Post Job Free

Resume

Sign in

Project Management Information Security

Location:
Los Angeles, CA
Posted:
January 28, 2024

Contact this candidate

Resume:

Resume:

PATRICK OGOH

215-***-****

Email ad26k8@r.postjobfree.com

Senior Information Engineer

A qualified Risk and Compliance expert with an excellent reputation for implementing and managing security controls by skillfully evaluating strategic workflow business and organization systems, with a team committed spirit of combining technology and project management expertise at strategic and tactical level to strengthen IT security, Identity Access Management to support growth and build productivity.

Business Solutions: Has achieved successful track record in the application of enterprise risk management expertise to ensure compliance, audit remediation, vendor assessment and disaster recovery, in the design and delivery of mission critical systems.

Project Collaboration: Utilizes the strength in working as a liaison with cross-functional talent to successfully implement complex initiatives with skills in integrating diverse disciplines.

Strategic Analysis: Solves technology problem most time, and also act as an analytical thinker with intuitive insight into what it takes to organize and deploy resources to deliver cost-effective results. Play Key roles in risk assessment, network monitoring and information security issues. A solid contributor as content expert and consultant to senior leadership on enterprise planning to meet current and future technology security needs.

EDUCATION AND TRAINING

BSc Civil Engineering Southern Polytechnic State University, Marietta. Georgia.

MSc. Project Management, Colorado Technical University, Denver. Colorado.

Phd. Computer science Colorado Technical University, Denver. Colorado

ISACA- CISM, CISA Certified, CISSP (Prep for Exam)

Azure Security.

Standards: Cisco LAN Switching, Advance Router and router configuration, Novell Netware 3.12-5.0

ORACLE CERTIFIED DATA BASE PROFESSIONAL Oracle 8i, 9i, 12g Certified

TECHNICAL SKILLS

Computers – Compaq ProLiant 5500, PowerEdge 2100/2200 server, Compaq-ProSigma 500 Server.

Operating System – Red Hat Linux, Windows (98, XP, 3.1, NT, 2000), Novell Netware, Dos.

Software – Solar winds Network Monitoring and Management Application, Kali Linux, Archer, Carbon Black, NetScout nGenius Real Time Monitor, Remedy, Microsoft Office Suite, Fluke Protocol Inspector, Network Stumbler wireless analyzer and IBM QRadar, Splunk, Checkpoint and Solar Wind for DLP. GE Mark VI, GE Security ST, Qualys, SecureWorks.

Routers/Switches – Cisco (2500, 2600), Cisco Catalyst (2900, 6500,7206VXR), Palo Alto Network, 3Com LanPlex

Application – Network General Sniffer, Fluke Network Analyzer, PAM, IBM ISIM, SAP GRC.

Major Competencies

IT Compliance Program Initiatives . Cross Function Collaboration

Information Security and Compliance Liaison . Team Building Leadership

Intradepartmental Presentation/Support . Project Management

New Technology Implementation . Process Automation/Cost Mitigation

IEHP Inc., Rancho Cucamonga, California. 2/2022 – 5/2023

Senior Cyber Security Engineer/ Vulnerability Management Engineer

•Assess alignment with FFIEC, FIFPS,SOX, GLBA, GDPR, HITECH, PCI-DSS, ISO-27001 and NIST- 800 controls for critical enterprise systems; develop effective and efficient processes to remediate compliance gaps.

•Designed a more efficient reporting system to facilitate identification of thousands of threats to financial, operational and IT risks to sensitive endpoints and corporate information, enabling a much prompt action as issues are identified using Qualys.

•Have working knowledge of Identity & Access Management products like Azure Security Identity Manager.

•Automated scripts using power shell and understands the use of the Federated Services of SAML, LDAP with IBM Identity and Access Management, AD.

•Evaluates intrusion detection/prevention and data loss prevention tools using Microsoft Defender.

•Understand system design of Secure network in both cloud (AWS, Azure, etc.) and conventional environments to promote security architectures to protect serverless instances in containers of S3 bucket.

•Performed the integration of Active Directory, Azure AD, Intune with client operating systems.

•Perform OE and DE on Patch Management and vulnerability SOC issues.

•Mapping Risk based on Archer governance tool structure and recommending controls to mitigate risk.

• Managed IT projects and motivated cross-functional teams, ensuring clear communication, collaboration, and accountability using project management principles.

•Prepared Vulnerability Management and Patch Management program for the organization.

•Install agents in Qualys and create tags to critical assets for vulnerability assessments with visibility reporting.

•Installed and configured crowd strike falcon application for endpoint protection.

Cottage Health Hospital, Santa Barbra, California. 2018 – 2/2022

Senior Information Security Engineer/ Cybersecurity Engineer

•Performed enterprise and vendor regulatory; scope assessment, gap analysis, risk evaluation, security reviews, and compliance monitoring.

