- Featured in:
-
More Information Security Manager Resumes
Use these Information Security Manager samples as a guideline or visit our extensive library of customizable best resume templates.
Select
Customize
Download
Find out what is the best resume for you in our Ultimate Resume Format Guide.
Additional Data Systems Administration Resume Samples
Information Security Manager Resume Samples
No results found
0-5 years of experience
Led virtual server farm conversion project, to provide shared resources to end users.
- Configured multiple Windows 2008 R2 servers to provide network resources to end users while conforming to DISA security standards.
- Developed and implemented multiple scripts and batch files to assist in remote
- Created and implemented a standard operating procedure for running Helpdesk functions,
- Assisted users with troubleshooting issues regarding PKI, account creation/management,
- Provided Layer 2 connectivity to end users as well as maintaining Layer 3 connectivity to our ISP.
- Provided training to over 2000 end users on security best practices and simple computer
0-5 years of experience
Procured advanced data systems through government contracting to replace outdated automation equipment within the schoolhouse.
- Tracked, maintained, and inventoried over $3 million worth of digital systems, including a variety of routers, switches, C4ISR, radios, servers, and computers.
- Successfully managed and completed over 5,000 work orders within an enterprise BMC Remedy
- Maintained files and records in accordance with established policy to ensure passing performance during annual Audit.
- Implement a process to transition from old devices to new, new reduced loss of productivity from 20% to 5%.
0-5 years of experience
Assumed responsibility for the Security Management function in the Capital Markets division, and worked closely with Senior Management to provide recommendations for strategic direction to strengthen access security controls.
- Served on the Security Task Force within Capital Markets and assisted in identifying best security practices.
- Managed 10 Security Administrators responsible for supporting over 200 applications within Capital Markets.
- Provided security recommendations assisting in mitigating risks associated with the theft, destruction, alteration and denial of access to information.
- Partnered with Corporate Information Security to enhance Security Awareness Programs within the Capital Markets Division.
- Partnered with the Business Continuity Team to ensure that the Business Resumption Plans for Information Security were current and addressed disaster recovery risks
0-5 years of experience
Responsible for providing strategic leadership in client business applications, IT infrastructure, databases, storage, risk management, enterprise security governance, security operations management, incident response, telecommunications, web applications and services supporting Federal Student Aid office of the Department of Education. Improve quality and delivery of security services for virtual datacenter hosting over 750 UNIX, Linux, and Windows servers, VMware ESXi hosts, mainframes, and over 200 network devices and appliances. Manage profitability of over $2.8M worth of information security services. Manage multiple local and remote teams responsible for 24/7 security monitoring, patching, event logging, user provisioning, vulnerability management, auditing, incident response, and enterprise compliance with applicable federal laws and regulations.
- Strategically directed matrix resources to execute operational tasks to deploy updated security controls, new tools, and decrease active vulnerabilities by 90% across the enterprise. Recouped $50k a month in lost revenue by meeting SLA’s and increasing customer satisfaction, and identified $3.3 million in out of scope/additional work.
- Partnered with business owners to implement security controls and processes in accordance with federal regulations for systems that store one of the federal government’s largest repositories of Personally Identifiable Information (PII), and transfer over $135 billion annually. Successfully passed annual audits without new or repeat findings.
- Established polices, SOPs and security standards in accordance with federal regulations.
- Completed FISMA, DHS TIC/TCV, A-123 and SSAE16 audits without repeat findings.
- Implemented security awareness programs and instituted compliance metrics to decrease enterprise risks.
- Conducted Webinar presentation with representatives from NIST and DHS on Advancing the Federal Cybersecurity Workforce, and served as panelist at the Dell World 2014 for Disruptive Technologies, an interactive discussion with CEOs, CIOs, and directors of technology regarding disruptive technologies and security.
0-5 years of experience
Responsible for product management and delivery of security services to the business through a regional team. Provided IT project consulting, stakeholder engagement, and team development.
- Implemented new engagement model that drives better integration of security services with business objectives. Changed perception of security being a hindrance and increased customer satisfaction.
- Responsible for business integration of over twenty-seven technology solutions, enabling the organization to move from reacting to security events to detecting and preventing security events.
- Designed and implemented reporting to provide stakeholders with a monthly scorecard of security, changed customer engagement from “informed” to target level of “engaged.”
