Professional Summary
Experienced and knowledgeable Information Technology professional who has been responsible for directing strategy, operations and tracking budgets for the protection of the enterprise information assets of organizations. Ms. Bray responsibilities have encompassed communications, applications and infrastructure, including the policies and procedures in the organization protecting the computers, networks and data against threats, such as security breaches, computer viruses or attacks.
Ms. Bray has a strong acumen, with an excellent interpersonal skill in understanding the risk in business and is able to work effectively with all levels of management within the organization. She holds an MBA in Business Administration with an emphasis in Information Technology, a BBA in Business Management and an Associates of Science in Computer Systems (Programming/Networking). She has also completed the necessary training for her CISSP and CISM.
Professional Experience
Thrivent Financial – Appleton, WI 2/2017 - Present
Information Security Analyst - Lead (TekSystems Consultant)
Responsible for reviewing the organizations application portfolio according to processes as part of the Test Data Management Project. Work with the application owners to help identify how the applications interface with databases and data stores, and to identify the security groups currently associated and create the new security groups and align user access to avoid any security risks of PII information being exposed within the applications.
Collaborate with IT and Business owners in regards to onboarding their applications and setting up new security groups for various data stores (RACF, DB2 Z/OS, DB2 LUW, LDAP, Active Directory, SQL and Oracle)
Address any new security requests coming in from the help desk tickets or the access and identity management portal (AIM) in the manner of adding new groups/tables into the new security model.
Develop new process documents and store in “LiveLink” which is part of the OpenText document management system.
Bank of America – Chicago, IL 1/2016 – 2/2017
Senior Product Technologist– Tanium (TekSystems Consultant)
Act as a consultant providing an oversight as a SME on the Tanium product to include technical and operational support for the architecture to the full deployment of the workstation and server client agents.
Project management working with all lines of businesses pertaining to executing and communicate project tasks, timelines, and providing status information to all levels of management.
AbbVie, Inc. – Vernon Hills, IL 5/2015 – 11/2015
Sr. Security Incident Response Analyst (TekSystems Consultant)
Proactively research emerging cyber threats that do not conform to AbbVie security policies and standards.
Utilize security tools (FireEye, Splunk, McAfee (NMS, DLP, HIPS, NIPS, AV) to apply analytical understanding of hacker methodologies and tactics, system vulnerabilities, and key indicators of attacks and exploits.
Utilize experience analyzing and synthesizing information with other relevant data sources, providing guidance to analysts while, interpreting, and integrating all sources of information, and fusing computer network attack analyses with available threat feed data to perform triage and analysis to threats within the environment.
Communicate to team members and senior leadership both quantifiable and qualifiable cyber risk to the organization through operational briefings and threat intelligence reports.
Develop and maintain analytical procedures and Workflows to meet changing requirements and ensure maximum operations.
Milwaukee County Government – Milwaukee, WI 11/2014 – 03/2015
Interim Manager of Information Security and Continuity (Consultant)
Lead and execute an Information Security Strategy Plan by developing an Information Security Management Program based on risk and regulatory compliance.
Member of Project Management Office – Project Manager.
Wrote and managed compliance policies to Administrative Directives and Security Policies in relation to (HIPAA, SOX PCI-DSS, Federal, State and Local).
Investigate, Analyze and Review Breaches to Security.
Conduct Business Assessment(s) as related to risk and identify gaps against all critical government controls.
Development of Data Classification and Handling for Business Continuity, actively engage as a change agent for improvements in legal, security, compliance, and audit for business-critical areas.
Associated Bank – New York, NY, (Green Bay, WI) 7/2014 – 9/2014
Interim V.P. of Incident Response (Consultant)
Lead and execute Information Security projects.
Develop, execute on, and communicate project tasks, timelines, and status information.
Responsible for providing consultative services focused on information security. Ensure that all layers of the network and application infrastructure integrate in a secure fashion.
Identify security deficiencies and instigate appropriate corrective action, and report on findings.
Serve as subject matter expert (SME) for designated information security controls.
Provide expertise on integration of security technologies (such as IPS/IDS, HIDS, Firewalls, AV, Log Management, security logs) within a common security reporting system.
Assist in the development and continual enhancement of our Information Security program, used to maintain security of our Information Systems.
