Post Job Free

Resume

Sign in

Information Security Officer

Location:
Danville, CA
Posted:
June 30, 2020

Contact this candidate

Resume:

Manoj Shahi

(CISM, ISO *****, CSOE, HIPAA, ITIL, PMP, CSM)

Email: add8lr@r.postjobfree.com Cell: 832-***-**** LinkedIn Profile US Citizen

PROFILE SUMMARY

Strategic Cyber Security Risk Management Executive, who is proactive and innovative, understands sound privacy and risk management principles, business requirements and is ready to offer leadership to identify and mitigate risk, and implement strategic business solutions that improve performance and transform operations.

• Comprehensive Risk experience in 1st line of Defense (Line of Business Risk Executive), 2nd line (Corporate ERM/ORM), 3rd line (Audit) and Regulatory Agency. Excellent communication and presentation skills including Executive and Board Level Risk Committees.

• Designed and implemented Enterprise Risk Management (ISO 31K, NIST RMF, OCTAVE, COSO, COBIT) Program that enabled holistic risk assessment and improved overall organizational performance. Strong knowledge of GRC technologies and IT Risk and Controls Methodologies/Frameworks

• Rebuilt enterprise control functions after a major cybersecurity incident and increased federal regulatory scrutiny. Corrected siloed practices, ineffective processes, and numerous internal control weaknesses.

• Played a key role during the response to large cyber breaches at Facebook, Proteus, Danske Bank, Kaiser Permanente. CORE LEADERSHIP COMPETENCIES

Information Security & Cybersecurity Strategies & Roadmaps Holistic & Proactive Risk-Based Security Models Comprehensive Security Monitoring & Protection Business and Regulatory Transformation Corporate Compliance Programs Security Architecture & Internal Control Standards Regulatory Compliance Enterprise Risk Assessment & Management Third-Party Risk Management Best Practices Board Reporting Manage Regulatory Affairs Vendor Due Diligence & Process Integration Scorecards, Dashboards & Key Performance Indicators Audit Management Governance

Program & Portfolio Management Team Development & Leadership Governance Risk & Compliance (GRC) Merger & Acquisitions (M&A) NIST CSF NIST 800 Series NIST RMF ISO 2700X ISO 29100 ISO 31K FedRAMP FISMA FFIEC OWASP OCTAVE COSO COBIT Sarbanes-Oxley SOX HIPAA HITRUST FDA SOC 2 TSC PCI-DSS DATA EXPORT CONTROL (EC) GLBA GDPR CCPA PIPEDA MAR BSL/AML FDIC ITIL PMBOK SIX SIGMA SEI-CMMI Industry Vertical Experience: Healthcare (10+), Banking (9+), Medical Devices/Manufacturing (4+), Oil & Gas (5+), Biotech / Pharmaceutical (2+), Cards (2+), Hi-Tech, Insurance, Marketing / Sales, Software US Citizen authorized to work in the United States for any employer. PROFESSIONAL EXPERIENCE

FACEBOOK • Menlo Park, CA • 07/2019 – 01/17/2020

PRINCIPAL, INFORMATION SECURITY, AUDIT & COMPLIANCE ARCHITECT Responsible for development and implementation of comprehensive Enterprise Information Security, and Compliance program in ensuring confidentiality, integrity, and availability for On-Prem and Cloud (SaaS, PaaS, IaaS) platform. Key Achievements:

• Provided roadmap for integration of Cyber risk in the organizational ERM/ORM framework based on NIST RMF, inclusive of risk appetite, risk identification, monitoring/oversight, RCSA, scenario analysis, key risk indicator, loss data deployed globally, internal controls testing, and risk reporting using GRC tool.

• Built the Third-Party Security Assessment Team and a formal information security assessment / remediation framework aligned with corporate information security standards.

• Created policies based on ISO 27001 / 27017 / 27018 / 29100, NIST CSF, NIST 800-53r4, FedRAMP, FIPS, SOX, PCI- DSS, HIPAA, SOC 2 TSC, COSO, COBIT, OWASP, GDPR, PRIVACY SHIELD, CCPA, PIPEDA, and MAR compliance.

