Professional Documents
Culture Documents
KEY SKILLS
Over 15 years Hands on and working knowledge of networking concepts, Cyber Security, Penetration Testing
protocols and architectures (OSI-model, TCP/IP, major application protocols such as DNS/HTTP/SMTP,
LAN/WANs, VPNs, routers/routing, addressing, etc.).
Strong in core OIM development and troubleshooting
Experience in Identity and Access Management: CA Single Sign on (CA SiteMinder), CA API Gateway (Layer7) , CA
Mobile API Gateway , CA Mobile API Gateway SDK , CA RAS SDK, CA Advanced Authentication - Strong and Risk
Authentication, CA Federation, Ping Identity Suite ( Ping Federation , Ping Access , Ping ID , Ping One), Oracle
Access Manager , Oracle Identity Manager, IBM Security Access Manager , Tivoli Federation Identity Manger,
ADFS, Microsoft Azure AD, Net IQ Access Manager, Duo Security and RSA AA
Detailed knowledge of intrusion detection engines, capabilities and signature formats in general, with a specific
focus on Snort/Sourcefire variations and regular expressions (REGEX).
Programming and scripting abilities; specifically, in Pentaho (PDI), JavaScript, Perl, PowerShell
In Depth understanding of Vulnerability Management and Patching Lifecycle
Identifying appropriate use of AWS Architectural best practices.
Troubleshooting and resolving access management and provisioning workflow errors
Perform Identity and access management activities
Updating existing access management and provisioning workflows
Execute and track security process related activities including User ID management
Manage operations within the IAM environment at the client, including application patching and upgrades and
certificate management
Establishes and maintains good working relationships with all IAM customers
Web Access Management (Quest Active Roles Server, SiteMinder, Oracle Access Manager, etc.)
Knowledge of cyber policy & issues, the global cyber community, roles of major organizations how they
interrelate and interact, and challenges in these structures.
Awareness of the common cyber products and services, and understanding of their limitations, and a
comprehensive understanding of the disciplines of cybersecurity.
Recommending solutions to address control weaknesses and communicating findings and recommendations to
all levels of client management.
Establishing project plans with clear scope, key milestones, resources, and interdependencies, with clearly
defined roles & responsibilities.
Knowledge and proficiency with Ping Directory
Executing project plans and act resourcefully to ensure that work is completed within specified time.
Assigning testing responsibilities to other project members, and monitor the audit, communicating progress,
obstacles, and issues to management.
Using a range of tools and techniques to analyze internal / external data.
Demonstrating strong understanding of large-scale information technology systems, business processes, security
regulatory, risk management and security vulnerabilities.
Reviewed incoming documents for clients according to clients KYC /Anti-Money Laundering Program (AML)
policies.
Managing financial audit support, Service Organization Control (SOC), HIPAA, and PCI engagements, SOX reviews
of IT general controls, ERP system reviews.
Assessment and development of policies and procedures as they relate to information systems controls.
Working knowledge of security concepts, protocols, processes, architectures and tools (vulnerabilities, threats
and exploitation, authentication & access control technologies, threat intelligence data and sources, intrusion
detection/prevention capabilities, network traffic analysis, SIM technology, incident handling, media/malware
analysis, etc.).
EDUCATION
Master in Business Administration (MBA), University of HoustonVictoria-2018
Bachelor of Science - Harris-Stowe State University – May 2009
CERTIFICATIONS
CISSP- Certified Information Systems Security Professional
Certified Data Privacy Solutions Engineer (CDPSE)
PMP- Project Management Professional
Certified Fraud Examiner (CFE)
Certified Anti Money Laundering Specialist (CAMS)
Certified Information Systems Auditor (CISA)
Certified Information Security Manager (CISM)
Certified in Risk and Information Systems Control (CRISC)
Certified Ethical Hacker (CEH)
Computer Hacking Forensic Investigator (CHFI)
ITIL V4 certification
AWS SA Professional
Certified Internal Auditor (CIA)
HITRUST CCSFP certification
PROFESSIONAL EXPERIENCE
DANSKE BANK (AVENTINE HILL INC) 12/2018-PRESENT
CYBER SECURITY CONSULTANT 12/2018 – CURRENT
Responsibilities:
Manage multiple projects through initial, execution, monitoring, controlling, and closing phases of project life
cycle.
