Responsible for directing the first line of defense IT Security services, consultation, leadership and subject matter expertise to SC businesses and functions on Information Security related matters. • Reported current risks and mitigation strategies to Federal Regulators fostering a stronger relationship with our regulators and supporting higher confidence in the organizations ability to manage risk• Reviewed, designed and developed security operational processes, standards, and procedures utilizing current and new technologies to improve security controls and business performance.• Responsible for reporting complex security risks to executive leadership to drive strategic decision making.• Responsible for staff management including setting organizational direction and prescribing activities to accomplish business objectives. • Responsible for oversight of the cyber operating and capital budget.• Directed information security risk management processes, program and strategy to align activities with PCI, SOX, and GLBA regulatory requirements and internal governing enterprise risk management policies. • Identified security gaps and deficiencies by conducting risk assessments• Ensured requisite compliance monitoring is in place to identify control weaknesses, compliance breaches and operational loss events fostering a risk and compliance focused culture and optimizing relations with corporate compliance members and regulators.• Ensured operational, architectural and design documentation including procedures, task lists, and architecture blue prints.• Directed security incident response activities and post-event reviews of security incidents. • Directed the research, evaluation, proof-of- concept, selection and implementation of technology solutions including the negotiation of contracts with vendors.

Received the Santander success award for the highest performance in information technology. • Developed standards, processes and procedures for the Information Security and IT Operations departments leveraging authoritative sources and industry best practices. • Developed and matured the Incident Response program ensuring the quick and efficient handling of all incidents and mitigation of risk to IT assets, critical business processes and regulatory protected data. • Implemented strategic monitoring and reporting for Information Security incidents using threat intelligence, exposure analysis and root cause analysis to actively contain threats and prevent future impact. • Defined security requirements and subsequent reviews of complex systems in order to determine vulnerability risk, secure design and implementation. • Communicated and reported identified gaps and driving remediation tasks between operations teams and business stakeholders. • Built and matured the Vulnerability Management, Threat Intelligence, Incident Response, Digital Forensics and Penetration Testing programs to increase the effectiveness of the overarching Cyber Security program. • Ensured the success, proficiency and cohesiveness of the Cyber Threat team. • Drove and managed projects for new security technologies, vendors and solutions. • Developed and guided the remediation of all internal audit and self-identified issue findings

Built and maintained the vulnerability management program encompassing all physical and logical hosts and infrastructure assets. • Provided vulnerability analysis and remediation data to system owners for remediation and mitigation. • Created standards, processes and procedures documentation for vulnerability management, server provisioning and incident response. • Performed risk analysis on new business initiatives and open vulnerabilities directly affecting Santander Consumer or its customers. • Performed threat hunting exercises to locate security risks that may result in an environmental breach and provided remediation action plans. • Provided incident response to cyber incidents from detection to recovery including detailed analysis for reporting. • Provided guidance and analysis on all security related issues to senior management, risk and IT operations teams. • Created metrics to track vulnerability and remediation trending and provide risk indicators to the Information Risk Department. • Performed proof of concept testing on new security solutions and provided feedback and comparative analysis to competitor and existing products. • Researched emerging threats and provided detailed analysis to determine the applicability and risk to the company. • Provided artifacts to audit in support of PCI, SOX, FFIEC, Partner Audits and Internal Auditing. • Maintained Qualys, Alert Logic IDS and FireEye appliances ensuring all tools are performing as required. • Built interpersonal relationships between IT and Business groups to evangelize security risk and mitigation solutions.

•Provide network security risk assessments and vulnerability mitigations to the Central Texas Support Facility (CTSF) Test Floor Network.•Provide technical and security policy assessments for Army IT systems in accordance with DoD DIACAP •Ensure systems under test meet Army Interoperability Testing entrance criteria.•Ensure Army systems meet Information Assurance Vulnerability Alert and Bulletin requirements and provide instruction on applicability and application measures.•Manage a team of 3 Security Engineers providing training, guidance and daily tasking for security requirements.•Maintain the security posture of the test floor network and serve as the alternate information assurance manager.•Provide guidance on all security related issues including incident handling, classification procedures and vulnerability mitigations.

•Provide network security risk assessments and vulnerability mitigations to the Central Texas Support Facility (CTSF) Test Floor Network. •Provide technical and security policy assessments for Army IT systems in accordance with DoD DIACAP •Ensure systems under test meet Army Interoperability Testing entrance criteria. •Ensure Army systems meet Information Assurance Vulnerability Alert and Bulletin requirements and provide instruction on applicability and application measures. •Maintain the security posture of the test floor network and serve as the alternate information assurance manager. •Provide guidance on all security related issues including incident handling, classification procedures and vulnerability mitigations.

Primary responsibilities include: • Network security risk assessments and vulnerability mitigations of DoD data infrastructures. • Coordination and evaluation of system compliancy with DoD, IA and federal requirements. • Exercise and reporting of information system validation results for certification determinations. • Review and ensure that C&A documentation meets DoD requirements for accreditation, define system security requirements, and establish C&A milestones. • Determine network security postures, develop risk mitigation strategies, provide guidance for compliancy, and collaborate with project stake holders. • Assist in configuration of DISA security technical installation guides (STIGS) and mitigate findings.• Manage timelines, create plan of action reports and track milestones for multiple simultaneous projects.• Manage client relationships and coordinate project changes as needed.

-Develop and implement Information Assurance (IA) policies and procedures to enhance information systems security, detect and mitigate network intrusion, and reinforce incident prevention.-Design and implement security measures in compliance with all DOD IA Operational Directives.-Advise the Communications Officer, Communications Chief, and the Commanding Officer on the certification and accreditation process pertaining to data networks for all communications conducted by the command.-Configure, monitor, and audit boundary enclave and host based security suites.-Support data operators with training on boundary enclave and host based security suites.-Prepare and present required information assurance training to all personnel within the command.-Perform additional duties as required by the Communications Officer and Communications Chief on all information assurance concerns.

- Assist in the development and implementation of information assurance (IA) policies and procedures to enhance information systems security, detect and mitigate network intrusion, and reinforce incident prevention- Assist with the design and implementation of security measures in compliance with all DOD IA Operational Directives- Provide input to the Computer Network Defense Chief and the command Data Officer for the certification and accreditation process pertaining to data networks for all communications.- Configure, monitor, and manage boundary enclave security and host based security suites. - Support data operators with training on boundary enclave security and host based security suites. - Prepare and present required Information Assurance training to all personnel within the command.- Perform additional duties as required by the Computer Network Defense Chief in addition to the Battalion Data Officer on all Information Assurance concerns.

- Supervise, troubleshoot, maintain, and repair electronic countermeasure devices and test equipment. -Perform duties as a quality assurance representative, responsible for inspecting and approving of repairs for issue. -Perform duties as a tool control specialist, accounting for all tool inventory and maintenance.-Perform duties as a training supervisor, accounting for all work center employee training and certifications.-Perform duties as a calibration supervisor, insuring that all test equipment and tools have up to date calibrations.