•Facilitate completion of internal and external risk assessments and resolution of resulting findings through successful interface with internal business partners and external vendor contacts for 200 vendor relationships and 420 applications, spanning a global system of networks.

•Designed a more efficient reporting system to facilitate identification of thousands of threats to financial, operational and IT risks to sensitive customer and corporate information, enabling a much prompt action as issues are identified.

•Assess alignment with FFIEC, SOX, GLBA, GDPR, HITECH, PCI-DSS, ISO-27001 and NIST- 800 controls for critical enterprise systems; develop effective and efficient processes to remediate compliance gaps.

•Managed endpoint protection and monitoring using the SentinelOne endpoint tool

•Arranged and perform Tenable tool for Vulnerability scan, Penetration test, Vulnerability Test, Data Encryption, scheduling test and the follow up to the test result for remediation.

•Utilized the crowd strike tool for antivirus / malware detection implementation.

•Configured numerous internal and external SecureAuth SSO, MFA authentication/authorization setups for different projects.

•Utilize the expedition tool to remediate Palo Alto firewall 220 policy rules to 6280 firewalls and proxy.

•Used SecureWorks SIEM connected with endpoint devices for detection and remediation using Qualys analysis.

•Participate in the Cybersecurity team for the implementation SCADA ICS patient monitoring solution system to help healthcare providers in wider spectrum.

•Liaise with Management to create a new Business Continuity and Disaster Recovery document for the Information technology system.

•Encryption of data using tools in database and HTTPS emails

•Automated scripts using power shell and understands the use of the Federated Services of SAML, LDAP with IBM ISIM Identity and Access Management, active directory (AD).

•Performed enterprise and vendor regulatory; scope assessment, gap analysis, risk evaluation, security reviews, and compliance monitoring.

•Serve as the back-up to the AWS IAM lead as it relates to project engagement, IAM tool governance, analysis & implementation of automation opportunities, and security architecture/engineering consultation.

•Analysis of third party vendor RFIs and generate report based on compliance on organization risk assessment requirements.

•Wrote and peer reviewed different hospital devices third party vendor security reviews before hospital purchase.

•Automated scripts using power shell and understands the use of the Federated Services of SAML with Identity and Access Management.

•Have working knowledge of Identity & Access Management products like IBM Security Identity Manager, and IBM Security Access Manager.

•Use REST connector to call REST services enabling Oracle Integration with Oracle Cloud application.

•Configuration of terraform for CI/CD implementation.

•Utilize the Solar Wind tool for data loss prevention monitoring and optimization.

•Performed risk management controls utilizing Archer GRC tool .

•Participated in analyzing, and writing security related standard procedure for the user administration, roles, and profile generation following SOX Compliance and SOD.

•Part of the Business Continuity and Disaster recovery team to manage the process if it ever occur.

•Managed security service provider to meet organization security requirements and business strategy.

•Created a web service using WSDL file URL stored locally in your machine or online as the admistrator.

•Understand system design of Secure network in both cloud (AWS, Azure, etc.) and conventional environments to promote security architectures to protect serverless instances in containers of S3 bucket.

•Remediation of PaloAlto firewall and writing of rules to mitigate security vulnerability to the network.

•Developed change management strategy and managed team charter towards the execution plan that supports goals, maximizes employee adoption and usage and minimizes resistance.

•Configured and maintained EC2 instances, S3 storage, Redshift, RDS, Cloud Formation and CloudTrail.

•Configured SailPoint I AM for inventory application for retired devices in the organization.

•Conduct Assessments of security controls and write new control when needed.

•Design and configure AWS management console for S3, EC2, Route 53, cloudFront, CloudTrail etc.

exchange of requested deliverables, and facilitate timely resolution of audit findings. Analyze business needs and document business requirements for compliance, regulatory, and integration initiatives.

•Performed firewall remediation of PaloAlto and configured various application scan based on OWASP requirements.

•Implement processes and procedures to retire and decommission enterprise applications; successfully balance business user needs with security control requirements in support of Bank divestiture initiatives.

•Manage 120 Wells Fargo Bank application portfolios within the Enterprise Application Inventory system of record; provide oversight via change management process to ensure ongoing accuracy and integrity of application profiles. Lead compliance projects and initiatives to implement and monitor appropriate and effective IT controls that comply with regulatory requirements and align with industry best practices.

•Assess alignment with FFIEC, SOX, GLBA, PCI-DSS, ISO-27002, ISO- 22301 and NIST- 800 controls for critical enterprise systems; develop effective and efficient processes to remediate compliance gaps.

•Analysis of third party vendor RFIs and generate report based on compliance on organization risk assessment requirements

•Provide subject matter expertise and oversight for risk related findings stored within the Archer GRC implementation.

•enterprise system of record; work with Finding Assignees towards appropriate resolution, create weekly status reports for executive management and detailed finding analyses for finding assignees.