- Optimized change management resulting in a 100% reduction in major outages, increased customer confidence and faster delivery of solutions.
0-5 years of experience
Reported to CIO, and provided leadership and oversight of all IT projects (30 to 40 at any given time) including planning, implementation, budgets and project closure. Managed information security program that ensured security became engrained in planned and ongoing IT and processes.
- Developed overall annual IT project plan with IT capital expenditure and staffing needs.
- Facilitated creation of IT project definition documents and plans for each project and ensured stakeholders reviewed and approved scope and timelines.
- Led bi-weekly meetings with project managers to track ongoing projects and ensure integration among projects, coordination of staff resources, and detection of scope changes.
- Obtained Project Management Institute training for all IT managers and senior analysts to improve overall project planning and implementation.
- Managed information security projects, including planning and deployment of new processes and technologies in areas of intrusion detection and response, deployment and management of authentication tokens and VPNs, and vulnerability assessment and remediation practices.
- Conducted security audits, and implemented improved controls and processes.
- Established security policies and procedures, and conducted security education for executive management, physicians, clinical and IT staff.
0-5 years of experience
Maintained the Security Program and coordinated changes to security guidelines with the company president
- Managed the Vendor Due Diligence program which ensured all clients (PI) personal information stored by vendor’s is secured/encrypted while being backed up and transferred over the internet
- Created new risk assessment questionnaires requested by customer firms, partners, insurance companies based on SAS 70 results, types of information stored and current NIST standards
- Revamped the Disaster Recovery relocation program by testing the sites operability and creating disaster recovery tests that were compiled, graded/reviewed to provide results to active customers
- Created schedules to perform initial and annual security assessments for service providers and customer firms
- Served as one of the points of contact to meet security personnel from customer firms and SAS 70 inspectors
- Reviewed and approved several RSA Envision reports, to included: Failed logons/password attempts, SAS 70 Account Changes, Security Group changes, Server exclusions and Distribution Services changes
- Migrated over 100 users from Microsoft Exchange to the Single Hosted Microsoft Exchange system
- Responsible for tours of the facility’s interior/exterior security systems, data center and recovery systems
- Performed daily Server hardening to prevent unauthorized data leakage, access control and security changes
0-5 years of experience
Developed information security policies and procedures in compliance with corporate security requirements.
- Assessed security strategies and status of network, desktop, and mainframe systems and data through audits and development of metrics.
- Implemented and documented policies and procedures including locking of NT/2000/Unix servers, cleanup of user profiles, and application of fixes.
- Served as primary contact for legal and human resources departments.
6-10 years of experience
- Installed, configured, maintained, and upgraded servers and related network equipment
- Troubleshot and repaired network and network related systems
- Performed user assistance (help desk) and user training
- Implemented policies and procedures related to the Local Area Network (LAN) and its related systems concerning security and authorized use
- Managed purchasing, inventory and disposal of all automated data processing equipment for the network
- Responsible for over $1 million of network related data processing equipment
0-5 years of experience
Configuration management, initial network diagnostics on user systems and recovering system hardware failures.
- Associated system and software failures with unexpected outages, planned and implemented actions such as dissecting computer towers and putting them back together.
- Located hard drive issues, random access memory and/or power supply failures.
- Oversaw cost efficient equipment ordering methods, and decreased the amount of down time for each user.
0-5 years of experience
Responsible for leading the integration of physical and information security architecture teams towards a risk-based approach for asset protection and security management.
- Identified technical/mobility improvements to physical security designs providing a risk-based methodology, increased incident management landscape and reduced operational expenditure.
- Designed a Global Security Command Center to centralize operations and enhance proactive vs. reactive event response
- Architected the next evolution of risk-based data-centric protection environments named “Super zones” focusing on business resiliency and security by isolating critical applications technically and according to risk-profile
- Authored and implemented threat assessment model for all external business/partner connections and Internet facing applications using a service, use-case, benefit and impact profile providing a dashboard for Executive Management to comprehend environments with the greatest business risk
- Committee member for Cloud Computing/SaaS security modeling and risk profiling
- Authored policies and enforcement procedures for Enterprise usage of Social Networking
- Demonstrated leadership and executive communication abilities
0-5 years of experience
Led the corporate SOx IT Testing Program which has achieved consecutive G1(perfect) quarterly control ratings for over three years while implementing extensive control optimization initiatives which have reduced the overall cost of the program by 60+%.
