Certified Information System Security Professional
Resume:
PROFESSIONAL SUMMARY
IT SECURITY /COMPLIANCE /PROJECT MANAGEMENT /SECURITY AWARENESS /CISSP
IT Security professional, who believes in providing exceptional customer experiences: positive attitude, detail orientated, solves problems by coming up with creative solutions. Self-starter enjoys group dynamics, motivating others, can work alone when required. Balance Operational requirements with the requirement to provide security and protection of all organizational-assets. Ensure that remediation is prioritized and performed in a timely manner.
Evaluate new and existing vendors for required compliance
Security education, training and awareness of Policies and Standards
Ensure UE Data Privacy Principles are followed
Identify Personally Identifiable Information – PII
Application Security evaluation, documentation and mitigation
SQL Programming
Continuous improvement of Customer Trust on eComm sites
Primary driver for many significant initiatives oriented towards Risk Assessment & Management, Security Awareness, Information Security Governance, Customer Trust, PCI Data Security Standards, PII, SOX 404, and Active Directory Monitoring/Management. Managed corporate policies and standards to ensure alignment across business processes, providing updates based upon industry best practices, and changing business needs.
KEY SKILLS
Project Management methodologies, Agile methodology & JIRA, Active Directory, Mobile Device Management, Database Administrator (MS SQL 2005, 2008), SQL Programmer, Windows Server (2003, 2008), UNIX, Jive collaboration and knowledge management tool, Governance Risk Compliance tool (Keylight), Software Development Life Cycle(SDLC), Reporting, Technical/User documentation, and Microsoft Baseline Security Analyzer. Frameworks: COSO, COBIT, ITIL, ISO27001, NIST, Unified Compliance Framework, Implementation and support of a variety of Business systems (Finance, HR, Time & Attendance, Publishing, Event Management, Document Management System etc.)
EXPERIENCE
PennyMac Loan Services, LLC
May 2016 – Present Analyst III IT Compliance Agoura Hills, CA
Act in a consultative capacity as it relates to IT controls and processes with business Partners in the company. Generate reports and/or metrics that help track compliance issues identified through the Risk & Compliance Assessment process. Monitor compliance with established internal control procedures by examining records, reports, operating practices, and documentation. Monitoring includes but not limited to SDLC, Access Control (AWS, Active Directory, Database, OS), Service Accounts, Change Management, Segregation of Duties, Critical jobs (SOX), and Backup. Partners with Internal/External Audit teams, to facilitate audits and drive remediation efforts.
IT Policies and Procedure Inventory: Successfully collaborated with IT business units on the management of IT Policies and Procedure Inventory. Developed or updated over 70% of the current IT Policies and Procedure Inventory.
Provide oversight, management, guidance and direction of IT administrative resource operations to include maintaining, interpreting, or developing Corporate and Divisional policies.
User Access Reviews: Successfully processed SOX assets. This include creating work papers, validating user listing against terminated employees, assisting business units with the review process, following up on the completion of work papers and requesting/validating corrective actions.
ITGC Key Controls and Heat Map: Successfully interviewed business partners and technical owners on all of the SOX Assets, maintaining Key controls Heat Map.
Tier two and some Tier one Assets: Successfully interviewed business partners and technical owners to gather and document information on these assets including but not limited to NPPI/PPI and ITGC Key Controls information on over 130 assets.
Critical Jobs: Successfully interviewed business partners and technical owners on SOX assets documenting all critical jobs batch or procedure that inserts or updated data leveraged for financial reporting purposes.
Analytical Reporting: Developed many pivot table and graphs for management reporting, in addition to assisting with complex formulas and Macros for Google Sheet, Smartsheet and Excel.
Process Improvement – Proof of Concept, reduced the time to create Database Access Review User Listing by over 75% creating SQL program. Merge Excel into PDF forms improving productivity of custom PDF for Access Reviews by over 80%.
Independent Contractor Gap Inc.
June 2014 – May 2016 Security Analyst Pleasanton & San Francisco, CA
Security Analyst for fortune 500 retailer Gap Inc., responsible for leading initiatives to increase consumer trust across the company’s brands: Gap, Old Navy, Banana Republic, Athleta and Intermix. Collaborated with various groups across the enterprise including Legal, Loss Prevention, and Learning & Development to develop and disseminate training to Gap Inc.’s 10,000+ global employees.
Increased customer trust with Gap Inc. brands by ensuring placement in the top 13% of the top retail 500 companies against an Online Trust Alliance (OTA) assessment.
Collaborated with Gap Inc. Security Engineering, Security Architecture, and Operations teams to drive remediation efforts to increase company ranking on OTA Honor Roll.
Developed, implemented and managed program requirements, plans and procedures in the creation of global company-wide training campaigns focused on key security challenges (social engineering frauds, hacker techniques, loss prevention) for Gap Inc.’s 10,000+ global employees.
