Security Information Technology
Resume:
. DAVID B. MCHENRY .
Phone: 425-***-**** (Home) 206-***-**** (Mobile)
E-mail: *****.*******@*******.***
Professional Summary
> Goal-oriented security professional with a demonstrated track record
of leading teams in designing and implementing end-to-end multi
discipline Information Technology solutions.
> 13 years in the Technology and Information Security arenas.
> Problem solver with the ability to accurately assess issues, to
recommend solutions and to execute on the resolution.
> Proficient in SDLC projects using waterfall and iterative development
methodologies
> In depth knowledge of a broad spectrum of information security models
and configuration for key networking and security architectures.
> Familiar with PCI, SOX, GLBA, HIPPA and other Information Security
regulations.
> Proficient in: Active Directory, Check Point Firewall, Websense, EIQ
Event Log, Mazu, Phonesweep, Microsoft and Unix Servers, NetIQ,
Logalot
> Proficient in both Change and Incident Management.
> Believes that good team work has a direct impact on the ability for an
organization to be successful.
Experience
Union Bank (Formerly Frontier Bank)
Information Security Engineer
Everett, WA
May 2010 - Present
As a member of the Enterprise Security (Monitoring) Group I was
responsible for the daily monitoring of various security tools designed
to protect all bank assets at the network, object, data, operating
systems and application levels to reduce the risk to the Bank.
. Responsible for the daily monitoring of various security tools designed
to protect all bank assets at the network, object, data, operating
systems and application levels to reduce the risk to the Bank.
. Managed the end to end change control process for firewall modifications.
. Worked directly with Windows and Unix teams on vulnerability and patch
management assessments.
. Recommended enhancements to existing policies, standards, and
procedures to prevent the unauthorized use, release, modification, or
destruction of data.
. Responsible for securing forensic data and protected it to ensure its
integrity.
. Fulfilled the role as subject matter expert for various security
application and processes.
Frontier Bank
Information Security Analyst II
Everett, WA October 2007
-May 2010
Part of the Operational Risk Management group within a large Northwest
Commercial Bank. Responsible for the implementation of various aspects
within the organizations overall Enterprise wide Information Security
Programs, additionally served as the technical lead on various project
implementations, vendor reviews and security incidents.
. Daily tasks include Information Security oversight of intrusion
syslogs, firewall reviews and conducting vendor Risk Assessments.
Assists other Operational Risk / Security disciplines. Fraud Risk,
BCP/DR, Vendor Risk.
. Responsible for providing Project Management support for corporate
Information Security Team.
. Managed corporate-wide Incident Response Plan.
. Responsible for SAS 70 (Statement on Auditing Standard 70) reviews for
Vendor solutions that Frontier Bank is contracting service for.
. Authored several company wide Information Security Awareness Training
exercises.
. Conducted Vendor Risk Assessments.
. Responsible for maintaining Frontier Bank's acceptable use policies
for corporate email, internet/intranet etc.
. Key team member involved in the RFP (Request for Proposal) process to
select and implement the IDS/IPS (Intrusion Detection System/Intrusion
Prevention System).
Washington Mutual Bank Data Security Technology Analyst II -
Information Technology
Seattle, WA June 2005 - March 2007
Through business reorganization and through the role of a Security
Architect/Data Security Analyst had responsibly for developing and guiding
the development of technical security policies and the associated
documentation for all bank initiatives.
. Managed a compliance initiative that resulted in the Enterprise-wide role-
based computer access process.
. Developed least privileged role based profiles that allowed WaMu to
completely automate system access for new hires.
. Worked to establish BCP (Business Continuity Planning) Procedures for
Disaster Recovery exercises.
. Developed Disaster Recovery procedures should one of the 4 offices go
down.
. Supported Sarbanes-Oxley, GLBA and other regulatory compliance
initiatives for the Bank.
Washington Mutual Bank Data Security Technical Supervisor II -
Information Technology
Seattle, WA November 2000 - June 2005
Promoted to a newly created management position responsible of directing
the day-to-day operations and resource management of multiple security
administration team. Responsibilities were rapidly expanded to ensure that
information security operations processes, procedures and metric tracking
were followed by staff and supervisors.
. Managed 24x7 Tier 1 Information Security Operations Call Agent Group in
multiple locations nationwide. Developed policies for issue resolution
and escalations to increase service response from 93% to 99%.
. Managed 24x7 Tier 2 level support for a Security Analyst Group
responsible for resolving customer issues related to control access to
systems.
. Coached and provided professional development for a team of 50 data
security information analysts and team leads.
. Effectively prioritized work assignments, projects, oversaw the
installation of software technologies and new administrative functions,
reviewed and approved security administration implementation strategies,
participated in client and technical committees to establish standards
and policies applicable to security administration.
Washington Mutual Bank Senior Data Security Analyst - Information
Technology
Seattle, WA September 1999- November 2000
Promoted to a senior level Data Security position, responsible for
providing technical guidance to other Data Security Analysts.
Washington Mutual Bank Data Security Analyst - Information
Technology
Seattle, WA March 1998 - August 1999
Promoted into the Bank's Information Technology Data Security Department as
a Data Security Analyst. Position responsibilities broadly encompassed
reviewing and processing requests to provide users with access to
Washington Mutual's systems.
Previous Employment history available upon request
Certifications/Training/Education
Bellevue Community College - CISSP exam prep
Project Management Coursework
Contact this candidate