Post Job Free

Resume

Sign in

Security Customer Service

Location:
Ludlow, MA
Posted:
October 05, 2013

Contact this candidate

Resume:

Kathleen Lynch, CISA, CISSP, CRISC

Cell: 508-***-****

Westborough, MA ab9wqk@r.postjobfree.com

IT Security & COMPLIANCE SPECIALIST

C&A . Risk Management . Vulnerability Mitigation . Security Technologies .

Privacy

Technical Certifications

CISSP (Certified Information Systems Security Professional)

CISA (Certified Information Systems Auditor)

CRISC (Certified in Risk and Information Systems Control)

ISO/IEC Prov Lead Auditor

National Security Agency (NSA) IAM Certification

National Security Agency (NSA IEM Certifications

Tivoli Certified Solutions Expert

IBM On Demand Business -Solution Advisor Certification

Websphere Portal V5.0 Deployment and Admin Certification

Sametime Instant Message and Web Conference Admin Certification

Lotus Notes & Domino System Administration Certification

versions: 4, 5, 6, 7

Lotus Notes & Domino Development Certifications versions: 4, 5,

6, 7

IBM Certified Deployment Professional

Six Sigma Green Belt

IBM SOA OnDemand eBusiness Certification

IBM Secureway Firewall for AIX Certification

DOD 8570 certified SECRET Clearance

Summary

An accomplished professional with a Secret clearance and with proven

expertise in Information Assurance, Information Security, IT Audit, and

risk management. Exemplary record in reducing security vulnerabilities,

mitigating business risks, and improving efficiencies. Adept at working

across all levels of an organization and communicating with multiple

departments and levels of management in order to resolve technical and

procedural risks.

Qualifications

IT Security Risk Management Security Technologies

. FISMA Audits . Risk Assessments . Access Control Systems

. ISO 27001 Audits . Vulnerability

. Log Analysis Mitigation . Network architectures

. CCRI Audits . Countermeasure Plans . Forensics and Incident

. SAS 70 Response

. Mobile Device Security . Threat Analysis . ID Credentialing and

. Standards & Policy . Patch Management Badging

Development. . Supply Chain . Network Evaluation

. HIPAA Methodologies

. Virtualization Security

. Cloud Computing and Big

Data

Bootcamps, Training, and Conferences

Intrusion Detection 20 Critical IT Controls

Computer Forensics & Response

Privacy Academy Ethical Hacking SOX 404

Virtualization Security CCNA Boot camp Log

Management In Depth

Auditing the Perimeter Tripwire Mobile Device

Security

NIST Big Data Meta-Data Tags PCI Data

Security Standards

NIST Cloud Security WG ID Trust Supply Chain

Security

Professional Experience

FIS (Fidelity National Information Services)

2013 - Present

St. Petersburg, FL

Information Security/ Compliance Specialist

Primarily involved with Information Security, Risk Management, Security

Configuration Management, Incident Detection, Incident Response,

Operational Intelligence, PCI- DSS, SSAE- 16.

Works with stakeholders to develop and implement a framework consistent

with standards, guidelines and best practices

Acts as a day-to-day liaison between business SME's and technical teams.

SMEs are business units. Technical teams include FIS - in house IT,

Rackspace (outsourced data center) and other

Outsourced vendor teams.

Acts as a day-to-day liaison between external auditors (customer auditors)

and technology teams.

Works closely with SME's in the definition, testing, implementation, and

support of functional requirements.

Gathers requirements, translates requirements into implementation "use

cases" documents and technical specifications.

Creates documentation for day-to-day operations with Tripwire, creates PCI-

DSS and other reports

US AIR FORCE Hanscom AFB Bedford, MA

Dec 2009 to Jan 2013

DCGS Multi-Execution Office (DMO)

ESC Air Operations Center AOC)

ESC Family of Gateways (FOG)

Information Assurance Manager (IAM)

Provided information security analysis and information assurance services

for the development of Enterprise Software for DCGS program, the DIB

(Distributed Integration Backbone) for DOD and IC Communities. Development

teams used Agile processes for J2EE architectures, SOA, WS- Web services,

REST, Identity Management (IdDAM), Federated Identity (SAML, etc.), SSO,

Policy/entitlements (XACML, etc.), and SOA security. Documented, analyzed

and designed business requirements and software requirements specifications

(SRS) within a formalized SDLC. Recommended process improvement within the

SDLC.

