| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateJohn H Alexander JrEMAIL AVAILABLEPHONE NUMBER AVAILABLECISSP,CISM, CRISC, CISA, MCSETRANSFORMATIVE INFORMATION & CYBER SECURITY EXPERT Delivering scaled security and risk solutions driving exponential business growth and performance in highly regulated industries. Influential Information Security Leader offering more than 20 years of extensive experience building and leading macroscale information and cyber security programs for corporate, Healthcare, and government entities on a large scale. Aptitude for directing large-scale programs reinforcing security, risk posture, and compliance efforts for key business segments. Talent for building the bench of viable future leaders, equipping top talent with essential business and security know-how pivotal to organizational stability. Adaptable in aligning scalable information security strategies to meet business goals, leading consensus- driven partnerships with executive-level stakeholders to secure buy-in. Adept at defining policy and architecting targeted solutions that eliminate security threats and sustain ongoing growth initiatives through a blend of operational and technical agility.Energetic security leader with a broad bandwidth for translating complex concepts into credible terms for business, technical, regulatory, and C-level stakeholders.Maintains a keen pulse on the security landscape as it continues to evolve, running the gambit of the security stack from engineering and threat intelligence to vulnerability management for new and existing infrastructures.Prioritized compliance with key regulatory and state institutions, including NIST 800-53, HIPAA, ISO 27001, PCI Security Standards, HITRUST, and FTC. Strategic Planning & Execution Agile Project & Program Management Security & Network Engineering Staff Training & Development Solution Architecture Cyber Security Incident Response Threat Vulnerability Management Business & Regulatory Continuity Enterprise Risk Management Application & Cloud Security Security Policies & Procedures Strategic Partnerships Compliance & Risk Analysis Communications Strategy Mentoring CryptographyP R O F E S S I O N A L E X P E R I E N C ECVS Health Dec 2014 to July 2024Sr. IT Security ManagerDefined, developed, and implemented security controls spanning enterprise security firewall for $30M Refresh Program project. Routinely coordinated with C-level Information, Information Security, and Technology Officers, and risk and application teams to continually refine and fortify security strategy. Secured 100% of the budget required for Network Segmentation Assessment and benchmarking against DB peers and obtained buy-in from Senior Leadership to conduct network segmentation assessment and feasibility study. Reduced team budget by over 20% by creating offshore positions and utilizing resources in India, instead of hiring in USA Designed and delivered 100% of required information security controls to close internal audit findings against tight deadlines. Conduct in-depth research on emerging technologies and firms offering automation capabilities through AI / automated risk assessments. The benefits include a reduction in time it takes to conduct a security assessment from 15 days to 7 hours, and reduce the headcount involved in security assessments and concentrate on other critical security projects. This resulted in significant cost savings, ROI to the CTO organization, CISO, and the business. Use several actors to achieve various PING Identity tasks. Develop and test Terraform modules to automate infrastructure deployment in AWS Work with Platform and Delivery engineering teams for any application deployments Delivered leadership in transforming the network from an internal computing model to a hybrid, multi-tenet, multi- public cloud and Cloud SaaS environment. AWS, GPC, Azure Developed cloud security strategy, standards, procedures, best practices and DevSecOps Collaborate with operations and engineering teams to implement and tune cloud-native security, monitoring, tooling and reporting. Led transformation of NextGen networks, which include software-defined WAN Data Center, behavioral analytics, machine learning, automation internally and within the Public Cloud Performing contract review with IT vendors and IT managed services Maximize the effectiveness of the offshore teams by developing, managing, mentoring, and coaching team members. Experienced in conducting risk assessments, threat modeling and information security reviews, and audits. Track and document internal risk reviewed, assessments risk acceptances, and security exceptions in a GRC tool Working knowledge of common information security controls, guidelines and standards, such as ISO27001, OWASP, SOC2, NIST, CIS, HITRUST Manage and coordinate HIPAA Security Risk Assessments to identify vulnerabilities and implement corrective actions. Oversee Business Continuity, Incident Response, and Disaster Recovery plan testing to ensure preparedness for potential disruptions. Collaborate with internal stakeholders and third-party assessors to ensure comprehensive security risk assessments and adherence to remediation timelines. Managing firewall/proxy security audits and vulnerability and threat assessments, and directing responses to network or system intrusions Reviewing, implementing, updating, and documenting companywide internet edge information security policies and procedures Continuously evaluate and identify improvements in the system processes and functional architecture. Led the design and deployment of Zero Trust Network Access (ZTNA) for remote work environments, utilizing AWS, GCP, Azure for a hybrid, multi-tenet cloud SaaS environment. Managed proofpoint, Zscaler, CyberArc and other security tools enterprisewide. Managed proof of concept and implementation for automated penetration testing platform. Managed proof of concept and implementation for automated firewall change process. Horizon BCBSNJ Oct 2013 to Oct 2014IT Security Analysis IVGoverned technology risk operations for 2 Chief Information Officers through proactive security and operational intelligence. Revitalized entire cybersecurity infrastructure, strengthening high-impact activities in security awareness, communications, transparency, and security metrics across Office of the CISO and central