Resume

Sign in

Information Security Management

Location:
Miami, Florida, United States
Posted:
November 07, 2018

Contact this candidate

Resume:

PROFESSIONAL SUMMARY

Diverse proven experience in IT Security Management focusing in securing and improving business processes. Has solid experience in implementing information systems security program and policies and has worked throughout USA and abroad. Experience working with business leads, business sponsors, executives as well as with line level employees. Currently working in a large Tier III Data Center providing managed security services to international customers. Strong IT background enables to incorporate IT solutions to business and process related problems.

The following are years of experience

Eighteen (18) Years in IT Security and Business Consultant Experience.

Information Security Management Summary

Directs the development and implementation of the Information Systems Security program.

Experience in leading and managing Information Security professionals in designing/architecting security solutions and implementing network and security programs.

Overseeing the program for governance and compliance program including PCI-DSS Compliance, SSAE16, and ISO 27001.

Directing the establishment of IT/IS process and procedures for large Data Center operation.

Experience in managing ($2.1 million) budget for Information Security and IT including licence renewals.

Experience in working with presales in developing and customizing solutions for IS services at Data Center

Directs IT policies, standards, and procedures related to information systems security.

Experience in presenting technical issues to non-technical executives whereby describing the implications and solution.

Provide mentoring and assistance with the architecting of security and system monitoring technologies

Spearheaded the monitoring and investigation of security breaches and alerts.

Experience working with vendor and consultants in various security functions.

Directed all phases of planning and accomplishment of the information systems security functions

Experience in developing & maintaining a risk management strategy/program.

Information Security Technical Summary

Expert skills and experience in installing, configuring, and operating SIEMs. Develop and implement procedures for Security Operations Center. Develop content including use cases with correlation rules, filters, data monitors, variables, lists, etc.

Extensive experience in hands-on information technology security analysis with full cycle experience including: Asset identification, conducting risk assessments, development and implementation of security policies, auditing and testing security system, and vulnerability assessment.

Experience in configuration of network and security equipment including: Scanners, SIEMs, IDS, IPS, Patch management, Enterprise management Server for Antivirus, sflow capturing.

Experience as a Level III technical support for a 24X7 SOC. Provided guidance to level II and level I Engineers and Analysts. Provided executive customer support by presenting monthly security events report presentations. Developed procedures and guidelines for SOC team to follow.

Experience troubleshooting with knowledge of network security protocols and standards.

Experience in the assessment and optimization of IDS/IPS systems.

Testing the configurations and implementing security controls.

Experience in incorporating security controls in Service Level Agreements (SLA)

Experience in training staff with security policies and procedures.

IT Management Skills

Corporate Information Security Strategy

IT Governance, Risk & Compliance Management

Policy & Procedures Development & Management

Security Policies & Procedures

Risk Management

Incident Management

Architecting

Budget Management

Technical Presentations

Customer & Vendor Relations

Project Management

Management of Professionals

IT Technical Skills

HP ArcSight

AlienVault,FortiSIEM

IDS/IPS -Snort, Suricata

Linux –Debian, Redhat, Ubuntu

Ethical Hacking

Firewalls: Fortigate, Checkpoint R75, Alcatel Brick 1200

Vulnerability Scans –Analysis/Remediation

ClamAV & Epo McAfee

Information Security Architect

Forensics –Fraud Investigation, DLP

Cyber Security Investigation

IBM Bigfix TEM Patch Management

FortiAuthenticator Identity Management

TCP/IP TCP Dump Troubleshooting

BigFix Patch Management

Network Critical Taps

Vulnerability Scan FAAST, Nessus & OpenVas

Security Compliance Skills

HIPAA

ISO 27001

PCI-DSS

FISMA-NIST SP 800 Series

SOX

GLBA

FDIC

SSAE16

PROFESSIONAL EXPERIENCE

Assurant (South Florida) 05/18 – Present

Sr. Information Security Analyst/ GRC (contract position)

Assist in the improvement of the Vendor Management Program.

Conduct vendor audits and conduct risk assessments

Analysed and assessed Information Security findings on applications. Provided guidance on incorporating security best practice based on corporate security policy.

