Information Security Technology
Resume:
Enrique Perez
**** ** *** *****, ***** Florida **175
Senior Information Security and Compliance Professional
******@*****.*** / 305-***-****
Summary
Cyber Security Risk and Compliance Specialist heavily experienced in the areas of Information Technology, Information Security, Risk Management and Global Regulatory Compliance.
Information Security Frameworks
ISO27001-2 / HITRUST Cyber Security Framework 9.0/ NIST-800-53
Risk Management Frameworks
COSO/NIST-800-37/ISO31000
Payment Industry Architecture, Standards and Guidelines
PCI-DSS 3.2 / PA-DSS / PCI–PTS
BASE I / BASE II / Clearing and Settlement / Chargeback Process
EMV Chip Architecture / Digital Wallet Technology / Mobile Payments and E-Commerce
Regulatory Compliance
USA Financial (SOX/GLBA/CFPB/OFAC/BSA-AML/FACTA/FCR /EFTA/RFPA)
USA Health (HIPAA/HITECH/OMNIBUS)
Global (GDPR/PIPEDA/EU Data Protection Act/EU-US Privacy Shield)
General Skills
Operational Risk Management (Heat Maps/Root Cause Analysis /Control Charts/RCSA Workshops)
Software Process Management (Carnegie Mellon SEI CMM (Capability Maturity Model)
Management Reporting (PCI ROC, SSAE16 (SOC1 /SOC2/SOC3), HIPAA Security Assessments)
Business Continuity Planning and Disaster Recovery (BCP/DRP)
Incident Response Process and Crisis Management
3rd Party Vendor Management and Contract Negotiations
Program / Project Management (Project Management Institute PMI/PMBOK)
Active Professional Certifications:
Certified Information Systems Security Professional (CISSP)
Certified Information Security Auditor (CISA)
Certified Information Security Manager (CISM)
Certified Risk Information System Controls (CRISC)
Information Systems Security Management Professional (ISSMP)
Information Systems Security Architect Professional (ISSAP)
GIAC Certified Project Manager (GCPM)
GIAC Security Leadership(GSLC)
GIAC ISO27001 Specialist (G2700)
(G2700) Information Technology Infrastructure Library(ITIL)
Experience:
Chief Information Security Officer at CENTRA Tech
December 2017 - Present
Responsible for the Information Security Program across the organization
Responsible for developing information security strategy and implementing information security policies and standards Responsible for leading security risk assessments of organization products and services
Responsible for managing 3rd Party Oversight Program Partners with Information Technology, Operations and Legal Counsel in implementing a security strategy hat is aligned with the business goals and objectives
Partner with Information Technology and Operations in maintaining a Business Continuity and Disaster Recovery Plan
Responsible for Information Security Training and Awareness Program across the organization
Monitors information security trends and keeps senior management informed of security threats and
vulnerabilities that may impact the organization
Facilitates Information Security Risk Committee meetings to review security policy revisions and evaluate deployment of security products
Partner with Information Technology in oversight of Incident Response Process
Chair the Security and Compliance Risk Committee (SCRC)
Senior Information Security and Compliance Officer at Visa
January 2010 - November 2017 (7 years 11 months)
Team is responsible for managing operational and security risk for Global Customer Support Services
Contact Centers (100+) through identification of risk exposures and examination of controls effectiveness to calculate residual risk
Team is responsible for ensuring adherence to Visa internal policies, PCI – DSS Standards, domestic and international regulations, such as, GDPR, EU-US Security Shield and PIPEDA
Team conducts security assessments of call center environments to ensure they are deployed securely to preserve the confidentiality, integrity and availability of the customer data being processed
Risk assessments focus in reviewing controls and safeguards of customer data at rest, in-flight, processed by applications and shared with Business Partners.
Team examines Business Continuity Planning, Incident Response Process, Call Center Connections(INBOUND/OUTBOUND), Data Loss Prevention (DLP), Endpoint Protection, Software Applications Security, Access Management Controls, Security Patching, Network Scanning, Records Retention and Asset Management.
Team partners with Global Privacy Office, Global Sourcing and Global Legal Team in maintaining Customer Support Services Contact Centers overall risk within Visa’s tolerance level and compliant to Global Regulations
Team responds to any inquiries from external and internal audit engagements
I represent the Global Call Center Oversight Team as a member of the Security Risk Committee
Director of External Penetration Test Team at Visa (Miami, Florida)
January 2009 - December 2009 (1 year)
Team conducted all ethical hacks of Visa Web based applications hosted with 3rd parties
Team conducted RFP effort to select three (3) proven service providers to assist with the Team capacity
Team established a standardized process for penetration test engagements and negotiated a pricing model with 3rd party providers depending on the type of ethical hack being conducted
Team functioned as liaison between the Visa project teams and the 3rd party service providers to coordinate the establishment of the test environments, test scripts and scheduling of test windows
Team validated the 3rd party penetration test reports for accuracy and conducted follow up of pending
remediation
Team assisted Visa Product Owner in submitting security exceptions to The Business Controls Working Committee (BCWC) after conducting security evaluation
Director of Information Security, LAC and Canada Region at Visa (Miami, Florida)
January 2001 - December 2008 (8 years)
Implemented Miami Information Security Office (ISO) and Visa Security Program (10 Key Controls) derived from ISO27001 Framework to support regional staff located in Latin America and Canada
Provided leadership, supervision, and development of Information Security services to ensure all functions were performed accurately and in a timely fashion
Established ISO processes and practices, such as, vulnerability scanning, security patching, AV deployment, Log Review, Identity Access Management, Information Classification, Information Stewardship, Intrusion Detection Systems (NIDS / HIDS/ WIDS), Incident Response Process, Business Continuity Planning, Security Risk Assessments and Ethical Hacking methodology
Team made recommendations regarding appropriate administrative, technical and physical security controls required to maintain compliance with SOX, GLBA and PCI DSS Controls and ensure the region risk levels remain within threshold
Team established Risk Management Framework by conducting Business Impact Analysis (BIA), Baseline Risk Assessment, establishment of a Risk Registry used to provide Management Reporting to Security Risk Committee
Team provided Yearly Security Training and Awareness to engage all regional employees and explain their roles in the Information Security Program to ensure the region complied with Visa Policy (10 Key Controls)
Team partnered with Information Technology to ensure new and existing system changes aligned with security Policies, Standards and Technical Security Requirements
Team worked closely with PMO and Application Development Teams during SDLC to identify application security vulnerabilities as early as possible and ensure compliance to Policy. Prior to deployment, our team conducted a formal information security assessment of the application complemented by an ethical hack exercise
Team conducted periodic follow-up of recommended remediation identified in final security assessment report
Director of Information Technology at United Water, Harrington Park, New Jersey
July 1999 - October 2001 (2 years 4 months)
Manager National Shared Tables at Verizon, Tampa, Florida
September 1991 - July 1999 (7 years 11 months)
Education:
University of Phoenix
Business Management, 1998 - 2000
Miami Dade College
AS, Computer Science, 1975 – 1976
REFERENCES AVAILABLE UPON REQUEST
Contact this candidate