In my current role, I am responsible for managing third-party domain executive and business line reporting. In addition, I perform all third-party metrics, dashboards, and executive reporting. I direct third-party business process responsibilities and ownership of third-party controls in GRC tool.The values I have driven during this role were:* Served as SME for third-party IS domain policies, controls, and metrics.* Created automated reporting for executive management; resulting in minimizing manual reports and metrics by 65%.* Implemented third-party security controls aligned to regulatory requirements to verify documentation and sustainable compliance for advance* Executed processes, including governance, risk, and compliance (GRC) to automate and supervise third-party information security controls.

In this role, I developed access control accounts, groups, roles, and security parameters. I structured Solutions, Applications, Questionnaires, and Sub- forms. Moreover, I designed and imported data through data imports. I formed discussion forums at community level and within record.The values I have driven during this role were:* Transferred RSA Archer 5 to RSA Archer 6 through reverse engineering Archer 5 implementation.* Created and deployed permissioning within dashboards, iviews, reports, applications, fields, and record level.* Fashioned data feeds, advanced workflows, DDE's, reports, notifications, dashboards, workspaces, iviews, and schedules.* Actively engaged in business requirements reviews, line of business meetings, and directed various RSA Archer training sessions.* Built on demand applications for policies, standards, requirements, solutions, and security baselines with advanced calculations and workflows.* Created the following applications both out of box and custom created; policies, standards, requirements, solutions, glossary, master document repository, change request, and authoritative sources.

During this tenure, I developed and maintained reports for operational risk metrics to allow management view into number of assessments and mitigation of risks information security monthly completion. Moreover, I formed and presented board of director reports related to risks associated with third-party relationships allowing board to quickly identify highest risk third parties.My achievements for this role have been:* Structured metrics for measuring information security third-parties.* Developed and managed reports for business partners of metrics regarding risk tolerance of third-party relationships

* Reverse Engineered entire implementation of Archer 5.2 capturing all solutions.* Lead documentation efforts breaking down each component of Archer into manageable areas to document, assigned and tracked tasks related to documenting the entire implementation* Created documentation in order build out an entirely new Archer 6.2 implementation* Created a Data Flow diagram of each Solution and how they all interconnect within Visio including all data feeds, API's and SSIDs* Created a Process flow diagram of each Solution as well as how they all interconnect and how they feed into each other. * Built out a data dictionary and full taxonomy of the entire implementation of Archer* Build out Archer Solutions based on Business Requirements* Built out a new Service Request On Demand Application for users to request Enhancements, Issues or General Support help for Archer* Implemented a weekly meeting where each week I teach all team members a new Archer Solution from the front end to the backend, showing all Data Flows and Process diagrams for Cross training of team members

* Drive Archer platform development requests, from design configuration, system development, through service implementation to application and usability in order to scale and adapt to future requirements. * Deliver enhancements and updates to the Archer Platform as needed to support business requirements. * Work with team members, KPMG and key users to further define specifications, indicate areas of system impact, and communicate status to appropriate parties. * Support prioritization of Archer development activities, including level of effort estimates, identifying dependencies, and maintaining schedule of enhancements. * Provide Archer operational support, including troubleshooting issues, and report and data request support. * Provide regular communication to stakeholders through the creation of status reports and newsletters * Conduct periodic meetings with business stakeholders to update on current project efforts * Work with new business groups looking to onboard to the Archer platform to understanding current processes, develop and document workflow requirements, and integrate with existing Archer application and workflow configuration * Develop and maintain archer documentation that reflects the latest system configuration for application consistency and integrity * Create new Archer solutions and applications* Provide group training on solutions within Archer

* Creating Business Requirements and Acceptance Criteria for Security Operations Center and RSA GRC Archer.* Working with Archer teams to design and build out the Security Operations module and integrations.* Writing and building processes, procedures and playbooks for creating the Corporate Wide Security Coordination Center Incident Response team.* Design of dashboards to inform management on Key Performance Indicators.* Industry research on security trends, goal of potential improvements in our own processes or tools.* Coordination of security incident response activities, including written and verbal communication with other IT groups and IT management.* Ownership of events escalated as potential security incidents.* Triage of escalated security events that require in depth review and analysis, including ability to troubleshoot an event, research the potential cause, and recommend a course of action.* Schedule and run “after action” reviews of completed incident response activities.* Identification and tracking of security improvements identified during incidents or as part of a review.* Publish weekly incident reports and key metrics.* Document and communicate repeatable processes and procedures for Incident Response based on best practices.

