Information Security Officer
Resume:
Abbas (Aria) Mirzazadeh
P.O. Box *****
Kenmore, WA 98028
Mobile 425-***-****
Email: adpohy@r.postjobfree.com
PROFESSIONAL CERTIFICATION
•Certified Advanced Project Management, Stanford University, CA
•Certified Agile Scrum Master and SAFe, Boeing Company, WA
•Certified Cybereason 2020
•Certified SPLUNK 2020
•Certified BCP/DR 2020
•Certified Tenable 2020
•Certified Business Continuity/Disaster Recovery 2020
•Certified Release Train Engineer
•Certified Blockchain Technology, IANS
•Certified GDPR Compliance, Executive IT Forums New York, NY # 112***-****
•Certified Lean Practitioner, Boeing Lean Academy, Renton, WA
•Certified Strategy and Marketing certified, Boeing Leadership Center, St. Louise, MI
•Boeing Leadership Diploma, Bellevue, WA
•Completed Six Sigma training, Boeing Company.
•SEI/CMM Software Configuration Management Certified, WA
•Risk Management Certified, Boeing/George Washington University
•Software Requirement management certified, Construx Institute
•Certified Clear case and Clear Quest
•Veracode and IBM AppScan, Information Security tools
•CISM in Progress, UW Tacoma, WA
•Completed Modeling and Simulation workshop and training.
EMPLOYMENT HISTORY:
Korn Ferry Corporation, Los Angeles, CA 01-202*-**-****
Director of Business Continuity- Disaster Recovery
Cyber Security
•Oversea over 15 Platform Disaster Recovery Testing
•Responsible for all Business Continuity Planning and Strategy
•Responsible for all Compliance and government regulation
•Assessing Return to Time Objective (RTO)
•Assessing Return to Performance Objective (RPO)
•Training all Local Emergency Management Team worldwide
•Responsible for Cybreason Sensors upgrade and related duties.
•Investigating Cybereason Malops
•Direct Report to CISO and CIO
•Meeting all ISO requirements
•Annual user access reviews with account business unit managers.
•Conduct monthly reviews of privileged.
•Coordinate full risk assessment.
•Worked with various Client resources and third-party auditors.
•Experienced with DLP, Bluecoat websense, Proofpoint, Trend Micro, and IBM QRadar Enterprise SIEM security tools to monitor network environment.
•Work with the onsite trainer to conduct HIPAA new hire training for new hires and transfers from non-healthcare accounts.
•Built the Security Orchestration, Automation and Response (SOAR) program centered on Service Now, Swim lanes, Qualys Vulnerability Scanner, Carbon Black, Symantec DLP, and Splunk
•Maintain all documentation supporting HIPAA compliance including Privacy and Security Manual, Risk Management Plan, Incident Response Plan.
•Work with the client during the annual disaster and recovery drill.
• All time availability for any emergencies including any privacy and security events reported by the InfoSec
•Member of Infosec Change board
•Member of Information Security Red Team
•Responsible for Incident Planning and response
•Responsible for outage and recovery incidents
•Responsible for all BCP and Disaster Recovery Testing dashboards updates and maintenance
•Act as a program manager for over 6 Information Security Projects
Boeing Company, Seattle, WA 01-201*-**-****
Program Manager/ Cyber Security, Boeing Company
•Led Governance, Risk Management and Compliance team for 2CES Integration.
•Worked as Functional analyst to gather all Infosec requirements for BT&E organization
•As a Scrum Master worked with over 12 projects within BT & E.
•Managed Application Development projects for two internal organizations
•As a Release Train Engineer (RTE), servant leader and coach for the Agile Release Train (ART) worked closely with 2CES Digital Transformation team.
•Responsible for facilitating the ART events and processes and assist the teams in delivering value for 2CES Team.
•Developed document, and maintain operational processes and procedures for BT &E Organization
•Demonstrated knowledge and experience designing and developing SharePoint solutions and applications leveraging SharePoint.
•Experience performing administration and configuration of SharePoint.
•Knowledge of SharePoint capacity and performance planning
•Experience with or knowledge of SharePoint backup and restoration
•Can demonstrate advanced knowledge and experience in configuring and developing SharePoint-based and Excel-based tools.
•Designed Symantec DLP architecture, implemented Symantec DLP.
•Worked with Symantec DLP upgrades and patches.
•Assist end-users in using SharePoint through group and hands-on training.
•Provide expert guidance related to troubleshooting, maintenance, and support of SharePoint.
•Exhibits in-depth knowledge of navigating databases, query writing and data modeling.
•Windows Hardware Quality Labs testing WHQL Testing which involved running a series of tests on third-party hardware or software, and then submitting the log files from these tests to Microsoft for review.
•Running tests on a wide range of equipment, such as different hardware and different Microsoft Window.
