Michael Tawanda Mangenje

Phone No: 248-***-****

E-mail: ad0lny@r.postjobfree.com

Experienced Information Security Analyst

15+ years of experience in delivering optimal results and business value in high growth environments.

Detail oriented and performance driven professional with expertise in safeguarding the organization from IT threats and risks through effective operational and internal controls. Facilitate security governance and compliance with multiple frameworks. Conduct IT internal audits. Liaise with key stakeholders to deliver innovative solutions.

Identify and secure opportunities that would influence the organization’s growth. Drive personnel to perform in line with the firm’s business objectives during the transformational process. Stay abreast with emerging technologies. Proactive leader with excellent decision making, analytical, communication, problem solving and interpersonal skills.

AREAS OF PROFICIENCY

Information Security

Wireless Networking

New Client Integration

Cost Reduction

Security Policies and Audit

Scripting For Network

Cyber Law

Security Controls

Risk Analysis/Security Surveys

Information Systems Threat Administration

Physical Security

Training & Development

Change Management

Strategic Alliances

Firewalls

Security Awareness

SEIM

Disaster Recovery

Social Engineering

Risk Analysis

IDS

Cross Functional Coordination

Privacy & Compliance

DLP

TECHNOLOGIES

AWS

Cisco Wireless

New Client Integration

VMWare

Windows Operating Systems

Scripting For Network

BMC Remedy

iOS & Android

Information Systems Threat Administration

Microsoft Exchange

LAN Sweeper

VPN

Windows Server

Linux

VoIP

SolarWinds

LastPass

Cisco AnyConnect

Symantec Endpoint Protection

CERTIFICATIONS

Comp TIA Certified Technical Trainer (CTT+).

Microsoft Certified Systems Administrator (MCSA).

Microsoft Certified Technology Specialist (MCTS).

Microsoft Certified Trainer (MCT).

Comp TIA Security+ Certified.

Comp TIA A+ Certified.

ACADEMIC CREDENTIALS

Master of Information Assurance, University of Detroit Mercy.

Bachelor of Information Technology and Security, Baker College, Auburn Hills, MI.

KEY STRENGTHS AND ACHIEVEMENTS

Proven expertise in various system development methods. Possess in-depth knowledge of virtualization technologies and clinical application systems.

Recommended new approaches, methods and technologies to facilitate the organization’s transformation.

I played a pivotal role in creating and implementing the Identity and Access Management (IAM) strategy. I collaborated with cross-functional teams to design, develop, and execute robust IAM frameworks to enhance security and streamline user access across the organization. My responsibilities included:

1. **Strategy Development: ** Led the formulation of State Farm's IAM strategy, aligning it with business objectives and compliance requirements. Developed a comprehensive roadmap for identity lifecycle management, access controls, and authentication mechanisms.

2. **Policy Design: ** Designed IAM policies and procedures, ensuring adherence to industry standards and best practices. Implemented role-based access control (RBAC) and least privilege principles to mitigate risks and maintain data confidentiality.

3. **Technology Evaluation: ** Conducted thorough assessments of IAM technologies and solutions available in the market. Collaborated with IT teams to select and implement suitable tools for identity provisioning, single sign-on (SSO), multi-factor authentication (MFA), and privileged access management (PAM).

4. **Collaborative Partnerships: ** Fostered strong partnerships with IT, security, and compliance teams to ensure seamless integration of IAM initiatives. Coordinated cross-functional workshops and training sessions to raise awareness and enhance understanding of IAM concepts.

5. **Risk Mitigation: ** Implemented continuous monitoring and auditing processes to detect and address potential security vulnerabilities. Developed incident response plans and contributed to threat modeling exercises to proactively mitigate risks.

Established structures and processes to plan and facilitate the orderly implementation of change.

‘Big 10’ experience in the Information Security and Controls field

Managed online training initiatives with clients based across the US during my tenure at Care Tech Solutions.

Implemented Computer Based Information Security Training (CBT) at Blue Cross Blue Shield of Michigan for all employees (over 10,000)

Managed Security awareness events at Blue Cross Blue Shield of Michigan including a very successful Ice Cream Social Engineering event.

Oversaw the training program at the Hospital for Special Surgery in New York during the transition to a new Service Desk Provider in 2013.