risk controls teams. Ensured 100% compliance of the required issue self-identification for IT & Cyber Risks, as mandated by our Risk Leadership. Develop detailed technical documentation, project proposals, comparison reports, system assessments and architecture diagrams. Led process busters to identify and bridge gaps in process, budget, and performance, delivering 100% success rate in 2013 and 2014 within tight deadlines. Act as a technical information reviewer of requirements statements, operating procedure manuals, feasibility analyses and other documents produced during projects. Analyzed SIEM security events from firewall monitoring and sources, Cisco ASA, NextGen, CheckPoint, Palo Alto), Cisco IDS/IPS, Windows, Linux, and UNIX and filtering out false positive events using ArcSight ESM, as well as associated network traffic to identify and confirm suspicious activity. Led and supported overall network security, quality of service, e.g., firewalls with packet analysis & intrusion prevention/detection software in response to threats & vulnerabilities; performed backups & developed disaster recovery strategies in the event of cyber-attacks. Empowered internal business stakeholders to self-identify and eliminate emerging risks by providing industry insights into controls optimization and risk quantification. Executed post-mortem analysis on traffic flows per current and emerging threat and attack vectors to identify and confirm malicious activity or compromise. Knowledgeable in many areas of Vulnerability Assessments, Intrusion Prevention and Detection, Access Control and Authorization, Policy enforcement, Application Security, Protocol Analysis, Firewall Rulesets, Incident Response, IAM, DLP, Encryption, Web-filtering, PKI Cryptography Automation of compliance and enforcing security policies using ansible and chef playbooks Monitor cloud accounts and container platforms for security misconfigurations Defined standard of trust and security that align with organizational vision, guiding daily cyber and risk strategies to fortify sustainable defense against vulnerabilities, zero-day threats and ransomware. New York Department of Health Feb 2013 to Oct 2013 Lead IT Security Engineer (Consultant)Reinforced vulnerability management program by aligning risk and business strategies with CISO and CIO operations. Instrumental in strengthening ROI, eliminating gaps in cyber defense and refining continuous testing efforts. Employed leading- edge tactics in data classification of assets, feeding threat intel, and exploits to mature the vulnerability management program. Replaced Nessus with Qualys Threat Vulnerability Management Platform. Architected the new solution from the ground up. Serve as an internal information security consultant to the organization. Assist senior IT technology leaders with the development and implementation of infrastructure solutions. Developed security architecture strategy, planning & implementing for enterprise client, defining roadmaps to bridge the gaps from current to the future state for business, information, and technology capabilities, guided technical staff across multiple projects. Directed delivery of solutions to clients independently or a practice manage on upwards of 5 projects concurrently accountable for project budgets, timelines, engagement costs, customer expectations, and project deliverables. Led the creation of a Dev/Sec/Ops service offering featuring network device risk-based vulnerability management as well as Analytics architecture and implementation services. Perform threat and vulnerability assessments. Coordinate and lead security incident response efforts Detailed understanding of Advanced Persistent Threat (APT) and associated tactics Knowledgeable in DLP, SIEM, AV, and vulnerability management, analysis principles. Provide design oversight to infrastructure engineers. Performed investigations with Encase Forensic or other forensics applications. Assist senior IT technology leaders with implementing standards and procedures. Hunt for and identify threat actor groups and their techniques, tools, and processes. Configure and maintain security monitoring solutions. Test and evaluate new technologies. Continuously improve security systems, processes, and best practices Eliminated 30% of all exploitable vulnerabilities within 3 months of Qualys deployment. Reduced the scan time by over 30% by deploying scanners closer to targets and avoided scanning through firewalls. Deployed Qualys Agents and setting up Qualys Patch module, provided almost real time vulnerability reporting and automated and resulted in reduction of Mean Time to Patch by over 25%. Lukoil North America Aug 2011 to Feb 2013Network Security ManagerBuilt book of business comprising several highly regulated entities, providing strategic solutions in risk and security management directly to C-level stakeholders. Oversaw a host of key risk strategies, including penetration testing, vulnerability management, automation, and risk-based solution architecture. Oversaw a team of technical architects and is responsible for technology strategy development, IT architecture and governance. Lead and facilitate workshops with Executives and Senior Leaders in the organization. Developing strategic roadmaps and investment portfolio. Established, managed and optimized IT governance frameworks including Architecture Review Board and other technology governance efforts. Recruited, managed and developed a high-performing team, coached and mentored other Architects on the team and foster a culture of collaboration and innovation. Maintained 100% track record in closing audit packages. Established and maintained an incident response plan, from the incident intake process throughout the remediation and reporting. Responsible for the design and management of systems, hardware, and software upgrades for the designated network and security systems. Document Network/security policies and procedures. Oversee the deployment, integration and initial configuration of all new network and security solutions and of any enhancements to existing solutions in accordance with standard best operating procedures and the enterprises security documents. Preserve assets by implementing disaster recovery and back-up procedures and information security and control structures. Manage and maintain