Conduct FFIEC Cybersecurity Assessments, HIPAA Assessments, etc.
Experience with other IAM services such as AD and LDAP directories, user provisioning and privileged access
management
Performed manual penetration testing and communicating your findings to both Business and Developers
Documented artifacts, approvals and evidences in the IAM Repository
Conduct NERC CIP audits
Experience in IT infrastructure, enterprise architecture, security, cloud, SDLC, applications, DevOps, data
governance, analytics, and/or other related fields.
Provide strategic direction, lead, enhance, and mature Nordstrom’s DR Program
Manage the tactical processes for Plan creation and DR Exercises
Create and maintain tracking and reporting for recoverability scorecard
Partner with teams outside of Technology for Business resumption planning
Liaison with vendors for disaster recovery services and media storage
Deep understanding of Risk & Compliance, Financial Crime Domain
Assist in the development and implementation of a centralized KYC/AML ownership protocol; and,
Develop strong working relationships with the RMs
Experience with presentation applications such as Tableau or QlikView
Conduct required due diligence on persons, accounts, or activities in accordance with AML regulations, including
high-risk countries and entities, OFAC sanction entities, politically exposed people, watch-list entities and money
services businesses
Proven knowledge of FISMA, FedRAMP, Cloud Computing, Information Assurance, IT Audit, Privacy and security
processes, tools and methodologies
Understanding of ISIM is required including an understanding of policies, workflows, reconciliation,
recertification, and reports.
Partners with business and IT to manage scope for release
Conducted Cyber Risk Assessment and total Cybersecurity Assurance test.
Overseeing activities related to the adherence of federal and organizational policies and procedures of
confidentiality pertaining to Personal Identifiable Information (PII), PHI, HIIPPA, FINRA and other sensitive
information.
Worked with internal and client-side resources to deploy and support PingAccess, Ping Federate &
PingDirectory, & PingID in high-availability environments
Effectively manage internal, external and cross-functional program resources to complete goals and initiatives
Assist in the development of performance metrics/ measurements for the user access attestations.
Vulnerability scans and other penetration testing projects validate segmentation and other PCI-driven security
controls.
Exceptional organizational and data analysis skills, balancing work and necessary resources, and creating,
preparing and presenting reports to senior management.
Solid project management skills; demonstrating knowledge of multiple PM frameworks (waterfall & Agile) and a
strong driver with prior experience leading matrixed, cross-functional teams.
Working knowledge /experience with complex, large-scale project implementations.
Prior experience managing Salesforce implementation.
Work with the project teams on implementing the defined Policies within Access & Identity Management (AIM)
solution
Experience planning, scheduling, and managing budgets, able to prioritize between immediate needs and long-
term objectives.
Able to understand and translate business value, manage diverse cross-functional teams, and work with and
guide managers, technical, and non-technical staff.
Champion the improvement of identity and access management processes, controls and communications
related to Policies across stakeholder groups.
Provided support in the 2019 Enterprise Cybersecurity Comprehensive Risk and Compliance Assessment to
satisfy regulatory requirements and assist the business in the identification of unknown cybersecurity and
compliance risk.
Provided regulatory requirement for InfoSec to conduct the assessment w/reporting to the Board/Regulators.
Performed network device penetration testing for hardening baseline.
Provided an independent, comprehensive, compliance grounded, risk assessment that identified cybersecurity
weaknesses & unidentified risks such as unknown- unknowns across the institution
Provided guidance in satisfying GLBA requirement for comprehensive risk assessment of the IS program also
NYDFS and others.
