Jose Roman Email & Phone Number

Worldwide, OO

• My role involves guiding clients through the dynamic landscape of global cybersecurity trends, specifically focusing on Identity and Access Management (IAM) requirements. I lead in the design, deployment, and.
• Devised five-year risk mitigation roadmap, addressing legacy and third-party concerns.
• Led PAM architectural support for the vaulting of privileged accounts for a major State Government client.
• Contribute to Deloitte's thought leadership in client organizations and the external marketplace, providing valuable insights and expertise in IAM.
• Played a key role in the vaulting of database administrative accounts for a major healthcare client under their Privileged Access Management (PAM) initiative.
• Supported a Fortune 50 insurance client with their Customer Identity and Access Management (CIAM) practice along with performing a security assessment for their Third-Party Risk Management program.

Mclean, VA, US

• I provided end-to-end engineering support for the implementation, integration, and operations of Identity solutions within Agency environments. I led a dedicated team through the design, engineering, integration.
• Acted as leader on large IAM programs/projects that significantly impacted organization's long-term goals and objectives.
• Developed system concepts and applied advanced understanding of the systems engineering lifecycle to translate strategic cyber objectives, technology, and environmental conditions into engineering solutions.

Toronto, ON, CA

• I led a team of risk and control advisors in various capacities, including Security Risk Assessors, Secure Code Analysis, and Penetration Testers. I orchestrated demand management processes to contribute timely.
• Offered recommendations for privacy and security controls throughout the lifecycle of projects/solutions.
• Assumed responsibility for security assurance of applications migrated to KPMG Global Microsoft Azure tenants (NA, EMEA, and ASPAC).
• Took the lead in ISO 27001 North America technical standardization's, ensuring compliance and adherence to international security standards.

Toronto, ON, CA

• My role included providing valuable input on new strategic directions related to security and privacy control objectives. I led a team in conducting comprehensive reviews of applications from a security assessment.
• Offered expert advice, conducted risk assessments, and provided recommendations regarding privacy and security controls for projects throughout the asset's lifecycle.
• Played crucial role as member of the Global Architecture Review Board, contribution in modernizing technology requirements and shaping the organization's technological landscape.

Mclean, VA, US

• I delivered subject matter expertise in creating rules for IT General Controls and Baseline Security Configurations. I managed and executed penetration testing assessments, ethical hacking, email phishing/whaling, and.
• Implemented host-based data rights management ACLs, reducing SOX risk exposure to 0.35%.
• Created compelling business case, securing $1.2M budget to enhance corporate security posture.
• Authored standard operating procedure documentation for Vormetric, ensuring clarity in processes and procedures.
• Established vulnerability management framework, aligning with ISO standards (ISO 29147, 30111, and 27034).
• Developed Tenable Security Command Center, Core Impact Pro, and IBM AppScan, significantly improving vulnerability management and threat detection capabilities.

New York, New York, US

• Primary duties included the global identity management of all users, groups and systems acquired by information security.
• Technical leader and subject matter expert with the installation and maintenance of eTrust/CA Access Control, Audit and the administration of eTrust Admin, PAR, Powerbroker (user/host group and policy creation).
• Successfully deployed CA Access Control and CA Audit on the web hosting group and perimeter UNIX DMZ (Solaris) environment.
• Performed separation of duties function which entails limiting the range of administrative privileges granted to users within a MS Windows and UNIX/Linux environment.
• Provided input with the creation of the internal CTI restricted application list. Performed beta testing for various CA products.
• Reviewed the weekly report from the Areview and EERS entitlement process.

San Jose, California, US

• Provided support for various security products on a 24 by 7 emergency security hotline for UNIX and Windows systems that incorporated clients from security/system administrators of secure sites, networks, development.
• Performed extensive multiple-platform laboratory testing, documented software products, provided employee training for support personnel and supplied assistance with the integrity of the onsite lab machines.
• Supplied technical assistance to the pre-sales team.

• Responsible for calling the help desk to setup user/group accounts along with providing troubleshooting assistance for networking related matters.
• Maintained all pc's, printers, fax machines and copiers in two office locations.
• Installed Y2K compliance software for the Elite-billing program, explained the features and troubleshooting techniques of new office equipment to personnel.
• Administered the weekly network tape back-up system, also operated the video-conferencing unit and dealt with vendors such as Precision Interconnect, Bell Atlantic, Sony and RCN.
• Obtained a maintenance contract with the AMC Corp, which included the on-site service and temporary replacement of all Hewlett Packard printers.