Information Security Manager
Responsible for providing strategic leadership in client business applications, IT infrastructure, databases, storage, risk management, enterprise security governance, security operations management, incident response, telecommunications, web applications and services supporting Federal Student Aid office of the Department of Education. Improve quality and delivery of security services for virtual datacenter hosting over 750 UNIX, Linux, and Windows servers, VMware ESXi hosts, mainframes, and over 200 network devices and appliances. Manage profitability of over $2.8M worth of information security services. Manage multiple local and remote teams responsible for 24/7 security monitoring, patching, event logging, user provisioning, vulnerability management, auditing, incident response, and enterprise compliance with applicable federal laws and regulations.
- Strategically directed matrix resources to execute operational tasks to deploy updated security controls, new tools, and decrease active vulnerabilities by 90% across the enterprise. Recouped $50k a month in lost revenue by meeting SLA’s and increasing customer satisfaction, and identified $3.3 million in out of scope/additional work.
- Partnered with business owners to implement security controls and processes in accordance with federal regulations for systems that store one of the federal government’s largest repositories of Personally Identifiable Information (PII), and transfer over $135 billion annually. Successfully passed annual audits without new or repeat findings.
- Established polices, SOPs and security standards in accordance with federal regulations.
- Completed FISMA, DHS TIC/TCV, A-123 and SSAE16 audits without repeat findings.
- Implemented security awareness programs and instituted compliance metrics to decrease enterprise risks.
- Conducted Webinar presentation with representatives from NIST and DHS on Advancing the Federal Cybersecurity Workforce, and served as panelist at the Dell World 2014 for Disruptive Technologies, an interactive discussion with CEOs, CIOs, and directors of technology regarding disruptive technologies and security.