• Defined administrative model for IdM/IAM streamlining roles and realigning directory group structure. Lead the design and implementation of remote access authentication, encryption, active directory integration and mitigation of risks in enterprise product, systems and network security.

PROTEUS DIGITAL HEALTH • Redwood City, CA • 04/2018 – 06/2019 PRINCIPAL CYBERSECURITY, AUDIT & COMPLIANCE ARCHITECT Recruited to lead the build of the cybersecurity, audit and compliance program from the grounds-up, holding full accountability for defining the strategy, vision, infrastructure, and implementation of enterprise cybersecurity standards and best practices to support AWS, GCP, Digital Cloud (SaaS / PaaS) Platform and IoT / IoMT. Key Achievements:

• Accountable for development of strategic comprehensive enterprise cybersecurity and compliance management program (including strategy, policies, standards, guidelines, and procedures) to ensure the integrity, confidentiality and availability of information owned, controlled or processed. Manoj Shahi

Email: add8lr@r.postjobfree.com Cell: 832-***-**** www.linkedin.com/in/manoj-shahi-cism-891004a Page 2 of 6

• Established Information Security & Privacy (Fraud Risk, Ethics, KnowBe4, Edvance360 LMS) Awareness Program.

• Established IT Governance Committee, Methodologies, Monitoring and Control, Risk and Opportunity Management functions, and Performance Management and relevant metrics.

• Drove the establishment of a formalized Risk Acceptance Process based on NIST RMF. Led implementation of GRC platform (ZEN, ALLGRESS, BOARDVANTAGE) and managed product lifecycle.

• Developed a formal follow up audit process to track remediation of audit findings, and dashboards to report the results to the Audit Committee and senior management. Audit findings implemented were over 90%.

• Established security functions include IdM/IAM, SIEM, Threat Intelligence, Vulnerability Management, Malware, End- Point, Data Loss Prevention, BYOD and Mobile Device Management, Data Loss Prevention, Security Controls Design & Monitoring, IPS/IDS, Forensics, and Security reporting, instituted annual penetrating testing, and deployed Encryption- at-Rest strategy for all sensitive data.

• Expanded the role of the Information Security Committee to approve policies and endorse information security goals for large Data Protection, Third-Party Assessment, Threat Intelligence, and Business Continuity Planning programs.

• Built and managed Security Operations Center (SOC) capabilities with Endpoint Detection and Response (EDR) tools and next-generation SIEM/SOAR/MDR solutions integrated with threat intelligence platforms.

• Established formal Security Incident Plan and Incident Response (process around identification, logging, categorization, prioritization, diagnosis, escalation, resolution, closure, communication and evidence preservation) to defend organizations information assets.

• Provided NIST CSF, NIST 800-53r4, NIST RMF, NIST 800-61r2, NIST 800-66r1, NIST 800-171, FedRAMP, FIPS 140- 3/199/200, HIPAA, FDA, FDIC, SOC 2 TYPE 2/3, OWASP, GxP, COSO, GDPR, PRIVACY SHIELD, and CCPA Certifications resulting in enhanced Revenue Assurance;

BYNDER/WEBDAM • San Mateo, CA • 08/2017 – 04/2018

SENIOR DIRECTOR/HEAD OF INFORMATION SECURITY, AUDIT & COMPLIANCE Accountable for establishing company's Information Security and Compliance program to support AWS, GCP, ECM, Digital Cloud, SaaS, PaaS, IaaS and deliver ISO 27001, HIPAA, SOC 2 Type 2/3 and GDPR certifications. Key Achievements:

• Establish and maintain a corporate wide information security and compliance management program that ensures integrity, confidentiality and availability of information assets are protected.

• Develop, maintain and publish up-to-date information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies and practices.

• Implement and monitor a strategic, comprehensive enterprise-wide cyber security awareness program to safeguard confidential data, assets and intellectual property resulting in 70% reduction in Phishing failures.

• Designed new organization structure, hired Leadership team and implemented a set of core enterprise risk management programs, processes and tools.

• Defined information security risk assessment / acceptance and mitigation process based on ISO 31K Framework.