Telefonica (South Florida) 08/12 –5/18 Lead Information Security Architect

Hands-on experience in variety of security platforms and technologies. Manage the day-to-day operations with team that maintains firewalls, antivirus, load balancers, proxies and other technologies including Fortinet, Checkpoint, HP ArcSight, AlienVault, FortiSiem, Cisco ASA, and Alcatel Brick Lucent, EPO-MacAfee, Cisco Devices.

Developed the architecting, implementation, and configuration for various Information Security platforms in large network environments including the following systems: IBM Bigfix patch management system, AlienVault SIEM system, System to capture of S-flow packet, Hp Arcsight, FortiSIEM, Firewalls, and various network security components (ie; HSM, ClamAV, IDS/IPS, etc.)

Spear-headed team to develop an infrastructure that processes credit cards. Worked with QSA to obtain PCI-DSS certification. Designated as the Information Security Officer tasked to maintain certification for the last 5 years.

Coordinated all aspects of implementing a 24X7X365 SOC including the development of process and procedures, conducting training, placing structured incident management, and establishing a customer liaison relation office.

Conduct vendor audits, conduct risk assessments, and developed vendor compliance management program.

Responsible for updating Corporate Security Policy based on the IS 27001 Framework.

Worked closely with Sales team in many occasions to provide inputs to proposed managed service sales offerings

Responsible for the design, integration, and deployment of security architecture in the enterprise, advanced threat monitoring, prevention systems, and Identity solutions.

Act as a Corporate Adviser by providing recommendations for security risks as it relates to enterprise projects.

Perform proof-of-concept and proof-of-technology testing for integrating new 3rd party security products into the development and deployment processes

Spearheading the monitoring and investigation of security breaches. Coordinated handling of major incidents.

Implemented, managed tools and procedures to offer customers security tools in the form as Software As A Service or managed security services. Tools implemented and offered are Patch Management, SOC services, and firewall.

Ensures that security architecture and design, plans, controls, standards, and policy/procedures conform to industry best-practices and are aligned with the client's operational standards.

Designing and implementing security solutions for IT on-premises and cloud environments

Help Engineering and Product Management teams identify security requirements. Drive a standardized set of security product requirements into product and service offerings.

Kaava (Miami, FL) 06/08 – 08/12

Manger/IT Security Consultant

Responsible to managing team in implementing IT security portion of PeopleSoft Financials and Fixed Asset Allocation System across 7 campuses and headquarters. Direct involvement in all phases of the Systems Development Life Cycle Including systems analysis and design, development, integration and testing, training.

Project planning for IT security controls, cost and schedule management, requirements analysis, IT/Engineering life-cycle development process, project leadership and best practices, project diagnosis and recovery, training and group facilitation.

Led consulting team performing Gap analysis and developing remediation recommendation/implementation

Coordinated vulnerability scan assessments and remediation.

Provided configuration inputs to Cisco ASA Firewall and VMWare environment.

Assessed potential items of risk and vulnerability in the network

Provided recommendations in securing the network throughout the campuses.

Conducted full-cycle risk assessment implementation. This involved gathering all the information of assets, Identifying the vulnerabilities and threats through risk assessments, developing safeguards for those identified threats, implementation and remediation.

ITT Technical Institute (Miami, FL) 06/99 – 09/12

IT and Information Security Professor (Adjunct)

Adjunct Professor –taught up to three (3) college-level IT/IS courses during the evenings.

Courses taught: Information Security and Network Technology:

Introduction to Information Technology, Introduction to Securities, Network Securitas, PC Repair, Networking Concepts, Network Protocol and Troubleshooting, Active Directory, Windows Server 2008, Ethical Hacking, Vulnerability Assessments, Information Security Monitoring and Technology, Structured Cabling, Introduction to Basic Telecommunications, Systems Analysis, Client /Server Networking, Security Essentials, Network Capstone Project, Configurations of Routers and Switches.

VITAS Innovative Hospice Care, (Miami, FL) 12/07 – 02/08

Sr. IT Security and Business Consultant

Served as IT business analyst in implementing the ERP system. Responsible for all security related aspects of the project. Made recommendations of policies and procedures to compliment the new system and normal business operating practice. Used industry best practice and IT Security standards. Trained staff.

As ERP Consultant I was involved in PeopleSoft Financials Accounts Payable upgrade version 8.4 to 9.0. Other Non- security related Business Consulting functions involved the following: customization process for Customer P-cards. Mapped and verified Vendors for 1099 in Purchasing. Facilitated managing the process of mapping the chart field tree. Met with stake holders and steering committee on a weekly basis to discuss project status and concerns.