Develop and maintain the documentation for Information Security Policies, Procedures, and Standards in relation to the Test Data Management project.
Fidelity Information Systems – Brown Deer, WI 1/2014 – 7/2014
Senior Auditor (FTE)
Developed audit programs and testing procedures relevant to risk and test objectives of information security critical controls.
Conducted assigned audit engagements projects successfully from beginning to end.
Identified and communicates issues raised, offering recommended solutions relevant to business and risk.
Ensured audit conclusions were based on a complete understanding of the process, circumstances, and risk.
Interviewed, obtained and reviewed evidence ensuring audit conclusions were well-documented and communicated the gaps to management.
Communicated assigned tasks to the engagement team in a manner that was clear and concise ensuring high quality, accurate, and efficient results of the audit.
Gathered and supported business analytics and intelligence information.
CCC Information Services, Inc. – Chicago, IL 3/2012 – 6/2013
Security Analyst (FTE)
Participated in annual regulatory and compliance within IT providing the support, collection, and review of control documentation for compliance and governance.
Provide security monitoring of the network environment, incident response to problem resolution, review of syslog’s for malicious activity.
Provide endpoint protection using Symantec antivirus, malware software support, virus cleanup and restoration.
Provide incident investigation by providing security research and updates on industry threats and vulnerabilities.
Responsible for penetration testing, vulnerability management, scanning and patch management using nCircle,
Responsible for performing an upgrade to the IDS/IPS network security monitoring appliances using SourceFire 4.10.
Managed the Certificate Authority and Certificate Management.
Responsible for the documentation of security policies and procedures.
Developed and provided Security Awareness training for new hires and recertification.
Led and participated in the change management process including implementing change within the CCC environment.
Desktop support in regards to patch management using Microsoft Windows Software Update Services.
Responsible for the annual external penetration testing, findings and remediation.
Symantec Corporation – Mountain View, CA 9/2007 – 3/2012
Team Lead (Security Analyst (FTE) (Contracted to HCSC, Waukegan, IL)
Monitoring of security alerts and logs for malicious activity regarding intrusion detection, endpoint protection, and logins
Review and monitor firewall, proxies and web server logs for any suspicious activity incorporated in HP ArcSight SEIM.
Lead a team of three providing Managed Security Services for HIPPA and Security Incident Response and compliance for a healthcare company.
Monitor and support HP ArcSight SIEM, including workflows, GUI, and deploying new dashboards.
Worked with ArcSight Connectors during deployment and testing to help automate collecting and managing syslog’s from various security devices.
Worked with ArcSight Loggers to help in normalization and categorization of data through analysis, alerting, reporting, and event management.
Responsible for incident response management using Source Fire through security event monitoring, analysis and endpoint protection.
Responsible for assisting and identifying, and evaluating root causes of security incidents identified during monitoring.
Provide trending analysis reports to management on a monthly basis.
Provide metrics on security incidents/events to senior management on a monthly basis.
Policy and process documentation development and refinement.
Analyze security events to assure proper escalation and follow-up.
Work with client to effectively stay abreast of information security issues, trends, and regulatory changes that may affect client’s environment.
Women in Security Organization (Business Closed) – Milwaukee, WI 3/2003 – 9/2007
Executive Director/CEO – (Principal) (FTE)
Key member of the leadership/project team developing and executing internal assessments for clients in the educational sector.
Managed eight employees and fifty consultants providing educational services related to security in academia across the US and Canada.
Managed and supported security programs of clients to include monthly reporting, budgets, technical specs updates, and status reports.
Assess the feasibility, plan, and oversee the start-up of new programs or projects to ensure they are in keeping with the mission and goals of clients.
Developed and managed a budget of between 2-3M, report to agencies and foundations as required.
Review and implement policies, procedures, and internal controls to ensure successful internal and external audits.
SunGard Availability Services – Rosemont, IL 5/2006 – 10/2006
Information Security Lead Audit (Consultant)
Lead and participate in managing projects to conduct security risk assessments for organizations
Conduct extensive interviews, document/record findings, and perform analysis to create detailed interpretation of results for findings and recommendations for enterprise security assessments.
Performed third party vendor assessments helping clients review information in questionnaire format. Communicate assessment results to the organizational Sr. Management through both online/in-person PowerPoint presentations executive summaries and a detailed report.
