Disaster Recovery Project Manager
Resume:
ANDREA HOUTKIN, CISSP / PMP / CBCP / ITIL
*******@*****************.***
www.houtkinconsulting.com
*** ******** ****** ******: 212-***-****
New York, NY 11238 Cell: 917-***-****
SUMMARY
Disaster Recovery Specialist, Technical Project, Program and Portfolio Manager
Senior technical project manager, hands-on, who demonstrates success managing and deploying all manner of business and technical solutions through a formal project management and process engineering methodology with a focus on the data center, disaster recovery and migration to new technologies.
Ability to manage projects referring to the complete technical stack, following industry standards, best practice and guidelines.
Diverse business and technology experience encompasses financial, insurance and retail sectors. Performance of business process analysis and engineering mapped to the technical solution, then management of design, implementation, validation and migration phases to manifesting the required processes and solutions.
Recognized for superior communications skills and an ability to quickly develop credibility with regards to quality customer service; fundamental project management and software development life-cycle practice and methodology; on-time and within-budget delivery and understanding of the Business process and its translation into useable technical solutions and their deployment.
PRESENTATIONS:
Contingency Management Conference: 2023
Contingency Management Conference: 2024
Recent Article: The Journal of Business Continuity: 2024
Contingency Management Conference: 2025
SKILLSET SUMMARY
Business Continuity
Adherence to Industry and compliance requirements regarding Business Continuity Components:
Risk Assessment and Mitigation
Business Impact Analysis
Creation of the Strategies and Solutions (process or technical)
Business Continuity Planning: Full and incremental business including Business Continuity Planning
Partner with various departments to identify critical business functions, systems and processes, and ensure they are protected against various threats (cyber-attacks, natural disasters, etc.).
Risk Assessment, Business Impact Analysis, Mitigation
Business Continuity and Disaster Recovery Planning and Risk Mitigation
Meet with the Business to understand their risks and plans and map to process and technical strategies and solution Data Center and Business risk assessments;
Business Impact Analysis to map risks to critical business process;
Process workflows of critical business process mapped to technical strategies and solutions;
Incident Management Processes and procedures, including disaster declaration and normalization with annual walkthroughs and revisions;
Evacuation and Staff Accountability process;
Business Continuity Site / Business Plans.
Stakeholder Collaboration, Reporting and Training
Serve as a liaison between IT, business units, and external partners to coordinate resilience efforts and ensure alignment with broader organizational goals.
Provide training and awareness programs for staff to understand their roles in business continuity and disaster recovery efforts.
Support and lead Operational Resilience effort as it relates to the US IT team in the US including annual Self-Assessment and remediation efforts
Business Continuity Processes/Procedures, Strategies and their Solutions
Support and oversee Business Continuity Plans (BCP) to ensure the continuation of essential business functions during and after disruptions.
Regularly review and update BCPs to ensure they remain relevant, effective, and tested.
Work with building management to ensure proper evacuation planning and adherence to FDNY Rule 6 adherence: Emergency Action Plan and Team
Work and test evacuation, staff accountability and assembly point processes.
Design alternate seating, if applicable.
Review any business-related risks and issues of the past that could become or still be issues for mitigation in the current.
Disaster Recovery
Data Center architectural solutions for on-prem/stand-alone and cloud regional and availability zones.
Design and management of workgroup areas (seating) design and build-out;
Architect and Specialist in both cloud and stand-alone data centers
Technical and Process Solutions
Develop and Implement Resilience Solutions for the Strategies defined by the Business Continuity Plan and IT current implementation:
Design and execute comprehensive IT operational resilience strategies, focusing on the protection, recovery, and continuity of critical technology infrastructure.
Collaborate with cross-functional teams to identify potential gaps and vulnerabilities and ensure mitigation strategies are in place.
Partner with various departments to identify critical business functions, systems and processes, and ensure they are protected against various threats (cyber-attacks, natural disasters, etc.).
Experience with Operational Resilience related run book creation and expert knowledge of capital markets technology stack.