• Architected comprehensive third-party risk management and governance program. Remediated regulatory examination findings and ensured effective vendor due diligence, selection, contract management, spend analytics, performance reviews, and operational controls.

• Installed IT Governance with Portfolio Management and built trusted relationships with C-level decisions makers to prioritize, negotiate, manage and control transparent Cybersecurity and Compliance program.

• Provided ISO 27001, HIPAA, SOC 2 TSC, FDA, COSO, and GDPR Compliance resulting in enhanced revenue assurance;

• Established security functions include Security Risk Assessment & Management, Identity and Access Management, SIEM, Threat Intelligence, Vulnerability Management, Malware, End-Point, Data Loss Prevention, BYOD and Mobile Device Management, Security Controls Design & Monitoring, Incident Response, Forensics, and Security reporting, instituted annual penetrating testing, and deployed Encryption-at-Rest strategy for all sensitive data.

• Built and managed Security Operations Center (SOC) capabilities with Endpoint Detection and Response (EDR) tools and next-generation SIEM/SOAR/MDR solutions integrated with threat intelligence platforms.

• Built and deployed file integrity monitoring, log monitoring, encrypted remote access, encrypted data store, and a system of virtual machines that guaranteed data deletion.

• Take ownership over incident response and CSIRT processes included incident detection & response, oversight of vulnerability management processes, and external and internal vulnerability scans. DANSKE BANK • Copenhagen, Denmark • 10/2016 – 07/2017 SENIOR DIRECTOR, CYBER GOVERNANCE, MANAGEMENT AND ASSURANCE Provides strategic advisory and consulting services to the Board of Directors, Board Risk Committees, Internal Audit Committee and executive management including CIOs, COOs, CROs, and CISOs. Roles and Responsibilities:

• Helps board level stakeholders understand the obligations and outcomes of effective enterprise risk management, Manoj Shahi

Email: add8lr@r.postjobfree.com Cell: 832-***-**** www.linkedin.com/in/manoj-shahi-cism-891004a Page 3 of 6

operational risk management, cyber security and audit. This includes solving an organizations greatest issues with respect to regulatory, industry, and company policy compliance and to protect what matters most in terms of loss of value, regulatory sanctions, or brand and reputation impacts balanced with investment. Related Experience:

• Monthly Security Briefings to the Board of Directors, Executive Management, Rating Agencies, and Regulators on effectiveness and sustainability of embedding risk management, oversight, governance and control processes within the business.

• Define processes to identify and mitigate Operational Risks; track and centralize event loss data; and, adopted disclosure policies, controls and assessment processes.

Key Achievements:

• Successfully partnered with bank’s cross functional leaders across three geographical (EU, Asia, USA) regions in more than 18 countries to deliver FFIEC / FISMA assessment, and CMMI maturity level. Produced a Plan of Actions and Milestones (POA&M) that served as a roadmap for achieving compliance.

• Partnered with CISO, COO, CTO, CRO, and Audit Committee to develop and implement a $22 M portfolio of programs to enhance controls around data protection (encryption), identity and access management, SOC, threat and vulnerability management, mobile security, cloud security, insider threat and by improving an organizations governance, strategy, operational models and technologies:

o Enhancement of Technology Risk and Security Governance o Improvement of the Information Security Function o Integration of Key Compliance Program – BASEL, BSL/AML, KYC, SWIFT, SOX, PCI, EUROPEAN BANKING AUTHORITY, GDPR, CREDIT RISK, MARKET RISK, OPERATIONAL RISK, ARCHER/RSAM, ISO 31K, NIST RMF, NIST, FFIEC, FISMA, FIPS, NIST CSF, NIST 800-53r4, FedRAMP, etc. o Resilience and Business Continuity Management

SGIC CLOUD TECHNOLOGY • Pleasanton, CA • 9/2013 – 10/2016 CHIEF INFORMATION SECURITY OFFICER

Recruited to lead the build of the global information security, and regulatory compliance program from the ground-up, holding full accountability for defining the strategy, infrastructure, and implementation of security and compliance standards and best practices.

Roles and Responsibilities:

• Develop, implement and monitor a strategic and comprehensive enterprise information security management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization.

