Sr. Manager Information Security & Risk Management
Resume:
SALMAN SHEIKH - CISSP, CISM, CISA
Plano, TX ************@*******.*** Mobile 201-***-****
OBJECTIVE
To be a strategic member of a dynamic company’s Information Security Team which can utilize my security and management experience and present an opportunity to be part of its future growth.
AREAS OF EXPERTISE
INFORMATION SECURITY & RISK MANAGEMENT
Information Security & Enterprise Risk Management
Third Party Risk Management
Vendor & Enterprise Risk Assessments
Shared Assessment Program – Shared Information Gathering Questionnaire (SIG)
Information Technology Audit
Information Technology Security Risk Assessment
Disaster Recovery & Business Continuity
Security Incident Response & Mitigation
Application and Systems Vulnerability Management
Review contracts for adequacy of Security Controls
Network Security (IDS/IPS, Proxy, SIEM, etc.)
Due Diligence Review (SSAE16, PCI, ISO, etc.)
PCI Self-Assessment
Privacyh
CERTIFICATIONS
CISSP: CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONAL
CISA: CERTIFIED INFORMATION SYSTEMS AUDITOR
CISM: CERTIFIED INFORMATION SECURITY MANAGER
CRISC: (PLANNING TO TAKE THE EXAM IN DECEMBER, 2016)
SPECIALTIES
Enterprise Risk Management
Vendor Management
Information Security
Network Security and Vulnerability Management
Experienced in Financial industry and understand best practices and controls that should be implemented by an organization to remain compliant with ever changing regulatory and security landscape.
Worked with leading financial organizations to ensure compliance with their regulatory, contractual, security frameworks, etc.
PROFESSIONAL EXPERIENCE
DEALERTRACK, INC JULY 2012 – Present
Sr. Manager Information Security & Risk Assessment
Manage Third Party due diligence requests supporting over 1500 financial institutions and annually respond to over 500 due diligence requests from various financial institutions (e.g. Bank of America, Chase, Capital One, etc.).
Lead and represent Dealertrack, Inc. during onsite audits performed by various financial institutions (e.g. Bank of America, Chase, Capital One, etc.).
Coordinate and manage remediation efforts with various infrastructure and technology groups for open findings from lender/client audits.
Manage client relationships with various financial institutions
Annually review Dealertrack, Inc. Information Security & Risk Management Program document to provide an overview of information security policies and practices to in place at Dealertrack, Inc. to our clients and customers. The document includes a completed Standardized Information Gathering (SIG) questionnaire.
Manage Third Party due diligence program for Tier 1 and Tier 2 vendors at Dealertrack, Inc.
Coordinated and managed the SSAE 16 SOC II certification project for Dealertrack.com.
Engaged a Third Party to perform an assessment for internal controls for Dealertrack.com to meet the criteria for the Security, Availability and Confidentiality Trust Services Principles for a SSAE 16 SOC II report.
Perform onsite and remote assessments for new vendor relationships.
Perform annual assessments of Tier 1 and Tier 2 vendors.
Publish Third Party Risk Assessment reports with detailed remediation plans with assigned Risk Ratings and remediation timelines.
Coordinate and manage remediation efforts for the identified findings from the Third Party Assessments.
Perform Enterprise Risk Assessment of various business units and companies acquired by the Dealertrack, Inc.
Publish detailed Information Security Assessment Report with remediation plans, assigned Risk Ratings and remediation timeline to executive management and business team.
Coordinate and manage remediation efforts for risks identified during Enterprise Risk Assessments.
Evaluated and selected Governance Risk & Compliance (GRC) solution for the Dealertrack, Inc.
Created Dealertrack’s Archer GRC design specifications for Archer deployment within the organization.
Deployed Archer GRC solution within Dealertrack, Inc. in conjunction with the Archer Professional Services team.
Designed and documented Enterprise module within Archer to centrally document Dealertrack Technologies, Inc. business hierarchy and infrastructure within Archer application.
Centralized vendor data to manage vendor relationships to ensure compliance with Dealertrack security and contractual requirements.
Developed Threat Management module within Archer to capture high and medium risk network and application vulnerabilities.
Manage relationship with Verizon Cybertrust to maintain CyberTrust SecureSite certifications for 13 corporate sites in North America.
Perform PCI self-assessment of various business units that fall under PCI guidelines for card holder data processed by various business functions.
Annually review and enhance organization’s Information Security Policies, procedures, guidelines to keep them up to date with current regulatory and contractual requirements.
Evaluated and deployed AirWatch mobile device management solution within the organization.
Implemented security controls to ensure secure divestiture of a business unit.
Evaluated and selected SANS Securing the Human Security Awareness program for Dealertrack.
CITI – PSO (PERIMETER SECURITY OPERATIONS) NOV 2011 – JULY 2012
Duty Manager
Managed a team of 5 highly motivated Firewall and Proxy engineers.
Provided world class support to one of world’s largest financial organization clients for all firewall and proxy related issues and problems.
Plan, design and manage deployment of critical infrastructure devices globally with no service impact and complete business application testing.
Developed PSO’s response to high severity incidents such as DDoS. (Distributed Denial of Service), worm propagation, external intrusions and internal threats.
Managed high severity security incidents and DDoS (Distributed Denial of Service) events.
Conducted review of all internet facing infrastructure to mitigate DDoS
Provided weekly reports for key performance indicators and productivity to senior management.
