As the Security Manager, I exercise day to day management and communication with various leads, engineers, and contract resources. Set priorities and manage innovative expectations among competing goals and organization objectives during creation of a continuous security program. Carry out supervisory duties, such as overseeing the creation of Information Awareness Training, Vulnerability Scanning Program an implementation of Identity Access Management across the enterprise. Research and implement leading technologies such as CyberArk and Beyond Trust to incorporate a solid IAM program to meet HIPAA, PII and SOX compliance. Lead in all matters relating to the assessing of the NIST Framework and FEDRamp within the cloud environment, including setting expectations and collaborating department personnel. Provide leadership in cloud security research and implementation of technical solutions necessary to meet emerging issues and future Office needs, such as Cyberark, CSAM, and Nessus Security Center. Provide effective leadership and coordination in assisting the Division Chief with establishing the branch through implementation of the Risk Management Framework. Maintain and implementation of the NIST Framework in the Cloud environment. Spearhead the stand-up of yearly programs instituted along with training tailored to the environment to promote Security Hygiene. Example: Security Awareness month, Incident Response Plan (IRP), monthly Vulnerability and Compliance scanning program of Program Office hosted assets, daily assessments of Judiciary safeguards, and successful completion of multiple System Security Plans. KEY ACHIEVEMENTS ♦ Acknowledged for Superior Performance - award presented by Administrative Office of the United States Courts.
- Information Security Manager at Blanchard Technologies
- Information System Security Officer at ISSO
- Senior Information Policy and Privacy - Consultant at National Security Systems
- IT Security Systems - Consultant at Federal Bureau of Investigations (FBI), Terrorist Screening Center
4 years, 1 month at this Job
- Associate - Business
• Coordinated/conducted Information Security Assistance Visits (SAV) of all 65 collateral buildings under JTF GTMO control and provided recommendations to ensure compliance with Department of Defense and command policies.
• Manages 2400 access accounts in Intrusion Detection System (IDS) for personnel requiring access into collateral facilities.
• Manages Information Security program for JTF-GTMO 2400+ personnel; instilling and continuing awareness of security requirements via weekly Public Service Announcements
• Responsible/Coordinate Badging for all JTF Personnel, Visitors, and Foreign National personnel requiring Base Access
• Vetted 1500 Personnel via Joint Personnel Adjudication System (JPAS) to ensure Security Clearances are in compliances for Base access requirements.
• Revamped Initial Security Manager's Orientation/Training for all personnel that supports their respective Security Manager Programs, lauded by personnel attending training.
• Responsible for reviewing all unclassified transmissions for potential classified data spillage
- Information Security Manager at Veritiss LLC
- Test Administrator at Department of Army Military Entrance Testing Facility
- Industrial Security Representative at Lockheed Martin
- Security Specialist/Emergency Management/Law Enforcement Specialist at United States Air Force
9 months at this Job
- Bachelor of Science of Management - Management
- - Technology
- Masters of Science in Management - Homeland Security
• Establish & leading the corporate Information Security Program in marketing space.
• Leading & implementing EU GDPR Compliance Program, scoping and requirements, risk and impact, and governance.
• Management & Committee meetings for Risk Planning & Management.
• Building, planning, implementing & reviewing information security policies, procedures & guidelines.
• Conduct baseline Risk Assessments for existing systems, create Vulnerabilities & Threat Matrices, Application & Database Security Assessment, and PIAs.
• Establish, Enforce & Maintain Security Policies using NIST 800-53 Revision 4 Framework & EU GDPR. o NIST 800-30 Revision 1 for Risk Management o NIST 800-53 Revision 3 & 4 for identifying Security Controls o NIST Cybersecurity Framework 1.0/1.1, ISO 27001/2/5 o FIPS 199, FIPS-200, NIST 800-60 for system categorization o FISMA, NIST 800-18 for System Boundary & Control Analysis o General Data Protection Regulation (GDPR) - Article 23, Article 30, Article 32, Article 33 o EU-US Privacy Shield
• Experience in Governance Frameworks - COBIT 5.0.
• Identify and establish requirements for compliance - ISO 27001/2, PCI DSS, EU GDPR.
• Experience in overlaying controls between frameworks such as NIST 800-53, ISO 27001/2, CSC controls.