• Develop Security Governance program that enabled cross business risk visibility and measurement.

• Identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise.

• Proactively work with business units to implement practices that meet defined policies and standards for information security.

• Create, communicate and implement a risk-based process for identifying and managing third-party provider security related risks.

• Responsible for hiring, training, staff development, performance management and annual performance reviews of Information Security staff.

• Facilitate information security governance through the implementation of a hierarchical governance program, including the formation of an Information Security Steering Committee.

• Provide regular reporting on the current status of the information security and compliance program to senior business leaders and the board of directors.

• Create and manage information security awareness training programs for all employees, and contractors.

• Ensure that security programs are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.

• Provide strategic security guidance for corporate programs and projects at all stages of development.

• Manage major security incidents and events to protect corporate assets, including intellectual property, regulated data and the company's reputation.

• Liaise with the information security team and IT, compliance, audit, legal and HR management teams as required.

• Liaise with external agencies, such as law enforcement, Security Sub Committee and other advisory bodies as necessary, to ensure that the organization maintains a strong security posture.

• Crisis Management Team Member.

Related Experience:

• Member of the Information Security Steering Committee and maintained the charter document.

• Responsible for the Enterprise Information Security Policy (Board approved).

• Monthly Security Briefings

Manoj Shahi

Email: add8lr@r.postjobfree.com Cell: 832-***-**** www.linkedin.com/in/manoj-shahi-cism-891004a Page 4 of 6

• Presented annual Board of Director Information Security training to ensure the Board received training appropriate for their oversight role.

• Business Continuity Working Group Member

• Developed a process for more efficiently identifying Third Party Information Security Risk and effectively responding to and developing management action plans that address the critical risks. Key Accomplishments:

• Developed Information Security Strategic Plan for 2013.

• Developed and implemented a Data Loss Prevention Plan (Committee Approved).

• Built a new IT Risk Management department with 65+ FTE from the ground up inclusive of policies, procedures, risk assessment methodology, executive reporting, baseline controls, testing and escalation protocols.

• Regularly lead and manage regulatory, internal audit, and third-party engagements – establishing a repeatable and sustainable governance model and client satisfaction.

• Transformed the Internal Audit program to better align senior leadership and Audit Committee expectations, reliance and confidence.

• Provides subject matter expertise on a broad range of security standard. Expert knowledge of ISO 27000, SOC, NIST, PCI DSS, HIPAA, HI-TRUST, FDA, SOX, GLBA, FISMA, FedRAMP, FIPS risk management frameworks.

• Helped resolve Identity Management, Access Governance and Enterprise Security Architecture compliance challenges to address regulatory compliance mandates including BS 7799, ISO 17799, ISO 27799, ISO 27001/ 2 / 29100, NIST, FedRAMP, FISMA, HIPAA, PCI DSS, SOX, SOC 2 Type 2, GLBA, HI-TRUST.

• Developed and implemented procedures for review of technology, vendor contract and agreement language for compliance with SGIC Cloud Tech policy and government law. Over 500 contracts/agreements were reviewed.

• Established a fully automated metrics program along with key performance indicators (KPIs) and key risk indicators

(KRIs) to drive performance and track compliance.

• Implemented preventative security controls for: Social Media, Personal E-mail, and Corporate E-mail forwarding.

• Implementing Data Tagging, Endpoint DLP and Network DLP as part of the Corporate Priority for Data Protection.

• Implementing a Virtual Desktop Environment (VDI) to mitigate the risk of data loss on endpoints.

• Implementing MFA and/or strong authentication for endpoints and administrative access across to environment to mitigate the internal traversing of the network environment with malicious intent. NIKE • Beaverton, OR • 1/2012 – 8/2013

SENIOR DIRECTOR, CYBERSECURITY PROGRAM DELIVERY

Set strategic direction for the design, implementation, and execution of Nike’s global cyber security program. Led and guided the efforts of over 30 business unit cyber security teams composed of 90+ personnel in a highly complex and decentralized business environment.

Key Accomplishments:

• Developed strategic vision and design for a comprehensive global cyber security program that encompassed all aspects of governance, incident response, architecture, operations and insider threat.