•Drove a PCI DSS compliance project that implemented stringent information security controls, leading to the achievement of PCI compliance status, which significantly reduced the exposure to millions of dollars in fines and penalties as well as the loss of reputation associated with corporate credit card data breaches.

Southern Company Inc. Atlanta, Ga. 2011-2013

Senior Information Security Engineer /Cybersecurity Engineer

•Extensive experience with the implementation of IBM Security Identity Manager for access management.

•Experience with using the Service Now software to monitor the work queue.

•Conducted information systems audit and security reviews, interfaced with clients, consultants, and vendors as necessary to obtain necessary information.

•Designed a more efficient reporting system to facilitate identification of thousands of threats to financial, operational and IT risks to sensitive customer and corporate information, enabling prompter action as issues are identified.

•Enforced governance policies and procedure by conducting internal and external risk assessments, mitigating factors, implementation and reporting the change control process.

•Identify opportunities for improved cybersecurity controls for Operational Technology systems and environments.

•Used the administrative tool to access control configuration and integration with vulnerability data of Archer GRC tool.

•Analyze and validate publicly disclosed and internally identified vulnerabilities in operational technology systems and environments

•Experience using SAP GRC Access Control Components of Business Role Management (BRM), Access Request Management (ARM), Emergency.

•Ensured efficient management of Oracle database storage (extents, segments, rollback segments, temporary segments etc.) for optimal database performance.

•Backup and recovery of databases: automated backups on Windows NT and UNIX servers.

•Created and administered database users and privileges.

•Performed database performance tuning for Oracle: Tuned SQL statements, Memory. utilization–databases (SGA: db_cache, shared pool, Library pool, dictionary pool & PGA).

•Installed, configured and administered Real Application Cluster databases.

•Administered OS file system utilization, monitoring, swap usage, CPU utilization, file I/O, and network tracing for Oracle.

•Recovered corrupted data blocks.

•Performed troubleshooting, and resolution of complex database problems by closely monitoring, diagnosing and tuning database performance issues; identified problems and implemented solutions; ensured database was running at optimal speed and efficiently tuned and optimized Database Buffer cache, db_cache, PGA, Library cache, Dictionary cache, SQL statements using scripts, Oracle Statspack, Oracle trace, TKPROF, OEM, spotlight, Toad and DBArtisan.

•Developed, tested and deployed Oracle PL/SQL programs for database automation activities.

•Cloned Oracle Applications and databases from production to test/development environments.

•Database security Management, Session management. Performed object level, session, logon and system wide database audits of users to ensure user compliance with corporate security and controls standard, and SOX Act.

•Created and administered database users, roles, privileges and profiles.

•Used log miner for auditing Oracle databases, and to easily locate changes and analyzed database object changes, as well as to rollback logical data corruptions or user errors.

•Reorganized database structure as needed: Automate procedures at regular intervals; used scripts to reorganize or de-fragment database table spaces, tables, and indexes; Resolutions database block corruption problems.

•Managed multi-node clustered and non-clustered databases in a replicated and non-replicated environment running on UNIX raw devices and file systems.

•Creation and configuration of Hot Standby Database and Data Guard across multiple servers.

US Navy New Orleans, LA. 2001 – 2004

Maxim Group Inc.

Oracle Database Administration

•Installed and configured Oracle 8.0.6 and 8.1.5 on NT and UNIX.

•Created and administered database and application users and privileges.

•Creation and configuration of Hot Standby Database.

•Database data modeling using ERWIN, MS-Visio & ERD

•Installation and configuration of Oracle web server (3.5 and 4.5)

•Writing SQL, PL/SQL and shell scripts.

•Cloned Oracle databases from production to test and Development environments.

•Scheduled and automated tasks on UNIX and Windows NT.

•Created databases, performed upgrades and migrated several oracle 7.3.4 databases to 8.0.6, and 8.0.6 to 8.1.7.

•Database reorganizations; Resolutions database block corruption problems.

•Performance tuning and optimization of Oracle databases (Database Buffer cache, Library catch, Dictionary catch, SQL statement tuning, I/O and CPU).

•Interfaced with vendors, project implementation groups & end users.

•Assisted Users on database & System related issues.

•Loading databases using SQL-LOADER; Data refresh using Import & Export.

•Database Monitoring, Maintenance, Space Management and Re-organization.

•Installation & Configuration of Oracle client-Server Software/Products.

•Created Roles, Users, and Granting Privileges to Users.

•Assisted Developers with database issues and problem resolutions.

•Experienced tuning SQL statements using SQL TRACE, TKPROF and EXPLAIN PLAN Utilities.

•Configuration of SQLnet, Tnsnames & Listeners for all databases.

•Gathering user requirements for new projects.

•Planned and coordinated testing of the newly developed or enhanced applications between the business and the development teams.

•Developed database logical & physical design for projects, using VISIO



Contact this candidate