- Worked with clients to assess current security baselines, complete risk assessments and analysis of threat tolerance, risk acceptance and technology strategies.- Evaluated risk and cybersecurity posture for clients based on CIS Top 20 controls and industry specific requirements and regulations.- Consulted with clients to determine improvements of information security posture to support business objectives and meet customer demands.- Performed configuration and implementation reviews of infrastructure and system components against industry best practice security baselines.- Engaged with client technical process owners to identify risk and drive toward completion of IT governance documentation and process improvements to align with business objectives and risk management goals.

- Performed reviews of internal operating processes and procedures and verified effectiveness of implementation and alignment with established policies, NIST Cyber Security Framework guidance and CIS Top 20 controls.- Definition and implementation of security policies, operating procedures, standards andguidelines aligned with NIST 800-53, PCI-DSS and FFIEC guidance.- Performed risk assessments based on NIST 800-30 guidance of third-party service providers to verify compliance with internal data protections and regulatory obligations.- Defined improved oversight processes for third-party service providers to verify ongoing alignment with corporate standards and FFIEC requirements and maintain acceptable levels of risk for the organization.

- Performed vulnerability assessments and analysis on internal and externally facing networks and systems using commercial and open source applications and toolsets.- Coordinated external penetration testing with independent third-party firm and conducted manual verification of any determined vulnerabilities. Negotiated results for elimination of any false positive findings and generated ASV reports for submission for PCI-DSS attestations of compliance, executive summary reports for customer information security demands and detailed reports for internal consumption.- Determined requirements for remediation through CVE, CWE and NVD resources of any verified findings, prioritized findings based on CVSS and risk and provided guidance for Systems, Network and Development teams for implementation and performed testing to verify issue resolution within established SLA’s.- Documented and provided guidance for implementation of corporate policies, processes, procedures, standards and guidelines to align with industry best practices including NIST 800- 53 and PCI-DSS.- Organized multi-department resources for definition and implementation of policy, process and procedure requirements to achieve compliance with updated PCI-DSS version 3.2 standards for e-commerce, retail POS and card not present transactions.- Member of multi-department committee for ongoing corporate initiative for alignment of policies, processes and procedures to comply with AT101 SOC2 auditing and certification.

- Managed team of InfoSec administrators responsible for vulnerability and risk management, external network circuits, bandwidth aggregation, external/internal firewalls, routers and switches, DNS, HTTP/HTTPS load balancers and SSL accelerators, IDS/IPS, Identity Management for SAMLv2 Federation, LDAP, SMTP border systems, Site to Site and client VPN services, ARIN maintenance, registrar domain management, PKI and SSL/TLS certificate implementation and maintenance.- Primary IT escalation contact point for customer RFP/RFI’s and technical audits. Provided technical translation, guidance and red-line services for Legal, Contract and Client Services teams for customer MSA’s and SOW’s.- Architected and integrated HA load balanced environments for HTTP/HTTPS 3-tiered web services using Cisco ACE and ASA fronting Apache/Nginx, JBoss/Tomcat and Oracle DB systems.- Member of IT Architecture Review Board governing new technology implementations and integrations while reducing complexity and risk for existing systems, services and processes.- Lead IT technical resource for corporate PCI-DSS initiative with focus on limiting scope and overcoming technical, functional and procedural implications to allow for achieving compliance with version 2.0 and 3.0 requirements.

- Implemented corporate wide centrally managed anti-virus system.- Architected and implemented multi-tier SPAM prevention system using postfix, Brightmail, blacklists and content filtering to provide 87% block rate with few false positives.- Acted as corporate technical resource for customer information security audits.- Architected and integrated HA load balanced Apache configurations utilizing Cisco CSS,SCA and PIX to replace legacy Apache/mod_ssl configuration.- Implemented and administered Checkpoint Firewalls on Solaris, Red Hat Linux and IPSO.- Implemented and administered Snort and Symantec IDS systems.- Architected, implemented and supported 50+ node IPSec VPN solution for remote sales offices using Cisco routers on cable, DSL, and ISDN connections.- Consulted with Legal team for policy and process changes to allow achievement of EU/Swiss Safe Harbor compliance.- Architected, integrated and administered FTP, FTPS and SFTP services on Red Hat and SUSE Linux systems with LDAP authentication using secured open source applications to support customer and business secured data transfer requirements.