Provided actionable reporting for the business to improve compliance based on the institutions Legal Library
Tested developing evidence to satisfy regulatory scrutiny and assist in the identification of unknown compliance
requirements.
Configured SAML an open standard for exchanging authentication and authorization data between
parties, in particular, between an IDP and a SP. SAML is an XML-based markup language for security
assertions (statements that service providers use to make access-control decisions).
Prepare analysis reports detailing background, observables, analysis process & criteria, and conclusions.
Analyze large volumes of network flow data for specific patterns/characteristics or general anomalies, to trend
network activity and to correlate flow data with other types of data or reporting regarding enterprise-wide network
activity.
Document key event details and analytic findings in analysis reports and incident management systems.
Identify, extract and characterize network indicators from cyber threat intelligence sources, incident reporting
and published technical advisories/bulletins.
Assess cyber indicators/observables for technical relevance, accuracy, and potential value/risk/reliability in
monitoring systems.
Review and evaluate common services.
Determining the responsible individuals for remediation and collaborating with the Qualified Security Assessor
to ascertain record of compliance
Obtaining approval to test and deploy changes to production and do a re-run of tenable scans to ensure
remediation of compliance.
Lead efforts involving work plans, schedules, project estimates, resource plans and status reports within time,
budget and specification constraints
Developed and performed security compliance in line with Cloud Computing FEDRAMP, FISMA, HIPAA,
SARBANES-OXLEY, NSA, ISO 270001, Federal, State, and County- information technology regulations.
Liaise with internal teams to discuss UBS KYC/AML requirements and document client information.
Perform 4-eye checks and 6-eye checks on collected KYC information for existing clients verifying client’s
classification from a risk and regulatory perspective
Serve as an AML/KYC PICs & Trusts and Source of Wealth Corroboration subject matter expert to support the IPB
U.S. Business.
Responsibilities:
Manage and lead the execution and implementation of components of the information security program for
establishing new and enhancing existing internal controls. Perform annual risk assessment of the security program
to identify gaps, define objectives, and prioritize projects.
Hands on experience with FireEye for end point detection software and Tanium.
Knowledge of RSA Identity Access life cycle governance
Experience in AML/Financial crime domain
Understanding of all components in the IBM Tivoli / IBM Security IDM suite-WebSphere Application Server,
Message Queues, DB2, Tivoli Directory Integrator (SDI), Tivoli Directory Server, Adapter development tool.
Experience with remediation activities related to cybersecurity and security frameworks.
Strong knowledge of Identity process; to include, but not limited to PKI, federation, access management, and/or
privileged access management
Lead large (25+ people) delivery and testing teams across geographically dispersed locations (onshore/offshore)
Performed numerous risk assessments and IT audits (in accordance with FEDRAMP, FISMA, NSA, ISO 270001,
FISCAM, Confidential 800-X Publications including Confidential /A, CSEAT assessment, Federal, State, and County- IT
infrastructure System
Strong technical ability in security related architecture design and assessment (manual approach to penetration
testing)
Hands-on development and implementation of workflows and data integration/transformations in an identity
management project using Oracle Identity Manager (OIM) workflow engine.
Diligently investigated payment messages escalated from Regulatory Filtering Operations to US Sanctions
Compliance for potential sanctions, AML, or policy violations.
Manage relationships with all stakeholders throughout the lifecycle of each project
Perform data migration from on premises environments into AWS.
Responsible to clearly communicate to leadership the risk exposure to the company's financial applications
resulting from user access to sensitive transactions and segregation of duty conflicts.
Manage their entire cybersecurity infrastructure. Savings from not experiencing breaches in the last 5 years that
involved data exfiltration.
Experience with a variety of frameworks and regulations (e.g., NIST, PII, PCI, GLBA, GDPR, FFIEC, HIPAA, SOX, ISO
27001, SSAE16, SOC1/II, COBIT, COSO, etc.)
