Post Job Free
Sign in

Risk Management Information Security

Location:
Westlake, OH
Posted:
July 23, 2025

Contact this candidate

Resume:

Feras Abedeljaber

Cleveland, OH 216-***-**** *********@*****.***

SUMMARY

10+ years of experience in information security, risk management, and cloud architecture across Banking and Government sectors. Expert in securing AWS, Azure, and hybrid environments, managing identity/access controls, ensuring compliance, and remediating vulnerabilities. Skilled in Prisma Cloud, automated security solutions, and AI prompt engineering. Proven ability to bridge innovation and security, delivering intelligent, secure systems in regulated industries.

Technical Skills

●Cybersecurity: Threat Hunting, SIEM (Splunk, Sentinel), EDR/XDR (CrowdStrike, SentinelOne), MITRE ATT&CK, IDS/IPS, DLP, IAM, SOAR, Vulnerability Mgmt (Tenable, Qualys)

●Compliance: NIST, ISO, FedRAMP, FFIEC

●AI & Automation: Prompt Engineering, GPT-4/LLMs, OpenAI API, LangChain, NLP, Chatbots, Fine-tuning, Python

●Cloud & Security: Azure, AWS, M365 Security, Azure Sentinel, Front Door, Kubernetes, Security Hub, Microsoft Defender

●Scripting & Automation: Python, PowerShell, Bash, Ansible, Git, IaC (Terraform, GCP Deployment Manager)

●Networking & Infra: Firewalls, Traffic Analysis, Wireshark, ELK Stack, Endpoint Protection

●Reporting & Analytics: SQL, C#, Tableau, Power BI

SR. Cybersecurity engineer /IAM Administrator

September 2024 – Present Cleveland Metro School District – Cleveland, OH

●Conduct thorough risk assessments for third-party vendors to evaluate potential threats and vulnerabilities.

● Develop and implement comprehensive risk management frameworks to ensure third-party compliance with organizational security policies.

●Collaborate with cross-functional teams to assess and mitigate risks related to third-party partnerships and contracts.

●Continuously monitor and review third-party risk profiles to adapt to evolving regulatory and security standards.

●Managed user access and lifecycle across AD and Entra ID, implementing RBAC and MFA to secure resources and meet compliance standards.

●Applied machine learning algorithms for vulnerability prioritization, using exploitability context (via threat intel feeds and CVE metadata) to reduce patching backlog by focusing on high-risk vulnerabilities.

●Monitored and responded to endpoint alerts using Microsoft Defender for Endpoint, leveraging advanced hunting queries and automated investigation capabilities to reduce incident response time.

●Tuned and maintained Defender security rules, reducing false positives by 30% while maintaining high detection efficacy across the environment.

●Led system integration, cloud migration, and architecture projects, improving performance and ensuring 99% uptime.

· Implemented User and Entity Behavior Analytics (UEBA) to monitor user activity, detect insider threats, and flag unusual access patterns in real-time, reducing false positives and manual investigation effort.

· Utilized Natural Language Processing (NLP) techniques to enrich and correlate alerts from logs, threat intel, and email incidents, increasing analyst efficiency during investigations.

●Designed secure, scalable cloud environments (AWS, Azure) and automated deployments using DevOps tools (Jenkins, Docker, Kubernetes), reducing delivery time by 40%.

●Conducted IAM health checks, security assessments, and policy enforcement for AD, Entra ID, DNS, DHCP, and GPOs.

●Responded to security incidents, investigated breaches, and provided IAM technical support.

●Integrated 3rd-party applications into IAM and supported user training, access audits, and compliance reporting.

●Utilized Microsoft Purview for data classification, DLP, and insider risk monitoring across Microsoft 365 and Azure.

●Enforced Microsoft Information Protection (MIP) strategies, built data catalogs, and collaborated on audit readiness aligned with GDPR, HIPAA, and CMMC.

Freelance Threat Intelligence Analyst & AI Prompt Engineer

Self-employed Remote Jul 2024 – Sep 2024

●Developed Python scripts to automate threat data collection and analysis, reducing false positives by 30%.

●Used libraries like Pandas, NumPy, and Requests to process large datasets and improve detection efficiency.

●Built custom parsers to identify threats (malware, phishing, data breaches).

●Designed and optimized GPT prompts for legal, customer service, and creative applications.

●Collaborated with clients to fine-tune GPT models for industry-specific needs.

●Applied safety and bias-mitigation techniques to ensure ethical AI outputs.

WWC Global, A Pequot Company (Homeland Security) — Washington, DC

Cybersecurity SME / Cloud Security / Technology Risk

January 2023 – March 2024

●Led global cybersecurity initiatives across cloud and on-premise environments, achieving 40% risk reduction and compliance with FedRAMP, NIST, and HIPAA.

· Collaborated with the threat intelligence team to deploy AI-enhanced enrichment tools, enabling automated IOC extraction and contextual risk scoring for faster decision-making.

