Security Management
Resume:
Career Summary
Information Technology Professional with 20 years of experience, including
Project Management, Information Security, IT Governance, Risk and
Compliance (GRC) and SIEM. Has familiarity with security regulations in
compliance legislation and other directives including PCI DSS, SOX and
ISO27001. Well versed in leading projects around Governance & Compliance,
Security Audits, Security Operations, Regulatory Compliance, Incident
Analysis and Security Event and Information Management. Possess a broad
knowledge of hardware, software, and networking technologies for analysis,
implementation, and support. Detailed knowledge of security tools,
technologies and best practices. In search of a position that allows me to
utilize my diverse background as a developer and security professional to
make a meaningful contribution to the organization
[pic]
SKILL SUMMARY
Governance & Compliance Archer
SOX Active Directory
HIPAA MS Exchange Server
PCI DSS BMC Remedy
ISO27001 Qualys
Security Information and Event Management Service Now
Risk Life Cycle Assessments Bindview
Compliance Assessments
Identity & Access Management
Vendor Management
Vulnerability Assessments
System Monitoring
MS Patch Management
Work Experience
June 2013 - Present
(Contract ends in May 2014.)
FINRA / Rockville, Maryland
IDENTITY AND ACCESS MANAGEMENT ANALYST
. Performed company-wide access reviews for Active Directory (AD) network
accounts and membership groups for FINRA resources and Enterprise Web
Security (EWS) accounts and performs as a liaison with various
departments throughout the organization to provide recommendations to
mitigate risks and gaps or to promote best practices in limiting access
to FINRA technical resources
. Monitor adherence to company-wide stated controls and policies for
scheduled and periodic audit reviews for Sarbanes Oxley (SOX), internal
audit, and 3rd party independent verification and validation (IV&Vs)
reviews
. Evaluate access requests for compliance to corporate information
security standards, policies and procedures, and business access rules
. Assess procedures and controls related to network and application
accounts and identify deficiencies
. Use Empower ID which provides information on AD accounts (user or
admin), group memberships or terminated users
. Utilize Remedy On Demand to request and document account requests and
analyze conformity to standards and policies
. Configure network folder structure and group memberships within Active
Directory
. Responsible for developing and maintaining company-wide department
procedures to meet FINRA requirements on enterprise-wide initiatives to
include information management (department Information Privacy and
Protection Policy (IPPP) and Guidelines business continuity plans
(BCPs))
. Develop and maintain on a quarterly basis department procedures to
ensure compliance to FINRA requirements
. Conduct oversight activities related to ensuring adherence to FINRA's
policies and procedures regarding the security of and access to personal
confidential information (PCI) and restricted confidential information
(RCI)
April 2012 - May 2013
(I decided to leave Atlanta after 17yrs to relocate back to the northeast)
Coca-Cola Refreshments / Atlanta, Georgia
INFORMATION SECURITY ANALYST
. Led day to day operations of the corporate identity access management
(IAM) services
. Work with the IT Service Desk on IAM provisioning
. Support and coordinate the design, implementation, and maintenance of
internal systems and vendor hosted systems to ensure acceptance and
proper usage
. Provide vendor management and product selection leadership when necessary
. Support, and manage VPN systems
. Review security event log data and investigate anomalies
. Support and maintain file integrity monitoring systems
. Prepare project plans, presentations, and reports on assigned projects
and department performance metrics
. Maintain antivirus management system /anti-malware system, monitor for
viruses, and validate signatures are up to date enterprise wide
. Monitor IDS, IPS and application firewall alerts
. Assist with guidance on encryption technologies, standards, and usage
. Worked on process compliance teams responsible for developing and/or
modified processes and tools in accordance with industry standards and
best practices (SOX/ISO 27001/PCI-DSS)
. Led monthly Information Security Reporting, Patch Management, Security
Risk Vulnerability Assessments
. Participated on Information Security teams responsible for conducting
risk assessments on new system development initiatives
. Planned and coordinated quarterly audits of IT risk controls related
to information security, data privacy and SDLC; including communicating
requirements, gathering the evidence, reviewing and documenting findings
. Developed action plans to address audit findings; coordinated corrective
action plans with impacted functional areas; and followed-up to ensure
compliance
. Supported internal audit initiatives (i.e. answer questions, provided
evidence)
May 2007 to February 2012
(I was laid off after Xerox completed its acquisition of Affiliated
Computer Services)
Xerox / Atlanta, Georgia
INFORMATION SECURITY COMPLIANCE ANALYST
. Evaluate, design, develop, implement and / or integrate security
solutions may include, but are not limited to SIEM, Vulnerability
Management, DLP, Identity and Access Management tools
. Perform security investigations and compliance reviews as requested by
external auditors
. Lead teams tasked with the design, integration, development, validation
and implementation of specific security policies, systems and services.
. Monitor internal control systems to ensure that appropriate information
access levels and security clearances are maintained
. Establish firewalls and configure according to business unit
specifications
. Maintain proficiency for technical responsibilities, through self-
directed training and training programs
. Supporting, administrating, managing IAM services, including:
authentication, access provisioning, AD administration/management and AD
data integration
. Measure service performance in accordance to these SLAs
. Responsible for executing and managing projects related to risk
management, compliance, control assurance and user awareness
. Develop and implementing of security policies, procedures and standards
to meet compliance responsibilities
. Create processes and procedures for the IT audit governance program
. Configure, monitor and maintain software firewall implementations on
desktops
. Maintain up-to-date procedures and documentation to support
IT security processes
. Monitor vulnerability notices and provide engineering support
for security patch distribution
. Monitor performance and activity of information security systems and
services
. Deploy and configure security solutions in accordance with policies and
control standards
. Identify potential threats or breaches, and lead the various technical
teams to remediate the threats
. Conduct investigations into incident response activity
. Perform quarterly testing of all applications and network elements for
adherence to company security policies.
1994 to May 2007
(Various Permanent/Contracting Positions)
ORACLE DEVELOPER/DATABASE ADMINISTRATOR
Philadelphia, Pennsylvania /Atlanta, Georgia
. Created reports, procedures, and processes using Oracle Forms & Reports,
PL/SQL and SQL
. Developed new procedures and packages with the use of PL/SQL that
extracts data from multiple systems
. Designed end user reports
. Analyze and define existing business processes and interdependencies
. Document existing and new processes through workflow diagrams (processes,
entities, etc)
. Design and implement Disaster Recovery solutions (dataguard, good backup
/ recovery, etc)
. Shared 24/7 "on-call" support of production database services to ensure
the highest standards
EDUCATION
Morgan State University
BS, Computer and Information Sciences and Systems - May 1994
Contact this candidate