Information Security Engineer
Resume:
DOUGLAS JOHNSON
Lexington, Kentucky *****
********@*****.*** / 520-***-**** / https://www.linkedin.com/in/doug-Johnson-infosec
SUMMARY
Information Security Engineer with 18 years of experience in issue/risk identification, data analysis and reporting, establishing SOPs, IAM, audits, presenting KPIs etc. Committed worker with a history of meeting company needs with consistent and organized practices. Skilled in working under pressure and adapting to new situations and challenges to best enhance the organizational brand.
SKILLS
Data Analysis
Security vulnerability assessment
Security regulations compliance
Risk mitigation strategies
Process Management
Problem Resolution
Excel for Data Analysis
Teamwork and Collaboration
EXPERIENCE
Integrity Consulting Lexington, Kentucky
Identity & Access Management Specialist 03/2022 – Current
Mapped IAM responsibilities to match policies, processes, and procedures. Filled gaps in security framework by identifying and creating 6 missing IAM processes, procedures, and guides.
Developed Excel applications to automate data processing saving 2 weeks of work every quarter and eliminating human error.
Facilitated IAM transformation project for SSO and SailPoint so stakeholders could collaborate and complete projects ahead of schedule.
Coordinated SOC and internal auditors with IAM team to return data requests on time with 100% passing rate.
Brought new VP up to speed with risks in RSA Archer, then coordinated stakeholders to remediate and close 20% of the risks.
Documented guide of quarterly privileged and user recertifications freeing engineers time for other work and allowing analysts to pick up the technical recertification work.
Worked with Core Security (Courion) to prepare for Privileged Access Recertifications.
Conduent (Xerox) Lexington, KY
Information Security Engineer III 1/2018 – 12/2021
Developed reports for CRO, then at his request, collaborated with stakeholders to remediate and close over 30 risks reducing the risk footprint significantly.
Built AV, patch, and inventory reports in ETS (Enterprise Technology Services) giving management a way to check the pulse of endpoints.
Steered the reviews and updates of 15 SOPs to adhere to Conduent policy giving the new company a seamless transition from Xerox.
Reviewed and approved risks and exceptions in the RSAM GRC tool standardizing wording and documentation.
Managed Identity Management for 12k users, discovered and deleted over 6000 obsolete identities, greatly improving corporate security, and saving time during future reviews.
Created IAM compliance procedures and training material and trained the new IAM team allowing them to seamlessly take on the new work.
Tutored and helped new team members learn and grow in their role helping the company succeed
Xerox Lexington, KY
Information Security Manager 3/2015 – 1/2018
Evolved endpoint compliance reporting to be business wide enabling the CISO to see the business as a whole and institute controls.
Managed security for 30 Xerox Business Units by leading various audits such as PCI, SOC2, Internal Security Assessments, Customer Assessments and Questionnaires.
Functioned as a site liaison by hosting auditors, scheduling SME interviews, and ensuring data requests were successfully completed.
Assisted in obtaining IS027001 certification for 5 Xerox data centers.
Strengthened security posture by managing compliance for vulnerability scans and identity management for twenty domains.
Assessed Business Unit security compliance to NIST 800-53 standards and drove remediation by partnering with IT teams.
Identified and defined AV, Patch, and Inventory data, then used it to create metrics reports for management.
Acknowledged company-wide and received a monetary reward for using Excel VBA to automate manual steps in Privilege access reviews saving 10 hours monthly.
IBM Lexington, KY
Information Security Advisor 06/2014 – 03/2015
Reduced PCI data analysis time by 2 hours weekly by automating processes in Excel VBA
Oversaw IT projects for Delivery Project Executive to focus on customer relationship.
Ensured IAM reviews and reports were accurate and on time to bring audit reviews to 100% compliance.
IBM Tucson, AZ
Staff Analyst 01/2008 – 06/2014
Represented IBM Health Check process to IBM Corporate Auditors and external auditors.
Developed and delivered System Access Control & Patch education for support teams.
Helped author and became SME for IBM Global Services Health Check process.
Identified KPI's to maintain and enforce security standards.
Saved IBM 300 hours quarterly by developing Excel scripts to enhance and reduce data-analytic work.
Created monthly critical issues decks for executive management.
Strengthened policy compliance by performing RCAs and incorporating lessons learned into processes.
Developed the guidelines and interface for HIP Health Check tool decreasing server compliance issues by 20%.
Implemented controls to ensure contractual obligations and security requirements are met.
IBM Tucson, AZ
Security Program Manager 01/2006 – 01/2008
Automated reporting for a Security Self-Assessment Workbook for 100+ IBM accounts.
Created education material to secure servers for patch and baseline configuration.
Trained 100 new hires on IBM processes and tools resulting in a 10% improvement in metrics.
Discovered gaps in compliance, then developed processes and procedures around the weak or missing security controls to improve the overall security risk and compliance posture.
Managed security projects (e.g., data collection and reporting for 100 accounts).
Developed and became the owner of the Health Check process for Windows server hardening.
IBM Tucson, AZ
Delivery Compliance Administrator 01/2005 – 01/2006
Managed security controls on Windows servers for 5 accounts, hardening, patching, vulnerability scanning, audit defense.
Performed RCA's and managed remediation of internal security issues in IBM CIRATS tool.
Functioned as liaison between IBM and internal / external auditors.
Reviewed, configured, and ran system access controls tool.
EDUCATION AND TRAINING
SailPoint IdentityNow Essentials Training 01/2022
Bachelor of Science: Information Science – University of Pittsburgh - Pittsburgh, PA 06/1995
CERTIFICATIONS
CISSP, Certified Information Systems Security Professional, Member of ISC2 – 2013
CISA, Computer Information Systems Auditor, Member of ISACA – 2016
CIAM, Certified Information Access Manager, Identity Management Institute, 2022
Contact this candidate