Information Security Engineer
Resume:
Humphrey Russell, Senior Information Security Engineer
Atlanta, 30052, GA, 651-***-****, **************@*****.*** SUMMARY Dynamic Senior Information Security Engineer with over 10 years of experience in cybersecurity and compliance. Expertise in vulnerability management, risk assessment, and threat intelligence, backed by certifications including Certified Ethical Hacker (CEH) and Certified Information System Manager (CISM). Successfully led initiatives that improved security postures, achieving ISO 27001 certification and reducing vulnerabilities through effective training and automation. Bringing a comprehensive skill set to enhance and safeguard information systems, driven to deliver exceptional results in protecting organizational assets.
WORK EXPERIENCE
03/2022 – Present Senior Security Analyst, Guided by Good Inc. Atlanta Spearheaded regular vulnerability scans across on-premises and cloud environments using tools like Nessus, Qualys, and Tenable. Executed comprehensive cyber security assessments of IT infrastructure, applications, and third-party services to identify risks. Acted as a Subject Matter Expert (SME) for SOC 1 and ISO 27001 ensuring adherence to compliance standards.
Formulated and implemented strategies to mitigate identified risks and vulnerabilities.
Oversaw and managed cyber security monitoring tools and platforms to detect potential threats and anomalies.
Scrutinized scan results, prioritized vulnerabilities based on CVSS scores, and recommended targeted remediation actions.
Collaborated with IT and DevOps teams to ensure prompt patching and configuration updates.
Developed and maintained vulnerability management policies, procedures, and playbooks.
Generated detailed reports for stakeholders, illuminating risk exposure and compliance status.
Monitored emerging threats and vulnerabilities, integrating threat intelligence into vulnerability management processes. Automated repetitive tasks using Python and PowerShell, enhancing operational efficiency.
Conducted security awareness training for staff, significantly reducing human-related vulnerabilities.
Engineered solutions for Identity and Access Management (IAM) for a substantial user base of remote employees.
Correlated logs from diverse security tools and systems utilizing SIEM for real-time detection of anomalies and early identification of security incidents.
Developed and enforced security policies and procedures regarding access control, authentication, and authorization. Conducted quarterly entitlement reviews and access control audits. Instituted vendor management frameworks and metrics. Championed the development and implementation of the InfoSec Governance, Risk & Compliance (GRC) programs.
Led security risk assessment and mitigation efforts while overseeing the overall security policy governance.
Communicated and supported Management Information Security policies, standards, and procedures that promoted security best practices. Served as a key expert for information security and compliance policies and procedures.
Directed ongoing third-party due diligence, risk tracking, and monitoring efforts, coordinating to address security concerns through a well-designed Third-party management system.
Coordinated remediation efforts to mitigate internal and external information technology and security-related audit findings. Maintained accurate reporting of mitigation and remediation activities, providing visibility to stakeholders and leadership. Prepared and presented executive-level reports on the organization's security and compliance status.
03/2020 – 03/2022 Cyber Security Engineer, Graham Technologies Atlanta Functioned as a Subject Matter Expert with the capability to assess information security programs and provide expert guidance on recovery from business disruptions.
Analyzed threat intelligence reports to identify vulnerabilities, evaluate exploitation methods, and assess potential impacts within the financial industry.
Managed user identities by creating, modifying, and deleting user accounts.
Defined and implemented access control measures, such as role-based access control (RBAC), to restrict user access to specific resources. Integrated SIEM with vulnerability management and threat intelligence feeds, enhancing visibility and context during investigations. Translated complex technical issues into business implications for both technical and business representatives.
Maintained ongoing awareness of current and emerging information on security threats, techniques, and landscape.
Applied specialized technical knowledge to perform reviews relevant to the full life cycle of models, IT applications, or risk management/analysis utilized across the organization.
Served as the project leader for audits, ensuring timely completion of projects.
11/2019 – 03/2020 Manager, Global Security Risk and Compliance, Career Builder & nuVizz
Atlanta
Directed major compliance programs, processes, and audits, including data privacy and other operational compliance requirements. Developed and maintained vulnerability management policies, procedures, and playbooks.
Generated comprehensive reports for stakeholders, emphasizing risk exposure and compliance status.
Monitored emerging threats and vulnerabilities, integrating threat intelligence into vulnerability management practices. Devised and executed company-wide processes for the development and management of policies and procedures.
Fostered cross-functional partnerships with various business functions and collaborated on compliance and policy initiatives. Managed, monitored, and coordinated information security policy exemption and risk acceptance requests.
Led security operations center (SOC) activities involving SIEM-driven threat detection, triage, and escalation procedures. Provided advisory and implementation support in developing management responses to associated risks.
Conducted risk assessments to evaluate compliance with existing policies while accurately identifying risks and driving remediation processes. Championed successful ISO 27001 certification by compiling, analyzing, and providing evidence to external auditors to validate compliance with industry regulations.
Coordinated remediation efforts to address internal and external IT and security-related audit findings.
Ensured comprehensive reporting of mitigation and remediation activities to enhance visibility for stakeholders and leadership. Prepared and presented executive-level reports concerning the organization's security and compliance status.
Conducted third-party risk assessments while overseeing day-to-day project management, including project guidance and informal coaching. Performed first-level review of work and documentation; communicated project team goals and audit objectives; motivated team members to excel. 02/2016 – 11/2019 Senior Manager Security Officer/Vulnerability/PM, Entrust Data Card
Minnesota
Served as a vital member of the Enterprise IT team responsible for ensuring compliance with mandatory Control Frameworks such as ISO 27001, NIST 800-53, ISO 21188, PKI E509, FPKI CP, and FISMA. Conducted regular vulnerability scans across on-premises and cloud environments utilizing tools like Nessus, Qualys, and Tenable. Analyzed scan results, prioritized vulnerabilities based on CVSS scores, and recommended comprehensive remediation actions. Collaborated successfully with IT and DevOps teams to guarantee timely patching and configuration updates.
