Logic, NetBotz, ADT Alarm System, Cameras, and Cards Access.
• Operating Systems: Windows XP, 7, and 8 Server: Windows, 2003, 2008. Other: Printers, Laptops, BlackBerrys, and IPhone
• Software: Active Directory 2003, 2008, SQL User Administration Server 2005 . Lotus Notes-6.5, 7.0, Outlook 2003, 07, LAN, VPN, Citrix, Connect Wise, Remedy. Microsoft office: Office-2003, 10, and 13
• Mainframe Systems: VTAM, Netview, IMS, TSO, ISPF, CICS, ACF2, RACF and ALLTEL.
• Banking Applications: Charles Rivers, PAM, OPICS, Charlotte, Federal Reserve Bank-Feline Alliance, JP Morgan, SWIFT, E-IBS, and Mocha -emulator 5250 as AS400. Hardware: Personal Computers: Dell, HP and Mac. Laptop: Dell, IBM, Toshiba.

Key Achievements

Authored/wrote and established monitoring controls/procedures for authorization controls, metrics for the logical, physical security, including data/entity user access, and authentication for various systems and business applications.

• Developed/documented operations documentation for information security administration and help desk.
• Designed and documented the system requirements for the purchase order and assets management system.
• Developed and implemented a web-based help desk system and a problem resolution knowledge-database system.
• Implemented a security monitoring control tools/ procedures Devices attached to the network and the infrastructure.
• Implemented a security awareness training program and wrote the supporting documentation.
• Implemented a metric process for the logical and physical security used for the risks assessment plan.
• Implemented an operations documentation for the security monitoring controls used for the risks assessment metric.
• Implemented script logic: active directory /files system tools for monitoring the network accounts and folders/files.
• Participated in the planning and the implementation of a web-based security user's access requests system.

Technical Developments

Confidential

Currently, and during the past years, I have updated my skills and to keep abreast of the latest computer technology, software and information security updates. Participating in discussions with security groups from LinkedIn. Taking online training as well.

PROFESSIONAL EXPERIENCE

Confidential

Information Security Officer/ Security Specialist

• Assisted in coordinating the contingency readiness test at the disaster recovery site.
• Managed the logical and physical security for the Bank including policy, procedures, strategy, administration, governance, monitoring, compliance, and standards in accordance with the established guidelines.
• Administered /monitored using barracuda web filter system to check for un-authorized access and exceptions.
• Assisted law enforcement and internal judicial authorities in handling building and security infractions.
• Administrated the user's accounts administration for active directory, SQL-database and bank mainframe, RSA tokens, JP Morgan, SWIFT, Federal Reserve Bank and other banking business applications including folders/ files privileges access for all applications and internet customer's accounts as well.

Confidential

• Developed a security risks assessment metrics and security program plan and associated documentation to ensure the information systems were used and maintained in accordance with the bank security policies and best practices.
• Developed and maintained employees' security awareness, training and education program to safeguard information against accidental or unauthorized modification, destruction or disclosure of critical information.
• Assisted with audits from internal and external auditors regarding information security and controls.
• Identified and addressed exposure to accidental or intentional destruction, disclosure, modification, or interruption of information that may have caused serious financial and/or information loss to the bank assets.
• Interfaced regularly with banks internal and external auditors from Federal Reserve Bank and N.Y.States Banking.
• Maintained information security standards/procedures in compliance with state, federal policies, and guidelines.
• Managed the information program, its policies, procedures and risk assessment process and controls.
• Managed /documented abnormal security incidents events by ordering emergency action and taking pro-active measures.
• Monitored all aspects of the information logical security and physical security of the bank.
• Monitored and analyzed using IPS -Cisco intrusion prevention system events alerts to detect security threats and vulnerability which included daily vulnerability scanning of the network and the firewall.
• Monitored ISA--internet security acceleration system to detect unauthorized VPN users' access and exceptions.
• Monitored the network and analyzed application traffic, disks usage and flow monitor using What's Up Gold system.
• Monitored using Symantec end point protection manager to check for virus infections for servers, operating systems workstations, and laptops were updated with latest antivirus definitions and the latest virus signatures.
• Participated with users, technical groups and management in the development of security strategies designed to provide a high level of security over data and information systems.
• Performed internal audits of systems/applications for risk analysis using such tools as Quest Script-Logic applications.
• Performed internal compliance audits for user's access re-certification roles for the active directory including folders/files and business applications. Managed the internet customers' users' accounts administration.
• Reviewed and approved change control requests for the network and the firewall.
• Reviewed, and interpret new sources of information on current and emerging laws, rules/regulations, and industry best
• practices relating to standards: ISO-17799, SAS16 GLBA, FFIEC standards, regulatory guidance and security updates.
• Reported weekly /monthly to the head office security committee and management regarding abnormal activities, and breach of security, information protection, risk maters for physical and logical security.

Confidential

Information Operations Officer

• My responsibilities were to manage the day-to-day operations of the help desk technical support, and the users' applications/ systems security administration. Additional responsibilities included managing the Internet customers' users support group.
• Assisted the Information security manager in the day-to-day operations of the security administration.
• Assisted technical group in installing personal computers including software and hardware when short of staff.
• Administrated users' accounts privileges for access folders and files for network, mainframe and business applications.
• Performed level-1 2 functions by providing technical support to users in person, telephone, tickets or by emails.
• Performed internet customers' support for issues concerning logins, passwords and related application issues.
• Prepared statistical analysis and exception reports reflecting activities of the help desk and security issues.
• Troubleshoot problems to determine whether problems were caused by hardware/software such as computers, printers, network access, VPN remote access, citrix access and banking applications as well.

Confidential

Technical Relationship Account Manager

Managed client's technical issues to insure maximum value and satisfaction from the use of Computer Associates' technology and services. Acted as a liaison between the technical support groups and the field services group in evaluating the impact of technical problems by clients using Computer Associates technology. Coordinated recovery services plans, which included bringing technical resources on site. Provided information regarding new software products /upgrades, and scheduled technology day at the client site.

Confidential

System Security Administrator Consultant

Performed users' security administration for the network, mainframe and other proprietary systems. Resolved systems access problems for invalid user ID's, login issues and passwords for the network and the mainframe.