• Defined new information security organizational structure, built and aligned teams as partners to technology and business units, and grew the team from 9 to 25 across Security Architecture, Security Operations, Security Event Center, Security Consulting, Cybersecurity, and Data Protection.

• Transformed the Internal Audit program to better align senior leadership and Audit Committee expectations, reliance and confidence.

• Established annual goals, created staff development targets and revised audit tools, templates and reporting. Reduced annual budget while increasing audit coverage and deliverables.

• Implemented a Security Governance program using MetricStream GRC tool that enabled cross business risk visibility and measurement, tracked and reported on audit functions for all internal audits and regulatory examinations. Authored security standards and created a standard methodology for Third-Party security assessments, management and governance.

• Constructed a comprehensive global risk assessment for use in the formulation of the annual internal audit, operational reviews, assist management in improving operations, identify control weaknesses and increase the value-add contribution to Sarbanes-Oxley (SOX) and PCI-DSS audit plans.

• Upgraded reports to the Audit Committee to include a broader strategic view of the business and much less emphasis on detail audit findings.

• Formulated strategic architectural recommendations for Corporate-wide Identity Management and Access Governance: Privileged Access Management (PAM), Virtual Directory Server (VDS), Multifactor Authentication (MFA), Access Governance (Attestation, auditing, and reporting), RBAC methodologies, Compliance (SOX, PCI), and Risk-based Access. Provided roadmap for consolidation of user repositories (AD consolidation and NetIQ migration).

• Established a global Vulnerability Management function that provided visibility and a centralized view of technical risks within each business.

• Spearheaded the development of cyber analytic capabilities that improved intrusion detection and prevention, penetration analysis, risk assessment, identity management, and enhanced data analysis. Manoj Shahi

Email: add8lr@r.postjobfree.com Cell: 832-***-**** www.linkedin.com/in/manoj-shahi-cism-891004a Page 5 of 6

• Built and managed Virtual Security Operations Center (vSOC) capabilities with Endpoint Detection and Response (EDR) tools and next-generation SIEM/SOAR/MDR solutions integrated with threat intelligence platforms.

• Defined strategies to implement Data Protection, Data and Systems Classification, Data-at-Rest / Data-in-Transit Encryption, Data Loss Prevention, Data Masking, and Data Identification solutions.

• Created and managed information security awareness training programs for all employees, and contractors. KAISER PERMANENTE • Pleasanton, CA • 10/2010 – 11/2011 PRINCIPAL PROGRAM MANAGER, PRIVACY, CYBERSECURITY, AUDIT & COMPLIANCE Provided program leadership to 100+ cybersecurity, audit, and compliance professionals in ensuring comprehensive risk management and regulatory compliance in support of enterprise applications and services including SaaS, PaaS, IaaS, DaaS, DAaaS, BPaaS, SECaaS, STaaS, and NaaS. A regular presenter at the Board of Directors. Key Accomplishments:

• Executed completion of 32 high-priority security initiatives in one year to greatly increase security posture.

• Establish, implement, monitor, enforce and update corporate security policies, guidelines, standards and procedures. Develop a comprehensive training program to increase awareness and compliance of these policies/procedures and best practices.

• Created new initiatives, such as risk self-assessments and operational reviews, to assist management in improving operations, identify control weaknesses and increase the value-add contribution of internal audit.

• Expanded the Third-Party Security Assessment Team and a formal information security assessment / remediation framework aligned with corporate information security standards.

• Led the design of a hybrid identity solution to integrate a cloud-based identity management system with exiting on- prem identity solution: Determine identity requirements, plan for enhancing access security through multi-factor authentication MFA strong identity solution, plan for Hybrid Identity Lifecycle.

• Delivered a 65% reduction in incident detection and response time by moving from SIEM solution to an integrated predictive threat analytics platform using an in-house big data analytics engine.

• Orchestrated the redesign of Risk Identification and Management Program to integrate internal operational IT compliance checks into annual penetration testing and program audits.

• Provide guidance to business units to investigate security breaches, forensic investigations and to pursue disciplinary and legal actions in collaboration with HR and Legal Counsel as appropriate.