Developed and maintained vulnerability management policies, procedures, and playbooks.
Generated detailed reports for stakeholders, highlighting critical risk exposure and compliance status.
Monitored emerging threats and vulnerabilities, integrating relevant threat intelligence into vulnerability management workflows. Established and enforced robust security policies and procedures related to access control, authentication, and authorization. Conducted quarterly entitlement reviews and access control audits. Developed and implemented vendor management frameworks and metrics.
Led monthly risk assessments and vulnerability scans to proactively identify and mitigate potential security threats.
Implemented and managed multi-factor authentication (MFA) solutions to enhance overall security posture.
Spearheaded successful ISO 27001 certifications by spearheading gap analysis, identifying control owners, gathering control evidence, and submitting to ISO certification bodies.
Tracked audit observations and action items while providing an actionable Plan of Actions and Milestones (POAM) for corrective actions. Maintained internal records of audits and ensured processes were meticulously documented and followed.
Conducted stakeholder assessments and created engagement plans to involve stakeholders effectively.
Established a comprehensive vendor management program. Demonstrated expertise in auditing on-shore and off-shore service partners to ensure compliance with security standards. 07/2014 – 02/2016 Senior Manager Information/Officer/IRM, Optum/United Health Minnesota Orchestrated the development and implementation of the InfoSec Governance, Risk & Compliance (GRC) programs utilizing the Archer platform.
Evaluated scan results, prioritized vulnerabilities based on CVSS scores, and recommended actionable remediation strategies. Collaborated efficiently with IT and DevOps teams to ensure timely patching and configuration updates.
Developed and maintained comprehensive vulnerability management policies, procedures, and playbooks.
Generated detailed reports for stakeholders to illuminate risk exposure and compliance standing.
Provided assistance with business and system analysis to interpret security requirements, analyze data security, and review technical design specifications.
Conducted thorough security reviews of system designs and requirements to guarantee implementation of adequate security standards. Managed a vendor security risk management program to assess and mitigate potential risks.
Engineered, implemented, and maintained Identity and Access Management (IAM) solutions for a significant remote user base. Established and enforced security policies and procedures regarding access control, authentication, and authorization. Performed quarterly entitlement reviews and access control audits.</ Developed and monitored vendor management frameworks and metrics. Executed monthly risk assessments and vulnerability scans to proactively identify and manage potential security threats.
Implemented and managed multi-factor authentication (MFA) solutions to bolster overall security posture.
Conceived and implemented a comprehensive NIST-CSF framework for risk identification, controls implementation, and KPI/KRI metrics programs. EDUCATION
02/2005 – 05/2007 Jones International University
Mini masters, Cyber Security and Disaster Recovery CO
Honors
2001 – 2004 University of St. Thomas
Master of Science, Software Engineering
MN
1984 – 1989 University of Liberia
Bachelor of Science, Engineering and Geology
LIBERIA
2025 – Present John Hopkins
Certificate, Generative AI and Data analysis
USA
in progress
2023 – 2023 Infosec
Certified Vulnerability Assessor (CVA)
USA
2024 – 2024 Harvard University
Certificate, Governance, Risk, and Compliance
usa
2023 – 2023 Infosec
Certified Ethical Hacker (CEH)
new york, United States
2016 – 2017 Hamline University
Certificate, Law and Corporate Strategies and Risk management MN, USA
2016 – 2016 PECB
ISO/IEC/27002 MANAGER –SECURITY
USA
2004 – 2004 ISACA
Certified Information System Manager (CISM)
USA
2001 – 2001 ISACA
Microsoft Certified System Engineer (MCSE)
USA
2006 – 2007 Project Management Institute
Certificate, Project Management Institute (PMP)
USA
2006 – 2008 University of Fairfax
Forensics Tools and Techniques
USA
2001 – 05/2002 University of St. Thomas
Post Graduate Certificate, Information System
St. Paul
1990 – 06/1992 Churchill University
Certificate, Computer Science
UK
1988 – 1989 Data Research
Certificate, Financial Management
GHANA
SKILLS Identity and Access Management
(IAM)
Directory services (e.g., Active
Directory, LDAP)
Single Sign-On (SSO) Multi-factor Authentication (MFA) Windows Linux
macOS AWS
Azure GCP
Python Bash
PowerShell SQL
Security Information and Event
Management (SIEM)
Vulnerability scanning
Penetration testing Nessus
Qualys Tenable.io
Rapid7 Metasploit
Burp Suite Splunk
ELK Stack MS Office Suite
MS Access Crystal Enterprise
Mind Manager SharePoint
Jira Okta Archer
GenGRC One Trust
Archer SIEM
NIST ISO 27001
PCI-DSS MITRE ATT&CK
HIPPA GLBA
SAS 70 SOX
Vulnerability Assessment &
Management
Risk Analysis & Mitigation Strategies
Patch Management & Configuration
Auditing
Security Information and Event
Management (SIEM)
Penetration Testing & Threat
Modeling
Scripting & Automation (Python,
Bash, PowerShell)
Incident Response & Threat
Intelligence
Cloud Security (AWS, Azure, GCP)
Stakeholder Communication &
Reporting
Information Security Disaster
Recovery Planning
Leadership Communication
Analytical skills Quantitative skills
Collaboration Software Development
IaC Security Engineering
Compliance Documentation
Security Standards Monitoring
AI Strategy Network Architecture
NIST CSF Proactive Defense
Project Management IT Security Knowledge
Compliance Knowledge Quality Assurance
Relationship Management
Contact this candidate