Al Vaghar
Bedford, MA *****
adswmy@r.postjobfree.com
VP of Security Marriott Loyalty, World Wide Operation
Accomplished and business savvy IT professional with robust experience acquired over Thirty years in information technology delivering optimal results and business value to fortune Five hundred companies by establishing key relationships with business segments globally and in US. Skilled in leading a diverse team in 7/24/365 environments, developing customers and vendor relationships and driving innovative digital transformations. Responsible for global database security and compliance in a multinational hospitality organization. Knowledge and experience in corporate security, data center, cloud computing, data management, and analytics. Exceptional communication and presentation skills and proficiency in grasping new concepts and staying with trends and technologies.
Skills Area: Security and Compliance Project and People management Process improvement Strategic and Operation planning Business development and Negotiation Design and Presentation Cross functional leadership in a 7/24/365 environment Cost and Competitive analysis Technical Architecture and Assessment Client and vendor relationship management Training and hands on systems engineering.
EXPERIENCE
Marriott Corporation Boston, Mass
VP Security - World Wide Operation 2020 – Present
* Securing Marriott Bonvoy Reward system worldwide by engaging with business partners, internal
and external stakeholders and vendors.
* Analyzing existing applications, architecture and developing, conducting security awareness training
and recommending solutions to optimize and reduce cost and improve efficiency throughout the company.
* Setting up goals, managing risks, guidelines, expectations, timelines and recommending strategies.
* Acting as the key liaison between Information Security, relevant business units, and outside vendors to
understand and translate business requirements to functional and technical solutions to achieve commercial objectives
* Managing and leading a Database security team in a fast phase 7/24/365 environment, working with
traditional data centers, public and private cloud.
* Managing operational expenses and capital budget for Information Security team.
* Continuously building and developing effective working relationships with the relevant business stakeholders
to serve as a key decision maker and advisor on strategic business issues.
* Securing Loyalty database systems throughout the company by analyzing large data sets on a daily basis
using analytical tools. Monitoring data, activity, gap analysis, breach of data, anomalies, and user
behavior analytics and creating reports and dashboards.
* Working with various technology/business stakeholders at to integrate relevant data sets into enterprise
GRC Solution
* Adhering to Governance, risk and Compliance (GRC) complying with internal Marriott mandates.
* Lead on complex technical and high change and incident management issues.
Wells Fargo Bank Boston, Mass
Assistance Vice President - Security & compliance 2018 – 2020
* Worked with Technology, operations and stakeholders to determine process improvements and strategic
Direction, including development of and monitoring of database systems in the bank.
* Creation and maintain of security architecture artifacts (models, templates, standards and procedures) that
can be used to leverage security capabilities in projects and operations.
* Monitored information security trends internal and external to the Company and keeps
LOB leadership informed about information security-related trends.
* BAU Query Management and Resolution, escalation and remediation in support of Auditing.
* Drafted security procedures and standards to be reviewed and approved by executive management
* Validated IT infrastructure and other reference architectures for security best practices and recommend changes
to enhance security and reduce risks, where applicable.
* Evaluated statements of work (SOWs) to ensure that adequate security protections are in place.
* Leveraged risk-based reporting to shape the risk posture and subsequently derive guidance to improve
information security adoption across assigned lines of business.
* Change management, incident management and response, escalations, compliance and reporting in a 7/24/365
environment.
* Adhered to Governance, risk and Compliance (GRC) with internal Bank and Government mandates.
* Technical/leadership role in Database Activity Monitoring (DAM) and Vulnerability Management (VA)
projects from design, architecture to development, migration and operation of a new environment.
* Analysis of Qualys scans on a periodic basis and making appropriate decisions based on severity of issues.
* Maintained and enhanced in policy in conjunction with SOX policy.
* Developing documentation, and analysis of business & technical requirements.
Vodafone U.S Boston, Mass
Managing Cyber Security Lead 2014 – 2018
* Maintained high schedule adherence, change management, response incidents, escalations, priorities
Compliance and reporting in a 7/24/365 busy environment. Working with stakeholders throughout the
Enterprise (offshore and onshore) team on identifying acceptable levels of risk. Adhering to Governance,
risk and Compliance (GRC) Principal and methodology for Bank of America.
* Assigned incidents to L1, L2 engineers. Providing supervisions, guidance and knowledge to Seven L2
engineers.
* Engineering lead on complex technical issues and high incident management issues, coordinating activities
with vendors such as IBM and Cisco.
* Provided client management and external stakeholders with an appropriate level of communication
and insight into Risk Convergence and Data Analytics.
* Analyzed and translating business, information and technical requirements into an architectural blueprint
that outlines solutions to achieve business objectives.
* Anticipate and react to major technology changes to ensure the company maintains a robust IT infrastructure
that creates cost-effective, ongoing business efficiencies.
* Ensuring data integrity and provide a smooth transition when new software or hardware is added to existing
Infrastructure.
* Buit and maintained business relationships with internal customers including key senior stakeholders.
* Technical/leadership role in Database activity monitoring and compliance (DAM) and Vulnerability
Management (VA) projects from design, architecture to development, migration and operation of a
new environment using IBM InforSphere Guardium.
* Developed documentation, and analysis of business & technical requirements to ensure compliance with
Payment Card Industry Data Security Standard (PCI) and Sarbanes Oxley (SOX) regulations
* System engineering duties as needed :( Installations, Data loss, Disk management, Memory utilization,
Import/export, VM, Backup/Restore, Disaster/Recovery, Upgrade, Patching, Linux/Unix, F5, Guardium, TCP/IP
traffic analysis on the stack and validation of live databases traffic (MS SQL, Oracle, Sybase, Db2, Mainframe.)