* Evaluate various different technical, operational and management solutions to security problems, using written language and various media to present alternatives and recommendations.* Reviewing and evaluate technical Implementation of networks and systems.* Review System Security Plans to safeguard computer files against accidental or unauthorized modification, destruction,or disclosure and to meet emergency data processing needs.* Review violations of computer security procedures.* Recommended use of data files and to safeguard information in computer files.* Document and provide risk assessments* Ensure projects plan, execute and document security tests and evaluations.* Evaluate various technical, operational and management solutions to security problems, using written language and various media to present alternatives and recommendations.* Review and ensure documentation is sufficient to arrive at logical and comprehensive conclusions and recommendations at a professional level to stand as an artifact for reuse as part of the security architecture. * Perform analysis of in-place technical and non-technical security controls protecting information and information systems.* Ability to clearly communicate results of discussion, artifacts and recommendations.* Working knowledge of the System Development Life Cycle and the 800 series of National Institute of Standards & Technology (NIST) Special Publications (in particular 800-37, 800-39, 800-53, 800-53A, 800-94 and 800-115).* Knowledge of networking and internetworking protocols and their associated vulnerabilities* Created a vulnerability management working group to facilitate collaboration between departments and create a documented process * Knowledge of United States (US) Government security authorization (certification and accreditation) policies and processes.* Knowledge of security incident handling, response and follow-up.

* Conducted process improvement services while building processes, work level instructions and diagrams for outsourcing* Streamlining processes for efficiencies while defining remediation requirements for audit findings.* Worked with senior management to identify deficiencies in proprietary systems, creating processes and defining solutions for their IT departments o To include identifying jobs and/or processes that could be outsourced, streamlined, or eliminated to reduce business costs using ITIL v3, CoBit Controls, and Operational Excellence (Six Sigma)* Traveled to multiple locations meeting with senior management to identify and find solutions for their IT problems finding jobs that could be outsourced and streamlined

* Performed technical and non-technical risk assessments and recommended mitigation strategies for compliance * Designed, deployed, and assessed network security appliances including new applications deployments, upgrades and End of Life replacement as well as new implementations * Created weekly vulnerability reports and mitigation strategies based risk level based on vender reports of vulnerabilities * Created process, procedures, policies around operational support, incident response, problem management and upgrades of security devices (Using industry best practice)* Created test plans, back out procedures, and cause and effect for changes and change management as part of the Security Change Management Team * Created baseline hardening documentation and upgrade schedules to comply with contracts based on industry best practices and account SLA’s (Service Level Agreements)* Created, measured and tracked SLA’s for the Weyerhauser Account based on response time and resolution time* Established Verizon's CIRT team for the Weyerhaeuser Account. * Diligent and intelligent at developing and implementing solutions for complex networking and security issues. Extraordinary understanding of customer needs and security program development, compliance, security testing, PCI assessment, and related areas. * Facilitated complex Security Solutions delivery & development in concert with Field Sales and Product Management for Commercial customers* Information Security Solution consulting, design, and Strategic development for Global organizations* Helped deliver long-term Solutions based upon advanced Risk intelligence, Essential Control validation methodologies, and a proven approach leading to a verifiable, Business-appropriate Risk posture* Installed and upgraded system software, client hardware and components as necessary * Penetration and vulnerability assessments using known tools

* Authored and implemented a successful testing methodology that ensures the company is compliant with GLBA, SOX, BASIL II, SB1386, PCI and CISP regulations and programs * Communicate with Senior Leadership about security risks within the financial industry and recommend cost effective strategies to reduce risk profile * Implemented security services matrix to yield increased understanding and education of the program as a whole As an Information Security Officer I developed business plans, published information security strategies, policies and procedures and supported business sponsored projects to encourage the proper integration of information security requirements * Worked as part of an Information Security Certification team tasked with evaluating technical and operational controls * Verified security and operational controls of financial, Human Resource, FDIC, and stock broker applications by conducting technical and non-technical vulnerability assessments o To include reviewing network diagrams, some code review, web applications, user roles and permissions and implementation strategies. * Ability to navigate the convoluted regulatory and risk environment common to most large corporations* Utilizing tools such as Network Associates Sniffer, Nessus scanner, web proxy, nmap, Kismet, and various manual testing tools to scan Windows, Novel, UNIX, OS2, AS400, and IBM mainframes along with testing of Firewalls and associated rules, Code review and manual testing of Web Applications. PeopleSoft SAP solutions, Asset manager, Bloomberg

