Richard A. Tello abh54i@r.postjobfree.com
**-**** ***** ***** *****, Jersey City, New Jersey 073**-***-***-
5678
Information Security & Risk Management
Proven IT Security and Risk Management Professional with Security+
certification and pending CISSP. Proven ability to aid in development of
highly effective security policies, procedures, and business / technical
infrastructure as well as managing related regulatory compliance issues.
Experienced in managing teams of 5-30, including local, remote, and
offshore / outsourced teams in India. Results-driven professional with
exceptional communication and team leadership skills who thrives on high-
pressure decision-making.
Areas of expertise include:
Information / IT IT Security Policies and Identity & Access
Security Procedures Management
PCI Data Security Risk Assessment / Risk Regulatory Compliance
Standard Management
SOX 404, SAS 70 Data Integrity, Business Impact Analysis
Audits Classification, & Recovery
NIST, COBIT, ISO Access Recertification & Network & Systems
17799 Remediation Security
Professional Experience
Yeshiva University, New York, NY
PCI-DSS Consultant - Internal Audit, June 2010 - August 2010
. Conducted Compliance Risk Assessment of the cardholder data environment.
. Conducted Payment Card Industry (PCI) Data Security Standard (DSS) Self-
Assessment.
. Reviewed Payment Applications for compliance with the Payment Application
Data Security Standard (PA-DSS).
. Advised on successful submission of Attestation of Compliance.
. Advised on Report of Compliance.
. Formulated roadmap and strategy to achieve compliance by remediation of
identified deficiencies and procedural improvements.
CIT Group Inc, Livingston, NJ
Project Manager / IT Security Consultant - Information Security Department,
Sept 2009 - June 2010
. Managed Enterprise Privileged Access Project as part of Sarbanes-Oxley
Section 404 (SOX 404) compliance initiative.
. Led comprehensive Privileged Access audit to conduct gap analysis related
to regulatory compliance.
. Developed and implemented standardized Privileged Access request process
and automated request approval workflow.
. Contributed to design planning for Active Directory Role Based Access
Control (RBAC) framework, that satisfied NIST (National Institute of
Standard & Technology) requirements.
. Designed framework for establishment of Privileged Access governance.
. Provided updates to corporate project management team for project review
meetings.
. Effectively interfaced with Legal / Compliance and Internal Audit
departments.
Town Sports International, New York, NY
Information Security Analyst - Information Security Services, June 2008 -
January 2009
. Researched, analyzed and recommended software and security application
solutions for PCI DSS Compliance for 160 club locations and Data Center.
. Effectively interfaced with Information Technology (IT) staff and end-
users regarding development of security specifications and end-user
security awareness.
. Drafted, modified processes and procedures to resolve security problems
resulting in a high level of security.
. Installed security updates, patches, fixes, for servers/workstations and
devices.
. Served as technical liaison with third party vendors.
. Provided technical assistance to IT staff in the detection and resolution
of security problems.
. Researched business requirements and evaluated vendor products and
services.
. Effectively communicated and reported issues, status, and results to
senior management
. Contributed to successful implementation and maintenance of information
security requirements related to Disaster Recovery and Business
Continuity.
. Coordinated sub projects as assigned and prioritized by management.
. Participated in system testing activities.
JPMORGAN CHASE, Jersey City, NJ
Wintel Security Analyst Level II - Risk and Security Management, November
2007 - March 2008
. Hand-picked from among pool of regional Team Leaders for creation of high
level team of five security professionals developing global security
standards, policies, and procedures for new globalization restructure
spanning Asia, Europe, and North America.
JPMORGAN CHASE and IBM Global Services Jersey City, NJ
Information Security Analyst-Lead - Identity & Access Management, December
2002 - October 2007
. IBM Global Services- January 2003-January 2005 (IBM / CHASE Outsourcing
Agreement)
. Promoted to train and manage geographically dispersed teams (onshore and
offshore) of 30 security and risk management professionals located in New
Jersey, Florida, and India using Citrix MetaFrame.
. Oversaw information security, systems security, and physical access
security for 50+ Intel Environments with 200,000+ user accounts across
Novell, NT, Active Directory, and Notes Platforms.
. Traveled to India twice to develop / present security training to
outsourced security staff of 20.
