IT Security, IT Risk Management, IT Management, Active Directory, IT Compliance
US-TX-Houston (will consider relocating)
Strategic, proactive IT Risk, Security & Compliance Analyst and MBA with 10+ years experience at a Goldman Sachs subsidiary, University of Texas Health Science Center and more. Unique ability to design and implement security in federally regulated environments using a holistic approach that combines administrative, technical and physical controls. * Exemplary leader who can drive change, infuse new ideas and deliver solid business results to take enterprise system performance and productivity to the next level. * Core competencies include security architecture, business continuity planning, identity management, technical infrastructure management, CoBIT and compliance. Proficient in risk simulation, management and optimization tools.
PROFESSIONAL CERTIFICATIONS CISSP - Certified Information Systems Security Professional MCP - Microsoft Certified Professional
PROFESSIONAL EXPERIENCE LITTON LOAN SERVICING (subsidiary of Goldman Sachs), Houston, TX; 06/2007 - Present 4 years 2 months SUPERVISOR, IS SECURITY & SYSTEMS ADMINISTRATION (01/2010 - Present) Establish and maintain information security framework for federally regulated Mortgage Servicing Unit with 2000 users in 3 sites. Manage 15+ network security architects and system administrators in 3 sites and outsourced location in India as well as external contractors. Develop, communicate and maintain standards, procedures and guidelines to support IS policy, including privileged access management, infrastructure change management and server build procedures. * Integrate information security controls into contracts with business partners. * Coordinate daily technology pass/fail status reporting used to measure KPI. * Assist in assurance-related engagements by internal audit; compile and provide information requested by New York State Board regulators. KEY ACCOMPLISHMENTS: * Developed information security strategy and plan that allowed business and process owners to safely perform tasks without putting information at risk. Implemented plan that complied with regulations in the Gramm-Leach-Bliley Act (GLBA). > Introduced a more secure platform to transmit data using sFTP vs. Website. > Recommended fault tolerant distributed systems that would automatically failover in a disaster situation vs. using static locations in programs. * Created business cases to justify investments in information security, including RSA DLP for data loss protection and NetIQ DRA for user entitlement management. * Introduced process and tool to measure, report on and enforce baseline configuration, submitted annually to internal audit and New York State Board auditors. Also maintained configuration management catalog. * Implemented server lifecycle management process and converted hundreds of physical servers into the virtual environment (VMware), significantly reducing server deployment time and data center space. * Instituted a change control process, resulting in a consistent KPI of 95% success. * Facilitated information exchange between technology management and technology oversight committee and created automated management information reports. * Successfully managed a highly skilled team with more professional work experience.
LEAD, IS SECURITY & SYSTEMS ADMINISTRATION (06/2007 - 01/2010) Designed, implemented and administered security and networking solutions that improved system stability, efficiency, maintainability and recoverability. KEY ACCOMPLISHMENTS: * Guided IT infrastructure team of 12 to develop and implement business continuity (BCP) and disaster recovery (DR) plans across 3 geographic locations. > Proposed and secured project buy-in from executive management. Created scope and overall plan, then transitioned to project manager for execution while functioning as a key stakeholder and strategist. > Efforts led to 2 successful moves of critical services to the disaster recovery site during Hurricane Ike and a major Houston power outage. * Formulated operating baseline to enforce company's security policies/standards. * Established process for detecting/responding to IS incidents through implementation of products (NetIQ Change Guardian, RSA enVision), policies and procedures. * Redesigned AD and DNS infrastructure to accommodate separation from old parent company and inclusion of another affiliate (Avelo) after purchase. * Consolidated user identity and access control management across 8 disparate systems using Oracle Identity Manager. Designed conceptual framework with change management and outsourced code development. * Co-managed deployment of 2-factor authentication using RSA Secure ID and AD. * Deployed Public Key Infrastructure (PKI) within the subsidiary. * Created a secure process to transfer files between vendors and partners; served as point person for all data going out of the company.
PC SOLUTIONS, a Gold Partner with Microsoft & Fonality, Houston, TX; 07/2005 - 06/2007 IDENTITY MANAGEMENT CONSULTANT; 1 year 11 months Provided expertise in the design and implementation of identity management solutions, mostly Active Directory. Assisted in pre-sales demos and answering technical questions. KEY ACCOMPLISHMENTS: * Suggested ways clients could use technology to improve business practices/security. * Implemented document management systems at multiple law offices and maintained infrastructure for several partners who outsourced operations to India.
UNIVERSITY OF TEXAS HEALTH SCIENCE CENTER, Houston, TX; 06/2000 - 06/2005 5 years SYSTEMS ANALYST (01/2002 - 06/2005) / NETWORK SUPPORT SPECIALIST (06/2000 - 01/2002) Pivotal technical and leadership resource on networking and security projects supporting 10,000+ users. Prepared information security evaluation for new application projects. KEY ACCOMPLISHMENTS: * Designed and administered enterprise Active Directory of more than 10,000 users. * Led successful migration of computers and user accounts from various AD domains/forests into a consolidated structure, a 2-year project with 20+ team members. * Created solution to synchronize user accounts/passwords between Sun LDAP & AD. * Streamlined IT processes to achieve 75%+ reduction in labor and 99%+ uptime while adhering to HIPAA.
PROFESSIONAL AFFILIATIONS Information Systems Audit and Control Association (ISACA) Information Systems Security Association (ISSA)
PROFESSIONAL TRAINING RSA DLP Compliance Management, RSA, 2010 NetIQ Security Management Suite, NetIQ, 2009 Principles of Project Management, PMI, 2005