• Synchronized Security, Cloud Cybersecurity, Antivirus/Malware/Endpoint and Server Protection, Mobile Device Management (MDM), Data Loss Protection (DLP) for SOX, PCI and HIPAA.

• Conduct regular and ongoing monitoring and reporting on compliance with information security frameworks, industry regulations and best practices NIST, FedRAMP, FIPS, HIPPA, SOX, PCI, FDA, FDIC, COSO, COBIT, GLBA, FFIEC, FISMA, GRC (ARCHER) tool and other security laws and regulations.

• Established an Independent IT Inventory Management capability; drove the adoption of a standardized vulnerability scanning tool; drove the creation of a dedicated IT Patch / Vulnerability Management Group;

• Defined strategies to implement Data Protection, Data and Systems Classification, Data-at-Rest / Data-in-Transit Encryption, Data Loss Prevention, Data Masking, and Data Identification solutions.

• Strategically aligned Cloud initiatives to the NIST Risk Management Framework (RMF). Integrated CVSS scoring capabilities into Continuous Monitoring (CM) processes; ensured Data Loss Prevention (DLP) techniques and technologies were embedded capabilities.

• Serve as the principal information security strategist. Oversaw development of a comprehensive, multifaceted Incident Response Plan.

• Designed and implemented a Security Policy Exception program to establish security accountability at the business owner level. This facilitated security decisions, visibility and exception escalations to leadership.

• Established a formal follow up audit process to track remediation of audit findings, and dashboards to report the results to the Security Steering Committee. Audit findings implemented were over 90%.

• Authored business processes & procedures to strengthen internal controls and increase operating efficiency. Additional work experience includes:

Principal Architect (Contract) – Shell Trading, Houston, TX (9/2009 – 9/2010) Chief Information Security Officer – DB Solutions, Houston, TX (2/2002 – 5/2009) Chief Information Security Officer – Ascendant Solutions, Garland, TX (8/1999 – 1/2002) Senior Manager – Callidus Software, Austin, TX (6/1998 – 7/1999) Senior Manager/Enterprise & Solutions Architect – Chase Bank of Texas, Houston, TX (5/1996 – 4/1998) Director, Apps Dev/Enterprise Security – Database Solutions Provider, Houston, TX (5/1988 – 4/1996) EDUCATION TRAINING CERTIFICATIONS

Master of Science, Zoology (1987) Bachelor of Science, Zoology (1985) ü Certified Information Security Management (CISM), ISACA Manoj Shahi

Email: add8lr@r.postjobfree.com Cell: 832-***-**** www.linkedin.com/in/manoj-shahi-cism-891004a Page 6 of 6

ü Certified ISO/IEC 27001:2013 Practitioner, ADVISERA ü Certified Sarbanes-Oxley Expert (CSOE), SOXCPA

ü Certified Health Insurance Portability and Accountability Act (HIPAA), KAISER PERMANENTE ü ITIL Practitioner Global Knowledge, PEOPLECERT/AXELOS ü ITIL V3 Foundation 2011 Certificate in IT Service Management, PEOPLECERT / AXELOS

(Certificate No: GR750313598MS)

ü ITIL V3 Intermediate Service Design 2011 Certificate in IT Service Management, PEOPLECERT / AXELOS

(Certificate No: GR752048465MS)

ü ITIL V3 Intermediate Service Transition 2011 Certificate in IT Service Management, PEOPLECERT / AXELOS

(Certificate No: GR753056854MS)

ü Project Management Professional, NITYO INFOTECH / PROJECT MANAGEMENT INSTITUTE

(Certificate No: OROU017TNT)

ü Certified SCRUM Master, SCRUMSTUDY

(Certificate ID: 575593

ü BIG Data Certified, BIG DATA UNIVERSITY

Professional Affiliations

ü ISACA, Member, San Francisco Chapter

ü AXELOS Member

Tools & Technology: Intrusion detection / prevention (IDS/IPS); Security Information and Event Management (SIEM); Firewalls; IPsec/SSL VPN; Log management; Securonix, Splunk Enterprise, ArcSight, LogRhythms, QRadar, RSA Envision Platform, McAfee, Alien Vault, Packet inspection; Netflow; Wireshark, IBM, Dell Technologies (RSA), PKI, Tivoli Access Manager, IBM Tivoli Identity Management, Federated, Authentication, Digital Certificates, Foglight, Mercury, Network Operations Center (NOC), Security Operations Center (SOC), Distributed Technologies Operations Center (DTOC), Applications Operations Center (APOC), Operational Control and Support Team (OCS);