- Adopted the SOx User Access Control Operations function and reduced the overall cost of control by at least 30% while increasing the scope of the program by almost 15%. In addition, implemented targeted quality measures which have reduced the control deficiency counts by over 50%
- Developed the Information Security – Regulatory and Assurance Management function which coordinated a central response capability for all Information Security related compliance, regulatory, and due diligence reviews from organizations such as the OCC, SEC, Internal/External Audit, and internal compliance groups. In this capacity, also acted as liaison between Technology Management and Internal Audit and/or regulatory affairs teams to assist Management with the development of required audit deliverables and evidence requests and to support the response teams during the audit process.
- Created the Technology Findings Management function which centralized the reporting and escalation processes for Management’s audit and regulatory findings and action plans across both the Technology and Service Delivery organizations. Since its inception the program has been running at a 95%+ on-time closure rate.
- Managed the Technology Evidence Repository function (a.k.a Self-service audit) which coordinated the request and delivery of compliance related evidence between Management and internal/external providers via an annual delivery schedule. In addition, this capability helped reduce audit fees by providing a construct by which internal and external audit teams could obtain control evidence to satisfy audit requests without having to engage control operations teams directly.
0-5 years of experience
Built corporate security framework from the ground up. Maintained executive management support and visibility for new security initiatives. Worked with departments ranging from sales to engineering to assess and mitigate security risks.
- Designed comprehensive security program across two sister companies (Sorenson and CaptionCall), with differing environments, to run under a consistent security framework.
- Developed security risk assessment process.
- Oversaw projects for deployment of identity management technology, multifactor authentication, and vulnerability management.
- Designed and distributed first employee security awareness training for an audience of 8,000 hearing and Deaf employees.
0-5 years of experience
Installed an Intrusion Detection and Analysis System
- Wrote and implemented various information security policies
- Developed and implemented Information Security Awareness Training
- Implemented an encryption solution
- Developed requirements and drafted RFPs for a network security audit
0-5 years of experience
Installed an Intrusion Detection and Analysis System
- Wrote and implemented various information security policies
- Developed and implemented Information Security Awareness Training
- Implemented an encryption solution
- Developed requirements and drafted RFPs for a network security audit
0-5 years of experience
Managed the corporate-wide user account administration team.
- Implemented an account provisioning and password reset utility (Courion) for corporate use.
- Developed and implemented an annual vendor assessment program, a corporate Incident Response Plan, and the HIPAA security policies and procedures.
- Reviewed and remediated security control issues identified in the Sarbanes-Oxley (SOX 404) testing of financial applications.
10+ years of experience
Managed Information Security awareness program, while working with Bank management to incorporate security awareness into the Bank culture.
- Coordinated the Bank’s Business Resumption Plan and subsequent annual testing.
- Coordinated Business Resumption contracts, resulting in a savings of over $500,000 over a 5 year period.
- Oversaw the Bank’s annual GLBA assessment program to meet the Bank’s needs regarding securing of Customer Information.
- Oversaw the Bank’s Identity Theft Prevention Program, Incident Response Program and fraud investigation.
- Identified security risks and ensure that appropriate controls have been implemented. Evaluated, recommended and implemented reasonable security controls and/or procedures to mitigate identified threats.
- Managed and maintained key information security tools for compliance, incident response and assessment purposes.
- Oversaw the day-to-day physical and logical security activities.
- Managed and trained professional staff members whose function was to administer access to the Bank’s core applications and resources, utilizing application inherent security access control software.
- Primary liaison for the Information Technology Department with Federal regulatory authorities (FDIC, FRB, SOX 404, & NYS regulators), internal and external auditors.
- Responsible for the coordination of IT audit reports including the resolution of open audit issues. Identify practical solutions to address the remediation of audit issues, control weakness and process deficiencies.
0-5 years of experience
Performs a dual role in the organization. Leads an array of IT professionals providing top-notch customer service, support network operations, direct enterprise resource management (ERM), maintaining intranet web-servers, various SQL servers, and building & configuring servers and workstations, and Information System Security program management.
- Supervised IT division and two outside agency contractors during SUBLAN COMPOSE 3.0 system operational and verification testing prior to system accreditation and acceptance.
- Coordinates organization’s IT lifecycle management program. Develops creative strategies to minimize costs and maximize productivity.