Evaluated emerging firewall and proxy solutions.
Business Recovery Coordinator (BRC) for PSO and SOC. Responsibilities included COB (Continuity of Business) testing, BIA (Business Impact Analysis) RTO (Recovery Time Objective) and RPO (Recovery Point Objective) for all PSO applications and Data Centers.
CITI – SOC (SECURITY OPERATIONS CENTER), DALLAS MARCH 2010 – NOV 2010
Shift Manager
Migrated Security Operations Center functions from Mexico to Dallas
Established Security Operations Center (SOC) to deliver real-time world class information security analysis, incident detection and response to reduce the risk the business and business partners are exposed to conducting business in high-tech marketplace.
Devised strategies to monitor and counter threats from vulnerabilities such as computer viruses, worms, system intrusions and malicious network behavior
Provided senior management with Key Performance and Risk Indicators reports on a weekly basis
SOC operations were implemented to follow the sun global workflow between Dallas and Singapore SOC teams to provide 24/7 coverage
Assess risk of the newly announced vulnerabilities and malicious codes.
Monitor and escalate intrusion detection system (IDS), Firewalls, VPN and Proxy system alerts.
Perform vulnerability assessment scanning & remediation tracking processes.
Serve as the single point of contact for all global network security events.
DEALERTRACK, INC - NETWORK SECURITY JUNE 2007 – MARCH 2010
Network Security Manager
Strategically manage enterprise security with various business units to drastically enhance security throughout the enterprise.
Successfully align security initiatives with business objectives to setup new security technologies.
Centralize security monitoring company-wide by setting up SIEM (Security Information Event Management) to correlate and respond to security events from Firewalls, IDS, Antivirus and Vulnerability assessment information.
Setup DLP (Data Loss Prevention) tool to minimize risk of company PII information from insider threats.
Deploy Bluecoat Proxy SG 810 and 510, maintain corporate Web and FTP access policies.
Manage and setup a 24X7 Security Operations Center to monitor security alerts and incident response for Production and DR facilities.
Maintain CyberTrust SecureSite certifications for 13 corporate sites in North America.
Perform risk assessments of business units for senior management.
Deploy full disk encryption solution to companywide laptops.
Build enterprise-wide vulnerability management and patch management system to mitigate risk from security vulnerabilities and threats.
Achieved 100% critical patch deployment status throughout the company.
Successfully host executive meetings to get senior management buy-in on security projects to increase budget allocation.
Create security policies, procedures and standards for country-wide implementation.
Setup a security awareness program that was built into the new hire program.
Facilitate third party onsite and data center security review.
CITIGROUP – DATA PROTECTION, E-MAIL CONTENT MONITORING CENTER (CMC), NY JUNE 2007 – MARCH 2010
Content Monitoring Analyst (AVP)
Analyzed and managed Content Monitoring Events.
Managed roll-out project weekly meetings.
Supported day to day operations of Content Monitoring (CM) application.
Helped identify and gather Personally Identifiable Information (PII) to monitor across global countries in Citigroup network.
Created rule set to identify PII data leakage from Citigroup network.
Performed UAT and pre-production testing of CM rule sets.
Analyzed, classified, escalated and remediated violations.
Coordinated remediation of violations with business representatives.
Performed risk and controls self-assessment exercises.
CITIGROUP – CITIGROUP THREAT ASSESSMENT CENTER (CTAC), NY NOV 2003 – JUNE 2006
Shift Manager
Managed and worked with a team of 6 Security Engineers to:
Monitor, respond and track information security threats such as new vulnerabilities, malicious codes, early warning data about potential threats or attacks and possible probes against Citigroup’s infrastructure.
Assess risk of the newly announced vulnerabilities and malicious codes.
Monitor and escalate intrusion detection system (IDS), Firewalls, VPN and Proxy system alerts.
Perform vulnerability assessment scanning & remediation tracking processes.
Serve as the single point of contact for all global network security events.
Manage global McAfee ePO Anti-virus platform and help team produce global virus protection status reports.
Perform risk and controls self-assessment exercises.
Participate and perform in ad-hoc projects and analysis tasks.
DANNON INC, TARRYTOWN - NY NOV 1999 – NOV 2003
Sr. Network Support Engineer
Provided prompt and courteous front-end technical support for customers.
Designed and implemented Microsoft Software Update Services in the company. Tested Microsoft critical updates for deployment, scanned network for vulnerabilities.
Automated patching and service pack deployment using Microsoft SUS
Designed and deployed Windows 2000 Domain and infrastructure for corporate HQ and remote sites. Also, maintained DNS, DHCP and WINS.
Managed Norton Anti-Virus corporate edition 7.6. Server & Clients and the deployment of NAV definitions.
Implemented IBM Director across the network to manage IBM and Compaq Servers.
Built Citrix Meta-Frame Servers and provide support for 800 Citrix users. Also, tested and published applications on Citrix servers.
Provided Desktop support for over 1000 LAN and Remote users.
Designed and implemented Windows 2000 Professional and Windows 98 SE images company-wide.
Configured Lotus Notes Client for remote and LAN users.
Helped investigate network problems to determine root cause and provide solution.
CHASE, MANHATTAN CORPORATE HEADQUARTERS, NY OCT 1998 – OCT 1999
System Administrator (thru Peak Systems)
STATUS
US CITIZEN
REFERENCES
PROVIDED UPON REQUEST
Contact this candidate