•Build communications and training plans to ensure all internal and external partners are aware and aligned to product and trade compliance processes according to NIPSOM.
•Communicated global regulatory which would impact operational compliance requirements.
•Generate and contribute to performance requirements, timelines, and metrics for all related activities
•Led Process improvement initiatives for 5 departments.
•Established business relations with key stakeholders and Manufacturing team.
•Led 2CES (Digital Transformation) strategy team for Manufacturing Operation Management team. Product Lifecycle Management and Enterprise Resource Planning.
•working and leading 14 Portfolios team to capture, Epic, Feature, Road Map, White Papers and User Stories for Team Foundational Server (TFS).
•Aligned SAFe and Agile team with Bedrocks teams.
•Worked as servant leader (help execute PO and DEV tasks when able: user story writing, product roadmap development, release burn-up creation/maintenance, sprint burn-down creation/maintenance, etc.)
•Member of the Boeing Core team for BT&E-MOM bedrocks.
•Lead User Story and Feature training for all portfolios (Over 300 participants each session)
•Developing Strategic Road Map for digital transformation for Boeing Test and Evaluation.
•Worked closely with Compliance team to assure BA would meet government regulations requirements.
•Involve in 2CES integration team as a strategic advisor to bring 4 key foundation for business and Technology to work in harmony.
•Enterprise evangelist for 2CES effort within BT&E organization.
•Direct engagement in all portfolio’s trainings and mentoring.
•Involved in cost projection and cost analysis for the enterprise.
•Key member of Strategy team for 2CES integration team.
•Certified Tableau, SAFe, Scrum Master and Lean.
•Establishing interconnection between portfolios and shared responsibilities.
•Responsible for all metrics, 4 squares, Tableau and share points.
•Familiar with TFS, CAMEO and PRO-Model Modeling.
•Leads others and directs all phases of assigned cross-organizational or business unit projects demonstrating proficiency in all project management areas in accordance with accepted project management standards in the industry (e.g., PMI, Project Management Body of Knowledge [PMBOK], ANSI, and ISO standards).
• Oversight, and management responsibility (including performance Management & reporting) for a portfolio of medium to large projects in support of the business unit’s (i.e., BCA, BDS, SSG) goals and objectives.
•Identifies key stakeholder project specific objectives and requirements.
•Ensures assigned individuals are executing the identified and assigned tasks and providing appropriate tracking and reporting per plan.
•Negotiates regulatory parameters in support of domestic and international projects with local, state, federal and international governmental agencies.
•Authorizes baseline plans and revisions. Provides in-depth analysis of project culminating with lessons learned and historical reports for incorporation into future project plans. Consults with executive leadership and integrates organizational strategy and company initiatives to develop project deliverables.
•Adherence to and utilization of the Boeing Program Management Best Practices.
•Led the preparation, development and coordination of overly complex and challenging integrated plans and schedules to meet all business offers (e.g., acquisitions, proposals) and project/program execution objectives.
•Led the integration and schedule impact analysis of complex and multiple schedule changes.
•Recommended, deploys and monitors the application of configuration management disciplines at all levels.
Tacoma Public School District, Tacoma, WA 02/2017 - 01/2019
Director of Cyber Security
•Managed the scopes, schedules, budgets, and quality of assigned project(s) from conceptual stages to full production.
•Performed task as a Functional analyst to gather all requirements.
•Responsible for Application Vulnerability Assessment, Threat Modeling, Risk Sorter, Risk Mitigation, Dynamic-Static Testing and Dashboard updates.
•Experience with Symantec DLP web security gateway to provide security for outbound web content.
•Provided onsite Symantec DLP technical service and support to a large enterprise customer base
•Identity Access and Management, Policy and Tools, Light Speed and Check Point
•Review an architectural diagram of district website with network traffic flows, ACLs, permission models, site management capabilities, and determining weaknesses and gap.
•Managed day to day security duties such as reviewing logs, incidents, and other sources for indicators of compromise.
•Extensive Experience with Symantec DLP and RSA DLP architecture and implementation for enterprise level
•Responsible for Governance, Risk Management and Compliance
•In-depth knowledge in MDM data and RBAC(Role Based Access Control).
•Experienced with Symantec DLP Policies (DLP templates) compliance and regulation standards such as SOX, PCI, and HIPAA
•In-depth knowledge of The General Data Protection Regulation (GDPR) standardizes data protection on controlling and processing personally identifiable information (PII) since it went to effect on May 25 2018.
•Led Amazon Web Services (AWS) migration on a mix infrastructure as a service (IaaS) plus platform as a service (PaaS) and packaged software as a service (SaaS).
•Experienced with ITIL, NIST 800-34
•Responsible for Monitoring and managing Network hardening, Server upgrade, Fire wall and Datacenter.
•Responsible for Re-writing Information Security strategy for the Infosec Department.
