•Contribute to PCI compliance initiatives•Assist with building programs in support of HIPAA compliance, general security compliance, and future initiatives•Support attestations, audits, and external security reviews •Conduct security risk assessments that analyze security controls and vulnerabilities. Provide guidance and monitoring support over remediation efforts •Track, analyze, and report on security metrics. Propose countermeasures to address security trends that are not in line with the organization’s desired risk profile•Actively contribute to inter-departmental and cross-functional working groups to address security requirements •Develop and maintain process documentation

•Supported information security integration efforts between the legacy organizations•Provided information security risk assessments and risk mitigation services with recommendations for short and long-term security risk management •Participated in the investigation and remediation of security incidents•Initiated, facilitated, and promoted activities to create information security awareness within the organization•Assisted with documenting, implementation and management of policies, procedures, and processes in support of confidentiality, integrity, and availability of information assets•Administered data loss prevention tool and investigation of incidents•Collaborated among Information Security groups, various departments, and vendors to consult, gather information, resolve, and document security issues

•Evaluated and reviewed existing security policies for corporate adoption•Formulated a security awareness program framework for company-wide roll out•Initiated preliminary review of third-party system providers

•Performed monitoring and compliance tasks through preparation of monthly, quarterly and annual security audits•Evaluated, tested, and recommended potential security tools/applications •Revised and oversaw a newly implemented corporate-wide user provisioning process•Developed the framework for an Incident Command Structure•Assisted with the planning and testing of disaster recovery efforts

•Identified areas of risk, documented findings and prepared reports for management review•Provided feedback on how to improve internal controls and advised on mitigation options•Created audit programs for newly implemented systems•Reviewed 3rd party vendor contracts and SAS70 reports•Working knowledge of banking and financial guidelines, standards, regulatory requirements

•Provided audit reports detailing control deficiencies and their root causes to assist management with a base for creating mitigating controls•Performed routine issue follow-up to determine if mitigating responses were adequate to resolve the risks identified•Served as a resource to new staff on topics relating to general audit procedures and methodologies•Assisted in performing SOX validation work

•Evaluated client applications and controls through the review of logical/physical security, policies and standards, change control guidelines, backup/data recovery procedures, and business continuity plans•Documented and analyzed client controls through interviews for management review

•Produced daily, weekly, and monthly security reports for senior management review•Performed weekly downloads of the anti-virus software definitions for enterprise wide distribution•Oversaw and supported the activities of the Emergency Operation Center•Maintained emergency equipment in a high state of readiness in support of the overall Emergency Management Program