Created from scratch a security program based on the NIST 800 Series and CIS:
Continuously monitoring and detecting to see if 100+ vendors are putting the company at risk. Vetted vendors
that were security risks and saved the company.
Maintain yearly PCI-DSS compliance.
Understanding of information security risk analysis, Identity Access Management and access control
methodologies with working knowledge of business applications
Demonstrate competency in coordinating all aspects of a large, complex project involving multiple IT disciplines;
coordinate projects with other on-going efforts
Experience with regulatory requirements such as California Consumer Privacy Act (CCPA), General Data
Protection Regulation (GDPR), HIPPA, SOX IT GCC, FCC, FERC, NERC CIP
Created permanent behavioral change in the security awareness program and in 3 months reduced 50% of
phishing scams from succeeding in 2017: 140 down to 70.
Risk minded professional understanding the importance of being a business partner and creating holistic views
of risk management. Pushed our firm into Latin America which is growing market for cybersecurity services.
Created and maintained a NIST/CSC based security program for an environmental firm that was attacked
100,000 + times a day. As a third-party vendor, their security program had to meet their client’s standards.
Provided 10+ years of full IT services to the environmental firm which allowed the company to exponentially
grow.
Established a steering committee for a client and evaluated the business impact and risks associated with their
cybersecurity investments.
Prioritized a client’s cybersecurity risks and for the 1st time they see what they were up against. Created a top
10 risk list, based on risk data in financial terms, which allowed for quick mitigation significantly reducing risks to the
client’s company.
Built out a complete cyber at-risk model that included a comprehensive outlook on the company’s assets under
threats.
Oversee and ensure the delivery of timely, high quality and value-add SOX and project results in accordance with
professional standards.
Perform as a Cyber Security Incident Responder within a SOC environment.
Manage/mentor a team of 14 and support them in achieving career goals and growth.
Ensure audit tasks are completed accurately and within established time using the application frameworks such
as FFIEC, COBIT, COSO, ITIL and NIST.
Educated management on how to prevent or minimize cyber security attacks.
Oversee SOC 1/SOC 2 examinations from start to finish
Identify opportunities for improving third party risk posture as well as SCB's third party risk management
processes, including expanded monitoring, KRI tracking, etc.
Penetration testing a variety of systems, services, operating systems and databases.
Assess IT internal controls as part of financial statement audit readiness and operational audits.
Conduct testing of Sarbanes-Oxley (SOX) and Service Organization Control (SOC 1 Type II) Review.
Review IT General (ITGCs) and IT Application Controls, execute IT Infrastructure audit testing databases, network
devices, servers and operating systems – Linux and Unix.
Evaluate management directives -policies, standards and procedures against industry best practices
Review SSAE 18, possess working knowledge of GDPR regulation.
Plan and coordinate Information Technology Audit. Documenting work completed by preparing work papers.
Document control weaknesses and related testing exceptions.
Participated in the Norkom Case Management System implementation on a global scale while aiding the
configuration, implementation, calibration, and testing of the MANTAS surveillance system.
Manage and train AML surveillance analysts who investigate international wire transfers that pass directly
through bank or through any of 2300 correspondent banks, conducting interviews to assess and acquire qualified
candidates
Communicate IT Audit findings to senior management and clients.
Maintain a sound working relationship with clients/business and colleagues to ensure management satisfaction.
Conduct all stages of audit, including planning, fieldwork, reporting and follow-up as needed.
Managing multiple engagements, assess business/technology risks and the related controls and provide practical
remediation plans while achieving company quality standards.
Participate in special projects such as Change Management, Segregation of Duties (SOD) and SOX Compliance
Audit, challenge projects, PCI DSS.
Identify conflicts or inadequate internal controls and provide recommendations.
