Richard A. Tello abh54i@r.postjobfree.com

**-**** ***** ***** *****, Jersey City, New Jersey 073**-***-***-

5678

Information Security & Risk Management

Proven IT Security and Risk Management Professional with Security+

certification and pending CISSP. Proven ability to aid in development of

highly effective security policies, procedures, and business / technical

infrastructure as well as managing related regulatory compliance issues.

Experienced in managing teams of 5-30, including local, remote, and

offshore / outsourced teams in India. Results-driven professional with

exceptional communication and team leadership skills who thrives on high-

pressure decision-making.

Areas of expertise include:

Information / IT IT Security Policies and Identity & Access

Security Procedures Management

PCI Data Security Risk Assessment / Risk Regulatory Compliance

Standard Management

SOX 404, SAS 70 Data Integrity, Business Impact Analysis

Audits Classification, & Recovery

NIST, COBIT, ISO Access Recertification & Network & Systems

17799 Remediation Security

Professional Experience

Yeshiva University, New York, NY

PCI-DSS Consultant - Internal Audit, June 2010 - August 2010

. Conducted Compliance Risk Assessment of the cardholder data environment.

. Conducted Payment Card Industry (PCI) Data Security Standard (DSS) Self-

Assessment.

. Reviewed Payment Applications for compliance with the Payment Application

Data Security Standard (PA-DSS).

. Advised on successful submission of Attestation of Compliance.

. Advised on Report of Compliance.

. Formulated roadmap and strategy to achieve compliance by remediation of

identified deficiencies and procedural improvements.

CIT Group Inc, Livingston, NJ

Project Manager / IT Security Consultant - Information Security Department,

Sept 2009 - June 2010

. Managed Enterprise Privileged Access Project as part of Sarbanes-Oxley

Section 404 (SOX 404) compliance initiative.

. Led comprehensive Privileged Access audit to conduct gap analysis related

to regulatory compliance.

. Developed and implemented standardized Privileged Access request process

and automated request approval workflow.

. Contributed to design planning for Active Directory Role Based Access

Control (RBAC) framework, that satisfied NIST (National Institute of

Standard & Technology) requirements.

. Designed framework for establishment of Privileged Access governance.

. Provided updates to corporate project management team for project review

meetings.

. Effectively interfaced with Legal / Compliance and Internal Audit

departments.

Town Sports International, New York, NY

Information Security Analyst - Information Security Services, June 2008 -

January 2009

. Researched, analyzed and recommended software and security application

solutions for PCI DSS Compliance for 160 club locations and Data Center.

. Effectively interfaced with Information Technology (IT) staff and end-

users regarding development of security specifications and end-user

security awareness.

. Drafted, modified processes and procedures to resolve security problems

resulting in a high level of security.

. Installed security updates, patches, fixes, for servers/workstations and

devices.

. Served as technical liaison with third party vendors.

. Provided technical assistance to IT staff in the detection and resolution

of security problems.

. Researched business requirements and evaluated vendor products and

services.

. Effectively communicated and reported issues, status, and results to

senior management

. Contributed to successful implementation and maintenance of information

security requirements related to Disaster Recovery and Business

Continuity.

. Coordinated sub projects as assigned and prioritized by management.

. Participated in system testing activities.

JPMORGAN CHASE, Jersey City, NJ

Wintel Security Analyst Level II - Risk and Security Management, November

2007 - March 2008

. Hand-picked from among pool of regional Team Leaders for creation of high

level team of five security professionals developing global security

standards, policies, and procedures for new globalization restructure

spanning Asia, Europe, and North America.

JPMORGAN CHASE and IBM Global Services Jersey City, NJ

Information Security Analyst-Lead - Identity & Access Management, December

2002 - October 2007

. IBM Global Services- January 2003-January 2005 (IBM / CHASE Outsourcing

Agreement)

. Promoted to train and manage geographically dispersed teams (onshore and

offshore) of 30 security and risk management professionals located in New

Jersey, Florida, and India using Citrix MetaFrame.

. Oversaw information security, systems security, and physical access

security for 50+ Intel Environments with 200,000+ user accounts across

Novell, NT, Active Directory, and Notes Platforms.

. Traveled to India twice to develop / present security training to

outsourced security staff of 20.