Led the technical training process at Crittenton Hospital and Medical Center during the transformation from Novell GroupWise to Microsoft Outlook 2010.

Instrumental in developing and presenting a statement as well as training for a service desk execution at a prominent hospital in New Jersey.

PROFESSIONAL WORK EXPERIENCE

Information Security Consultant, State Farm, March 2019 to Present

Providing security assistance to major business-related areas, projects, business solution delivery towers or initiatives primarily within Enterprise Technology that significantly utilizes security solutions and influences direction in the Security Sector.

Focusing on identifying risk associated with business decisions through early interactions with business areas to recommend, document & design high level security solution blueprints for the delivery of secure business solutions.

work with product owners, developers, and platform/technical security teams to apply the appropriate technical controls.

Championing Information Security best practices, and leading by example, also providing a security presence.

Identity & Access Control Analyst, State Farm, July 2018 to March 2019

Supporting and testing end-to-end security controls and tools

Developing documentation and maintaining information security identity and access control strategies

Applying identity and access control concepts and practices in accordance with industry standards

Evaluating vendor solutions and costs and coordination on-going budget for vendor capabilities

Researching emerging identity and access security topics, threats, capabilities and solution option

Developing and supporting the Identity and Access Management (IAM) strategy

Sr. Bank Technical Analyst, Information Risk and Security Consultants, State Farm

July 2017 to August 2018

Consulted with business area and development teams to understand the business need, assessed risk to data and infrastructure assets.

Designed security solutions (controls) to mitigate the risk.

Followed State Farm’s information security policy, standards and industry best practices to ensure GLBA requirements and FFIEC guidance are met.

oCreated new standards. Collaborated with the security policy owning teams to confirm the need, build the standard and secure Info Se officer sign off and implement the standard.

Collaborated with Info Security, development and IT risk review teams to complete risk and info sec design reviews. Work with the support and development teams to build and implement the controls designed.

Documented (including diagram) info sec risk assessments, which included inherent risk score, business and security requirements, info security solution design, list of controls, residual risk score.

Shared (present/walkthrough) the assessment reports with business area risk owners (leader/AVP), company leadership team and risk review teams for awareness and formal sign off accepting the residual risk before implementation.

Performed info sec risk assessments both at the vendor relationship level and at change/engagement level.

Performed both pre-contract review and periodic review of vendors to ensure the risk is maintained within established threshold. Reviewed SOC 2 (SSAE 16) reports.

Proof of concept of vendor product – Ensured the Info Security posture and controls meet Security Policy at State Farm.

Managed findings on IT security vulnerabilities and gaps in business processes, by remediating, mitigating, or recommending acceptance or transfer the risk.

oDesigned, developed and deployed a finding management process that helped in streamlining the management of findings that Bank info security owned – this also enabled reporting and closer tracking and ensure resolution to the finding.

Owned/Managed the team SharePoint site that’s primarily used to keep track of work assignments, store work papers, assessment reports and design documents.

Provided security solutions for initiatives spanning across the full spectrum of business operations:

oDeposits origination and servicing platform enhancements.

oLoan origination application enhancements and migration.

oLoan underwriting application deployment.

oMortgage origination, underwriting and servicing application enhancements and migration to new version.

oCredit Card origination application enhancements and new application deployment.

oCredit Card underwriting and servicing enhancements.

Security Controls Practitioner, Ford Motor Company, July 2016 to July 2017

Security and Controls Professional responsible for a portfolio of applications, and associated infrastructure, ensuring IT Controls are appropriate based on risk and are documented in compliance with the Information Security Policy, working with the Business Owner and Supplier

Facilitating communications with Vendors in identifying and documenting IT control.

Consulting Security Control Processes to the application teams and application business owners.

Facilitating communications with Operations and General Audit Office.

Identify Operations-Identified Comments and Risk.

Participate in Information Security presentations and events.

Consult with Infrastructure teams and coordinate with Internal Control Coordinators for Application/Infrastructure Control Reviews and Risk Assessments (i.e., ACR/ICR/CIA rating).

Provide support for audit process for the IT Operations, internal General Audit Office (GAO), and external audit parties. Facilitate the GAO Audit Information Request submission and interface with the audit team during all phases of the audit cycle including pre-planning, testing and formalizing identified gaps.