Ability to drive outcomes
Ensure and test resilience plans align with the company's overall risk management and compliance framework
Data Center Switch/Failover
Data Center Failover technical procedures, timelines, walkthroughs and simulated testing;
Real-time Data Center failover and normalization test planning and implementation;
Weekly component testing to maintain implemented entities;
Disaster Recovery Documentation
Invocation Documentation (operational procedures);
Technical process and best-practice;
Schematics;
Detailed data center to data center failover design and script creation, documentation and walk throughs;
Technical Disaster Recovery plans;
Command Center Organization and Process.
Create the DR plans with Stakeholders to include the correct disaster recovery-related technical and procedural steps for restoring critical systems and data and returning to day/day production.
Disaster Recovery Testing
Design the full testing program for the complete Disaster Recovery environment: Physical, Network, Server, Database and Application layers
Coordinate subject matter experts for component, end-to-end and data center/environmental switch/failover testing to map to business required RTO and RPO;
Manage and coordinate the development and testing of Disaster Recovery plans to restore IT services in a timely and structured manner.
Review technical and application Invocation and
Maintenance Documentation to ensure same processes are used in both production and disaster recovery environments;
Testing with both IT teams and business to ensure that recovery solutions and strategies are robust and aligned with business needs.;
Ensure testing compliance meets bank and industry standards.
Disaster Recovery Vendor/Third Party Program
Create vendor program that includes the following:
Annual review of the Vendor’s Disaster Recovery and Business Continuity plans; Checking that the Vendor identifies the how long they will wait before communicating their outage to the client;
Bi-annual review of both the Client’s and Vendor contact information to ensure that both sides have the correct contact information. should an incident occur at either the client or Vendor facility;
Support contacts and web-access should that be an offering as well as expedited escalation processes
Disaster Recovery plans for the client’s critical business process that the Vendor manages as well as the RTO and RPO;
Engagement in both client and Vendor disaster recovery testing;
Licensing and support compensation for Vendor outages;
Licensing and support renewal calendar a year ahead should an incident occur during renewal periods;
Review of the annual Masters Services Agreement and any changes that may impact the client’s environment should either side experience an incident;
Bi-annual meeting should changes in contracts, contact, support, server, hardware or software and incident management change for either the Client and/or Vendor.
Project Management-PMI
Project Schedules, Plans, Budgets, vendor management, Contract Negotiation and change management
Technical Project Management
Application/system and data center implementations and migrations;
Device OS Upgrades/OS Migrations;
Network hardware upgrades, data center builds, network circuit procurement / provisioning;
Infrastructure capacity planning;
Infrastructure sizing for customer-facing server pools.
Risk Management and Compliance / Information Security Policy
Risk analysis and assessments, risk mitigation and management, Security policy creation, documentation and implementation/training
Strategies/Responses to Audit queries;
Patching programs and their day/day management;
Contingency solutions for production systems, separation of infrastructure roles/responsibilities to resolve security concerns: design, implementation and validation;
Ensures compliance of and adherence to various industry-specific and general regulations: PCI, SOX, Data Governance, Financial.
Team Leadership
Gives credit where credit is due;
Focus on elevating the team and their success;
Internetworking requires a team approach.
Global and Off-Shore / Large Project Management
PMP / SDLC process adherence and delivery/ITIL;
Works with remote teams no matter location.
Process Engineering
Application process, Business, Technical and Compliance end to end process analysis and engineering with walkthroughs, proof-of-concept and acceptance.
Data Center, Infrastructure, Database and Application alert/alarm Monitoring and Reporting
Study existing alert, logging systems and current disaster recovery declaration normalization processes;
Create or assume management of the Incident Management Team and related roles/responsibilities and processes;
Establish monitoring mechanisms to assess the resilience of the IT infrastructure continuously as well as changes in business priorities, risk and process that could impact the IT solution.
Provide regular reports to senior management on the status of IT operational resilience, including potential risks, gaps, and recommendations for improvements.
Track and report on incident response performance, recovery time objectives (RTO), and recovery point objectives (RPO).
