Primary responsibility to lead the SOC (Service Organization Controls, a.k.a SSAE18) program across all IBM/Kyndryl Managed Application Services offerings which includes a mix of public and private cloud hosting solutions developed on IBM Cloud, Kyndryl GTS, Azure, AWS and Oracle.● Managed $1.3M SOC audit testing engagement budget to provide external attestation of security controls in cloud based application management services.● Identified opportunities to consolidate testing methods… Show more Primary responsibility to lead the SOC (Service Organization Controls, a.k.a SSAE18) program across all IBM/Kyndryl Managed Application Services offerings which includes a mix of public and private cloud hosting solutions developed on IBM Cloud, Kyndryl GTS, Azure, AWS and Oracle.● Managed $1.3M SOC audit testing engagement budget to provide external attestation of security controls in cloud based application management services.● Identified opportunities to consolidate testing methods and scope to reduce from $1.3M to $600K while also expanding testing into additional application layers to meet customer needs.● Continuously reviewed and consulted with external auditors to refine testing procedures as the offerings and processes changed.● Evaluated operational security controls and developed testing objectives across each offering for both SOC 1 and SOC 2 controls.● Delivered security attestation and assurance to meet portfolio contractual requirements for $230M in customer engagements and meet their control objectives and financial reporting schedules.● Forged relationship between PricewaterhouseCoopers and IBM/Kyndryl Managed Application Services.● Ensured alignment of SOC 1 and SOC 2 testing scope to SOX for customer financial reporting and AICPA Trust Principles.● Assisted technical process owners in developing tools to manage compliance and perform internal assessments prior to external audit engagements.● Consistently delivered unqualified reports to as many as 400 customers.● Gained a deep technical understanding of the design of the security controls at all levels of the environment and translated those details in a way for auditors to understand.● Collaborated with Agile teams responsible for security control automation and orchestration to ensure compliance and auditability of artifacts and documentation. Show less

Primary responsibilities include security compliance advisor and process SME, security operations compliance project management, security measurements and posture reporting to executive-level management.Participated in a project to implement role based access controls across the IBM Cloud Managed Services Delivery (IBM CMSD).Identified and drove resolution of several audit defects and security compliance issues across IBM CMSD.Acted as Primary contact for IBM CMSD customer for any… Show more Primary responsibilities include security compliance advisor and process SME, security operations compliance project management, security measurements and posture reporting to executive-level management.Participated in a project to implement role based access controls across the IBM Cloud Managed Services Delivery (IBM CMSD).Identified and drove resolution of several audit defects and security compliance issues across IBM CMSD.Acted as Primary contact for IBM CMSD customer for any customer audit activity.Engaged with existing IBM Service Offering (IBM SO) customers to provide a compliance audit feedback and posture. This directly resulted in the signing of 2 multi-million dollar contracts with the path to future contract signings with the same customers.Acted as focal for IBM CMSD customers and their auditors in providing evidence to validate SOX compliance.Assisted with a project to receive PCI and HIPPA Certification for IBM CMSD.Assisted with the development of a security policy for Oracle VM for new customer engagement and to expand the IBM Cloud offering.Provided compliance, governance and audit management for IBM Cloud offerings such as SAP, Oracle and PeopleSoft. Show less

Primary duties include process awareness and education, risk management, audit mitigation, communication and defect resolution propagation, security compliance advisor and SME, security compliance project management, security measurement and posture reporting to upper management.• Scope includes 120 commercial and internal accounts and 100,000 servers and devices.• Work with a team to review and size proposed changes to internal IBM server security requirements and identify changes that… Show more Primary duties include process awareness and education, risk management, audit mitigation, communication and defect resolution propagation, security compliance advisor and SME, security compliance project management, security measurement and posture reporting to upper management.• Scope includes 120 commercial and internal accounts and 100,000 servers and devices.• Work with a team to review and size proposed changes to internal IBM server security requirements and identify changes that would cost too much to be effectively implemented.• Provide training for new and existing employees on the proper use of an internal process used to document security noncompliance issues.• Manage security compliance projects globally across 14 countries.• Develop a method and a tool for departments to perform security self-assessments.• Perform Risk Management to identify and document potential security threats. Show less

Dedicated team charged with ensuring server compliance with security policies, both IBM internal and commercial, and IBM internal procedures. Focal for the team to ensure team members are following procedures and that all tool are configured properly to match customer's security requirements. • Scope included 25 accounts and about 10,000 servers.• Perform security healthchecking of servers to ensure the agreed to baseline is maintained.• Identify and correct security… Show more Dedicated team charged with ensuring server compliance with security policies, both IBM internal and commercial, and IBM internal procedures. Focal for the team to ensure team members are following procedures and that all tool are configured properly to match customer's security requirements. • Scope included 25 accounts and about 10,000 servers.• Perform security healthchecking of servers to ensure the agreed to baseline is maintained.• Identify and correct security vulnerabilities. Ensure that all the proper parties are engaged and understand the risk. • Work closely with other support personnel to ensure that the security requirements are understood and met.• Ensure servers are compliant prior to entering the environment.• Provide evidence of healthchecking the baselines when required for audit purposes.• Maintain tools used for healthchecking. Ensure all servers are properly reporting to these tools and that any accepted risks are suppressed. Show less

Primary role was to ensure security compliance of Unum Provident Insurance servers. • Scope was 1100 servers across 1 account. • Lead 3 projects to install 3 different software packages across all 1100 servers that allowed for the servers compliance posture to be monitored.• Lead a project to bring all servers currently with vendor security patches. This project installed about 10,000 patches over a 6 month period.• During 2 audits successfully mitigated 5 potential audit… Show more Primary role was to ensure security compliance of Unum Provident Insurance servers. • Scope was 1100 servers across 1 account. • Lead 3 projects to install 3 different software packages across all 1100 servers that allowed for the servers compliance posture to be monitored.• Lead a project to bring all servers currently with vendor security patches. This project installed about 10,000 patches over a 6 month period.• During 2 audits successfully mitigated 5 potential audit defects to result in successfully passing both audits.• Documented and present security risks to the customer and upper management.• Participated in a 3 day Disaster Recovery exercise in 2004. Show less

Primarily responsible for system administration of Lucent Technologies servers located in the Atlanta area. This scoped covered as much as 100 servers at 4 different locations. • Negotiated with customer in defining security standards for Windows based servers and developed a standard security template for deployment throughout the enterprise.• Maintained and improved customer relationships through the use of enhanced communications and specific technical issues… Show more Primarily responsible for system administration of Lucent Technologies servers located in the Atlanta area. This scoped covered as much as 100 servers at 4 different locations. • Negotiated with customer in defining security standards for Windows based servers and developed a standard security template for deployment throughout the enterprise.• Maintained and improved customer relationships through the use of enhanced communications and specific technical issues tracking.• Assisted in conversion from various host based and UNIX-based email systems to MS Exchange and at the same time a conversion from LAN Manager on UNIX to a NT4 Domain environment for workstation authentication services.• Monitoring of system performance and availability using a variety of hardware specific tools including Insight Manager, HP OpenView.• Developed and implemented a project for metro-wide server consolidation and relocation. Successfully consolidated 60 windows across 4 metro Atlanta locations down to 5 servers at 1 location. Show less