Conducted internal audits, risk and gap assessments for clients using the ISO 27001, GDPR, CMMC, HIPAA and HITRUST CSF frameworks and develops strategic remediation plans to improve the clients’ security portfolios.Served as the client representative to external auditors by presenting evidence, detailing established policies and procedures and creating remediation plans for identified gaps.Performed security incident and disaster recovery table top exercises to test clients’ current plans. Created remediation procedures to correct plan deficiencies based discovered during the exercises.

Software-as-a-Service (SaaS) security SME. Coordinates all aspects of Tangoe's global security program, including data privacy enforcement and risk assessments, with internal business teams and external audit firms. Manages all internal audits of critical controls, identifies and reports correlating events with senior management. Performs vendor and client risk assessments in accordance with company policies and works with the internal legal team in SLA negotiations.Architected the first governance and training program to protect the company's software intellectual property from potential open source license violations.Team lead and SME for the company's annual PCI DSS, SOC 1 and SOX compliance audits.Subject matter expert in the company's incident response exercises. Introduced process improvements that mitigated serious flaws in the response process.

Delivered comprehensive risk management solutions from executive directives to mitigate data and cyber infrastructure risks to align with PCI, SOX and ISO 2700* standards.Performed risks assessments to identify critical threats to customer data from a business, legal, financial, regulatory and HR perspective. Audited service provider cloud facilities to identify physical or logical deficiencies that may put customer data at risk. Findings and recommended solutions were presented to executive management for remediation.Audited logical network and access controls for employees and contractors and implemented measures to eliminate improper access controls to reduce threat probability to critical customer data. Identified dormant user and service accounts that were terminated.

Cyber security lead for all of Gemalto’s clients in the U.S., Mexico and Canada. Security supervisor for eight projects involving smart cards, mobile payments, health records, trusted platform services, SaaS solutions and operational continuity. Supervised teams up to fourteen people and mentored two new-hire SSO's.Delivered risk assessments that identified integrity weaknesses of mobile phone payment systems.·Successfully communicated risk and threats to client executive management such as CEO’s, CIO’s, General Counsel, etc.Delivered the second highest global passing rate for the company’s annual security awareness program for the North America region.Directed internal penetration test teams to test the security of various customer services. Identified and corrected critical vulnerabilities.Security subject matter expert for the company’s new data center in Singapore to meet customer demand in the Asian market for financial transactions, communications and SaaS operations. Created and tested all data center-centric security operations policies and procedures. Produced the data center’s two-year trusted computing strategic expansion plan and implemented that plan into the data center design. Designed dual factor physical and logical authentication controls for the company's highly critical trusted platform services for financial transactions. Tested, audited and delivered new physical and logical security solutions in accordance with company requirements. Remediation included security operational budget prioritization. Collaborated with the MasterCard & Visa auditor to create the initial operational certification.

Delivered a successful risk management program to executive stakeholders that exceeded Payment Card Industry (PCI) requirements for a global $12 million multi-currency debit card and travel card program.Implemented an improved, more mature comprehensive global strategic risk management program that implemented the ISO 2700* standards and the PCI DSS standards which included a vendor data center.Identified up to eleven gaps that could have disclosed sensitive financial information for the security operations co-located primary and backup cloud facilities. Audited existing internal controls in accordance with the Bank Secrecy Act/Anti-Money Laundering and Office of Foreign Asset Control. Identified significant controls that reduced attack probability by roughly one third.Clarified Know Your Customer policies and procedures including customer identification and acceptance, monitoring and account risk categorization to improve efficiency.Led security incident investigations that included established chain-of-custody requirements for possible law enforcement intervention.Conducted an enterprise-wide Business Impact Analysis, as part of a Disaster Recovery, and Operational Continuity Plan with executive support; identified errors in communication and recovery procedures which reduced average recovery time by roughly 15%.Established security requirements for the development and implementation of the company’s first iPhone mobile payment software system. Reduced software vulnerabilities by roughly 15%.Created and documented a new Change Management Process that reduced audit times by approximately 50%. Governed Physical Security, including access controls, for the company’s headquarters and audited cloud facility vendor that ensured compliance with established regulations.