• Experience in evaluating risk and security controls for Cloud Environment using FedRAMP, NIST 800-144, and NIST 800-53.
• Evaluating and making recommendations for Monitoring & Analyzing tools - IDP/IPS systems, cloud environments, etc.
• Establish guidelines to protect PII and Medium Business Impact (MBI) data using NIST 800-122.
• Guiding development teams towards Secure Development Methodologies - Microsoft's SDL, OWASP SDLC and ISO 27034 for Application Security.
• Setup & Implement Business Continuity & Disaster Recovery Plan and Maintaining High- Availability (HA) environments.
• Enforce Database Security for protecting PII & Medium Business Impact data - Access Management, Database Roles, Ports & Firewall configuration.
• Experience working with geo-spread and cross-cultural teams.
• Training and Documentation including data flow, process documents.
• Extensive experience in Agile & SCRUM methodology.
- INFORMATION SECURITY MANAGER at CATALYSIS LLC
- INFORMATION SECURITY MANAGER INTERN at PORT OF TACOMA
- DATABASE ADMINISTRATOR at INVESTED
- OPERTATIONS RESEARCH ANALYST at THRIFTBOOKS LLC
6 years, 7 months at this Job
- MASTER - CYBERSECRUITY & LEADERSHIP
- MASTER - COMPUTER APPLICATIONS
• Manage the Litigation Hold process
• Provide Information Security advisory services to Legal, HR and Privacy teams
• Lead Security Investigation activities
• Identify and analyze logs and evidence
• Secure and preserve evidence, both physical and logical
• Cooperate with internal and external stakeholders to lead global Forensics and Investigation process
• Propose and implement improvements to the landscape of technical security safeguards, including technologies, systems and associated processes and procedures
• Develop and document operational procedures and metrics in relation to activities carried out by the team
• Utilize information security technical safeguards and associated procedures, analyzing output and producing relevant management information reports for further improvements in the security safeguards landscape, including vulnerability assessment and threat intelligence
• Contribute to effectiveness of the Information Security Operations team by providing expert analysis and input to incident identification, response, resolution, and post-incident investigations
• Operate information security system components including firewalls, endpoint detection and response, intrusion prevention, malware and data leakage prevention, vulnerability management, access control, event monitoring and other
- Information Security Manager at IQVIA
- Adjunct Instructor at Harvard University
- Adjunct Instructor Cybersecurity & Digital Forensics at Guilford College
- Adjunct Instructor Cybersecurity & Digital Forensics at American Public University / American Military University
3 months at this Job
- Master's Degree - Cybersecurity / Forensics and Intelligence
- Bachelor's Degree - Criminal Justice
- associates degree in computers and information technology - Criminal Justice
Governance Risk and Controls
• IT Risk manager for 350+ applications including 3rd party, in-house and web applications
• Identify mitigating and technical solutions to identified risk and controls gaps
• Provide consultation with application and engineering teams to develop risk applications
• Guided the development and project management teams for new analytics and reporting tool
• Collaborated with other risk management teams to drive new control and data governance model
• Provide risk direction in ensuring confidentiality, integrity and availability for data within the firm
• Lead and performed information technology risk, SOX, and PCI assessments
• Consulted on IT risk with network/firewall, security operations and other cyber teams
• Managed issues and remediation activities to address technology risk for the firm
• Conducted root cause analysis for issues and cyber risks
• Developed analytics for information security risks identified throughout the firm
• Present regularly to both line of business and firmwide C-level management on risk/cyber
• Collaborated with cyber and line of business for responding to regulatory and audit requests
• Review both requests for information and evidence for appropriateness and completeness
• Coach/Mentored junior employees in information risk and cybersecurity
• Built and repaired relationship between the lines of business and internal audit
• Face off with internal audit and subject matter experts for audit and regulatory responses
• Review all Cyber speaking engagements for compliance with JPMC policy
• Created standard operating procedures and training for cyber audit function
• Lead cybersecurity training for teachers, students and parents
• Lead line of business in Identity and Access Management projects
• Collaborated with other risk managers to mitigate regulatory concerns
• Drove development of new policies, standards and procedures for regulatory requirements
• Consulted and managed third party and vendor technology risk identification
- Vice President - Information Security Manager at JP Morgan Chase & Co
- Senior Manager, IT Audit and Assurance at Elliott Davis, LLC
- IT Manager at Alcoa - Gila River Operations (Pimalco)
- Information Technology and Accounting Assistant at Misty Mate Inc
7 years, 7 months at this Job
- Doctorate - Business Administration - Information Security
- MS Information Technology - Information Technology
- BS - Information Technology
- - Accounting
Responsible for developing and managing the Information security program enhance the overall security posture of a rapidly growing organization.
