Information Security Senior Manager
Resume:
M.A. RAMIREZ
Santa Clara • California
650-***-**** • ************.**@*****.***
INFORMATION SECURITY CLOUD COMPLIANCE SENIOR MANAGER Dynamic Information Security Compliance Manger and Cybersecurity Policy Specialist with seven years of high-profile SaaS Cloud Security experience. Demonstrated expertise performing Third-Party Risk Management Assessments and developing Information Security Policies and Procedures in compliance with FedRAMP cloud security requirements. Proven IT Project Management expertise with more than 15 years of industry experience. Skilled at technical engineering compliance and cloud operations for training materials and security audit assessments. Security Cloud Compliance Manager • Backend Platform Engineering • Code Analysis Testing • Cyber Policy Specialist
• Cloud Security SaaS/IaaS/PaaS • IT Security • Consulting Change Management • Federal IT Governance Compliance Consulting • Gap Analysis • Third-Party Risk Management Assessments • Process Improvement • IT Infrastructure / Design • Team Leadership / Motivation • Data Warehousing • IT Strategy • QA / Testing • Network Administration • ITIL Incident Management • Technical Support • Deployment / Migrations • Pre-Assessment Preparation • Security Audits • Training / Development • IT Asset Inventory Services • Client Relations • Security Policy Development • Procurement Assessment • Project Management • Business Development Communications • Third- Party Vendor Qualifications • Cloud Security Penetration Testing • Privacy Matters • Data Centers / Regional Offices • Third-Party Vendor Test Tool Products • Security Information & Event Management (SIEM) Apple Inc • Sunnyvale, California • 7/2020 – 7/2024 American multinational company designing, developing and sells consumer electronics, computer software, and online services.
Technical Engineering Security Compliance Program Manager / Contractor Via Tata Consultancy Services (TCS) Manage and direct security cross-functional teams with integrating KMS and client-end application(s) to support backend Point Of Sales (POS) transactions. Lead security roadmap meetings for global-geo locations and its impacted team(s) throughout its software release cycles, threat models, and sequence flow diagram(s). Prepared project status
(via “Radar”- - -an internal Apple proprietary ticketing system) dashboard(s) and PowerPoint presentations for corporate compliance office audit review.
Achievements:
• Successfully manage security requirements for the past four FY years with Security POS
• Responsible for developing on-boarding security and compliance training material for new security engineers joining the team, along with preparing technical back-end sequence process flows for technical support and support legacy related issues.
CISCO SYSTEMS • San Jose, California • 7/2019 – 3/2020 American multinational corporation designing, manufacturing, selling networking equipment, and cloud-based services. Program Manager / Contractor Via Tata Consultancy Services (TCS) Provided critical and required backend cloud system service discovery assessment, along with architectural analysis documentation for the purpose of scoping preliminary FedRAMP compliance initiative effort for Software-as-a-Service
(SaaS) and Infrastructure-as-a-Service (IaaS) model(s) offerings with NIST security control(s) framework guidance in acquiring Pre-ATO/In-Process status.
Achievements:
• Significant team contributor in obtaining a FedRAMP government agency sponsor for the company, in a short time, by authoring and providing key necessary initial SDWAN-G cloud backend system reference material documentation, as required by the sponsor for their review and assessment.
• As acting interim Lead Compliance Manager, designed and wrote SDWAN-G Tier-I backend system architectural data flow design diagram with its supporting narrative in a collaborative manner with internal Cloud Operations engineering personnel. Similarly, as well with the SDWAN-G vAnalytics Tier-I backend system architectural data flow design diagram with its supporting narrative. All published works intended for developing SDWAN-G’s System Security Plan (SSP).
Resume
MOISES A. RAMIREZ • Page 2 • ************.**@*****.***
• Responsible for aligning my contributed written compliance documentation material, which could be leveraged for multiple purposes, not solely aimed at audit compliance matters, but also for its SDWAN-G and vAnalytics cloud backend system training for new personnel onboarding, along with engineering development in pursing potential new cloud-based services with internal and external cross-functional engineering teams.
• SDWAN-G within an AWS cloud infrastructure environment was able to devise a methodical, repeatable, and tailored documentation model for future FedRAMP pre-compliance initiative effort for cloud-based service offerings. Consequently, to be used for periodic (pre-and-post) audit activities, as related to IT cyber security governance domain with external auditors and accessors for information integrity, security, privacy and availability. EQUINIX • Sunnyvale, California • 9/2018 – 3/2019
The world’s largest IBX data center and colocation provider, offering the fastest application performance and lowest latency routes worldwide to the digital economy with its extensive interconnection services. Security Governance Manager / Consultant
Provided reliable FedRAMP Infrastructure-as-a-Service (IaaS) security control framework guidance, managing and overseeing internal and external cross-functional teams for NIST 800-53 gap analysis, executing a roadmap for implementing security NIST controls, along with devising Information Security Polices & Procedures (ISP&Ps) for senior security management (CISO)
Achievements:
• Performed security audits and assessments of third party’s IT products/services, and recommended actions to mitigate risk through a review of efficiency, effectiveness and compliance of existing operational and security polices, processes and practices, in accordance with NIST FedRAMP regulation conformity.