Business applications and systems including but not limited to Microsoft products. Experience with vulnerability management scanning platforms such as Tenable Build and maintain vendor relationships and manage the purchase of hardware and software products. Perform information security risk assessments and serve as an internal auditor for security issues. Responding to incidents and conducting investigations as events happen through analyzing logs from various sources. Ensuring the security technology provided by the organization is performing to optimal standards with customer. JanaSolutions, Inc May 2011 to Aug 2011Infrastructure Integration SpecialistTapped to lead Security project to assess existing security stack, identify breakdowns, and partner with senior leadership to optimize program readiness. Owned information security assessments for M&A, cybersecurity product analysis for Fusion Center SOC, threat intel / global SOC capabilities development, and technology implementation for U.S. and Canadian entities. Established and maintained an incident response plan, from the incident intake process throughout the remediation and reporting. Responsible for the design and management of systems, hardware, and software upgrades for the designated network and security systems. Document Network/security policies and procedures. Oversee the deployment, integration and initial configuration of all new network and security solutions and of any enhancements to existing solutions in accordance with standard best operating procedures and the enterprises security documents. Preserve assets by implementing disaster recovery and back-up procedures and information security and control structures. Manage and maintain Business applications and systems including but not limited to Microsoft products. Experience with vulnerability management scanning platforms such as Tenable Build and maintain vendor relationships and manage the purchase of hardware and software products. Perform information security risk assessments and serve as an internal auditor for security issues. Responding to incidents and conducting investigations as events happen through analyzing logs from various sources. Ensuring the security technology provided by the organization is performing to optimal standards with customers. GAF Materials Corporation, Wayne, NJ October 2006 to May 2011 Integration Engineer Understand key clients topology, ecosystem and standards fostering a partnership relationship and served as a point of escalation from both a technical and quality aspect Provide technical support to the business where required Coordinate with project teams and stakeholders to ensure alignment and successful project outcomes Drive projects from a high level, managing project risks, resourcing and issues and implementing mitigation strategies as needed Plan, execute, and oversee operational projects, ensuring they are completed on time and within budget globally Develop and implement operational strategies, plans, and procedures Ability to scope and budget for projects where required creating proposals and SOWs Acted as a liaison between operations, senior leadership and sales providing regular updates on operational performance and growth opportunities Develop relationships with local contractors and manufacturers Mentor junior staff, fostering a culture of high performance and continuous improvement Monitor industry trends and apply best practices to improve operational efficiency Analyze current processes and identify areas for improvement Work with senior leadership to ensure effective communication across the organization Work with senior leadership to market and promote the organization in region Discuss the Company offerings at a senior level and identify opportunities for further growth OpSource, Inc., Lyndhurst, NJ January 2005-February 2006 Technical Operations ManagerMentored and coached direct/indirect reports while cultivating a culture of self-organization and responsibility and foster continuous learning and technical growth. Directed the management and upkeep of all technical infrastructure, including network appliances as well as physical, virtual and cloud platforms. Worked with the Corporate VP of IT, develop multi-year technology and IT security road map to that aligns with the organizations growth objectives. Provided and recommended network and system solutions for Fortune 500 companies Responsible for network and security design, network and system Configurations, network and system support Served as consultant for operations and customer portfolio management teams. Mentored and coached direct and indirect reports, cultivating a culture of self-organization and responsibility and foster continuous learning and technical growth Provided Level 3 troubleshooting and resolution of system problems, implemented best practice procedures and maintained the integrity of infrastructure environment Ensured the reliability of the disaster recovery services including system replications, backups and archival Identified, assessed, and managed security risks, ensuring the resilience of IT systems and infrastructure across global operations Develop, maintain and test the Disaster Recovery Playbook Participate in Disaster Recovery Planning, Testing and Execution Document, monitor and maintain software/hardware licensing to guarantee license compliance Private tier-III technical support for issues that arise. Led the development and implementation of security programs, focusing on usable security solutions that support business innovation while mitigating risks Have a track record for delivery in a complex, rapidly changing environment E D U C A T I O NMIT Sloan Executive EducationCertificate, Cybersecurity for Managers: A playbook MIT Sloan Executive EducationCertificate, Master Design ThinkingSteven Institute of Technology Hoboken, NJMaster of Science in Information SystemsMasters ProgramMaster Cloud ArchitectC E R T I F I C A T I O N S a n d C R E D E N T I A L S Building Business Acumen, Acumen LearningISACA, Certified Information Security Manager; Certified Information Systems Auditor; Certified in Risk and Information System Control; Lean Six SigmaISC2, Certified Information Systems Security Professional CCMI, CMMC-RPMicrosoft MCSE +Security +MessagingCisco CCNAExam Preparation: CCSA Dec 2024 |