•Worked closely with Vendors for writing Contract, Licensing and Training agreements.
•Direct reporting to Chief Information Officer (CIO).
•Built strong business cases and presented it to stake holders and key decision makers within the organization for process improvement and new policies.
•Experience in crisis management and response and led Incident Management Team (Red Team).
•Led Forensic investigation, collection and analysis team.
•Support Patch and SCCM activities.
•Responsible for interpretation of complex technical issues, challenges and goals and turning them into an easy-to-understand concepts.
•Directly involved in assessing threats to multiple operating system platforms, database and application servers, and custom and off the shelf applications.
•Leading all Compliance, regulatory and CIPA, HIPPA, FERPA evaluation.
•Compliance Committee Chairperson
•Configuration Control Board Chairperson
•Migration of DLP Tools.
•Conducted Audit within IT and Information Security organizations.
•Conducted Cyber Awareness Training
•Worked in a diverse IT architectures and enterprise IT data centers, external hosted services and cloud computing environments.
•Extensive Knowledge of SOX, GDPR, NIBSET, PCI, NIST, ISO, NIST, PCI-DDS, SOC and BSI.
Wells Fargo Bank, San Francisco, CA 07/2015 – 01/2017
Cyber Security/ Business Continuity Program Manager
•Managed Configuration Management activities including planning, tools, process, procedures and release.
•Managed the ongoing monitoring of the IT Disaster Recovery program that encompasses the recovery efforts of all business technology functions during a disaster and the emergency response planning initiatives.
•Applying IBM AppScan, Veracode and Threat Modeling to assess vulnerability of various business and technology center's Applications within Wells Fargo.
•Onsite security assessments and full report on PCI compliance (ROC)
•Assistance with Self Assessment procedures and reporting (SAQ)
•Attestation of Compliance (AOC) certificate
•Risk Assessment
•Network Penetration Testing
•Vulnerability Scanning
•Gap Assessment
•PCI Payment Credit Card Data Security and Compliance
•Credit Card Data Environment Scope Identification and Reduction
•Credit Card Data Security Risk Management
•Data and Card Protection
•Increased Customer Trust and Organizational Reputation
•Effective Incident Response Planning
•Experience testing applications for security compliance.
•Experience with Enterprise Applications and Information Security.
•Ability to insure all applications meet enterprise minimum security specifications and escalate for potential deviations when they do not.
•Managed the scopes, schedules, budgets, and quality of assigned project(s) from conceptual stages to full production.
•Performed security, compliance, and risk assessments on projects.
•Monitored and ensured effective management action implementation.
•Supported information security review of new technologies and designs.
•Experience investigating and identifying security needs and recommends plans and resolution.
•Implemented, tested and monitored InfoSec improvements.
•Ensured compliance with disaster recovery and security requirements in an enterprise IT environment, including application, network, and account and perimeter security.
•knowledge of: PCI DSS 3.2, ISO/IEC 27000 family of standards, NIST 800-53, NIST cybersecurity framework, and COBIT
•Extensive Knowledge of common application security architecture and vulnerabilities (e.g. OWASP Top 10), attack techniques and remediation tactics/strategies.
•Managed Information Security program with focus on SecCM and operationalization of CMP within Enterprise Database Management and Database Competency Centers at Organization level.
•Completed Information Security Assessment plan, making sure plan is executed accordingly.
•Developed and implemented policies and documentation by following best practices, incorporating elements of existing documentation, analyzing systems criticality, Business Impact Analysis and negotiating with affected stakeholders.
•Supported business process owners, engineering teams, and executive leadership.
•Applying The Scaled Agile Framework SAFe is an interactive knowledge base system for implementing agile practices at enterprise scale.
•Leadership role in facilitating agile team, program, and enterprise in a SAFe.
•Worked directly with Vendors on new and existing contracts.
•Worked directly with Data stewards, business decision makers, BI organization and IT partners.
•Provided leadership and management in the event of an actual disaster for IT recovery capabilities.
•Led virtual teams and collaborating across large, matrixes organizations.
•Business Continuity Program Management/Disaster Recovery Program Management
•Contributor to formulation and execution of the IS strategic plan and worked to build a scalable, responsive organization.
•Plan and design Microsoft SharePoint environments
•Configure of Microsoft Office SharePoint
•Create modify and delete SharePoint accounts as directed and in compliance with all standard operating procedures.
•Configure SharePoint services and settings.
•Assist individuals in maximizing the potential of SharePoint as it relates to their job function.
•Document SharePoint configurations and architectures
•Extensive knowledge of Compliance, regulation and Information Security-Privacy regulatory requirements and standards, such as PCI, HIPAA, HITECH, NIST, COBIT, ITIL, ISO 27001 and NISPOM.
