Information Security Engineer
Resume:
Lee Anthony Davis
Fulshear, Texas 77441
Phone 832-***-****
E-mail: adiwdj@r.postjobfree.com
Objective
Prefer a position with challenge, diversity and opportunity for professional advancement. Accomplish my goals by planning, executing and measuring progress.
Summary of Qualifications
Enhances the professional growth of individuals in national, state and local governments, institutions of higher education; private companies and public corporations.
Directs the strategic planning, marketing, organizing and implementation of activities for the Texas Regional Infrastructure Security Conference in San Antonio, Texas (www.trisc.org).
Delivers cyber resilience by enabling organizations to build high-performing and effective security, risk and compliance management programs.
Member of InfraGard.
Key contributor in the creation and maintenance of an enterprise-wide information security program for a Fortune 200 company.
Provides world-class information security consulting, risk analysis and risk mitigation strategies.
Develops strategic security architecture and design decisions.
Performs vulnerability assessments to identify security risks and potential threats across multiple platforms.
Ensures compliance with IT security policies and various government regulations including HIPAA, Sarbanes Oxley, NERC, PCI and FISMA.
Assist business units with conducting risk assessments and developing remediation plans for identified risks.
Education
1991 - 1993 Community College of Aurora Aurora, CO
Business Management
Business Management with a marketing emphasis. (AAS)
Certifications
Certified Information Systems Security Professional (CISSP)
Completed Certified Ethical Hacker (CEH) training.
Pending SANS Critical Infrastructure Protection Training and GCIP Certification.
Professional Experience
- Page 2-
- Page 3-
- Page 4-
2019 – 2020 (contract) Austin Community College Austin, TX
Senior Governance, Risk and Compliance (GRC) Consultant
Advised senior management and internal governance forums on risk levels and security posture.
Led the College thru the completion of the Texas Cyber Security Framework Assessment.
Guided business units, project managers, and IT at the College to ensure FERPA and TAC 202 compliance.
Examined internal cybersecurity controls, evaluate the design and operational effectiveness, determine risk exposure, and developed remediation strategies using the NIST 800-53 control standard in adherence with the NIST Cyber Security Framework (CSF).
Utilized RSA Archer Spectrim to record, manage, and report metrics on risks, risk assessments, policy exceptions, and risk registers.
Managed and oversaw protective and corrective measures when cybersecurity incidents or vulnerabilities are discovered. Analyze information security breaches to determine their root cause.
Developed information security policies in line with TAC 202.
Subject matter expert with various security control frameworks and regulations including but not limited to NIST 800-171, 800-53, FERPA, HIPAA, PCI-DSS, and TAC 202.
Interpreted and applied laws, regulations, policies in line, and guidance relevant to the NIST Cybersecurity Framework security objectives.
2018 – 2019 (contract) AT&T Austin, TX
Senior Governance, Risk and Compliance (GRC) Consultant
Provided expert support to AT&T consultants by developing collateral for the Texas Cybersecurity Framework (TCF) to capture assessment support data, identify compliance gaps, make recommendations for addressing the gaps, and document and present findings and recommendations report.
Trained consultants on the TCF assessment methodology.
Managed and implemented multiple projects to assess Texas state agencies and higher education institution’s information security controls for alignment with the NIST CSF.
Partnered with AT&T to ensure that project milestones were achieved, and deliverables were submitted to the client in a timely manner.
Assessed overall adherence to the controls prescribed in the NIST Cybersecurity Framework in relation to privacy data.
Assessed control maturity in relation to the control objectives outlined within the Cybersecurity Framework for the protection of privacy data.
Developed recommendations and solutions for augmentation of identified gaps or deficiencies.
Developed a customized prioritized approach to the execution of remediation efforts related to identified gaps in the CSF assessment.
2016 – 2018 (contract) NTT Security Omaha, NE
Senior Governance, Risk and Compliance (GRC) Consultant
Managed and implemented multiple projects to assess Texas state agencies and higher education institution’s information security controls for alignment with the NIST CSF.
Partnered with NTT Data to ensure that project milestones were achieved, and deliverables were submitted to the client in a timely manner.
Assessed overall adherence to the controls prescribed in the NIST Cybersecurity Framework in relation to privacy data.
Assessed control maturity in relation to the control objectives outlined within the Cybersecurity Framework for the protection of privacy data.
Developed recommendations and solutions for augmentation of identified gaps or deficiencies.
Developed a customized prioritized approach to the execution of remediation efforts related to identified gaps in the CSF assessment.
2014 – 2016 (contract) Repsol Services Company Woodlands, TX
Local Information Security Officer
Managed security operations locally for an international oil and gas company.
Collaborated with the Cybersecurity Team in Madrid to enforce global security policies in the U.S.
Managed the vulnerability remediation plan for Repsol applications and systems using Nessus Security Center.
Consulted with all lines of business to provide risk analysis and security requirements for enterprise level projects and business initiatives.
Protected Repsol USA’s network by configuring, managing, and patching the IBM intrusion detection system.
Designed, managed, and implemented security awareness campaigns for Repsol U.S.A.
Directed and managed a proof of concept for cloud encryption to protect intellectual property and enhance the development of seismic software to assist the Geophysics Team.
Designed, implemented, and maintained Safenet and Vormetric encryption appliances to protect intellectual property stored in the cloud environment.
2013 – 2014 (contract) EDP Renewables Houston, TX
Security Engineer
Enhanced security operations for a Portugal based wind farm company.
Conducted risk management strategy based on ISO 31000 & ISO 27001.
Worked with the business units to design, develop, implement, and monitor processes and controls that ensure ongoing compliance with the NERC CIP Standards.