Conducted agency-wide risk assessments and prioritized and remediated vulnerabilities in accordance with state and agency requirements.Developed a comprehensive technical and managerial information risk management program for a Texas state agency in accordance with the Texas Administrative Code, Section 202, the Governor, and the state’s Chief Information Security Officer.Served as the official security representative on two Governance Boards for Texas.gov, the state’s official web site. Directed and audited strategic security plans with managing third party in accordance with state objectives and FISMA and NIST guidelines. Directed and audited the implementation of the state’s strategic security requirements to third parties charged with managing the state’s primary and backup cloud facilities that were aligned to FISMA and NIST guidelines.Obtained the first PCI-DSS compliance report for state’s cloud facilities and Texas.gov enabling credit card transactions to enable expeditious remote payment options for Texas citizens.Created and delivered the 2010-2014 State Strategic Plan for Information Resources Management to the state legislature and agencies as the security representative on the agency’s executive steering committee, achieving legislative support.Authorized Controlled Penetration Tests and wireless scan results for the agency, the state’s cloud facilities and for Texas.gov. Developed and executed plans to remediate vulnerabilities, prioritizing on protecting data according to established criticality levels.Assisted the Texas Engineering Extension Service, Teex.org, in the development of its cyber security awareness training program for IT engineers and law enforcement.

Project Management: Served as a security leader for all internal projects within the company's backup cloud facility. Consulted with senior vice president, stakeholders and project managers to recommend security requirements and cost-effective solutions for all projects in accordance with company policies, requirements and regulatory requirements.Governance Boards: Advised steering committees and review boards as an official security representative. Wrote security requirements and approved or denied internal projects based upon implementation of requirements. Recommended solutions to project managers for all denied projects.Risk Assessments: Performed risk assessments and enterprise-wide business impact analysis under the ISO 20001, Sarbanes-Oxley and PCI standards (where applicable) of internal projects to provide a current state of appropriate IT controls.PCI DSS: Performed numerous service provider PCI audits of vendor’s internal controls to address access to customer credit card data. Security Operations and Testing: Enforced security requirements by testing projects (e.g. penetration testing, code reviews, web and server assessments). Identified vulnerabilities, recommended solutions and created variances to ensure that effective security and business needs are satisfied.Security Awareness: Developed and implemented an updated security awareness presentation for all new associates located in Austin. Modified presentation to increase emphasis on regulations, laws and company policies, and provided real-world examples of consequences of inadequate security.Promoted to interim team manager for five months. Responsible for managing the daily operations of the Austin security team. Reported weekly status to senior management.Volunteered to manage firewall change requests for six months. Authorized or denied requests based on company security policies and regulatory requirements.

Reviewed C and Assembler source code for a retail software package to identify security vulnerabilities.Identified severe vulnerabilities in data checking that, if applied in a runtime environment, could abort the application and allow confidential information to be exposed to an attacker.Presented findings and recommended solutions to the customer.

Developed and maintained core security software in C for the AIX operating system. Maintained audit component and assisted development of Kerberos, PKI and shadow passwords.Member of team that improved AIX security to meet requirements for Common Criteria.As part of the company’s enterprise server plan, created Enterprise Identity Mapping (EIM) component to provide a single sign-on capability to all IBM platforms while providing unique access control to each individual system.Coordinated multiple EIM test case plans with other IBM divisions. Developed test scripts to reduce testing time and reporting by 60%.

Developed and maintained C and Assembler software for the OS/2 Postscript driver. Provided strategic direction for driver development.Conceived, designed and implemented an improved user interface for all OS/2 print drivers that not only dynamically supported high-end printers, but added new print features, simplified printer selections for end users and reduced development time 20%.Served as a liaison between IBM and stakeholders of printer manufacturers. Prioritized strategic goals to align OS/2 development with printer manufacturers’ development plans.Volunteered to manage a computer test lab. Responsible for user access authorization and equipment inventory within the lab.