Execute information security audit, testing preventive, detective, corrective and compensating controls for
design adequacy and operating effectiveness to mitigate risks.
Work with the project teams on implementing the defined business Roles within Access & Identity Management
(AIM) solution
Lead the design, documentation, implementation and continuous improvement of operational policies,
processes and systems across the client organization to ensure operational excellence
STAFF IT AUDIT/PROJECT MANAGER 07/2013 – 12/2015
Responsibilities:
Performed ITGCs and IT Application Controls testing.
Planned and executed migrations from 3rd party IAM vendors to the PingIdentity platform
Experienced in leading Information Security related initiatives; areas relating to enterprise security architecture,
application security, security operations, information security governance and controls, identity and access
management, third party risk management and vulnerability management.
Lead and articulate status reports, concerns and path to project recovery
Engaged and lead Line of Businesses (LOBs) that use the third party in lesser risked engagements and
incorporate the other LOBs assessment criteria into the assessment
Involved in performing technical audits of IT infrastructure controls, including operating systems, databases,
network services, IT operations and disaster recovery.
Hands-on experience of deploying identity solutions using IBM Tivoli / IBM Security Identity Manager.
Reported control deficiencies and provide recommendations to resolve deficiencies.
Participated in the review of management's work, assessing the operating effectiveness of the SLDC lifecycle,
identifying risks and gaps in the implementations, communicating issues and recommendations to the parties
involved.
Managed and track IT vendor risk related documentation in GRC (Governance Risk and Compliance) applications
like Archer and/or SharePoint.
Involved during controls in Access Management, Change Management, SDLC, Business Continuity / Disaster
Recovery, and Application-level controls.
Assisted in Operational and Compliance audit processes such as the documentation of policies/procedures and
control narratives.
Good understanding of monitoring tools like Splunk, Nagios.
Involved in the execution of audits at the firm's affiliate locations which included all phases of the audit
Responsibilities:
Monitored and maintained all bank audit functions
Drive implementation of Project Management (PM standards), procedures and templates for Anti-Money
Laundering (AML) key initiatives, programs and projects.
Worked with IAM cross team to ensure SOD violations are remediated
Updated cyber security protocol and developed effective training procedures.
Managed the US AML/BSA and Sanctions Risk Assessment process.
Responsible for all auditor reports and evaluation of findings
Worked closely with external auditors and state and federal examiners
Designed and implemented programs that evaluated and safeguarded assets and controlled risk
Participated in weekly internal bank committee meetings
Assist with various Third-Party Risk Management program initiatives working closely with the Third-Party Risk
Management Leads
Demonstrated knowledge of standard IAM products (i.e. Okta, Thycotic, etc.)
Performed PCI DSS, HIPAA testing, review SOC 1Type 2.
Managing multiple engagements, assess business/technology risks and the related controls and provide practical
remediation plans while achieving company quality standards.
Responsible for governance of valuation policy, procedures, thresholds, SOX controls and processes, including
review of 10K &10Q disclosures related to all fair value items.
Review the valuation process control environment, tools and methodologies for debt and derivatives using WSS,
Numerix and Bloomberg for initial valuation, month-end and quarterly close.
Led audit assignments, managed staff, and created APDs and final audit reports for senior management.
BANK OF AMERICA 08/2007 – 12/2010
INTERNAL AUDITOR
Responsibilities:
Responsible for developing, implementing and overseeing all aspects of the BSA Compliance Program.
Implemented audit programs to evaluate and safeguard assets and control the liabilities of the Bank.
Completed Strategic and Reputational Risk reviews for due diligence and ongoing monitoring reports
Participated actively in internal bank committees meets.
Experience with ethical hacking and penetration testing of mobile and web applications (iOS, Android, RIM)
Performed AML regulatory remediation, producing artifacts, creating milestones, compliance testing
Performed comprehensive investigations of cyber security breaches.
Manage the tracking of any remediation or corrective action plans.
