Sign in

Information Security Manager

Roswell, Georgia, United States
January 06, 2018

Contact this candidate


Gregory H. Upham

*** **** **** **., *******, GA *0075


Information Security Profesional

I am a highly motivated, proven security professional with over 17 years of experience. This includes creating IT/Security policies, procedures and standards, developing training material for employee security awareness, creating use cases for quality assurance testing, performing penetration tests and vulnerability scans. Also performing PCI-DSS risk assessments/audits and PA-DSS assessments. Have worked directly with developers to ensure secure programming best practice guidelines are met (using OWASP). I have led successful project teams for national technology initiatives. Successful compliance audits including PCI-DSS/PA-DSS, HIPPA/HITRUST, SOX, SOC 2, and ISO 9001 (Quality mgmt). I have extensive experience with hardware as well - IDS/IPS tools and applications, firewalls (hardware & software), routers, switches, servers (VM, blade), web application scanners, and secure wireless technologies. Professional Certifications & Organizations

• CISM – Certified Information Security Manager (# 1323633)

• CISA – Certified Information Systems Auditor (# 15121005)

• MCSE – Microsoft Certified Systems Engineer (# 1328892)

• Security + (COMP001020176395)

• Network +

• CISSP (under study)

• CEH (under study)

• Dell Server, Workstation & Laptop certified

• Member Cloud Security Alliance

• Member ISACA (Information Systems Audit and Control Association)

• Member ISSA (Information Systems Security Association) - Metro Atlanta Chapter Experience

Meditology Services - July 2016 – present Information Security Consultant

• HIPAA/HITRUST security risk assessments for a variety of healthcare providers

• Security policies and procedures auditing/review

• PCI-DSS risk assessments (including scoping for cloud infrastructures (IaaS, PaaS,& SaaS)

• Information Security Policies - creation/review

CenterLight Healthcare (for Meditology Services) July 2016 – Aug 2017 Information Security Consultant

• Design, create, and administer the Security Operations Center (SOC)

• Configure and administer SIEM (Solarwinds LEM), security e-mail gateway Clearswift, enterprise anti-virus suite (McAfee ePo), multi-factor authentication trusted access platform (DUO)

• Administer Cisco Security Manager, Cisco Cloud Web Security (ScanSafe), and Cisco Prime Infrastructure

• Conduct annual firewall risk assessment

• Conduct annual wireless security risk assessment with external auditor

• 3rd level support of security related incidents

• Blue team member on our annual pen testing exercise MiMedix (for Pyramid Consulting) - June 2016 – July 2016 Information Security Consultant

• Create needed IT/Information Security policies, and edit/update existing/outdated policies and procedures

Georgia Department of Human Services (DHS) Jan 2016 – May 2016 Information Security Analyst

• Review, edit, & update existing/outdated policies and procedures

• Assist in preparation and execution of an IRS Safeguard Security Review (audit) – all Federal Tax Information (FTI) data is protected; meet requirements for IRC 6301 using IRS Publication 1075 and NIST 800-53 v4 and FedRAMP

• Creation/submission of compliance documentation: SSR, SRR, CAP, POA&M, Inspections, etc.

• Controls testing and auditing (CMS/IRS/DOAA audits)

• Assist in planning, directing, and coordinating agency activities related to info security

• Assist in developing and enforcing the organization’s security policies, standards, and guidelines, security awareness, security information portion of the business continuity and disaster recovery plans, and all industry and government compliances issues

• Assist in incorporating the design, deployment, management, control, and updating of platform and user specific security policies on a diverse range of internal hardware platforms supporting various software and operating systems

• Conduct risk management analysis to identify areas of risk and to develop security measures to prevent losses

• Work with business owners, IT managers, staff, and vendors in order to provide timely and efficient IT coordination of security services to meet agency needs

• Communicate with senior execs through oral and written reports and presentations

• Develop and implement IT system security plans, projects and initiatives

• Developed application security and risk analysis checklist and procedures

• Incorporate security into the SDLC process for new and existing application initiatives The Royal Bank of Scotland – March 2014 – Jan 2016 IT Security Analyst III

• Internal security auditor for International Banking using both the COBIT 5 framework and ISO 27001 set of standards

• IT/IS controls testing for SOX/PCI-DSS Compliance

• IT/IS security controls testing

• Quarterly reviews with senior management on state of information and IT security

• Documenting of audit tests, evidence and results

• Updating audit test plans and procedures

• SME for networking and security related issues

• Work with Sr VPs/Directors, application owners/managers to resolve security issues affecting their domains and business units

• Review all security policy documentation

• Review and make recommendations for Business Continuity/Disaster Recovery procedures

Xerox Services (formerly ACS) – Oct 2007 – March 2014 Senior System Administrator/Systems Developer Senior Specialist

• Support multiple airport parking systems throughout the US and Canada

• Project leader for PCI audit preparation and certification

• Conduct internal PCI/PA-DSS audit of web application and network

• Work with IBM external auditor on PA-DSS certification for web application and supporting network