● Assist with development and establishing strategic and long-range and direction for the Information Security team
● Manage and operate the incident management program and drive continuous improvement and maturity
● Formulate security recommendations and manage the implementation of security initiatives
● Implement security best practices in the areas of applications, infrastructure, desktops, mobile devices and virtual environments
● Perform hands-on support for a wide range of security technologies including, but not limited to: SEIM, IDS/IPS, HIDS, malware analysis and protection, content filtering, logical access controls, identity and access management, data loss prevention, content filtering technologies, application firewalls, vulnerability scanners, security incident response tools
● Establish (analyze, define, prioritize and implement) an efficient framework of repeatable, scalable processes for a dynamic, centralized IT organization servicing multiple business units. (Such as ISO27001, NIST).
- Information Security Manager at MiMedx Inc
- Sr. Information Assurance Engineer (Risk Validation | Information Assurance) at Aarons
- Security Architect at Norfolk Southern
- Senior Associate IT Risk & Security Assurance at PricewaterhouseCoopers
2 years, 7 months at this Job
- Doctor of Information Technology - Information Technology
- Master of Information Systems - MIS
- Bachelor of Science in Information Technology - Information Systems Security
• Own strategic direction on InfoSec compliance for the region/countries assigned and identify continuous improvement opportunities.
• Lead the development of a comprehensive information security risk-based program that will identify appropriate security controls for the environment.
• Identify, assess, and prioritize IT risks to corporate data and systems, including external threats, cyber-crimes, internal threats and third-party risks.
• Advise relevant stakeholders on the appropriate courses of action to mitigate or eliminate risk.
• Establish annual and long-range security and IT compliance goals Define security strategies, metrics, reporting mechanisms and program services, creating maturity models and a roadmap for program improvements.
• Provides strategic vision and lead a team of analysts responsible for reviewing IT risk across the bank.
• Work with IT Management, Enterprise Risk Management, Vendor Management, Information Security Operations, Internal Audit and Business Lines to ensure alignment and that Information Security and IT Governance are appropriately incorporated into all areas of the enterprise.
• Ensure readiness for internal and external audits, and regulatory examinations relating to Information Security and IT risk compliance.
• Provide regular reporting on the status of the information security and IT risk compliance programs to enterprise risk, senior business leaders and the board of directors
• Lead the implementation of Third Party Risk Management with the ENX TISAX assessment process mandated by the German VDA.
• Ensure compliance to the Information Security Management Framework and the underlying policies, procedures, guidelines & standards
- Information Security Manager (LISO) at Porsche Cars North America
- Director Digital Security Governance, Risk & Compliance at Assurant, Inc
- Sr. Information Security Program Manager at Intercontinental Hotels Group
- Senior Information Security Program Manager at Macy's Systems and Technology
5 months at this Job
- BS in Computer Engineering Technology - CISM-Certified Information Security Manager
- MBA - Business Administration
Communicated 50,000 privileged accounts with champions, account owners to remediate privileged accounts by onboarding to EPV AIM, Break Glass, HRA or Monitor Interim. Monitored Corporate Technology access management email inbox and provided day-to-day direction and support to account owners and champions.
• Monitored and executed ITRC (Information Technology Risk Central) breaks for non-remediated privileged accounts approaching SLA (60 days for Shared Interactive, 180 days for Non-Human and Hybrid accounts) to keep privileged accounts compliant within audit requirements. This triggered automated report to senior leadership team to action for quicker resolution.
• Re-designed Corporate Technology Access and Identity Management SharePoint and automated reports by creating excel macros by creating SharePoint dashboards to project information and daily metrics for reporting purposes.
• Maintained and executed Corporate Technology Identity and Access Management database (Microsoft Access) consisting details of 85000 privileged accounts and generated remediated and non remediated accounts report.
• Identified and assigned missing owners to non remediated privileged accounts in ALM (Account Life Cycle Management) based on ownership assigned in remediated accounts, this helped to identify account owners and held them responsible to onboard privileged accounts to EPV.
