Information Security Software Engineer

Location:

Farmington, NY, 14425

Posted:

May 21, 2024

Contact this candidate

Resume:

Sean DePalma Email: ****@**********.***

Address: *** ******** *****, **********, ** 14425

Phone: 585-***-****

OBJECTIVE Dedicated GRC Professional with 15+ years of experience in identifying and mitigating potential risks. Strong knowledge of compliance, auditing, and regulatory requirements. Skilled in conducting risk assessments and developing effective strategies.

EXPERIENCE

Apr 2022 - Mar 2024 PRINCIPAL SOFTWARE ENGINEER

Dow Jones

Apr 2017 - Apr 2022 STAFF SYSTEMS ENGINEER

The Home Depot

Jan 2015 - Apr 2017 INFORMATION SECURITY ANALYST IV Global Payments Corporation

Jul 2013 - Jan 2015 GRC Manager

Global Payments Corporation

Jul 2010 - Jul 2013 INFORMATION SECURITY GOVERNANCE MANAGER

Synovus Financial Corporation

EDUCATION

Sep 1998 - May 1999 Computer Science

Bryant & Stratton

SKILLS

CERTIFICATIONS & COURSES CRISC

STATUS: ACTIVE

NUMBER: CRISC-1824089

CERTIFICATION DATE: 10 May 2018

CERTIFIED THROUGH: 2024

3-YEAR REPORTING-CYCLE: 2022-2024

Primary security and compliance resource for 31 multi-application containers within the AWS cloud

•

• Primary compliance resource for the B2B division

• Led the NIST-218 initiative to successful self-attestation. Led technical design and implementation of key security features for complex software systems

•

• Led the successful ISO certification effort for the B2B division.

• Designed and implemented policy/risk exception process. Committee member for all application/architecture reviews prior to production release

•

Managed and mentored cross-functional teams to deliver high- quality software products.

•

Collaborated with product managers to define and prioritize product requirements and roadmap.

•

Conducted code reviews and provided technical guidance to ensure adherence to best practices.

•

Team lead for Information Security Risk Assessments for hosted and Google cloud infrastructure.

•

Mentoring other team members in one-on-one setting and running group knowledge sharing sessions.

•

Team lead for Risk Exception documentation. Review all RA's and determine LOE for remediation vs. actual risk.

•

Work with the business to design workable/compliant mitigation/compensation controls.

•

Third Party Risk Management lead. Responsible for Archer development and management of The Home Depot vendor risk life cycle

•

Collaborated with vendors to evaluate new technologies and make recommendations in line with business goals.

•

Led cross-functional team in migrating critical systems to cloud infrastructure, ensuring uptime and scalability.

•

Designed and implemented automated deployment processes, reducing manual errors and increasing efficiency.

•

Provided technical expertise in troubleshooting complex system issues and implementing effective solutions.

•

Responsible for vendor due diligence assigned by the Vendor Management Office

•

Designed the Information Security Tools template process used for tuning of information security tools.

•

• Responsible for all Application design build documentation review Conducted vulnerability assessments and penetration testing on network infrastructure to identify risks.

•

Implemented and maintained security controls to ensure compliance with industry regulations and standards.

•

Collaborated with cross-functional teams to develop and execute strategies for improving security posture.

•

Managed security incident response, investigations, and remediation activities to safeguard data.

•

Implemented risk management framework, including risk assessments and mitigation strategies.

•

Led cross-functional teams in developing and implementing compliance programs.

•

Conducted regular audits to ensure adherence to regulatory requirements and company policies.

•

Collaborated with senior leadership to develop and update governance policies and procedures.

•

Conduct quarterly and yearly information security risk assessments based on data type (GLBA, SOX HIPAA and PCI)

•

Manage and measure Service Provider performance and productivity relative to the Service Level Agreements

•

Led development and implementation of security policies and procedures for organization-wide compliance.

•

Conducted regular risk assessments and audits to identify vulnerabilities and mitigate security risks.

•

Served as a primary point of contact for incident response and managed security incidents.

•

Collaborated with cross-functional teams to ensure alignment of security initiatives with business objectives.

•

• IT Audit, Risk Assessment and BCP experience

• Information

• Security

• Governance

• Enterprise Risk Management

• CRISC Certification

• background working for service providing

• Project initiative leader pushing projects

• SOX, PCI, GLBA, CCPA, Privacy

• PCI ISA Certification

• AWS and Google Cloud Infrastructure, NIST

• 800-218, 800-53

• Team Motivator / Turnaround Specialist

• Team Mentoring / Knowledge Sharing

Contact this candidate