• Create QA use cases and testing procedures for multiple projects

• Assist with third party IT forensics teams to determine cause of breaches at customer sites (our applications were never compromised or cause of a breach)

• Responsible for ISO 9001 compliance for our team’s IT systems

• Primary system administrator for airport parking revenue systems

• Work directly with clients and third party vendors on various airport projects

• Responsible for PCI-DSS security and compliance for multiple clients – successfully passed two PA-DSS certification on first external audit review

• Support and QA for multiple concurrent client projects

• Track projects, defects, issues using JIRA

• Penetration testing of web applications and related servers/networks

• Write training and technical documents for various procedures within our group

• Train team members on security and compliance issues

• Use of Oracle and SQL Server queries and database manipulation

• Evaluate various 3rd party cloud vendors (MS Azure, Amazon Web Services, etc.) First Investor Financial Services – March 2006 – Sept 2007 Senior System Administrator

• Create all corporate IT policies and document existing procedures

• Install/configure variety of HP/IBM servers, workstations and laptops

• Responsible for network and database security

• Responsible for backups and disaster recovery

• Report to COO & IT Director on security and network issues

• Install/maintain Cisco routers/switches network

• Mentor desktop support team (act as level 2 support)

• Developed corporate security, audit and IT policy and procedure documents

• Test new applications for compatibility with legacy financial systems

• Install and configure Barracuda e-mail security appliance NationsBuilders Insurance Services – Feb 2005 – March 2006 Security Manager/System Admin

• Worked with senior management team on producing a secure, best in class network for both employees and customers

• Lead meetings with executive management on state of IT and Information security for entire organization

• Install and configure variety of Dell PowerEdge servers, workstations and laptops

• Installed and configured Cisco wireless network

• Installed and configured SQL Server Reporting Services

• Strong emphasis on planning and documentation

• Responsible for virus protection on all servers/workstations

• Monitor logs for servers, applications, network devices

• Test disaster recovery strategy annually – offsite datacenter for emergency business continuity (warm site testing) to ensure business continuity Alliance of Professionals and Consultants – June 2004 – Feb 2005 Computer Engineer Technical Lead

• Project team lead for computer technicians on wide variety of banking and medical projects nationwide, repairing/replacing motherboards, imaging hard drives, replacing computers in hospitals, schools, local governments, and businesses Prosero (formerly – Sept 2000 – May 2004 System/Security Administrator – Network support and corporate website administration

• Installed & configured Dell PowerEdge and WebApp servers with Windows NT Server

& Windows 2000 Server

• Installed & configured MS SMS 2.0 for network management

• Installed & configured MS SUS for auto updates of patches/fixes

• Responsible for disaster recovery implementation and testing

• Configure and test backups; install and setup tape drives; store tapes offsite

• Edit & update corporate website, IIS, & JRun administration

• Installed & configure various Linux servers (Mandrake, RedHat)

• Exchange 5.5 & SQL Server 7.0 administration

• Installed & configured DNS, WINS, & DHCP

• Supported Windows 98, 2000, & XP Pro desktops/laptops

• Installed & configured Netscape LDAP Server (iPlanet Directory Server)

• Admin for contract management software - Contract Manager (CMSI) Intranet Webmaster

• Designed GUI and administrated corporate Intranet on IIS which was used to submit PTO, communicate with CEO, and access corporate documents

• Installed/configured and secured IIS 5.0, including FTP

• Configured test intranet weblog on Linux (Redhat) using Apache WebServer Spire Inc. – June 1999 – Sept 2000 Lead System Administrator – Responsible for both network & end-user support

• Completely reorganized software catalog & licensing

• Collaborated with executive management on securing and expanding network infrastructure as company grew by over 100% in 2000

• Upgraded Exchange 5.0 to 5.5; prepared 5.5 for 2000 upgrade

• Installed & configured Active Directory on Windows 2000 servers

• Educated users on e-mail viruses – blocked 2 potential infections from e-mail attachments

• Reconfigured ArcServeIT data backup correctly (no working backups for months prior to my employment)

• Installed & configured Compaq Prosignia Servers with Windows 2000 Server

• Installed & configured DDNS, DHCP, & VPN on Windows 2000 servers

• Train network support personnel to assist in providing network support for organization Education

Master of Information Technology (MIT)

American Intercontinental University - Atlanta, GA Bachelor of Business Administration (BBA) – International Business Minor: Economics

University of Georgia – Athens, GA

Other Managerial Experience

Manager: T’s Parkside Bar & Grille – Marietta, GA

• Responsible for 10+ employees (hiring/firing, training, reviews)

• Reduced food-cost, dry goods-cost, labor-cost

• Received excellent Health Inspection ratings

• Mediated employee disputes/conflicts

Manager: Ernie’s Steakhouse – Marietta, GA

• Responsible for 7+ employees

• Known for quick problem-solving under stressful conditions

• Mediated employee disputes/conflicts

Contact this candidate