• Created and maintained Corporate Technology Application Portfolio and Dashboard consisting 1000+ applications.
• Retrieved data from SEAL (Standard Engineering and Architecture Library) and reconciled Corporate Technology application portfolio by tracking additions/removals and monitored application state i.e. 'Plan', 'Build', 'Operate', and 'Retired' on weekly basis.
• Partnered with application owners to upgrade 16 Corporate Technology EPV-AIM0 QA and Production providers to latest version (9.10) to seamlessly support app2app (Non-Human) privileged access during the transition from PAM infrastructure to Sophia Kerberos. This upgrade maintained the connectivity between application and provider to retrieve password from the vault, keeping application accessible at an enterprise level.
• Initiated delete requests for non-remediated privileged Single User Secondary accounts prior to SLA to avoid application and infrastructure breach.
• Created training documentation for IDCert team and functioned as a backup manager.
• Designed, implemented and maintained Corporate Technology application onboarding portfolio in SharePoint that tracked application onboarding status. This tool eliminated multiple spreadsheets used across the team (US and India), and served as a centralized tool to update and track application attribute changes.
- Information Security Manager (Cybersecurity at JPMORGAN CHASE-POLARIS
- at JPMORGAN CHASE-POLARIS
- Business Analyst at JPMORGAN CHASE-POLARIS
- Branch Operations Analyst IV-Chase Private Client at JPMORGAN CHASE-POLARIS
2 years, 2 months at this Job
- Bachelors of Arts - (BA) Economics
• Ensure data integrity, confidentiality and availability of information as well as creating controls on how data is processed by the organization.
• Conduct Threat, Risk Assessments and IT Security reviews to assess business and technology risks within the enterprise.
• Establish metrics and analytic reporting including Monitoring, Incident Response, and Log Management.
• Implement tools to aid in the analysis, discovery, and organizational control of user access and behavior across a complex countrywide network environment.
• Research and utilize the most advanced tools for improving security. Track new developments in rapidly changing information security field and threat landscape.
• Manage internal teams and technical groups in the development and implementation of security strategies and polices to secure internal processes.
• Manage security assessments and governance of third party providers.
• Drive enterprise compliance for PCI-DSS, and multi-state gaming regulations and compliance initiatives.
- Information Security Manager at Affinity Gaming
- Data Director at An Amazon Company
- Information Risk Management Senior Consultant at ALLSTATE INSURANCE
- Systems Consultant at ePLURIBUS
1 year, 1 month at this Job
- Bachelor of Science in Communication - Communication
• Collaborated with senior executives to design, develop, and implement a $13M high availability IT infrastructure (C5ISR) project over the course of 18 months. The solution and final product had both a secondary and tertiary business continuity plans that involved a complex integration of SATCOM, RF, and IP services that provided seamless interruption. This project utilized a combination of proprietary military and commercial hardware/software. Even with the complexity of ensuring high availability it still met all NSA and NIST requirements for security through authorization and accreditation (A&A).
• Information Systems Security Officer (ISSO) post project deployment; prepared local and conveyed global policy, directives, and instruction to high-level customers in an agile environment. Document requirements, define scope and objectives, formulate processes, and develop business cases to ensure overall customer goals and strategies are being met during ongoing changes in mission requirements. Responsible for information assurance oversight, operations/maintenance, training, and compliance for end users.
• Afloat Forward Staging Base (AFSB) Communications Program Manager: Oversaw multiple IT projects across all phases and responsible for managing all resources including budget, equipment, and personnel. Led strategic planning and developed POAM’s for future growth. Developed and implemented a new training pipeline and associated standard operating procedures and policies. Participated in events to test and incorporate bleeding edge technology into our program and develop Authority to Operate (ATO) packages. Oversaw the Special Operations Forces (SOF) communication integration team onboard the new AFSB Expeditionary Mobile Base (ESB) platform built specifically for SOF use.
- Information Security Manager | Program Manager at U.S. Naval Special Warfare
- Senior Network Engineer/Security | Instructor at U.S. Naval Special Warfare
- Site Operations Manager at U.S. Navy
4 years, 2 months at this Job
- Masters of Science - Cybersecurity - Information Technology Management
- Bachelor's - Business - Management of Information Systems