Description
SUMMARY OF QUALIFICATIONS: Bachelor degree's in Computer Engineering with 20 years of experience in Infrastructure and Cyber Information Security. Responsibilities included managing employees, budgets, vendors and third party interests. Project manager (infrastructure and security Architecture) projects from choosing the right solution to implementation into production. Technical hands-on managers who can support the environment as well as manage the Cyber security department, consistent track record of exceeding expectations with limited resources and core strengths in building Information Security programs from the ground up. Highly motivated and experienced IT Manager, high level of technical knowledge and ability to manage multiple projects and task simultaneously and anticipate the technological needs of the company, hands on and managing team. New York & Company, NY. Sr. Mgr. Head of Cyber Security Dept. (March 2016 - present) * Head of Cyber security department at New York & Company leading Cyber Information Security role with hands-on technical manager and project manager. Built the cyber security core team and Information Security Program from the ground up. Managing team of two full time employees and consultants from third party partner. Helping the business grows with evaluating and run risk assessments, Penetration tests, and Remediation risks. Built new Identity Access Management for the company and outside vendors, as well implement two factors Authentication. Evaluate and add cyber security policies and procedures. Identifying and solving potential security risks. Evaluate and improve the security of the environment based on the business goals and needs. Overall Cyber Security architecture program and projects. Constantly looking for ways to improve the cyber security area. * During the first year, 10 new systems were implemented to production, such as AD Manager Plus for Identity Access Management, LastLine, Carbon Black Response, Carbon Black Protection, CyberArk using tow authentication factor, Varonis, PhishMe, and Cyber Frame Work - NIST, Awareness program, Symantec E-mail Gateway, Bitlocker, and Hardening. * Enhancement and improving the existing systems running in production by bringing them to latest version of software and Re-configure them to meet with current cyber security threats: * Active Directory and Identity Access Management, Websense, Rapid 7, WatchGuard, Tripwire, Dell Secureworks, PCI Trustwave, Airwatch, Cyber Security policies, Symantec End point Protection, IPS/IDS and DLP. * Lead implementing of PCI: * Insuring all firewall and network routes are PCI compliant. * Confirming all passwords was truly encrypted and secure within the custom cash register systems. * Worked with a 3rd Party Credit Card Processor, insuring that all Credit Card transaction is secured over a secure SSL tunnel. * Audited that Credit Card are not stored on any system and encrypted in our database for each customer. * Created process in order to bring existing customers credit card information securely over from Legacy systems and 3rd Party Credit Card Processors, this included: * Credit Card File Encryption * Secure File Transfer. * Bitlocker whole Disk Encryption * Ensuring that all Credit Card information is written to memory and not disk for in house Store Application * File Wipe of sectors in which Credit Card file existed on workstation. * Disk Wipe for each region Credit Card upload of the workstation. * Lead IT Security Manager for new implementation of Security Policies. * Developed, communicated, and implemented security policies for NYCO. * Lead Computer and Network Forensics expert. * Implemented windows patch management policy and software. * Programmed and implemented IDS systems. * Administration and configuration of caching and firewall devices. * Designed, implemented managed, and secured communications between internal NYCO networks and third party vendors. * Managed internal security website for divisional security information for technical staff and end user community. * Incident Response, Lead IT Security performing Incident Response, IT Risk Assessments and Governance. Duties include: * Vendor Risk Assessment and Evaluations. * Data Risk Assessment. * Audits of various internal and external IT systems. * Non-Disclosure Agreement management and implementation. * Worked closely and provided expertise to the Business, IT teams, and Legal. * Core Member of CSIRT Team * SOC Administration and Monitoring * Application Risk Assessments.In-House * Network Risk Assessments, Internal L'Oreal USA, Clark, NJ.
Accomplishments
Highlights:
Keywords