Data Security / Privacy / Reporting: BigID, OneTrust, Varonis GDPR Patterns, DPOrganizer, DataGrail, SAI360, Collibra Data Governance Center, Data & System Classification, DLP (Symantec, CA Data Protection, McAfee Total Protection, etc.), CASB (Forcepoint, McAfee Skyhigh, Cisco Systems, Microsoft, etc.), Life Cycle Management (Data Storage & Disposal); Big Data (Hadoop / Cassandra / Kafka / Elastic Search), Cloudera / Horton Hadoop, Pig, Hive, HBase, Sqoop, Map / Reduce, Tableau, R;

Encryption (SSL/TLS, Bitlocker, Filevault, IBM Guardium, Check Point, Dell Encryption, McAfee, Microfocus, Symantec, Veracrypt); Penetration Testing, Vulnerability and Risk Assessments / MDM Solutions; Endpoint protection: Malware, HIPS, firewall, EDR, Palo Alto Network, Symantec, Trend Micro, McAfee, FireEye, etc.; Identity Management: OAuth 2.0, SAML, OpenID, Identity & Access Management Governance (SAPM / AD / OKTA / LDAP / CyberArk / SailPoint / PING / CA / MICROSOFT (MIM/FIM) / IBM / RSA / COURION / ORACLE, Access Certification, RBAC, Privilege Access Reviews, SSO, 2FA, MFA, Identity Store (LDAP/Active Directory);

GRC: Zen, Allgress, BoardVantage, RSA Archer Technologies, Metric Stream, RSAM, SAP Success Factor, CA, IBM, IDS Scheer, Paisley, Protiviti; PPM: MS Project / Server PPM, Rally Software PPM, CA Clarity PPM, Oracle Primavera P6 PPM, Clarizon PPM, HP PPM, Planview Enterprise PPM, Asset Liability Management (HP - ALM) Suite;

ERP/CRM/SCM/HCM/SOA/EDW/APPLICATIONS: Oracle, PeopleSoft, SAP, NetSuite, Salesforce, JDA, Manhattan Associates, IBM, Taleo, Amdocs, Siebels, IBM, JBoss, WS-BPEL, ESB, SOAP, JAVA J2EE, OBIEE, XML, Teradata, MSSQL Server, MySQL, No-SQL, Sybase, Informix, DB2, etc. Cloud Architecture & Cloud Security: GE Digital Predix Platform, Amazon AWS, Microsoft Azure, Google Cloud Platform (GCP), MS Office 365, IBM Cloud, Oracle Cloud, HP, IBM, VM Ware, Salesforce.com (Sales Cloud / Service Cloud), IT as a Service (ITaaS), Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Storage as a Service (STaaS), Network as a Service (NaaS), Business Process as a Service (BPaaS), Security as a Service (SECaaS), Data as a Service (DaaS), Data Analytics as a Service (DAaaS); Standards: ISO/IEC 9001, ISO/IEC 17799, ISO/IEC 27701, ISO/IEC 27001:2013, ISO/IEC 27002:2013, ISO/IEC 27004:2016, ISO/IEC 27005:2011, ISO/IEC 27017:2015, ISO/IEC 27018:2014, ISO/IEC 22301:2012, ISO/IEC 29100:2011, ISO/IEC 31000:2018, ISO 31010, ISO 13485:2016, ISO 14971:2007, ISO/IEC 55001:2014, NIST CSF, NIST 800-53r4, NIST 800-25/26, NIST 800-30, NIST 800-37, NIST 800-39, NIST 800-60r1, NIST 800-61r2, NIST 800-66r1, NIST 800- 115, NIST 800-122, NIST 800-124r2, NIST 126r2, NIST 800-171, NIST 800-190, NIST 800-210,



Contact this candidate