| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
Hope Mills, NCProfessional Summary:Wide knowledge of SEIM & GRC Tooling in distributed network and design.In-depth knowledge of Infrastructure security. Have managed vulnerability assessments and UAT of global networks. Responsible for project action plans to mitigate the risks detailed in the risk assessments via GRC.Security tools specific to data protection Purview, HSM,API Management and Security Controls Testing and ProductionIntegration of NIST, FISMA, PCI security requirements within the DevSecOps pipelinesThird Party Risk assessments and supply chain reviewsPerformed external audits, Business Impact Analyses, Business Continuity Planning for all platforms in the respective enterprise.Disaster Recovery, Business Continuity Planning,RACF, Encryption, API ImplementationsHave implemented, reviewed and monitored Network Security Projects, Internet and Intranet Security. Currently responsible for implementing PCI, NERC, SOX, FISMA, & HIPAA Projects.Certification:CISSP (Certified Information Systems Security Professional)LRDE (LogRhytms Design Engineer)ACSA (ArcSight Certified Security Administrator)CCSP (Certified Cloud Security Professional) Preparing for examSpecial Training (Courses):ArcSight SEIMRSA GRC ArcherMcAfee DLP, EPOPalo Alto FirewallsExabeam SIEMFireEyeData Power, GuardiumProject ManagementEducation:Software Programming, Programming Systems InstituteNetwork Management, New York University, NYBS Information Technology, Almeda University, Boise, IDProfessional Experience:AT&T Cybersecurity October 2013 July 2024Enterprise Security ArchitectureDescription:Responsible for Implementation of a Managed Enterprise Architecture and Programs, including Security Policies, Standards and Controls for AT&T CustomersResponsibilities:Partners with development and infrastructure Stake Holder teams to facilitate Secure Management from a Business & Technical View.AZURE, Google, Terraform Requirements Test & Development.Lead special projects and investigations into IPS/IDS technologyPoint of Contact for Solution Design issues and to s research and piloting of new technologies SEIM, and Regulatory Audit Automation Tuning & TrackingDesigns and implements technical infrastructure based on Standards Utilizing SABSA, TOGAF, AGILE Frameworks Methodologies Representing Enterprise Security Architecture, Solution Identification, IDAM.Security Management Standards & frameworks ISO 27002, NIST CSF, Azure Event Logs, Azure Data Warehouse, Azure Application Security Group (ASP).Security tools specific to data protection HSM Implementation'sAPI Management and Security ControlsIntegration of NIST, FISMA, PCI security requirements within the DevSecOps pipelinesResponsible for Enterprise Architecture, Solution Architecture, Business Integration, Third Party Security SME tasks.Maintains, upgrades, operates, advises and cross-trains team members on Secure Banking Eco Systems Controls.Responsible for IT SOX Management testing, IT audit, and/or technical IS/IT experience required.Working knowledge or experience in SAP Business Suite ERP Audit & Security Controls.Responsible for GRC RSA Archer, ArcSight, Splunk & Securonix SEIM, Compliance Testing.Cyber Architecture SME for VP and Information Security Officers across Banking Ecosystem.Deloitte May 2012 Oct 2013Enterprise Security EngineerDescription:Responsible for Info Security solutions for custom managed services. Ensured clients business requirements and recommendation to security technical engagement tasks and problems are completed on schedule. Assessed the importance of potential security risks for clients strategic security operational plans.Responsibilities:Chaired weekly Virtual Team Managements as Cyber SME for Large Cyber Security ProjectsDeployment of Mitigation techniques for Microsoft Tools Windows and Linux Enterprise Systems.Developed and selected strategic-tactical security tools & programs across global enterprise.Managed, implemented, and deployed IPS, HIPS Rules and PolicysSecurity tools specific to data protection Purview, HSM,API Management and Security ControlsIntegration of NIST, FISMA, PCI security requirements within the DevSecOps pipelinesProctor & Gamble, Cincinnati, OH Nov 2011 May 2012Enterprise Security ConsultantDescription:Responsible for development of comprehensive Security Architecture and Program, including Security Policies Standards and Procedures via GRC, SEIM and Cloud Technologies, Related responsibilities include interfacing with Business Units Managers for Proctor & Gamble for Source Data Feed Incident Response Unit.Responsibilities:Responsible for Azure, AWS Security Control Testing, DevSec-Operations, Critical Security Controls Review.Responsible for business