Information Security Manager
Resume:
COMPLIANCE & IT OPERATIONS LEADER
Accomplished PCI-DSS and IT Systems Manager with over 14 years of experience in the IT industry. Exceptional reputation using information technology in resolving problems, improving customer satisfaction, driving overall operational improvements, increasing productivity and managing risk. Consistently saved costs while increasing profits and driving revenue growth. Successful collaborative partnerships while working in a matrix environment with a diverse team
Data Privacy and PCI-DSS compliance expert.
Key Competencies
PCI, GDPR, Compliance, Information Security, Data Privacy, IT Security Policy
Regulations, knowledge & requirements
Compliance Security Manager - GroundLink Holdings LLC -, New York, NY 01/2016 - 12/2019
Coordinated with several departments to keep an updated Cardholder Data Environment (CDE) including: E-Commerce Sites, SaaS Platforms, customer service proprietary software. Also ensured that their CDE data and data flows were kept current
Reduced PCI planned and actual expenses by using broad research and consolidation methods
PCI responsibilities included but were not limited to: building and maintaining a secure network - protecting cardholder data - maintaining a vulnerability management program- regularly monitoring and testing networks- implementing strong access control measures- updating information security policies- engaging with a Qualified Security Assessor Audit- implementing employee & staff education
Prepared the Attestation of Compliance (AoC) and Report on Compliance (RoC). It was successfully achieved via the relationship established with the Qualified Security Assessor
Provided expertise of PCI application projects in Initiate, Plan, Design, and Pre-Deploy
With ongoing compliance, worked with department Points-of-Contact (PoCs) to ensure that PCI requirements for Staff On-boarding, Separation, Physical Security, and Vendor Management are in compliance. Verified through periodic audits.
Planned, scheduled, and coordinated activities of the QSA and subsequent departments, and published the AoC and RoC reports to interested parties.
Utilized Qualys vulnerability alerts, browser check tools and also performed monthly internal and external network scanning which produced reports based on severity level
Comprehensive knowledge of PCI-DSS 3.2.1, GDPR, Compliance, Information Security, Cyber Security and Data Privacy
Formalized disaster recovery initiatives, security incident management, and Risk Assessment analysis
Distributed periodic status assessment reports on the nature of our compliance and outlined areas of progression and improvement
Ensured all employees underwent breach protection & security awareness training
Executed the 12 PCI Requirements: Firewall protection, configuration standards, secured data on open networks, antivirus implementation, patch management, user access restriction with unique IDs, physical security overhaul, logging & penetration testing
GDPR implementation to unify and strengthen data protection for EU customers
IT Operations Manager - GroundLink Holdings LLC -, New York, NY 11/2012 - 01/2016
Implemented plans for Risk Assessment, Inventory Management Control, Modernization, Monitoring, Budget Analysis, Operational Efficiencies, Outage Prevention and Staff Oversight
Reduced our budget responsibility by 25% with license and contract managing for vendors including but not limited to Microsoft Operating System, Exchange and Office applications
Oversaw best practices including the management of incidents, changes, problems, service levels, disaster recovery, business continuity, configuration, releases and capacity
Prevented outages & improved SLA using a customized risk assessment process of evaluating the critical systems that exist in our infrastructure which are most vulnerable to failure & devising plans for continuous delivery, business continuity & disaster recovery
Our SLA methodology included several performance metrics including ASA, TSF, FCR, TAT, TRT and Uptime
Calculated scalability planning to meet SLA & develop KPIs using aforementioned risk assessment & communication with the development team and receiving business input
Directed the Software Development Life Cycle followed with a release process management system. That process followed A, B, C, D (Align, Build, Confirm, Deploy) to translate our strategic vision into a deliverable and sustainable operations platform
Engaged in the implementation and enhancement of agile planning with requirements, planning, design, development, releases with tracking and monitoring
For KPI used the 2 main categories of measurement including quantative facts and quantative indicators
Leveraged several monitoring tools (New Relic, OpsView, Nagios) with alerting via web portals, SMS, Emails and phone calls which tracked all areas of network throughput, application APIs, security threats, and hardware utilization of HDD, RAM, and CPU
Chaired modernization efforts by creating the team, establishing workflows and goals, prioritizing legacy data, preventing modernization of bad habits and closing skill gaps
Streamlined the IT support team by leveraging issue tracking software JIRA with efficient ticket triage. Identified issue types, priorities, and equal distribution of team workflow
Collaborated with Rackspace to oversee 2 data centers that comprised of DSANs, Hypervisors, Load Balancers, VMs and approximately 100 servers
IT Operations Administrator - GroundLink Holdings LLC -, New York, NY 09/2006 - 11/2012
Provided on-call 24/7/365 coverage of all aspects of IT Support for 150+ employees across
5 geographical locations with the ability to work on many tasks simultaneously in a high pressure environment.
Windows Server 2012/2016, Exchange Management Console, Domain Controller & Active Directory support, Microsoft Volume Licensing Center & MS Software Asset Management
Main technical admin of inContact VoIP phone system with 1200 phone numbers & 30 email addresses ensuring proper routing & applied skill levels of all users that span 3 geographical locations. As well as a Verizon VoIP PBX with 400 phone lines
Managed Domains, DNS, SSL Certificates across multiple vendors such as GoDaddy, BlueHost, Hostway, and Network Solutions
Demonstrated experience working with a proprietary corporate ERP system
Server room facilities management of HVAC, UPS, cabling and electrical safety checks
On-boarding/Off boarding of employees with using security guidelines & policies with Active Directory profiles, email addresses, VoIP telephony logins
Setup Backups with Acronis & QNAP across 3 office locations for critical file transmissions
Front End ITOps administrator for a vast number of 3rd party vendors including Microsoft Windows, Office, Active Directory, Sophos Anti-Virus BrainTree Payment Gateway, Citrix XenApp, Adobe Cloud, Apple Enterprise, Atlassian (JIRA & Confluence) Symantec BackUp Exec, DropBox, EFax, Symantec Cloud Spam Filter, FlightStats, QuickBooks, SalesForce, Twilio and Akamai, Oracle NetSuite & G Suite subject matter expert
IT Support Specialist - GroundLink Holdings LLC - New York, NY 12/2004 - 09/2006
Created, tracked, monitored and closed tickets in JIRA when problems were resolved.
Desktop, laptop, mobile, printer, scanner, PDA, telephony & network based cabling
E-commerce support as well as end user training
Windows 7/8/10, Office 365, Microsoft Security Essentials
Education
Baruch College of The City University of New York, New York, NY
BBA: Accounting and Finance 2005
Contact this candidate