Integrate new and revised NERC CIP Standards into the compliance program by serving as a Compliance Subject Matter Expert (SME).
Maintained adherence to NERC and SOX compliance by providing deliverables to meet control objectives.
Integrate information from compliance and business unit processes to identify, analyze, and report compliance status to internal and external stakeholders.
Provided day-to-day administration for McAfee EMM and McAfee Threat Manager.
Developed and managed the vulnerability remediation process using Nessus.
Developed and managed web filtering policy using McAfee Web Gateway.
2012 – 2013 (contract) Dynegy, Inc. Houston, TX
Technical Specialist – IT Security Engineer
Collaborated with cross-functional business and IT teams to provide security best practice recommendations on architecture, design and requirements for multiple projects and initiatives.
Provided day-to-day administration on Symantec CCS, Tipping Point IDS/IPS, RSA Envision and Tenable Nessus.
Ensure adherence to NERC and SOX compliance by providing deliverables in order to meet control objectives.
Protected and defended Dynegy’s computing infrastructure from internal and external threats.
Mentored junior level IT security technicians.
2010 – 2011 Waste Management Houston, TX
Lead Security Analyst
Conducted risk assessments on SCADA and VMware ESX 4.0 infrastructure.
Enhanced and optimized email and whole disk encryption to protect confidential data.
Documented security standards for domain controllers, member servers and desktops based on NIST and CIS guidelines.
Developed security awareness program.
Protect against data leakage by evaluating, installing and configuring Symantec Data Loss Prevention.
Designed, implemented, and maintained Vontu DLP, Symantec DLP, PGP Whole Disk Encryption, and email encryption to protect privacy data.
2010 – 2010 University of Texas Health Science Center San Antonio, TX
Senior IT Security Analyst
Coordinated, led, and conducted risk assessments involving information resources, as well as security incident investigations.
Consulted with the institution’s faculty, staff and students providing guidance regarding system acquisition, development, testing, operation and disposal. Provides configuration management guidance based on NIST 800-53 and FISMA.
Maintained compliance with regulations and laws such as HIPAA, PCI, FERPA, TAC 202 and UTS 165.
Developed and reviewed information assurance education, training and awareness documentation.
Conducted briefings to the institution’s faculty, staff and students on information security-related topics.
Designed, implemented, and maintained Axway Secure Transport to protect electronic protected health information (ePHI) at storage and transmission.
2007 – 2010 HEB San Antonio, TX
Lead Security Analyst
Led the analysis of probable impact of recommendations and solutions on business areas and IS families.
Effectively communicated risk and mitigation strategies to influence senior management, project teams and business areas that specific security controls were needed in order to reduce risks
Planned, designed and implemented full disk encryption at HEB US and HEB Mexico, including employee training.
Developed HEB’s security awareness program.
Documented a comprehensive risk assessment on VMware’s vSphere virtualization infrastructure at HEB.
Performed vulnerability assessments of critical systems and applications using IBM AppScan and Nessus.
Developed and maintained security policies, procedures and standards.
Developed a security baseline (based on CIS and NIST standards) for the following operating system platforms; Windows XP, Windows 2003, Windows 7, Server 2008 & Red Hat Linux.
Developed a security baseline (based on the CIS standard) for the following application layer technologies; IIS 6, Oracle, SQL 2005 and My SQL.
Used HEB’s Public Key Infrastructure (PKI) to manage Safenet encryption keys and SSL certificates.
2002 – 2007 United Services Automobile Association San Antonio, TX
IT Security Analyst
Monitored and responded to internal and external threats to protect USAA information assets.
Ensured the protection of member, employee and corporate non-public information for operational and development efforts.
Subject matter expert for the interpretation of USAA Information Security Policy, Standards and Guidelines.
Conducted security risk assessments to ensure compliance with industry published security guidance (ISO, FFIEC, HIPAA, PCI, etc.)
Evaluated proposed control mechanisms for systems, infrastructure and processes throughout the life cycle of enterprise projects.
Facilitated security awareness training and education.
Monitored security event logs of critical systems using NetIQ Security Manager.
Configured authentication for VPN clients using RSA SecurID and the RSA ACE/Server.
Performed risk analysis based on ISO17799 & ISO27001 security standards.
Developed a security baseline (based on Microsoft standards and industry best practices) for the following operating system platforms; Windows XP, Windows 2003 and Solaris.
2000 - 2002 Mikron North America San Antonio, TX
Senior Systems Administrator
Represented the U.S. at Head of IT Conference held in Biel Switzerland to contribute to group projects and technological development for an international company.
Planned and implemented project to rollout Lotus Domino mail server as a hub in the U.S. to reduce network traffic.
Responsible for supporting and training of local IT staff at U.S. companies.
Established and maintained a framework to provide assurance that information security strategies are aligned with business objectives.
Implemented, securely configured and maintained Cisco routers and switches, Checkpoint firewall, and antivirus.
1999 - 2000 LandAmerica Financial Group Denver, CO.
Network Administrator
Provided LAN network administration and monitored its
network servers and workstations.
Developed policies regarding core NT infrastructures,
such as backup procedures, security policies, access
permissions, file services naming conventions, etc.
1993 - 1995 Digital Equipment Corporation Santa Ana, CA.
PC Systems Engineer (contract)
Multivendor customer support involving installation and break-fix of business personal computers and internal, external components. Installed and supported Windows NT, Windows 95, MS Office 97 suite, SAP and etc.
1989 - 1991 United States Army Ft. Polk, LA.
Engineer
Demonstrated leadership and teamwork skills while conducting defense and security operations.
Contact this candidate