· Designed and deployed a predictive threat modeling system, leveraging historical incident data and supervised learning to identify potential attack paths before exploitation.

· Conducted proof of concept using LLMs (Large Language Models) to assist in threat hunting and log parsing, significantly reducing time spent during security investigations.

●Directed AWS security enhancements (Shield, GuardDuty, WAF), cutting potential threats by 50%.

●Managed GRC efforts aligning with ISO 27001 and PCI DSS, resulting in successful audits.

●Designed and automated SOAR workflows, improving incident response efficiency by 40%.

●Conducted risk assessments, threat modeling, and incident response for government systems aligned with NIST and CMMC.

●Integrated threat intelligence into SIEM, enabling real-time mitigation.

●Developed internal AI guidelines and secured LLM usage for sensitive data prompts.

●Created and delivered user awareness training, cutting human error incidents by 25%.

●Optimized DLP policies for GDPR and HIPAA compliance, minimizing false positives.

●Built Power BI dashboards to drive data-driven decisions and improve reporting speed by 40%.

●Advised on cloud security architecture, and managed IAM, RBAC, and policy enforcement.

●Led security for educational cloud systems, training staff, and ensuring compliance.

●Collaborated with federal teams on cloud security policies and threat mitigation.

Ally Bank (US Tech Solutions) — Remote, NC

Sr. Cybersecurity Engineer / Cloud & Sr. Auditor

March 2020 – January 2023

●Perform periodic risk re-evaluations and maintain a risk register, ensuring proper documentation and audit trails in accordance with internal policy and regulatory expectations.

●Lead vendor exit strategy planning and contribute to business continuity and disaster recovery assessments for critical or high-risk vendors.

●Provide risk-based recommendations to senior management and present findings during governance meetings or internal audits to influence decision-making.

●Stay current with regulatory changes (e.g., FDIC, OCC, GDPR, CCPA) and emerging risks, translating these into updates for internal policy and risk processes.

●Enterprise & Cloud Security: Led secure AWS architecture design and migration strategies, improving uptime (99.99%) and reducing deployment time by 40% using CloudFormation and Terraform. Championed VPC design, IAM, and security controls aligned with PCI-DSS, SOC2, and NIST standards.

· Evaluated and mitigated adversarial ML risks, ensuring the integrity of machinelearning models used in malware classification and detection workflows.

· Integrated AI-driven threat detection models into the existing SIEM platform (e.g., Microsoft Sentinel), improving detection of novel attack patterns by 30% through behavioral and anomaly-based analytics.

· Implemented User and Entity Behavior Analytics (UEBA) to monitor user activity, detect insider threats, and flag unusual access patterns in real-time, reducing false positives and manual investigation effort.

· Deployed SOAR automation to handle common incidents (e.g., phishing, credential misuse) using AI-based triage and playbook execution, improving response time by 40% and reducing analyst fatigue.

●Regulatory Compliance & Auditing: Directed audits and ensured adherence to SOX, GDPR, HIPAA, ISO/IEC, and AML requirements. Developed enterprise-wide compliance strategies across IT, risk, and business units.

●Security Operations & Tooling: Integrated FireEye, Trellis, and SOAR automation into SOC workflows, cutting incident response time by 40%. Developed Splunk-based dashboards for real-time risk metrics and reporting.

●Application & DevSecOps Security: Embedded security in CI/CD pipelines, conducted code reviews, and enforced vulnerability management—achieving a 25% reduction in incidents. Secured digital banking apps and Azure-hosted services.

●Data Protection & PKI: Managed DLP tools across cloud and endpoint systems. Administered PKI infrastructure, resolving cert issues and ensuring secure communication channels.

●AI & Automation: Implemented AI-enhanced chatbot workflows for support escalation and ticket classification. Integrated solutions with internal CRM via API and conducted A/B testing to improve customer experience.

●Cross-functional leadership: Partnered with executives, compliance, and DevOps teams to align security strategies with business goals, enhance scalability, and mitigate risk.

Disney (Randstad) – Anaheim, CA

Sr. Security Specialist (Part-Time) Oct 2020 – Sep 2021

●Led SOC training and awareness programs, improving response readiness by 30% and reducing incident response time by 20%.

●Designed executive-level Tableau dashboards for real-time visibility into security metrics and incident trends.

●Managed vulnerability assessments using Nessus, Qualys, and Nmap, mitigating 50+ critical issues across environments.

●Integrated AWS Security Hub across multiple accounts, reducing security incidents by 25%.

●Guided engineering teams on secure design and privacy best practices, cutting software vulnerabilities by 20%.

●Oversaw project workflows in Jira, improving security project delivery by 15%.

●Implemented Splunk SIEM for centralized monitoring and real-time threat detection, reducing response time by 30%.

●Delivered data-driven insights via interactive dashboards, enhancing decision-making and cross-team response speed.

Huntington National Bank — Akron, OH

Sr. Data and Network Security Engineer

January 2019 – January 2021

●Data Protection & Cloud Security:

●Implemented DLP strategies reducing data breach risk by 30%.