IBM Corporation (Guardium Corp 2007-2010) Littleton, Mass
Sr Professional Services Consultant 2007 – 2014
Managing consultant at Infosphere Guardium division of IBM Corporation, delivered services to fortune
Five hundred companies including but not limited to customers such as: Wells Fargo, Bank of America, and JPMC
Chase, TJX, AIG, U.S Federal Reserve Bank, Banco Reserva of Dominican Republic.
* Managed multiple concurrent customers, projects, deadlines, facilitating business enablement activities including
policy reviews, reports creation, incident response management, work flow, disaster recovery and alerts
Analysis and translation of business, information and technical requirements into an architectural blueprint
that outlines solutions to achieve business objectives.
* Communication liaison between customers, partners, vendors and local teams to implement a successful
delivery strategy within the time and budget constraint.
* Installation, upgrade, configuration, administration of Linux based Guardium devices (Physical Device /Virtual
VMware (ESX)) in the data centers and on the networks, using Software tap and/or physical Span port switch.
* Sizing, tuning, estimating, planning, scalability, performance, assessments, analysis, project management,
technical architecture, integration, customization of InfoSphere Guardium product line at the customers sites.
* Consultation, auditing and compliance (SOX, HIPAA, and PCI) to ensure compliance with Government
mandates.
* Monitoring of traffic in major databases (Relational: Mysql, Oracle, Informix, SQL Server, DB2, Sybase,
Netezza, NoSql: Mongodb, Cassandra) on multiple operating systems (HP, AIX, Solaris, Linux, Windows,
Z/OS, and Z/Linux) remotely and on the client sites.
* System Engineering: (network, disk management, memory utilization, import/export, backup/restore,
database integrity, data mapping, data mart, data loss, forensics, disaster/recovery, upgrade and patching)
* Integration with third party products: SIEM (ArchSight, QRadar, Envision), WebSphere, SAN, PeopleSoft,
Oracle EBS, Web logic, Business Objects)
* Training customers hands on in a class environment (Up to 12 people) and/or remotely as requested.
PRIOR EMPLOYMENTS
ICONIXX INC Houston, TX
Sr. Technical Consultant 2006 - 2007
AMERIGROUP INC Virginia Beach, VA
Sr. IT Consultant 2005 – 2006
TIDAL SOFTWARE INC Boston, MA,
Sr. Technical Consultant 2003 - 2005
OPENWAVE SYSTEMS Redwood City, CA
Professional Services Consultant 2000-2003
COMPAQ CORPORATION Marlborough, MA
Sr. Application Developer 1999 – 2000
COMPUTER SCIENCES CORPORATION (CSC) Cambridge, MA
Sr. Systems Analyst 1997 – 1999
Science Applications International (SAIC) Las Vegas, NV
Sr. Systems Analyst 1995 - 1997
R.S MEANS - CONSTRUCTION MARKET DATA GROUP Kingston, MA
Sr. Systems Analyst 1992 – 1995
*
MASSACHUSETTS INSTITUTE OF TECHNOLOGY Cambridge, MA
Application Development Consultant 1991 - 1992
SYSTEMS
Hardware: Linux, Windows, VMware, Solaris/HP/AIX UNIX, Main Frame Z/OS, Z/Linux/SAM, I/SAM, VMS clusters.
Software : Java, C/C++, MFC, SQL, HTML, J2EE, HTTP, DNS, JSP, ASP, NTP, FTP, Tomcat, Apache, PERL, SSL,
4GL, FORMS, PL/SQL, PRO C, JDBC, FORTRAN PowerBuilder, Visual Basic, Unified Messaging,
Mobile access Gateway, Email systems, Cisco routers & Switches, Voice XML, UNIX Shell, SNMP, SMTP,
FTP, fire wall, WebLogic, POP, IMAP, IIS, LDAP CGI, PERL, TCP/IP, Visio, MS Office, MS Project,
MS Access, TIDAL Scheduler, Crystal report, Ingrian, Imperva, (WAF, WAP, DAM, Share point), Radius,
CyberArk, Guardium, Jsonar, sales Force, SIEM (Arc sight, Envision, Splunk), F5 BIG-IP Load balancer, Qualys
Bluecoat, Crystal reports, agile, Confluence, Jira, Gitlab, Sonar, Wireshark, IBM cloud, AWS Cloud,
Metasploit, Kali, JIRA, Confluence, Kanban.
Databases: Oracle, MS SQL Server, Sybase, MySQL, DB2, Informix, Teradata, Netezza, Postgres, MongoDB, Hadoop, Z/OS
TRAINING AND EDUCATION
Guardium Security Imperva and Jsonar security and data analytics
Bluecoat security F5 (Load balancer and Big-IP)
Planning and Scheduling Training and certification TIDAL Scheduler Training and certification
Sarbanes Oxley (SOX) and PCI compliance Variable Compensation methodology
Microsoft SQL Server and Oracle DBA training Cryptography and Encryption
Electronic mail operation and mobile access Sales, Marketing and communication training
Cell Technology, unified messaging, Email Massachusetts Broker License.
SAINT LOUIS UNIVERSITY St. Louis, MO
B.A - Mathematics and Computer Science
B.S - Aeronautical Engineering