Assist the IT Operations services groups with the audit comment remediation development actions and monitor sustainable closure of the audit comments.

Provide guidance, direction and consultation for the annual IT Systems Control Review Program.

Assist with development of Business Continuity and Disaster Recovery plans (BC and DRP).

Review and approve as required for infrastructure controls reviews, decommissioning documents, and Enterprise Host Protection Audit Systems (EHPAS) filtering requests.

Participate or lead on-going global Infrastructure Security Controls process improvement initiatives.

Provide metrics and Security Controls and Compliance status to management periodically.

Information Security Governance, Risk & Performance Analyst, BCBSM, April 2015 to April 2016

Information Security management consisting of policies, controls and processes.

Conducting information Security training and awareness programs

Hosting new employee Information Security new orientation, groups of up to 100

Hosting specialty awareness training for executives and specialty groups like legal and application developers, groups of up to 20

Coordinate and host security awareness events across different BCBSM sites

Developed Information Security posters, advertisement and pamphlets to aid the awareness effort.

Implement Computer Based Training across the enterprise as well as work with Corporate Requisition in the process of selecting vendor for Computer Based Training

Work with many functional and business units: Enterprise Information Technology, Privacy & Security Compliance, Corporate & Financial Investigations, Corporate Compliance, Audit, Legal and others.

Provide input into information security incident management, especially for risk treatment process.

Perform cross-functional collaboration with the other members of the information security team to manage information security risk identification, mitigation and acceptance processes in coordination with security operations; risk planning, mitigation and remediation to address information security deficiencies.

Communicate effectively regarding security, privacy, risk, and compliance to senior business leaders and fellow team members, report status and performance to operational and executive management.

Performing vulnerability scans using tools like Qualys and Nessus and compiling reports for senior management.

Data Loss Prevention - making sure that end users do not send sensitive or critical information outside the corporate network. This included data on the cloud, on the premises as well as mobile devices.

Worked with Internal Audit, Executive Management and other departments to establish audits and reporting.

Conduct security assessment of Company’s network and computing architecture

Security Analyst II /Technical Trainer, Care Tech Solutions Inc., Troy, MI, August 2006 to April 2015

Vendor Risk Assessment with BMC systems on New Products, Product Upgrades

Lead regression testing efforts before and after vendor software upgrades to ensure functionality and compliance with HIPAA standards.

Hands on with the implementation, configuration and maintenance and use of security software which included SolarWinds, LastPass, Symantec Endpoint Protection and Cisco AnyConnect.

Working with several hospitals across the U.S. providing HIPAA and Security Awareness Training to hospital IT employees.

Assisting with the development and implementation of Security Policies

Assume responsibility for leading training initiatives. Mentor technical personnel to perform at an optimal level.

Oversee field support and communications functions. Authorize security access request. Facilitate system software and hardware upgrades. Manage BMC Remedy System.

Customer Service Representative, Audi of America, Rochester Hills, MI, August 2002 to August 2006

Supported authorized dealers in resolving customers issues. Collaborated with field support personnel in devising solutions for technical issues affecting vehicles.

OTHER WORK EXPERIENCE

Customer Service Intern, GMAC Financial Services Auburn Hills, MI, June 2002 to August 2002.

MEMBERSHIP

Active member of the Information Systems Security Association (ISSA).

SEMINAR ATTENDED

International Seminar on Cyber Security, De Montfort University, Leicester, United Kingdom, 2013.

SUMMARY

Michael Mangenje is an Information Security professional with more than 15 years in the Information Technology and Information Security fields. He has specialized knowledge in the field through both formal education and work experience. He graduated with an Information Security bachelor’s degree from Baker College and a master’s degree in information Security at the University of Detroit Mercy. He is an experienced instructor and trainer with several years of experience. He has worked in the Information Technology industry with a special focus on healthcare. He has worked with several hospitals as well as health insurance providers and is familiar with laws, regulations and standards like HIPAA, HITECH and HITRUST. Michael holds several industry certifications and is continuously researching the latest trends in Information Technology and Information Security. Michael has a keen interest in topics concerning Social Engineering, which has been shown to be the leading cause of data breaches in the past year. When not working Michael enjoys spending time with his family and traveling. He has travelled to most of the states as well as to Europe and Africa.

Contact this candidate