Senior Risk Architect with extensive experience in the areas of ISO 9000, 20000 and 27000 series, SOX [USA, Japan, and Canada] HIPPA, GLBA, PCI and Cobit compliance, assessments, audits, management and mitigation. Compliance specialties include development of policies and procedures, auditing and penetration testing, security metrics programs, Cisco security and advanced infrastructure certifications, and architecture design and review. I am looking for a management position where I can use my experience to help solve complex, challenging problems quickly and increase security effectiveness corporate wide.
• Recipient of AT&T’s prestigious “6th Man Award” for traveling over 1.5 million miles in 6 months, and managing 8 projects with individual project budgets in excess of $250 million each to successful “on time – under budget” completions while working with international teams.• Instituted what ISACA believes to be the first implementation of ISO 27005 “Information Security Risk Management” for Toyota Financial Services. The implementation was integrated into TFS’ ISO 27000 series project that includes assessing, managing and mitigating risk by implementing policies and procedures in hardware and software so they can be verified and validated and audited to provide effective security metrics. Took TFS through the process of purchasing the tools and their installation and configuration to assist with process automation for non-business process remediation related tasks.• Provided information security architecture and PCI compliance management for a large mid western state toll road collection agency with over 8 million credit cards from at least three neighboring states. The design included active syslog and the use of Cisco MARS to work with a multi-layer load balanced firewall with IDS/IPS capability to protect the credit card database.• Performed an extensive security audit for a Fortune 100 well know insurance provider in the medical space. Provided a comprehensive assessment of their architecture, policies and procedures, and external visibility to hackers. Advised them in a written report of the proper remediation actions necessary to ensure their compliance with HIPAA.• Worked with “C” level executives, corporate counsel and HR to develop information security programs, policies, procedures, standards and guidelines.• Worked with business executives on strategic security architectures using Cisco MARS, IDS/IPS, PKI, RSA SecurID Authentication, smart cards and biometrics, to enable a business to save millions.• Worked with “C” level executives, corporate counsel and HR to develop information security programs, policies, disaster recovery plans, and system management and administration procedures for worldwide corporations.• Managed the move of an Orange county corporate datacenter including 1000 servers, mainframes and mini computers and WAN connections to two new facilities in Aliso Viejo.• Designed and managed the implementation of a new multi-gigabit redundant core Cisco switched environment with dual Internet connections. Implemented a new dual homed rack mount server system.
Jun 2008 - Nov 2008
Senior Risk Analyst
As a Senior Risk Architect on contract to Toyota Financial Services [TFS] and Toyota Financial Services Bank [TFSB] I provided Toyota with high-end experience in threat analysis and risk mitigation strategies. I also developed security requirements for both internal projects and projects involving third party vendors.
Aug 2006 - Jun 2008
Senior Compliance Engineer
As a Senior Compliance Engineer focused in Advanced Infrastructure and Information Security practices I provided AT&T customers with un-matched experience in security architecture design and implementation, security auditing and compliance with ISO standards, PCI, HIPAA, SOX and Cobit. I also provided services related to routing and switching infrastructure upgrades and the evaluation of environments prior to an upgrade being performed. On projects I was responsible for budgets up to 500 million dollars.