Data Center
Solutions architecture including migration of on-premise (stand-alone) data centers to cloud; dedicated data center to “Passive/Active” to “Active/Active” via GSLB; Data Center implementations and Migration
Information Security
Deployed security solutions and written policy at/for all layers of the stack: intrusion detection and protection, firewalls, Operating System Services: DNS and Active Directory; device patching programs, Operating System upgrades (LINUX); Server architecture to meet security requirements; Account Management following industry standard guidelines for user accounts, system accounts; server build and hardening, database and Application (OWASP / NIST) security requirements, physical access to data centers/office seating areas.
Business and IT Strategy
Technical transformation; Manifestation of business strategies as technical solutions.
Operational Processes and Procedures
System Process with continuous improvement of critical business process; Run Books.
Communications
Verbal, Written and Presentation to all strata of the corporation
Technology organizational change
Roles/Responsibilities and functions transformed to map to the critical business process
Mergers, Acquisitions and Divestitures
Integration of business process and related into existing business and technology
ITIL Foundation
Change/Incident Management and Service Delivery Process
Testing and Validation
Definition of solution validation approach and test scripts
UAT testing for validation of application features and functions.
REAL-TIME DISASTER RECOVERY EXPERIENCE (WORKED)
Nor’Eastern of December 10/11, 1992 IRA Bombing of 6 Bishopsgate, London, 1993
First Bombing of WTC, 1993 Inter-facility water main breaks, 1999-2001
9/11, 2001 SQL Slammer, 2003 / Blackout of 2003, 2003
Financial Market Volatility, 2008-2009 Facility Electricity Loss
PROFESSIONAL EXPERIENCE
Estee Lauder Companies, On-Line, New York 3/2016-Current
Technical Project Manager, Business Continuity and Disaster Recovery Specialist/Architect
Business Continuity/Disaster Recovery
Program Creation: All documentation, training, refinement and completion of the business impact analysis; business continuity plans and transition of data to the disaster recovery team for requirements gathering and implementation;
Two on-prem data center disaster recovery buildouts spanning two regions and full and hybrid cloud deployment;
Migration of disaster recovery implementation in on-premise type data centers to cloud;
Architectural solution from dedicated data center to “Passive/Active” to “Active/Active” via GSLB; Data Center implementations and Migration;
Creation of the data center to data center failover and normalization processes through architecture analysis, technical analysis of all critical technology and definition of the RTO and RPO, mapping to the business process and business loss appetite;
Creation of the weekly testing program to “kick the tires” and prep for the bi-annual Data Center to Data Center failover test as well as to ensure that the RTO and RPO can be met by responding to gaps before a disaster should occur;
Creation of DR program and planning for on-prem and cloud environment including: strategies, solutions, design, implementation and ;
Technical Documentation: Invocation documentation for application platforms and specific technologies.
Global RHEL7, RHEL8 and RHEL9 Upgrade projects, Server Rebuild and Patching
Project manager with remit to migrate all linux servers in production and lower environments on a global level to RHEL7 and maintain security compliance through a regular patching schedule/process;
Ensured compliance with Paypal and federal security requirements; e.g. upgrade in certificate, v5; encryption algorithm to SHA 256 and replacement of SSL with TLS 1.2 protocol.
Creation and management of the global linux patching program
Integration of disaster recovery process into the company global response process;
Alarm/Alert analysis to determine which disaster recovery-related alerts/alarms require additional configuration or creation of escalation processes and procedures.
Fitch Ratings, New York 11/21/22-3/31/23
Disaster Recovery Specialist (Additional Contract)
Disaster Recovery Specialist and Analyst
Program Creation: Analyzed the existing disaster recovery activities and recommended a roadmap to creation of a disaster recovery program, mission, goals, policy, etc;
Performed analysis of existing disaster recovery cloud-based solutions and identified architectural recommendations in support of production continuity and disaster recovery; e.g. location of in and out-of-region availability zones; architecture of critical applications; e.g; HA, Primary/Secondary between data centers or AZ’s; up/downstream-internal/external dependency connectivity.