Advanced Tech, (Miami, FL) 04/05– 07/07

Partner -IT Consultant

Successfully managed projects for application of Visual Financial system and tools.

Provided recommendations and guidance to interfacing systems and the business on process issues. Communicated the process implications of new products, enhancements, and regulatory changes.

Interacted with the teams and prepared the test cases that cover all gaps and ensure that approvals are obtained both at Systems Integration as well as User Acceptance Level.

Interacted with the teams in order to draw-up the test cases on a per team basis and document. Led definitions of Systems Integration Test and User Acceptance Test.

Developed Functional and Technical Project plan using Microsoft Project. Defined deliverables, milestones, and phases. Managed and track the project and critical path.

Lead Fit/Gap analysis sessions for Accounts Payables and Purchasing

MEDICORE, Inc., (Miami, FL) 08/02 – 02/05

PeopleSoft Financials/IT Security Consultant

Had a dual role as a functional business analyst and IT Security Consultant. Participated with the full cycle implementation of PeopleSoft Financial system. Financial information systems was implemented across multiple (17) divisions. This Medical Devices and Labs Company operated in the US as well as in Europe.

Recommended approach to implementing secure environment through typical methods: Risk assessments, policy and procedure recommendations, and worked with clients network staff to implementing some of the security recommendations into their hardware.

TECHDYNE, Inc., (Hialeah, FL) 03/01 – 07/02

Sr. Business and IT Security Consultant

Responsible to direct development and coordinate personnel in developing implementing IT Solutions to business and operational problems. Ensured timely completion of project and within budget.

Conducted vulnerability assessments and identified threats to the network. Recommended policies and procedures to secure network. Incorporated security in network access through account and group policy.

Florida Enterprise Development Center, (Kendall, FL) 03/99–12/01

Manager -Functional Consultant

Conducted feasibility and cost-benefit analysis for the contracts and services procurement system, which in turn was implemented to get quotes, filter and recruit IT contracting services.

Worked as a Business analyst to implementation of PeopleSoft version 6.0 Financials, Distribution, Billing, Order Management, and Inventory. Defining functional Requirement Documents, establishing operating documents.

Tenex Consulting 03/97 – 3/99

General Management Consultant

Executive Team member who was assigned by Mortgage Bankers Association, Fannie Mae, and Freddie Mac to establish a clearing house operation for the mortgage banking industry. Co-ordinated and designed requirements for the business proposal. Vendors submit proposals (RFP) to partner with a newly established consortium in the mortgage banking industry.

Seguros Monterey/Aetna, (DF, Mexico) 1995 - 11/97

Management Consultant

Established Project Management Office at client site. Responsible for incorporating project management discipline and techniques to an unstructured IT service related organization.

Worked for CIO at a large corporate client in Mexico. Used the SEI-capability maturity model to assess the stage and level of maturity in providing IT services. Recommended and pursued action items to improve its services. Introduced project management techniques to oversee the successful completion of 140 plus information systems projects. Resulted in significantly improving the core capability to deliver IT projects.

NAVAL AIR WARFARE CENTER, (Indianapolis, IN) 1990 – 1995

Project Engineer (Top Secret Clearance)

EDUCATION

MSISA Western Governors University

MBA, University of Indianapolis

BSIE, Purdue University

Certifications:

Description

Certificate Number

EC-Council Ethical Hacking and Countermeasures (CEH)

ECC977558

EC-Certified Computer Hacking Forensics Investigator (CHFI)

ECC979015

Cisco Certified Cisco Entry Networking (CCNET)

CSCO12132284

Microsoft Certified Solutions Expert (MCSE)

1597953

PCI Professional (PCIP)

CERTIFIED

AlienVault Certified Security Analyst (ACSA) SIEM

CERTIFIED

AlienVault Certified Security Engineer (ACSE) SIEM

CERTIFIED

Thales nShield Certification System Engineering (nCSE)

CERTIFIED

AlienVault Certified Security Analyst Training

CERTIFIED

AlienVault Certified Security Engineering Training

CERTIFIED

LANDesk Security Management Suite Training

CERTIFIED

Check Point VSX Training

CERTIFIED

Thales nShield Certification System Engineering Training

CERTIFIED



Contact this candidate