Career Summary

Information Technology Professional with 20 years of experience, including

Project Management, Information Security, IT Governance, Risk and

Compliance (GRC) and SIEM. Has familiarity with security regulations in

compliance legislation and other directives including PCI DSS, SOX and

ISO27001. Well versed in leading projects around Governance & Compliance,

Security Audits, Security Operations, Regulatory Compliance, Incident

Analysis and Security Event and Information Management. Possess a broad

knowledge of hardware, software, and networking technologies for analysis,

implementation, and support. Detailed knowledge of security tools,

technologies and best practices. In search of a position that allows me to

utilize my diverse background as a developer and security professional to

make a meaningful contribution to the organization

[pic]

SKILL SUMMARY

Governance & Compliance Archer

SOX Active Directory

HIPAA MS Exchange Server

PCI DSS BMC Remedy

ISO27001 Qualys

Security Information and Event Management Service Now

Risk Life Cycle Assessments Bindview

Compliance Assessments

Identity & Access Management

Vendor Management

Vulnerability Assessments

System Monitoring

MS Patch Management

Work Experience

June 2013 - Present

(Contract ends in May 2014.)

FINRA / Rockville, Maryland

IDENTITY AND ACCESS MANAGEMENT ANALYST

. Performed company-wide access reviews for Active Directory (AD) network

accounts and membership groups for FINRA resources and Enterprise Web

Security (EWS) accounts and performs as a liaison with various

departments throughout the organization to provide recommendations to

mitigate risks and gaps or to promote best practices in limiting access

to FINRA technical resources

. Monitor adherence to company-wide stated controls and policies for

scheduled and periodic audit reviews for Sarbanes Oxley (SOX), internal

audit, and 3rd party independent verification and validation (IV&Vs)

reviews

. Evaluate access requests for compliance to corporate information

security standards, policies and procedures, and business access rules

. Assess procedures and controls related to network and application

accounts and identify deficiencies

. Use Empower ID which provides information on AD accounts (user or

admin), group memberships or terminated users

. Utilize Remedy On Demand to request and document account requests and

analyze conformity to standards and policies

. Configure network folder structure and group memberships within Active

Directory

. Responsible for developing and maintaining company-wide department

procedures to meet FINRA requirements on enterprise-wide initiatives to

include information management (department Information Privacy and

Protection Policy (IPPP) and Guidelines business continuity plans

(BCPs))

. Develop and maintain on a quarterly basis department procedures to

ensure compliance to FINRA requirements

. Conduct oversight activities related to ensuring adherence to FINRA's

policies and procedures regarding the security of and access to personal

confidential information (PCI) and restricted confidential information

(RCI)

April 2012 - May 2013

(I decided to leave Atlanta after 17yrs to relocate back to the northeast)

Coca-Cola Refreshments / Atlanta, Georgia

INFORMATION SECURITY ANALYST

. Led day to day operations of the corporate identity access management

(IAM) services

. Work with the IT Service Desk on IAM provisioning

. Support and coordinate the design, implementation, and maintenance of

internal systems and vendor hosted systems to ensure acceptance and

proper usage

. Provide vendor management and product selection leadership when necessary

. Support, and manage VPN systems

. Review security event log data and investigate anomalies

. Support and maintain file integrity monitoring systems

. Prepare project plans, presentations, and reports on assigned projects

and department performance metrics

. Maintain antivirus management system /anti-malware system, monitor for

viruses, and validate signatures are up to date enterprise wide

. Monitor IDS, IPS and application firewall alerts

. Assist with guidance on encryption technologies, standards, and usage

. Worked on process compliance teams responsible for developing and/or

modified processes and tools in accordance with industry standards and

best practices (SOX/ISO 27001/PCI-DSS)

. Led monthly Information Security Reporting, Patch Management, Security

Risk Vulnerability Assessments

. Participated on Information Security teams responsible for conducting

risk assessments on new system development initiatives

. Planned and coordinated quarterly audits of IT risk controls related

to information security, data privacy and SDLC; including communicating

requirements, gathering the evidence, reviewing and documenting findings

. Developed action plans to address audit findings; coordinated corrective

action plans with impacted functional areas; and followed-up to ensure

compliance

. Supported internal audit initiatives (i.e. answer questions, provided

evidence)

May 2007 to February 2012

(I was laid off after Xerox completed its acquisition of Affiliated

Computer Services)

Xerox / Atlanta, Georgia

INFORMATION SECURITY COMPLIANCE ANALYST

. Evaluate, design, develop, implement and / or integrate security

solutions may include, but are not limited to SIEM, Vulnerability

Management, DLP, Identity and Access Management tools

. Perform security investigations and compliance reviews as requested by

external auditors

. Lead teams tasked with the design, integration, development, validation

and implementation of specific security policies, systems and services.

. Monitor internal control systems to ensure that appropriate information

access levels and security clearances are maintained

. Establish firewalls and configure according to business unit

specifications

. Maintain proficiency for technical responsibilities, through self-

directed training and training programs

. Supporting, administrating, managing IAM services, including:

authentication, access provisioning, AD administration/management and AD

data integration

. Measure service performance in accordance to these SLAs

. Responsible for executing and managing projects related to risk

management, compliance, control assurance and user awareness

. Develop and implementing of security policies, procedures and standards

to meet compliance responsibilities

. Create processes and procedures for the IT audit governance program

. Configure, monitor and maintain software firewall implementations on

desktops

. Maintain up-to-date procedures and documentation to support

IT security processes

. Monitor vulnerability notices and provide engineering support

for security patch distribution

. Monitor performance and activity of information security systems and

services

. Deploy and configure security solutions in accordance with policies and

control standards

. Identify potential threats or breaches, and lead the various technical

teams to remediate the threats

. Conduct investigations into incident response activity

. Perform quarterly testing of all applications and network elements for

adherence to company security policies.

1994 to May 2007

(Various Permanent/Contracting Positions)

ORACLE DEVELOPER/DATABASE ADMINISTRATOR

Philadelphia, Pennsylvania /Atlanta, Georgia

. Created reports, procedures, and processes using Oracle Forms & Reports,

PL/SQL and SQL

. Developed new procedures and packages with the use of PL/SQL that

extracts data from multiple systems

. Designed end user reports

. Analyze and define existing business processes and interdependencies

. Document existing and new processes through workflow diagrams (processes,

entities, etc)

. Design and implement Disaster Recovery solutions (dataguard, good backup

/ recovery, etc)

. Shared 24/7 "on-call" support of production database services to ensure

the highest standards

EDUCATION

Morgan State University

BS, Computer and Information Sciences and Systems - May 1994

Contact this candidate