Analyzed and recommended revisions to the testing program to include specific strategies to fulfill business requirements; e.g. continuity cloud testing, end-to-end process testing; run from alternate data center/AZ for defined periods, disaster recovery testing including switchover/failover and infrastructure-related invocation, creation/walkthrough of the switch/failover timeline in order of technology dependencies, testing program with the business and general refinement to testing hygiene.
Information Security-Project Manager 7/2017-2/2018
Time Warner Corporate, New York
Remediation of Security Framework and Standards Gaps
Security Process Engineering:
Integration of security into the SDLC process
Monthly Review of Management/Unmanaged Assets
Data Certification for Application, Database Assets
Definition of High-Risk Assets
Database Cryptography and Key Management
Co-Designer of a new Security Organization
Add, Remove, Modify Privileged Accounts and Quarterly Review
Deutsche Bank, New Jersey 7/2015-2/2016
Project Manager: 3 Projects-Network Security.
Remediation of Security Framework and Standards Gaps
Security Process Engineering:
Integration of security into the SDLC process
Monthly Review of Management/Unmanaged Assets
Data Certification for Application, Database Assets
Definition of High-Risk Assets
Database Cryptography and Key Management
Co-Designer of a new Security Organization
Add, Remove, Modify Privileged Accounts and Quarterly Review
Project 1: Network Minimal Rights
Deployment of internal audit and regulatory restrictions and alert mechanisms for network device access in network management systems;
Non-compliant system decommissioning and application migration to compliant platforms;
Project 2: Network Access Control/2
Network solutions supporting: 1) connection of 802.1x devices to the network; 2) MAC Bypass for devices that are not 802.1x compliance.
Project 3: Network Function Virtualization Feasibility.
Feasibility study looking at software defined network solutions including OpenStack and solutions from industry-leaders.
JPM Chase, New Jersey 4-7/2015
Business Analysis and Project Manager: Governance, Risk and Resiliency – Data Center application-layer resiliency.
Data Center-application layer compliance with Dodd Frank regulation;
Data Center-application layer hurricane readiness.
Verizon-National Grid, Long Island, NY 4/2013-4/2015
Verizon Senior Technical Program /Project Manager/Team Lead: Network Streams supporting the separation/decommissioning of National Grid Electric Services network assets to PSEG LI.
Management of infrastructure program comprised of various network streams supporting the separation of LIPA network and telephony assets from National Grid assets:
Team-lead for a team of 10 technicians and engineers and over 100 people through 15 streams of projects;
Creator and manager of all project plans and schedules, action/risks and issues lists;
Design/create, document and validate all operational process and procedures supporting the shared closets requirement and application change intake processes and procedures;
Design/procurement, implementation and decommissioning of Intercompany connection between National Grid and PSEG LI networks for user to application and application to application communications;
Discovery/design and deployment/decommissioning of wireless solutions in shared National Grid/PSEG LI locations to support co-habitation of 2 discrete wireless network;
Discovery, mapping of desk data jacks via station cabling to support the shared National Grid and PSEG LI deployment of operational processes/procedures to support shared patch panel and closets where switch connectivity is being de-activated as a result of site sharing between companies;
Network equipment asset discovery, removal and destruction where network presence is being discontinued.
Design, document and validate operational processes and procedures to ensure production network viability during construction and business-as-usual where two companies will share the same closet geography and procedures for access and sharing of closet, fiber and patch panel assets within the shared closet;
Design, document and validate operational processes and procedures in support of the core components and service provided by the Intercompany connection in the data center;
Analysis of complete LIPA Telephony environment and decommission/transition of 2500 telephony assets to PSEG LI including substation POTS, Leased lines, ring-downs, including a DID Block design for transition of emergency, procedural, operations, restoration numbers including management of supercedence and TOSA processes for billing and circuit transition;
Fiber and copper asset discovery and documentation for fiber plant and patch panel asset sharing.
Mapping of User/Server to the switch port and management of switch-port capacity in support of moves, adds and changes as well as user cutover from the National Grid to PSEG LI network.