. Ensured compliance with IT Control Policies and Standards, identified and

mitigated risks and implemented procedures that achieved successful audit

ratings.

. Oversaw Information Risk Analysts in conducting more than 100 annual risk

assessment reviews.

. Led comprehensive analysis of privileged supervisor access, which

identified substantial gaps.

. Collaborated with Vulnerability and Recertification Groups on semiannual

access re-certifications.

. Worked with internal and external auditors on in-depth internal SAS 70

and SOX audits.

. Reduced budget by semi-automating offboarding of terminated users.

. Provided guidance to IT & Business management on information risk and

control.

. Coordinated risk assessment of Gap Remediation Projects and project

deliverables.

. Trained / managed staff of 20 ensuring compliance with regulations,

standards, and customer needs.

. Developed and implemented standards for network security issues such as

access management, including formal escalation and SLA and establishment

of 24x7 administration.

. Enforced IT Control Policies and Standards and managed LAN Security and

Remediation Group for Wholesale Line of Business throughout JPMorgan

Chase.

. Investigated and prevented unauthorized access of supported environments;

oversaw administration of user, special purpose (functional), privileged,

and emergency accounts.

. Enforced compensating controls to minimize security risk; implemented

privileged access process.

. Conducted gap analysis on environments to identify security gaps and

managed several gap remediation projects; aided IT Risk Management with

internal and external security audits.

. Implemented information management database to track users across all

supported environments.

. Named subject matter expert (SME) on Information Security policies and

standards across Intel environments and participated in several security-

related projects / initiatives owned by IT Risk Management, Global

Technology, and Lines of Business.

JPMORGAN CHASE, New York, NY

LAN Administrator - Investment Bank/Global Security Operations Management,

October 2000 - November 2002

. Started as merger related consultant.

. Rapidly hired and promoted to lead administrator on security team

providing user account and group administration on multi-platform

(Windows and Novell) operating systems.

. Handled user and group account creation, deletion, password and account /

station restrictions and access privileges.

. Provided Lotus Notes user administration.

. Reviewed and archived security logs with Event Viewer; maintained

monitoring system and ran server reports using 3rd party products

(Bindview, Logcaster, Kane Securities, etc.).

. Troubleshot file permissions and application issues using Timbuktu.

. Effectively partnered on Disaster Recovery Testing with both line of

business and technology groups, ensuring smooth cutover from production

to disaster recovery mode.

. Involved in 10 migration / transition projects to standardize access

across businesses / geographies.

Education & Training

HUDSON COMMUNITY COLLEGE

- Bachelor of Science (BS) - Management Information Systems (MIS),

(currently pursuing)

. Honors & Awards: 3. 9 GPA ~ Honors Graduation Track ~ PHI THETA KAPPA

International Honor Society

CHUBB INSTITUTE - Computer Technology Diploma

COMPTIA - A+ Certified ~ Security+ Certified

CISSP - CISSP Certification Pending (Boot camp completed)

INFORMATION SECURITY & SYSTEMS SECURITY TRAINING

Risk Management for IT Technology Usage Information Protection

Professionals Practices

IT Risk Management Policies & Sarbanes-Oxley Encryption &

Standards (SOX) Cryptography

PKI / Smart Cards Anti-money

Laundering

MANAGEMENT TRAINING

Preventing Workplace Customer Loyalty Leading Service

Harassment Excellence

Emotions - Problems or Effective Use of Presenting Yourself

Solutions Questions Positively

The Management People Series Listen To Understand Professional

for T&O Communication

Handling Challenging Setting Objectives Effective Leadership

Situations

Technical Skills

Windows (3.X / 9X / NT / XP), Active Directory AD, Novell (3.X, 4.X, 5, 6-

eDirectory), Apple Mac OS X, DOS, TCP/IP, Ethernet, TokenRing, VPN,

Symantec Bindview, ITA, ESM, LT Auditor, Console One, NWAdmin, User

Manager, Server Manager, DameWare, NetlQ, DRA Directory & Resource

Administrator, Active Directory Management Consoles, MMC, Hyena, DumpSec,

Word, PowerPoint, Excel, Access, Project, Peregrine Service Center,

QualysGuard PCI platform, PatchLink Lumension Security, Imprivata OneSign

Single Sign-On (SSO)

References Available on Request

Contact this candidate