Joe DICIACCO
Danbury, CT +1-347-***-****
https://www.linkedin.com/in/joe-diciacco-b514a066/ *********@*****.*** MANAGER OF INFORMATION SYSTEMS & SECURITY
Responsible for ensuring that computer system and networks are in compliance with security policies and regulations.
Business-focused professional with experience in compliance specifically for NIST 800-53. Identifying potential security risks and vulnerabilities. Development of security policies and procedures that align with the NIST framework. History of multiple responses to company audits and questionnaires. Known for easily identifying and resolving problems and getting things done. Adept at instituting and instilling business processes.
Vulnerability and Patch Management Investigation of Security Events Security Configuration Implementation of Security Controls. Monitoring and Testing of Security Controls Azure Active Directory KnowBe4 Security Training Security Audit Review PROFESSIONAL EXPERIENCE
LOGICSOURCE, Norwalk, CT 2022 – Present
Manager of Information Systems and Security 40 hrs. / week Monitor and review of the company’s security infrastructure, reports and processes.
● Review of daily security events generated by the Arctic Wolf SIEM.
● Review of Arctic Wolf reports, categorizing and analyzing the highest risk events.
● Monitor and successfully manage the company’s IT Infrastructure.
● Review SOC 2 reports from the company’s vendors ensuring that vendor compliance is achieved.
● Working with the company’s Managed Service Provider to remediate known vulnerabilities. EMMET, MARVIN & MARTIN, LLP, New York, NY 2012 – 2022 Manager of Information Systems and Security 40 hrs. / week Responsible for overseeing the planning, implementation and maintenance of the firm’s IT security infrastructure, systems and applications. Protecting the confidentiality, integrity, and availability of the firm’s data. Responding to vendor security audits.
● Develop and implement security policies and procedures that will protect the firm’s data from unauthorized access, use, disclosure, modification or destruction.
● Conduct risk assessments to identify potential security threats and vulnerabilities.
● Work closely with equity partners and external service providers on a wide range of topics that require security expertise, including business requirements analysis, issue trouble-shooting, root- cause analysis, business process optimization, integration, cross-functional projects, end-user training, and translating requirements into technical solutions.
● Monitor security systems and analyze potential threats using security technologies such as SIEM, Firewalls, Vulnerability Scanners, IDS/IPS, and Anti-Virus.
● 7 years’ experience responding to financial institutions vendor audit questionnaire’s.
● Implemented the Information Security Program framework by developing policies and procedures to mitigate data loss and protect the firm’s sensitive information.
● Implemented iManage Security Policy Manager to move away from traditional access control lists.
● Established over 60 IT Information Security policies based on the NIST framework to support the implementation of strategies set by upper management to keep the firm in compliance.
● Run Nessus software and analyze the results – remediation of the critical and high items.
● Implemented physical security controls on access doors and sensitive areas by the use of digital card key systems.
● Identifying risks and lack of security controls within applications and systems that support key business processes.
● Review of patch history and vulnerability reports using Nessus, ensuring that the critical and high values were remediated.
● Responsible for creating the annual IT budget for next year’s purchases based on current costs and future requirements.
● Oversee penetration tests and remediation of vulnerabilities.
● Monitor and assess the effectiveness of the firm’s Intrusion Detection and Prevention system.
● Work with system administrator’s, cloud engineers, and development teams across the enterprise to ensure security best practices, vulnerability testing,
● penetration testing and compliance certifications are maintained.
● Implementing Regex expressions to mitigate the loss of data and improve the DLP posture.
● Procurement of new equipment for upgrades, managing the projects until completion.
● Created Onboarding/Off-boarding application using Salesforce. Use of page layouts, data loader, record types, paths, dynamic layouts and dashboard creation. Basic flows and light Apex coding.
● Engage with key stakeholders to prioritize and discuss IT Projects.
● Design develop and monitor disaster recovery plan of the firm’s Virtual environment using Zerto.
● Management of the daily tasks of the IT department and staff.
● Project manager for the installation of new hardware and software.
● Maintain all 3rd party vendor contracts for renewal. EMMET, MARVIN & MARTIN, LLP, New York, NY 2005 – 2012 Application & Database Administrator 40 hrs. / week Ensuring that applications and databases are installed, configured, maintained and supported effectively to meet the needs of the firm.
● Support of new and existing business systems applications.
● In-depth knowledge of SQL tables for iManage Document Management System.
● Active directory, user account creation/deletion.
● Administrator for SQL disaster recovery environment, SQL job schedules, maintenance and backup routines.
● Maas360 Mobile Device Manager – configure and support all mobile devices in the firm.
● Restoration and maintenance of SQL databases. Creation of tables, views, database tables, indexes and relationships and stored procedures.
● Administrator for Elite Enterprise accounting database. Designed and implemented data warehousing of Elite data to record matters that have been reactivated.
● Create export routines that produce EDI files from accounting data to Positive Pay check clearing. Additional prior work history available upon request. EDUCATION
Bachelor of Science (BS) – Electronic Engineering - DeVry Institute of Technology - Woodbridge, NJ
CERTIFICATIONS
CISSP – Certified Information Systems Security Professional - #1224612. Currently seeking Salesforce Administrator Certification. TECHNICAL SKILLS
Microsoft Office 365 administration, Azure Administration, Salesforce administration, Salesforce security, Datto Backup and Recovery, iManage Work 10, KnowBe4, Arctic Wolf SIEM, VBA Excel Macros, Identity and Access management, Rest API, Smart Sheet, VM-Ware Administration, MS Azure, MS Exchange, Active Directory, Windows Server, DNS, Nessus Professional, Vulnerability detection and Remediation, Disaster Recovery, Zerto, Avaya IP Office PBX and VOIP, Database Design MS SQL Server, Meraki Wireless Networks, Backup and Recovery, Citrix Administration, Visual Basic programming, Video editing and education, UKG Dimensions, Workforce Central, Maas 360 Mobile device management, Mimecast E-mail hygiene, Azure Conditional Access. REFERENCES
Professional
Richard Talesnick – Equity Partner – Emmet, Marvin & Martin, LLP - 917-***-**** – **********@***********.***
John Uehlinger – Equity Partner – Emmet, Marvin & Martin, LLP - 917-***-**** – **********@***********.***
Howard Schiff – Equity Partner – Emmet, Marvin & Martin, LLP - 516-***-**** – *******@***********.***
Personal
Rick Smith – President - Impact Promotions - 914-***-**** - *********@*********.*** Arjun Kaushal - PCR Technologies - 732-***-**** - *******@*************.*** Rodney Wollman 845-***-**** - *************@*****.*** Kathy Wood - Emmet, Marvin & Martin - 862-***-****