. Ensured compliance with IT Control Policies and Standards, identified and
mitigated risks and implemented procedures that achieved successful audit
ratings.
. Oversaw Information Risk Analysts in conducting more than 100 annual risk
assessment reviews.
. Led comprehensive analysis of privileged supervisor access, which
identified substantial gaps.
. Collaborated with Vulnerability and Recertification Groups on semiannual
access re-certifications.
. Worked with internal and external auditors on in-depth internal SAS 70
and SOX audits.
. Reduced budget by semi-automating offboarding of terminated users.
. Provided guidance to IT & Business management on information risk and
control.
. Coordinated risk assessment of Gap Remediation Projects and project
deliverables.
. Trained / managed staff of 20 ensuring compliance with regulations,
standards, and customer needs.
. Developed and implemented standards for network security issues such as
access management, including formal escalation and SLA and establishment
of 24x7 administration.
. Enforced IT Control Policies and Standards and managed LAN Security and
Remediation Group for Wholesale Line of Business throughout JPMorgan
Chase.
. Investigated and prevented unauthorized access of supported environments;
oversaw administration of user, special purpose (functional), privileged,
and emergency accounts.
. Enforced compensating controls to minimize security risk; implemented
privileged access process.
. Conducted gap analysis on environments to identify security gaps and
managed several gap remediation projects; aided IT Risk Management with
internal and external security audits.
. Implemented information management database to track users across all
supported environments.
. Named subject matter expert (SME) on Information Security policies and
standards across Intel environments and participated in several security-
related projects / initiatives owned by IT Risk Management, Global
Technology, and Lines of Business.
JPMORGAN CHASE, New York, NY
LAN Administrator - Investment Bank/Global Security Operations Management,
October 2000 - November 2002
. Started as merger related consultant.
. Rapidly hired and promoted to lead administrator on security team
providing user account and group administration on multi-platform
(Windows and Novell) operating systems.
. Handled user and group account creation, deletion, password and account /
station restrictions and access privileges.
. Provided Lotus Notes user administration.
. Reviewed and archived security logs with Event Viewer; maintained
monitoring system and ran server reports using 3rd party products
(Bindview, Logcaster, Kane Securities, etc.).
. Troubleshot file permissions and application issues using Timbuktu.
. Effectively partnered on Disaster Recovery Testing with both line of
business and technology groups, ensuring smooth cutover from production
to disaster recovery mode.
. Involved in 10 migration / transition projects to standardize access
across businesses / geographies.
Education & Training
HUDSON COMMUNITY COLLEGE
- Bachelor of Science (BS) - Management Information Systems (MIS),
(currently pursuing)
. Honors & Awards: 3. 9 GPA ~ Honors Graduation Track ~ PHI THETA KAPPA
International Honor Society
CHUBB INSTITUTE - Computer Technology Diploma
COMPTIA - A+ Certified ~ Security+ Certified
CISSP - CISSP Certification Pending (Boot camp completed)
INFORMATION SECURITY & SYSTEMS SECURITY TRAINING
Risk Management for IT Technology Usage Information Protection
Professionals Practices
IT Risk Management Policies & Sarbanes-Oxley Encryption &
Standards (SOX) Cryptography
PKI / Smart Cards Anti-money
Laundering
MANAGEMENT TRAINING
Preventing Workplace Customer Loyalty Leading Service
Harassment Excellence
Emotions - Problems or Effective Use of Presenting Yourself
Solutions Questions Positively
The Management People Series Listen To Understand Professional
for T&O Communication
Handling Challenging Setting Objectives Effective Leadership
Situations
Technical Skills
Windows (3.X / 9X / NT / XP), Active Directory AD, Novell (3.X, 4.X, 5, 6-
eDirectory), Apple Mac OS X, DOS, TCP/IP, Ethernet, TokenRing, VPN,
Symantec Bindview, ITA, ESM, LT Auditor, Console One, NWAdmin, User
Manager, Server Manager, DameWare, NetlQ, DRA Directory & Resource
Administrator, Active Directory Management Consoles, MMC, Hyena, DumpSec,
Word, PowerPoint, Excel, Access, Project, Peregrine Service Center,
QualysGuard PCI platform, PatchLink Lumension Security, Imprivata OneSign
Single Sign-On (SSO)
References Available on Request