Enterprise Standards working groups, meta-data tagging management, and VOM

identities, data classification structures, cross-domain solutions -- PL-3,

Centaur, used NIST 800- 53 v4, ICD 503, and AFISRA controls. Interviewed,

collaborated, and gathered requirements with "business line" process

analysts (representing all the Services and with the application

developers) while providing feedback for functional specifications

Reviewed flowcharts, Entity Relationship Diagrams (ERD), Dataflow

Documents, (DFD), and schemas

Worked with virtualization, cloud and wireless device implementations,

Chair of DIB (Data Integration Backbone) Compartmented Data Security

Working Group, with goal of PL-3 inter-operability across Services and IC

community. Provides security and information assurance, as well as

education for staff. Participates in ONDI Web Services Security Group and

NIST Cloud Security Working Groups and NIST ID Trust. Working Groups.

Mobile Device Security. Responsible for DCGS Testing Lab C&A, DREN and

DDTE network testing: network management security integration, and

networking protocols. DCGS- I Test bed at China Lake, CA

.

FISMA and CYBERCOM audits, Plans of Action and Milestones (POA&Ms), created

risk remediation plans: Used SecScan, STIGs, Gold Disk, Retina and other

testing media, created classified materials Reviewed PPSM and other DIACAP

artifacts and wrote classified Plans of Action and Milestones (POAMs) and

remediation for findings.

CDRL review: provided feedback to system designers, manufacturers, and

logisticians on the performance of and requirements for improving

performance in the operational environment; and evaluate proposed solutions

for reliability, maintainability, supportability, functionality, and data

integrity.

Provided feedback to system designers, manufacturers, and logisticians on

the performance of and requirements for improving performance in the

operational environment; and evaluate proposed solutions for reliability,

maintainability, supportability, functionality, and data integrity.

Provided security and information assurance education for staff.

Worked with virtualization teams for the global AOCs, cloud C&A. and

implementations, firewall assessments, PPSM / CAL. Provides security and

information assurance education for staff. Participates in NIST Cloud

Security Working Groups and ID Trust. Previously, the IA Manager for 6

different DOD acquisition projects using DIACAP and PIT; and DIACAP IA for

the AOC, an ACAT1 system of systems, encompassing 59 systems, in 26 global

locations.

. Conducted FISMA audits, created risk remediation plans: Used Gold

Disks/ Platinum Disks, STIGs, and other testing media, created

classified and wrote classified Plans of Action and Milestones on

audit findings. Reviewed PPSM and other DIACAP artifacts.

. NSA lead for GEMS; Clinger-Cohen, Program Protection Plan (PPP) and

Critical Program Information (CPI)

. Conducted Vendor initial and exit interviews during site visits, wrote

reports, and classified Plans of Action and Milestones on findings.

. Wrote mitigations and risk reduction for non-compliant features.

Wrote justifications providing necessary evidence/justification for

the statement of residual risks. Wrote UIARs, IATTs, IATOs that led

to ATOs/ATCs.

. Conducted Vendor initial and exit interviews, site visits, wrote

reports, and classified Plans of Action and Milestones on findings.

. Wrote mitigations and risk reduction for non-compliant features.

Wrote justifications providing necessary evidence/justification for

the statement of residual risks. Wrote UIAR, IATTs, IATOs that led to

ATOs/ATCs.

SPECIALIZED COMMUNICATIONS Westborough, MA

1996 - 2007

Owner of a computer/business technology consulting firm. . Coordinated

productive team strategies to organize and manage project personnel,

resulting in reduced project costs.