* Service oriented manager with an ability to be focused on accomplishing strategic objectives, while simultaneously digging in and handling tactical day-to-day issues * Recommending on project strategy, change management, information management or design o While taking ownership of issues with a passion that is gratifying, creatively amplifying and extending ideas presented and/or presenting alternative approaches to solutions. * Built a cross-functional, nationwide security support team* Managed security vendor relations, while piloting new security technologies from inception to production as the business and technical lead o (Executives piloted all new technology solutions being considered) * Managed security aspects of separate senior executive IT infrastructure o To ensure all executive data was stored and protected per regulatory requirements, and policies. * Served as Washington Mutual SME for wireless technology, * Coordinating team activities to ensure adherence to various standards on all implementations. * Projects varied in size and complexity, involving multiple vendors, contractors and internal stakeholders * Worked across multiple business lines to develop a business continuity plan (BCP) for the executives that integrated with their perspective business unit BCP plans* Provided all technical support the Washington Mutual Leadership Conference Center (Cedarbrook), coordinating all upgrades and deployments * Provided technical training for high-level executives on technology

* Led technical team for M&A integration* Resolved user account management issues, network connectivity issues and migration of old application data to the new application* Responsible for security of workstations, servers and data closets relating to the WaMu Executiveso Ensuring related network, server, and vendor installed connections were completed successfully Supported end user Executives on Business Line applications, provided Tier 3 technical support for projects * Supported multiple enterprise rollouts and acquisition integrations including Exchange, Windows XP, Active Directory, Marimba, Dime/NAMC, Fleet and Pittsburg National Corp, Office 2003 Rollout, Wireless LAN, Laptop Encryption, Blackberry Rollout, NT4 and Novell Eradication, iCheck and Enterprise Decision Engine

* Troubleshot hardware and software issues via phone and/or desk-side supporting Washington Mutual user base across the countryo To include remote users, banks and remote banks, user accounts and connections as well as RightFax* Working closely with other departments to resolve network and design issues by diagnosing network problems with accuracy by using Network Associates Sniffer* Provided customer support to users, tracking and monitoring service level agreements, while training onsite technicians via phone, to modify hardware and configuration protocols to resolve Tier II issues* Took incoming trouble tickets, provided initial problem determination and assigned workflow to technicians during Bank integrations and Roll outs of new systems and applications* Diagnosed several operations that had the potential to save IBM money and coordinated the projects to implement the solutions* Monitored trouble tickets and identified, resolved, and implemented corporate wide solutions for recurring issues using Crystal Reports, facilitating final root cause analysis projects.Morning On-Site Support Team for Conversions* Set up computers to matrix and installed programs creating technical documentation for installation procedures * Used troubleshooting skills to resolve issues with Trained technicians on installation and configuration of IBM servers and workstations.

* Trained technicians in maintenance, repairs, and upgrades. * Recruited, interviewed, and hired technicians on campus, while increasing staff by 150% of volunteer positions as well as paid positions. * Increased productivity by implementing a rigorous training program.* Accountable for submitting weekly reports on usage as well as troubles, upgrades, conflict resolutions, computer technicians' hours for payroll* Maintained inventory, supplies, and trouble log databases.Installed and configured new computers.* Ensured communication between lab computers and the network; troubleshoot connectivity problems.* Responsible for installation of software upgrades as well as gathering a quarterly report as to the needs of the staff and acquiring needed software.* Prioritized repairs and upgrades to ensure minimal downtime of computers. * Changed network topology in all three campuses* Installed firewalls, switches, proxies and routers* Reset passwords, verified users against access list* Maintained list of user accounts and software permissions

Set up, configured and supported over 700-networked computers' campus wide. Utilized troubleshooting techniques while maintaining computers and network.

Assist in teaching specific software applications, as well as general computer curriculum.Creating CertificatesAdministering tests