Develop practice management methodology and reports for organizations to include operational process development, improvements, and testing.
Supply management with comprehensible metrics in controls related to design methodology, administrative and process controls.
Supported team through analyzing and supplying detailed reports to support documented findings and recommendations to present to Sr. Management.
Jefferson Wells – Milwaukee, WI 9/2005 – 4/2006
Technology Risk Management Professional (Consultant)
Perform security risk assessments for PCI-DSS and SOX as an outside 3rd party for organizations.
Supported the project team through analyzing and supplying detailed reports to support documented findings and recommendations to present to Sr. Management.
Lead/support validation efforts on projects requiring writing Standard Operating Procedures, reviewing validation assessments for applications including the SDLC.
Verify and validate documentation (reports, charts, and diagrams using Microsoft Excel and Visio).
Apply engagement methodology practices (i.e., service quality process.
Research and consulted on various information security technologies, auditing compliance and business continuity management within various industries.
Omni Pro’s (California) Miller Coors – Milwaukee, WI 5/2005 – 8/2005
SOX Compliance Project Manager (Consultant)
Project Manager for SOX compliance in Computer Operations, Computer Incident Response, Disaster Recovery Planning & Testing, and Security.
Developed, reviewed, and/or validated Standard Operating Procedures within IT.
Operational Management working with internal and external auditors.
Programming efforts in within the SDLC, separation of duties.
Develop and execute and document detailed policies and processes including test plans to support conclusions for Sarbanes-Oxley (First year through third year)
Plan, organize, arrange, conduct, complete, and report external and internal audit examinations of any aspects of the Company's I.S. operations, activities, systems, procedures, and records.
Major area of focus is the technical aspect of operating systems (UNIX, Microsoft, etc.), application, networking devices and protocols, database management systems, client/server systems and access control methodologies.
Underwriters Laboratories (UL) – Northbrook, IL 8/2002 – 5/2005
Sr. Data Security Analyst (FTE)
Managed Cyber Trust Security Assurance Enterprise Risk Management Certification and reaccreditations mapping to the ISO-17799 standard.
Lead infrastructure, application, and security projects using industry best practices to conform within compliance and regulatory processes.
Design, implement, and manage security team daily activities including IDS, VPN, firewall and other security monitoring duties and report metrics on security posture monthly to senior management.
Developed 3-5 years’ strategic security plan.
Negotiated software vendor contracts.
Developed process improvement, configuration, change management and compliance methodology within IT policies and procedure.
Strategic and Tactical Operational Skills:
Cybersecurity
Security Information Event Management
Patch Management (LANDesk, WSUS, BigFix, SCCM)
Information Risk Management
Security Compliance and Governance
Vendor Management
ISO 20000, Sox, PCI-DSS, HIPAA
Security Program/Portfolio Development
Legacy Programming (Cobol, RPG)
Intrusion Detection/Prevention
Computer Security Incident Response (CSIRT)
Mainframe System Operations and Security (CICS, RACF, TSO, Platinum)
Network Connectivity
IT Auditing and Compliance
Endpoint Management (Tanium, McAfee, Symantec)
Managed Security Services
Global Project Lifecycle
Firewall/Load Balancer Management (Checkpoint, Juniper, Palo Alto)
Application Security Management
Information Security Privacy
Security Awareness Program Development and Training
Cloud Security
Policies, Procedures and Standards
Vulnerability Management (Qualys)(nCircle)
Security Tools (Wireshark, Nmap, Nessus, WinPcap, Kali)
IT Compliance & Governance
Security Metrics
SDLC
PowerShell
Tivoli
Cybersecurity Operations
Forensics (EnCase/FTK)
Security Awareness Training
Database Security (Oracle, SQL,
OpenTxt (LiveLink) Content Management
SharePoint Administrator
Certifications/Professional Training:
MCP 2003(Not Active)
MISTI – Audit and Control Training
CISM Training
Symantec Endpoint Protection Management – SES Certification
CISSP Training
McAfee Anti-Virus, HIDs, NIDS, DLP and EPO Consoles
GSEC-Security Essentials with CISSP
TeamMate Audit Software
ArcSight ESM Administrator
Cisco SourceFire IDS/IPS Administrator
Check Point Firewalls
Splunk
Archer
Tanium
Incident Response Management
Ethical Hacking