•Extensive knowledge of SEC, FFC, Sarbanes-Oxley (SOX) and or Gramm-Leach Bliley Act regulatory policies and guidelines.
•Maintained budget, schedule and resource planning and usage across multiple related projects in the largest Sysplex in the world with over 350,000 Database Competency centers worldwide.
•Directly involved and responsible for all Risk analysis and Management.
•Managed Projects with cross organizational business and technology teams.
Boeing Company. Bellevue, WA 09/ 1998- 05/2015
Information Security Program Manager
•Managed all Information Security tasks, SCM and SQA activities for Boeing Product Standard in a UNIX, Linux, and Window based environments.
•Facilitate Scrum events (Daily Scrum, Sprint Planning, Sprint Review, Retrospective, Backlog Grooming)
•Coach Product Owner and Delivery Team on how to engage with the Scrum framework.
•Reinforce Agile principles and values within Boeing.
•Foster team self-organization
•Protect scrum team from distractions.
•Helping to remove impediments as needed but help team self-organize.
•Radiate project status visually to management, stakeholders, and team
•Ready to work as a team member to support the process.
•Be contact person for all things.
•Helped for training engineers for writing User Story and Epic
•Provide learning opportunities to organization (talks, workshops, etc.)
•Help further agile community within the organization at Boeing.
•Utilized IBM AppScan, Veracode, Manuel Scan tools to conduct Application Security tasks and activities. Responsibilities include all Thread Modeling, Risk Sorter, Application Vulnerability Assessment, Risk Mitigation, Dynamic and Static Testing, Dashboard updates and direct leadership reporting.
•Led a Data Loss recovery team for a newly designed Airplane as a principal investigator.
•SME level knowledge of NISPOM (National Industry Security Program Operation Manual).
•Responsible for organizing, planning and conducting periodic reviews of compliance activities.
•Completed, maintained and updated Disaster Recovery plan for both IT and Information Security organizations.
•Conducted quarterly, yearly basis and continuous compliance initiatives with gap identification and implemented plan to close those in a timely manner.
•Led an Internal Audit Team and worked closely with external government Auditors.
•Led information security review of new technologies, tools, designs, and remediation planning efforts. Performed technical audits of IT General Controls, Information Security, SDLC, Application Security and Operations.
•Developed standards and applied best practices for securing LAN, WAN, VPN, operating systems.
•As a Compliance officer evaluated the review and analyzed data pertaining to information systems functions relative to Sarbanes-Oxley compliance.
•Provided direction, insight, advice to 1st to 3rd managers and lead developers regarding the execution of tasks.
•Extensive training in Information security equivalent to CSSP and expert level familiarity with SOX (Sarbanes-Oxley (SOX) RICH, RoHS (Pertains to all chemicals including those used to make a product) and NISPOM (National Industry Security Program Operation Manuel) regulations.
•Researched, standardized, composed, edited, and approved documented policies and procedures/process for compliance in accordance with accepted industry standards.
•Led Lean workshop, Value Stream Mapping and process improvement for Boeing IT and Commercial Aircraft organizations.
•Lead Principal Investigator and Project Manager for organic applications and Data loss recovery.
•Led Simulation and Modeling Project.
•Applied Agile/Scrum Master principals for IT projects.
•Changed Software Delivery process from Manual base to online software delivery process.
•Managed Software change process including all RFSs, CR, DIR, SCP and VDDs documents.
•Worked closely with FAA – non-Airborne System team for certification and accreditation of applications.
•Principal inventor of Link Gate, a new application for Knowledge Transfer and Knowledge Management Activities.
•Led all Record and Information Management efforts.
•Conducted Lean workshop, training and mentored new engineers and analysts.
•Managed remote teams in Germany, Russia, Singapore and India.
INVENTIONS, HONORS AND ORGANIZATION MEMBERSHIP
•U.S. Patent Award 2015 Boeing
•Recipient of Phantom Works Silver Award for implementation of PSDD system
•Principal Inventor of Link Gate (Knowledge Management and Knowledge transfer tool)
•Principal Inventor of WebCM Application Server (Configuration Management tool)
•Recipient of R&D funding from Boeing CII program for innovative product and services. 2003
•Recipient of R&D funding from Boeing ESG program for innovative product and services 2010
•Technology Presenter at Boeing Technical Conference (BTEC) in Los Angeles, California, 2007
•Achieved Three times SEI/CMM fully satisfied organizational Status for PSDS and Product Standard Digital Data
•Outstanding Conservation Achievement Certificate from Boeing SSG 2012
•Recipient of award for Community Development activity for Children Hospital.
•Member of Northwest chapter of Software Quality Assurance (SASQAG) WA
•
EDUCATION:
Griffin College, Seattle, Washington
B.S. Computer Science
Stanford University, Pal Alto, CA
Advanced Project Management Certification
Contact this candidate