Brookfield Corporate Operations, New York, NY 2/2012-1/2013
Senior Technical Program Manager: Network Engineering, Operations, Security and Disaster Recovery
Management of infrastructure program (25 projects) for Network Architecture, Engineering, Operations, Security and Disaster Recovery:
Research: IaaS, SaaS and PaaS with leading providers in the industry in support of business requirement to move in-house technology to managed services;
Next generation data center: ip / vlan design / vrf / wireless / next generation firewalls / performance monitoring system deployment;
Security: intrusion detection and protection / firewall analyzer / CIS Benchmark Hardening
Operations: Solarwinds upgrade / Citrix Netscaler firmware upgrade and hardware replacement supporting remote access and dmz-based load balanced applications;
Design, document and validate disaster Recovery: Loss of Data Center process / table-tops / technical shutdown, failover, invocation and site normalization processes and procedures; vmware SRM deployment.
Storage RFP project; Data Protection environmental analysis and definition of policy, process and governance;
Vendor Management: AT&T, IBM, IT Weapons
Credit Suisse, New York, NY 7/2011-1/2012
Senior Technical Program Manager, Compliance Monitoring
Management of a global compliance monitoring solution deployment focusing on various levels of infrastructure: operating system, web server, database, network and ESX.
Setup and manage a project with a proprietary Global project management process. Project managers in Zurich and Row (Americas, EMEA and ASIAPAC);
Create the project organization: Core and Project teams, Stakeholders and Steering Committee;
Stakeholder group creation, management and reporting;
Create project change management process for engineering / design and project changes;
Create internal quality control process for tangible deliveries to the customer;
Work with internal security engineering to identify technical solutions for deployment of the compliance monitoring system and agents based on server hardware and internal build;
Co-Design new operational model including RACI chart, support process and organization, product-related operational processes and procedures (Operations Run Book);
Co-Design implementation process and its execution;
Facilitate internal customer requirements gathering and report design;
Facilitator of a new operations model, RACI chart and ops model run book of processes and procedures to maintain the solution.
EDUCATION
M.A. Musicology/Composition - Concentration in Medieval 1982
Notation/Early Italian Instrumental Music/Composition - University of North Carolina
B.A. Musicology/German - Music Composition 1978
Phi Beta Kappa, Cum Laude - New York University
PROFESSIONAL CREDENTIALS
PMP, Certificate/ID number: 1198775 Awarded: 31 July 2008
PMI/ID number: 1082195
CBCP, Certificate/ID number: 17766 Awarded: 15 July 2008
CISSP, Certificate/ID number: 312735 Awarded: 13 June 2008
ITIL Foundation Certificate/ID number: US025084 Awarded: 17 August 2010
MBCP In process
PROFESSIONAL AFFILIATIONS
Disaster Recovery International ISC2
Contingency Insights Project Management Institute
PRESENTATIONS
Defining the Disaster Recovery Scenario and Solutions: Connecting the Risk Management final Business Impact Analysis to Technology Continuity Insights Management Conference, 2024
Aligning the Disaster Recovery Program to Company Technical Direction and Objectives
Continuity Insights Management Conference, 2023
ARTICLES/WHITE PAPERS
Office Buildings: Why a Partnership Between Tenants and Building Managers is so Critical Today: 13th annual Disaster Recovery Guide, 2008
The Accountability Process – Saving Lives as an Incident Unfolds
Working with the Facilities Building Manager in Creating the Business Safety Continuity Plan
Creating Synergy between the Business Continuity and Disaster Recovery Process
Taking the next steps from Business Continuity to Business Resiliency
The importance of the Technical Failover Methodology
Disaster Recovery Best Practices
Disaster Recovery Testing
Pamphlet: Disaster Recovery Preparedness and Readiness
When to Run/When to Hide: Access and Control, March, 2006
What About the People?
Readying the Corporation for the Dirty Bomb Experience
The Evacuation Process: Lessons Learned
Business Continuity and Disaster Recovery: Translating Business Requirements into Technical Realities
Outsourcing Networking Services: Selecting the Right Provider: Telecommunications, April, 1997
Aligning Disaster Recovery with Corporate Technical Requirements - BCI Journal, UK Published: 2024
Contact this candidate