Below is a chronology of highlights

EMC GLOBAL SECURITY OFFICE Westborough, MA July 05/29

2007 - May 2009

Office of Information Security & Risk Management (OISRM)

Business Information Security Analyst / Risk Manager

EMC Corporation (NYSE:EMC), the world leader in information infrastructure

solutions, reported 2009 revenue of $14 billion. As a member of the Global

Security Office's Information Security & Risk Management (OISRM) team, I

assessed the probability and severity of various global and local threats

to EMC's computing infrastructure. Guided business unit representatives

through EMC's Third Party Access Management (TPAM) process, Merger&

Acquisition process, and recommended Third Party Access (TPA) network

architectures based on requirements of the business and provided Enterprise

Risk Management services. Developed risk remediation programs will

remaining compliant with Sarbanes-Oxley, SEC, PCI DSS.ISO and relevant

compliance and regulatory standards. Participated with the ISO/IE 27001/2

Enterprise Standards group.

Interviewed, collaborated with, and gathered requirements with business

unit process analysts, gathered data for functional specifications and

provided Third Party Access

Conducted risk assessments to identify threats and vulnerabilities; adept

at providing robust countermeasures that result in a strengthened security

posture and reduction of risk for clients.

Identified and implemented relevant business processes and work flows

Communicated with multiple departments and levels of management to resolve

technical and procedural IT security risks.

Maintained Country Threat database (PESTELI analysis) and Country Risk

Control Matrix

Modified business's risky behavior by issuing Risk Letters, Interim

Approval to Operate (IATO) Letters and tracked compliance. Scale: In

addition to employees and contractors, over 5000 Third parties were

involved in 1000 TPA projects; 500 projects were active at a given time.

Some projects involved over 1500+ networked resources.

Applied COBIT, ITIL, Best Practices and EMC Global policy

frameworks/standards to IT environment.

Worked daily with IT Operations re the utilization of: firewalls, ports /

protocols, VPN. etc

Reviewed, developed and wrote IT Standards, Policies and Guidelines for

the EMC Enterprise

PFIZER New London, CT

March 2007 - July 2007

Sr. Business Analyst

Enterprise Analysis, Requirements planning & Management, Requirement

elicitation, Requirements communication, Requirements Analysis &

documentation and solution Assessment & validation.

Built corporate wide risk mitigation and issue resolution guidelines for

project teams

Performed Gap Analysis for new functionality requirements, as well as

prioritized them based on actual business needs so as to align them with

the product release roadmap.

Involved in writing use cases and other design documents like Data Flow

diagrams, and Activity diagrams for better understanding of the system.

Created Process Flow Diagrams, Use Cases, Functional hierarchy diagram,

swim lanes, activity

diagrams, class diagrams and other diagrams using the System architect.

Used Rational Requisite Pro, Microsoft Word, Rational System Architect

OVERTONE SOFTWARE Bethesda, MD

June - Nov 2006

Enterprise Governance, Risk Management, Compliance

Sr. Business Systems Analyst

Spearheaded the IBM platform portion of a GRC start-up which included

Technical pre / post Sales Support, including locally and remotely

demonstrating the archive/ knowledge management/ compliance product.

. RFPs / Solution Designs / Business Process Modeling / Use Cases

. IT Controls / Data Governance / Knowledge Management / Information

Security

. Knowledge of Sarbanes-Oxley, HIPAA, COBiT, FISMA, ISO 27001, GLBA,

Clinger-Cohen Act, etc

. Data Archives / eMail Archives / FRCP.

TERADYNE Boston, MA

January - June 2006

Business Process IT Engineering

Sr. Systems Analyst

After the announcement that IT would be outsourced, there was a snowstorm

of resumes flying out of Teradyne. With a small staff maintained

operations and system administration of a global Enterprise Advanced

Messaging and Collaboration server farm of 35+ servers, until IT was

transferred to the outsourced provider. Mobile Device Management.

Wrote documentation for Knowledge transfer to the outsourced call center

and help desk.

. Digital Signatures and Information Security

. Blackberry / and other mobile device administration and support

. Advanced Messaging and Quality Applications Support

IBM GLOBAL SERVICES

CitiGroup /Met Life Warsaw, Poland 2005

Consultant

Enterprise Messaging and Infrastructure Services

This global project required close integration with ConUS, Singapore and

other project teams around the world to migrate Citigroup Business Units

(Microsoft) to the acquiring company, Met Life (IBM) technologies. As

the sole project person in Poland, I was led a 5 man Polish team to a

successful migration / implementation.