Developed, implemented and managed requirements, and procedures for the comprehensive revision and dissemination of company-wide policies and standards to Gap Inc.’s worldwide employees.
Rolled out the Safe & Sound campaign to 1,500 store managers for Athleta and Old Navy, including dissemination of unique training content and marketing (fun videos, swag, posters, etc.)
Maintained organization's effectiveness and efficiency by defining, delivering, and supporting strategic plans for implementing IT solutions.
Managed the Online Trust Alliance (OTA) assessment, collaborating with security engineers to implement technologies in the areas of Consumer Protection, Site Security and Privacy, to safeguard our customers and increase company standing on the OTA honor roll.
Provided advisory and oversight for IT governance, risk, and compliance activities including vendor assessments, definitions of policy and standard documentation, and interpretation of compliance results.
Created Security awareness and training campaigns based upon Information Security and Compliance initiatives (PCI, SOX, Risk Management, and EU Data Privacy).
Mapped policies and standards to compliance and security requirements. Collaborated with the business and technical teams across various projects to identify emerging security threats and prioritize efforts for mitigation.
Created a global security awareness program, including video training, social networking\collaboration Jive sites, store manager training, and road show marketing booths.
Security liaison on a multitude of projects including: 2-Factor authentication, payment card tokenization, site security (SSL, EVSSL, AOSSL), and consumer protection (SPF+DKIM, DMARC, TLS)
Created and updated compliance controls in Keylight GRC system.
Used JIRA to create and manage stories and tasks. Managed stand-ups, open/close and reporting when IM was unavailable.
Good Sam Enterprise LLC (formally Affinity Group, TL Enterprises)
Sept. 2009 – May 2014 IT Director Business Systems Oxnard, CA
Good Sam Enterprises, LLC operates as a membership-based direct marketing company for recreational vehicle (RV) owners and outdoor enthusiasts primarily in North America. Directed IT operations for all major business systems. Led efforts to maintain existing applications, as well as develop new technical solutions. Managed Risk /Compliance programs (PCI, SOX) protecting company assets.
Developed, implemented and managed program requirements, plans and procedures for the ongoing maintenance of the key Business Systems, Databases, and Operating Systems.
Provide executive-level oversight, management, guidance and direction of administrative resource operations to include maintaining, interpreting, or developing Corporate and Divisional policies.
Developed project plans to manage the team’s performance on key tasks.
Maintained quality service by establishing and enforcing organization standards.
Achieved financial objectives by delivering accurate forecasting for the annual budget.
Created a utility for reviewing Active Directory Dumpsec for SOX, delivering cost savings and risk reduction.
Implemented a solution for analyzing the settings of company firewalls’ risk, generating cost savings.
Reduced risk by implemented an Active Directory User and Object Monitoring System.
Created a daily report to highlight possible duplicate payment across over 12 financial databases.
Served as the technical lead on UltiPro human resources, payroll, benefits, and self-service software efforts.
Prioritized and managed the Restore of file system (20 TB) to new SAN managed expectations.
Initiated and managed corporate rollout of IT Governance SOX 404 and ITGC.
Successfully implemented an enterprise document-management system with workflow.
IT Manager Business Systems
Sept. 1998 – Sept. 2009 Affinity Group Ventura, CA
Managed IT operations for business systems to meet customer requirements, including maintaining existing applications and development of technical solutions. Facilitated and managed contract negotiation, technology strategy, technical specifications, cost control, forecasting, IT integration/assessment management, and new technology evaluation.
Collaborated with internal and external business partners to understand threats and vulnerabilities to support remediation efforts.
Reviewed potential and actual Information Security incidents and breaches for risk analysis in conjecture with preparing reports for key stakeholders. Developed and implemented appropriate risk mitigation plans as required.
Met with business partners and vendors to evaluate compliance documentation to confirm effective controls SSAE 16 SOC 1 & 2 reports, SLAs, NDAs and maintenance agreements.
Served as Technical Project Lead of IT Governance compliance efforts on risk assessment of critical applications using a combination qualitative and quantitative analysis.
Other titles held at Good Sam
SR Database Administrator
Database Administrator
SR Analyst Programmer
Analyst/Programmer
CERTIFICATION
CISSP Certified Information System Security Professional
ISC-2 International Information Systems Security Certification Consortium
Active Member, Certificate/ID Number – 395416
CISSP certifications are accepted for DoD Approved 8570 Baseline Certifications for:
oIAT Level III, IAM Level II & III and IASAE II
EDUCATION
Bachelor of Science in Business Management - California State University, Channel Islands
Minor in Economics - Graduated Cum Laude
References: LinkedIn http://www.linkedin.com/in/dorothyinmanzadeh
Contact this candidate