Monitored follow-up on audit findings to ensure appropriate resolution.
Route potential matches that cannot be cleared to the appropriate hold queue Anti-Money Laundering
(AML)/Office Foreign Assets Control (OFAC).
Assisted external auditors, State and Federal examiners with annual audits.
Ensured clarity in audit reports after careful review and evaluation of findings.
Participated actively in professional and trade groups to keep abreast of latest updates in the auditing field.
Compiled daily database reports to identify possible vulnerabilities.
Ensured that new projects/ processes are integrated into the existing business continuity plan with the help of
change management team and the relevant plans are reviewed and updated accordingly
Coordinate with application and operational teams on the creation and maintenance of DR plans
Responsibilities:
Directed and controlled the audit function of the bank.
Evaluated auditing plans and schedules.
Provides strategic focus, leadership, and presides over client engagements to elicit, document, analyze and
validate IT security compliance by applying the latest Security Frameworks such as: Federal Risk and Authorization
Management Program (FedRAMP), Federal Information Security Management Act (FISMA), Confidential,
Department of Defense Enterprise Cloud Service Broker (ECSB) and Risk Management Framework (RMF).
Oversaw risk assessment and due diligence processes for selecting new vendors
Provide assistance in the management of the access rights of the internal and external user profiles for various
Treasury Management systems.
Ensured that Business Continuity program components (Business Impact Analysis, Risk Assessments, plans,
strategies, etc.) are up to date and effective.
Working knowledge of GRC (Governance, Risk/Compliance) tools such as RSA Archer a plus. IT/Risk
Management/Information Security certifications desirable
Identified and researched auditing and internal issues.
Ensured compliance with procedures, controls and regulations in conducting self-audits.
Planned, coordinated and conducted on-site internal audits.
Communicated conclusions and audit concerns to the management.
Assisted with hands-on with security planning, security compliance guidance under FISMA, OMB, and FedRAMP,
as well as agency regulations, with risk assessment and planning services.
Worked with App/Platform owner to resolve SOD/SAP related breaks
Performed manual penetration testing in addition to the use of scanning tools and produce client-ready
deliverables
Clearly defining project scope, costs, success criteria, dependencies, assumptions, and constraints with
stakeholders.
Defining priorities and requirements and managing the project through planning, design, build, testing,
and service transition phases.
Managing 3rd party vendors and managing multiple individuals and project aspects running
concurrently.
Leverage experience monitoring and controlling several projects/portfolios and reporting project status
to Senior Executives
Assist with project and product escalations to ensure timely and seamless communication to internal
stakeholders, external subcontractors and leadership
Ensure communication to all stakeholders across all levels including detailed engineering and
operational level communications program and executive management project status, issues, and risk
reporting
Responsibilities:
Hands on experience with FireEye for end point detection software and Tanium.
Knowledge of RSA Identity Access life cycle governance
Experience in AML/Financial crime domain
Participated in the Norkom Case Management System implementation on a global scale while aiding the
configuration, implementation, calibration, and testing of the MANTAS surveillance system.
Manage and train AML surveillance analysts who investigate international wire transfers that pass directly
through bank or through any of 2300 correspondent banks, conducting interviews to assess and acquire qualified
candidates
Communicate IT Audit findings to senior management and clients.
Maintain a sound working relationship with clients/business and colleagues to ensure management satisfaction.
Conduct all stages of audit, including planning, fieldwork, reporting and follow-up as needed.
Managing multiple engagements, assess business/technology risks and the related controls and provide practical
remediation plans while achieving company quality standards.
Advanced level response and support for users of computing and network services.
Hands-on role responsible for the administration, support, stability, and security of enterprise systems, servers,
and networks.
Ensured infrastructure security and stability across all locations in the enterprise.
Support data center operations, server operations, advanced level support, web server administration, system
monitoring, incident response, 24x7x365 on-call support.
Supporting core platforms such as Tier 1 business applications.