vision realization and security architecture target state creation Matrix & Diagrams.Target State Security Architectures, Security Roadmap, Security Architecture & Principles BCP & DR PlanningResponsible for Third Party Risk Assessments for new and existing business partners in Cloud.Security Management frameworks ISO 27002, NIST CSF, CASB.Proficient with Database Security, Database Vault, Audit Vault, ASO and Grid Control monitoring tools.Wide knowledge of RDBMS and distributed database concepts and design.In-depth knowledge of database security administration.Azure Event Logs, Azure Data Warehouse, Azure Application Security Group, Azure Sentinel, Azure Sec GRP.Familiarity with security procedures for DB2 databases Oracle, and SQL Data modeling.Maintain accurate reporting of remediation activities to bring appropriate visibility to stakeholders and leadership..United Health Group, Minneapolis, MN Aug 2009 Nov 2011Network Security Project EngineerDescription:Responsible for Info Security solutions for custom managed services. Ensured Hsopital's business requirements and regulatory controls meet base security levels on schedule. Assessed the importance of potential security risks for Hospitals strategic security operational plans.Responsibilities:Responsible Management of Cyber Security for HIPAA, HITRUSYSecurity Analysis for PCI with Qualys, Metasploit, Nessus assessment tools.Consolidate and track updated STIG results from STIG/technology owners.HIPAA and GDPR or other global compliance, HITRUST.Blue Cross Blue Shield NC, Raleigh, NC Nov 2008 Aug 2009Lead Information Security ArchitectDescription:Responsible for development of a comprehensive Security Architecture and Program, including Security Policies Standards and Procedures for PCI, HIPAA. Related responsibilities include interfacing with the Business Units Manager and Department heads on BCBSNC Security Vision.Responsibilities:Responsible for tools and processes used to expose common vulnerabilities and implement countermeasures.Strong knowledge of understanding of multiple Vulnerability scanning tools their remediation action plan.Responsible for RSAM and RSA Archer eGRC deployment and implementation.Facilitate proactive remediation of new vulnerabilities by collecting information from threats and vulnerabilities.Responsible for GRC Third Party Risk Assessments for New and existing business partners.Establish and maintain security metrics and reporting.Act as security risk management ambassador to internal customers.Lead SEIM Security Engineer for info security project engagements from initiation phase closeout.Business Continuity, Disaster Recovery for Critical SystemsResponsible Management of FISMA, IT Governance, PCI and NIST regulatory controls readiness via SEIM.Strong understanding of Information Security and SOX/ PCI/PII audit management.Accenture, Cincinnati, OH Sep 2006 Oct 2008Information Security ArchitectDescription:Security Engineering and Deployment for Shell Oil.Shell Oil Subject Matter Expert Responsible for configuration of RSA Archer and ArcSight tools for Shell Oil Global Enterprise.Responsibilities:Responsible for Archer Integration, configuration, and administration.Responsible for Cloud Security Controls Azure and AWS.Responsible for deployment of ArcSight ESM, Connectors, Loggers and Databases.Responsible for deployment of ArcSight reports, dashboards, and systems automation.Chaired weekly Virtual Team Managements for project status meetings.Responsible for Management of AV, DLP, HIPS Compliance.Developed and selected strategic-tactical security tools & programs across global enterprise.Blue Cross & Blue Shield of South Carolina, Columbia, SC Dec 2004 Sept 2006Information Security ArchitectIT Security Compliance & Audit PreparednessDescription:Responsible for Info Security audit efficiency and offering potential solutions to security technical engagement problems. Assess the importance of potential audit findings considering related risks and benefits of recommendation.Directed junior staff to ensure technical, management and operational control testing and verifications are in place.Responsibilities:Hands on deployment of ArcSight ESM, Loggers and Connectors throughout Enterprise.Responsible for Configuration of Archer Reports, Dashboards, and Notifications.Planning and assessing enterprise security technology strategy and architecture.Lead Project Engineer for info security project engagements from initiation phase closeout.Responsible Management of FISMA, IT Governance, PCI, and HIPAA, NIST regulatory controls readiness.Lead Security Engineer responsible for ArcSight, Cisco, F5, CISCO IPS & McAfee IPS Tuning.Developed and selected strategic-tactical security tools & programs across enterprise. |