●Designed cloud security architectures and led risk assessments aligned with GDPR and SOC2.

●Secured cloud infrastructure for Disney’s streaming services and integrated controls in Kubernetes environments.

●Network & Infrastructure Security:

●Led network security efforts, decreasing incidents by 20% via proactive vulnerability management and firewall deployments (Palo Alto NGFWs).

●Configured Akamai to enhance web app security and traffic filtering.

●Improved threat detection and response by 25% using Azure Sentinel, automating incident handling and streamlining alerting.

●Enterprise Architecture & Governance:

●Directed EA strategies for multi-agency projects, aligning IT systems with regulations and boosting service delivery.

●Implemented governance models and shared service frameworks to reduce costs and improve scalability.

●Automation & Custom Tools:

●Built PowerShell scripts and custom security tools to automate infrastructure tasks and enhance vulnerability detection.

●Process Optimization & Team Leadership:

●Unified cross-functional teams, optimized data flows, and improved coordination across business units.

●Enhanced decision-making and operational efficiency through streamlined processes and system integration.

●Security Operations:

●Conducted audits and vulnerability assessments, improving the organization's overall security posture by 15%.

●Led incident management, and root cause analysis, and implemented long-term remediation strategies.

PNC Bank — Cleveland, Ohio

First Line (Retail) Technology Risk Management - Application Engineer Risk Specialist

January 2015 – January 2019

Conduct comprehensive third-party risk assessments including due diligence, onboarding reviews, and ongoing monitoring, ensuring compliance with FFIEC, OCC, and other regulatory guidelines.

●Develop and implement vendor risk frameworks using tools such as Archer, ProcessUnity, or MetricStream to track and mitigate vendor risks across the enterprise.

●Collaborate with business units and legal/procurement teams to review vendor contracts for risk clauses, including cybersecurity, data privacy, and performance obligations.

●Assess vendor cybersecurity posture through security questionnaires (SIG, CAIQ), SOC 1/SOC 2 reports, penetration test summaries, and ISO/PCI certifications.

●Application Security Leadership: Led initiatives to remediate vulnerabilities and implement secure coding practices, reducing high-risk vulnerabilities by 30%.

●Reporting & Analytics: Developed interactive tools in Tableau and Excel, improving decision-making speed by 20%.

●Vulnerability Management: Managed security vulnerabilities with SAST and DAST tools, cutting time to fix by 25%.

●Risk Assessment: Conducted risk assessments and control reviews, reducing overall risk exposure by 15%.

●Security Training: Delivered secure coding and security protocol training, increasing developer adherence by 40%.

●Performance Optimization: Enhanced data structures for a 40% improvement in application performance and scalability.

●Automation & Compliance: Automated reporting and change management in ServiceNow, reducing processing time by 25%.

●IAM Policy Enhancement: Strengthened IAM policies in AWS, reducing access-related risks by 25%.

●Cross-Functional Collaboration: Worked with teams to address security gaps, improving risk management by 20%.

Federal Reserve of Cleveland — Cleveland, Ohio

Analyst and Developer

June 2014 – January 2015

●Data Analysis & Reporting: Utilized SQL, Excel, and Python to identify trends and provide insights, improving operational efficiency by 20%.

●KPI Reporting: Developed and presented weekly KPI reports to senior management, influencing business strategies.

●Cybersecurity & Risk Assessment: Led risk assessments and gap analysis, reducing vulnerabilities by 15% through compliance with NIST and FedRAMP.

●Web Application Development: Built scalable web applications using Python, JavaScript, and React, enhancing performance by 25%.

●API Optimization: Designed high-performance APIs, improving data flow and application efficiency by 30%.

●Task Automation: Automated tasks with Python and PowerShell, reducing manual workload by 30% and increasing team productivity.

Cuyahoga County — Cleveland, Ohio

Analyst and Developer

June 2009 – June 2014

●Led firewall implementation across county networks, ensuring compliance with cybersecurity regulations and enhancing security.

●Managed Intrusion Detection Systems (IDS) for 24/7 monitoring, improving data protection and preventing breaches.

●Developed scalable C# applications, boosting performance by 40% and improving system reliability.

●Engineered backend systems with ASP.NET Core, optimizing performance and supporting high-traffic applications.

●Collaborated on security and vulnerability management, reducing incidents by 25%.

EDUCATION

· Master of Business Administration

Concentration in Information Systems

Cleveland State University — Cleveland, Ohio

· Bachelor of Arts & Science

Major: Political Science Minor: Computer Science

Cleveland State University — Cleveland, Ohio

CERTIFICATIONS

●RH124 – Red Hat System Administration

●NIST & ISO – Standards and Frameworks

●Security+ Prep Course (SYO-601)

●TOGAF – The Open Group Architecture Framework

●ITIL V3 2011 – Information Technology Infrastructure Library

●CISSP – Certified Information Systems Security Professional (in progress)

●AWS Certified Practitioner

●AWS Solutions Architect Associate (in progress)



Contact this candidate