• Responsible for aligning newly created and established cyber security controls to reflect ongoing security policies, and procedures for future emerging security technologies to address engineering and business needs.
• Managed and supported FedRAMP Continuous Monitoring (ConMon) training for internal principal Cloud Operations personnel in anticipation of the company’s ATO compliance approval. NUTANIX • San Jose, California • 6/2017 – 9/2018
Enterprise cloud hyperconverged infrastructure leader Information Security Governance Manager / Consultant Developed IT/OPS business process flow maps along with respective procedures, policies and standard documents intended to address security compliance requirements, design, qualification plans and test framework scripts in accordance with ISO/IEC 27001/27002 requisite. Facilitated and led compliance effort planning with cloud team leaders in conjunction with legal professionals.
Achievements:
• Performed IT governance metric missing-gap analysis assessment to identify ISO/GDPR compliance by analyzing and documenting business CAPs. Created and prepared compliance projects for managers and SMEs for audit preparation.
• Prepared technical reports for functional application testing using HPE Unified Functional Testing (UFT) software, along with selecting independent third-party vendors for suitable application penetration testing.
• Conducted due diligence with security plan(s) for audit purposes with detailed understanding of the common technologies found in enterprise IT environments including data center(s) and Internet edge technologies.
• Reduced IT security infrastructure budget cost by 30% in eliminating antiquated legacy products, reassess and renegotiate third-party service contracts, while consolidating, as well as, implementing new secure effective tools and technologies.
QUALYS • Redwood City, California • 7/2013 – 6/2017 Provider of cloud security, compliance and services for small and medium-sized businesses and large corporations. Principal Information Security Solution Architect
Maintain and update security compliance requirements for third-party audits including GRC, NIST, CAIQ, FedRAMP, SOC1, SOC2, ISO 27K Information Security along with Privacy Matters for audits and risk/gap assessments for cloud security by independent auditors.
Resume
MOISES A. RAMIREZ • Page 3 • ************@*****.*** Achievements:
• Earned FedRAMP certification to secure Federal customers. Developed FedRAMP compliance to meet security policies and procedures for security operations.
• Performed IT gear assessment (with production and disaster recovery environments) for accurate accounting depreciation. Completed assessment ahead of schedule for enhanced fiscal accounting operations.
• Lead development of backend platform training materials for internal and external engineering and security operations. Streamlined technical training to increase employee performance and improve customer satisfaction.
• Served as point of contact for independent third-party audits. Developed processes to complete cloud SaaS security audits efficiently to meet auditor and customer requirements.
• Assumed interim development of Statement of Works, Purchase Orders and procurement documents. Filled staffing shortage by designing system processes to automate tasks to increase efficiency and reduce cost. EDUCATION
Bachelor of Science in Management Information Systems / English Minor Santa Clara University, Santa Clara, California
PROFESSIONAL CERTIFICATIONS
Certified Information System Auditor (CISA)
Project Management Professional (PMP)
Cisco Certified Network Administrator
Microsoft Certified Solutions Architect
Certificate in RF Telecommunication / Cryptography, Naval Technical School SECURITY CLEARANCE
Top Secret (TS) / Special Background Investigation (SBI) Security Clearance (Inactive) AFFILIATIONS
Cloud Computing Association (CCA)
Internet Security Alliance (ISA)
Federal Publications Seminars (FPS) Group
COMPUTER SKILLS
C, C++, Java, SQL, Perl, Cisco IOS, Sun Solaris, Juniper JUNOS Configurations, FreeBSD UNIX, RedHat LINUX, Windows 2000/2003 Servers, MAC OS X, Microsoft Office Suite, MS Windows X, Web Based Development Languages, Visio, RoboHelp, WebWorks, FrameMaker, Dream Weaver, Illustrator, Acrobat, Paintshop Pro. Photoshop, QuarkXPress, Corel Draw, MS Draw, DITA XMetal, XML Publishing, Javadoc, Confluence Wiki Pages, WebWorks, and FrontPage
LANGUAGES
English, Spanish, Conversational French
Resume
Contact this candidate