. Secure Messaging and Collaboration

. Information Security

. Training / Consulting

. Support / Migration / Problem Resolution

TJX Framingham, MA

September 2004 - June 2005

Enterprise Quality Messaging Services

Sr. Technical Analyst / Infrastructure Consultant

Integral part of corporate team working on secure advanced messaging

integration, specifically on inter-company /intra-companies' business

units advanced messaging, web conferences, instant messaging and quality

applications.

. Information Security

. Infrastructure Services, Level 3 Support

. Application access controls

. Enterprise Messaging and Quality Apps

RAYTHEON Waltham, MA

January 2004 - August 2004

Enterprise Operations Support /Infrastructure Services

Knowledge Management / Information Security

Sr. Analyst / Enterprise Infrastructure Consultant

Hired to facilitate the solution of secure web conferencing and instant

messaging problem, I was able to fix the network latency issue,

stabilized production environment, and moved the HelpDesk from El

Secundo, CA to Waltham, MA, write/code a HelpDesk database (still in

use), and improve Customer Service by 100%. ITAR and other security

implementations were requirements.

. ITAR Compliance

. Information Security / Knowledge Management

. Information engineering for quality apps

. Collected business requirements

. Help Desk Reporting -Created an Enterprise Level Service Support

ticket application

Computer Associates (formerly NETEGRITY) Waltham, MA January-

2002 - August 2003

Web Security Product Global Technical Support

Resolved customer security product implementation issues and wrote

internal documentation. Provided excellent customer service 98% of the

time.

. Web Security and Policy Server product technical support

. World-wide Technical L3 Enterprise Support

. Developed documentation to support the corporate knowledge base

. Reproduced customer issues

NATIONAL GRID USA - (formerly NEES) Westborough, MA Oct

1999 - Nov 2002

Enterprise Intranet Developer and Infrastructure Implementation

Consultant

Rescued the web-based InfoNet project ( C2 security) which had been

shelved for 3 years due to technical difficulties and organizational

resistance. Was able to successfully deploy the InfoNet product (over

400 databases and 3000 browsers), which was hailed as business essential

and adopted by the acquiring National Grid - UK. Featured for my work in

company newspaper Hailed as a major improvement by acquiring Co, National

Grid- UK, the InfoNet provided secure web access to all internal business

information.

Legacy employee population were unfamiliar with web technologies.

InforNet allowed Content Providers to post to the web without any

training, creating significant savings. LOB managers were able to update

spreadsheets on web for sales force without the I T's intervention.

Creating significant efficiencies, increased business satisfaction, in

addition to cost savings.

Deployed over 400 databases and 3000+ browsers, to create the company's

first intranet.

Due to M&As,the secure web based intranet GUI was redesigned ( 400+

DBs),

Implemented Domain Search to search all databases in intranet securely

Worked with all business units e.g. Retail Marketing, Supply Chain

Management, HR et al to develop business requirement for their web sites

Evaluated program with Customer Satisfaction Surveys

Education

University of MO - Kansas City BA, MA

Harvard Business School PMD

Lowell Institute at MIT

Honors and Awards

Certificate of Recognition NIST Cloud Computing Security

Reference Architecture 2013

NIST Cloud Computing Security Working Group

Member 2011 - Present

NIST Cloud Computing Business Use Cases Working Group

Member 2011 - Present

US Air Force ESC Cyber/Netcentric Directorate LAK Large Team Award

2011

US Air Force ESC Airborne Network Division Outstanding

Engineering Team 2011

US Air Force ESC Airborne Network Division Outstanding Large Test

Team 2010

US Air Force ESC Airborne Network Division Small Team

Information Assurance 2010

SIGMA XI - Honorary Scientific and Engineering - Yale Chapter Now

with MIT Chapter

Organizations / Leadership

Harvard Business School Alumni, Class Secretary -- ongoing

ISACA (Information Systems Audit and Control Association) --

member

ISSA (Information Systems Security Association) -- member

Boston Users Groups (former board member)

ISC2 (Information Systems Certification Consortium) -- member

NIST Cloud Computing Security Working Group

SANS Institute

.



Contact this candidate