Andrey Yankin, CISSP, PMP

INFORMATION SECURITY ARCHITECT

925-***-**** adlibm@r.postjobfree.com San Francisco, CA 94110 linkedin.com/in/AndreyYankin Professional Summary

Happily working in the cybersecurity field I’ve been passionate about for 15+ years. Seasoned Information Security Professional with vast experience helping businesses to understand and minimize security and privacy risks while moving operations to the cloud.

● Designed and managed security and data privacy programs for financial, retail and healthcare companies.

● Developed and maintain enterprise security diagrams, components, and best practices.

● Audited and Implemented security controls in highly regulated enterprises. Security Competencies

Security audit (GDPR, CCPA, PCI-DSS, SOX 404, SOC 2, HIPAA, ISO), Application security (BSIMM, SAST, DAST, Pentest), GRC (COSO, COBIT, SOX, NIST, ISO, SOC 2, ITIL), Security risk management (NIST, FRAP, OCTAVE, ISO), Data protection (Encryption, Tokenization, PKI), Incident management (NIST, AWS), Security Policy, Security Procedures, and Guideline, Enterprise Security Awareness, Threat Modeling (STRIDE, OWASP), Information Security, Security Operation, Business Continuity, Disaster Recovery, Executive Reporting. Professional Experience

OPORTUN Corp, San Carlos, CA (fintech)

April 2019 – current (employee). Senior Manager, Application Security Architect

● Created vision, complete security architecture design of the integrated security controls for the network, cloud, and applications.

● Designed security controls for new products.

● Building and mentoring the Application Security team.

● Updated security policies, standards and procedures. Result: Helped enterprise to become a public company. CONSENSUS Corp (TARGET), San Francisco, CA (mobile devices activation) May 2017 – April 2019 (contract, employee). Security Consultant/Security Engineer/acting as Security Director

● Managed the internal and coordinated the external SOX audit programs.

● Developed design and architecture for the encryption system.

● Planned and implemented the application security program and Incident Response procedures. Result: Improved security risks state for cloud systems, increased effectiveness the existing security controls. KAISER PERMANENTE, Pleasanton, CA (the largest US managed care organization) January 2016 – December 2016 (contract) Security Solution Consultant

● Developed Enterprise Project Management Guidelines for security PMO.

● Planned projects for Application Security and Data Protection with the $25Millions budget.

● Mentored and trained team members.

Result: Improved compliance for security projects, integrated the agile methodology for security PMO. STATE COMPENSATION INSURANCE FUND, Pleasanton, CA (workers' compensation insurer) March 2015 – November 2015 (contract) IT Project Manager/Security Consultant

● Implemented the Application Security Program.

● Redesigned the enterprise SDLC for Security SDLC (OWASP SAMM). Result: Implement the application security program on time and budget. KAISER PERMANENTE, September 2000- March 2015

January 2008 – March 2015 Solution Consultant, CRM program

● Provided subject matter expertise for ERP systems.

● Implemented data protection controls.

Result: My team decreased security risks for monthly and quarterly product releases. January 2006 – January 2008 Solution Consultant, ERP program

● Initiated the design changes for security compliance and product improvement.

● Automated batch jobs for Payroll, Benefits, Security. Result: Implemented automation for batch jobs, that improved coverage quality. July 2004 – December 2006 Security Engineer, ERP program

● Supported benefits projects for the ERP system.

● Provided pieces of evidence for internal audits projects (SOX/HIPAA). Result: The benefits modules went live without security vulnerabilities. January 2004 Compliance test engineer

● Conducted the HIPAA compliance test activities for the pilot application.

● Developed automation scripts for compliance audit. Result: The automated HIPAA audit projects were successfully implemented in offshore, saving money for the company.

September 2000 – December 2003 Security test engineer

● Provided security test services.

Result: Many security issues were resolved during the design and development stage. REGULATIONS: HIPAA, GDPR, CCPA, SOC, SOX, NIST, TOGAF, COBIT, PCI-DSS, ISO/IEC 27000 TECHNOLOGY:AWS, FIM, SIEM, Containerization, Cloud, SAST, DAST, Encryption, Enterprise Risk Management, Vulnerability Management, Configuration Management, VPN TOOLS:Gartner, BigID, Votiro, Sonatype,SumoLogic, SonarQube, Alert Logic, CloudPassage, Evident.IO, Splunk, Fortify, Veracode, JIRA, Jenkins, Git, Bitbucket, Rally, Burp Suite, Remedy, Nmap, HP Quality Center, MS Project, Informatica ETL

LANGUAGES:PHP, SQL, Perl, Bourne shell, Java, JavaScript PLATFORMS:AWS Cloud, Linux, Windows NT/XP/7/8, UNIX IBM AIX, Z/OS, Mac OS, Android, iOS EDUCATION

Master of Science in Electrical Engineering, State Technical University, Penza, Russia CERTIFICATIONS

ACSA AWS Certified Solutions Architect

CISSP Certified Information Systems Security Professional PMP Project Management Professional

MCP Microsoft Certified Professional

TRAINING:CCPA, BigID, SumoLogic, AWS Certified Security Specialty, Amazon Web Services Security controls, AWS DevOps, SPLUNK.

CCSP: Cloud Application Security, SOX Compliance, Network Vulnerability, HIPAA Security, UNIX administration

Contact this candidate