- Troubleshot & repaired External Communications System Internet router, restoring Non-classified Internet Routing Protocol Network (NIRPENT) connectivity to submarine.
- Briefs senior executives on identified Information System Security issues and risks; presents mitigation plans to lessen impact on network assets.
- Conducts one-on-one, small- and large-group training sessions for all level of employees for IT related matters.
0-5 years of experience
Managed the Information Security efforts of the department regarding the non-mainframe systems and applications. Directly supervised four security administrators ensuring all systems access requests are properly authorized and access provided is based on job responsibilities.
- Developed, implemented, communicated, and maintained all TCF Information Systems Security Policies and Procedures. Developed & implemented security standards for multiple system platforms & environments.
- Reviewed the development, testing and implementation of security plans, products and control techniques to ensure compliance with the Security Policies and standards.
- Maintains an awareness of existing and proposed security standard setting groups, State and Federal legislation, and regulations pertaining to information security. Identified regulatory changes that will affect
- Developed the business case for securing the companies laptops with encryption, performed the vendor selection, developed the rollout schedule, trained employees on the new process and completed the rollout throughout the organization.
- Lead a cross-functional team to research, select and implement a Vulnerability Assessment tool. Developed the strategy to incorporate the tool into the current patch management process to help focus patching efforts on the system that are vulnerable and validate the systems have been properly mitigated.
0-5 years of experience
Led the management of information security including managing the security team.
- Presented to staff and upper management on information security topics to increase awareness and engage upper management in information security issues
- Technical architect, project lead, internal security consultant, and technical resource
- Led projects deploying new 2 factor authentication, log management, full disk encryption, and integration of information security into community electronic health records
- Worked with information security stakeholders (IT Audit, Compliance, HR, Legal, and others) to ensure compliance with necessary laws and regulations and support their needs relating to
0-5 years of experience
- Directed information security operations to ensure integrity of government data assets and compliance with internal controls and regulatory requirements.
- Orchestrated large-scale security audits with external contractors.
- Developed information security policies and procedures.
0-5 years of experience
Responsible for the overall Information Security Program which is optimized to enable the business objectives while reducing risks and maintaining compliance.
- Developed standardized process for evaluating risks and remediating issues that exceed the risk tolerance of the company.
- Lead IT compliance efforts for all internal and external audits.
- Created and implemented Information Security policies, standards and guidelines.
- Defined governance models, processes and controls to acquire and sustain PCI compliance.
- Established and implemented an Incident Response and Threat and Vulnerability Management Programs.
- Enhanced the SDLC program to ensure security is integrated into projects from the beginning to the end of a systems life.
- Implemented automated account maintenance processes to gain efficiencies and reduce human errors.
- Developed and implemented security architecture standards for mobile POS applications that have been certified PCI compliant.
- Created a three year Information Security strategic roadmap which is aligned to business objectives and strongly focused on reducing risks and scope of future audits.
0-5 years of experience
- Initiated and led C&A cycles on select OCFO major financial systems and networks, as required to comply with Federal directives and standards (including FISMA, OMB, and NIST). Direct interface with Federal project officers and leadership.
- Employed the DOL “CSAM†toolset to create and manage all C&A records for systems.
- Led small team of on-site information security professionals, chosen as FISMA security team lead for contractor’s OCFO Federal ISO.
- Provided C&A processes and guidance to a Federal ISO (Information Security Officer), system developers, managers, and system administrators.
- Provided much guidance on solutions using the many NIST Special Publications, OMB guidance and memos, and a range of DOL OCIO directives, regulations, and guidance.
- Planned and guided contingency plan tests.
0-5 years of experience
Assist Enterprise Client with Development and Execution of Overall Information Security Program
- Oversee Security Operation Program Deliverables on Behalf of Enterprise Client’s Security
- Manage Enterprise Client’s Vulnerability and Threat Management Program
- Manage Delivery of Security Operations Center Intrusion Detection Monitoring/Reporting Services
- Coordinate Client Encryption and Certificate Management Services
- Coordinate Malware Avoidance, Detection and Elimination Services for Enterprise Servers and Workstations
- Perform Security Assessment and Remediation Consulting Services
- Coordinate Security Incident Response Activities including Detection, Containment, Eradication and Recovery
0-5 years of experience
Direct supervision of three FTE’s – Security Analyst and Disaster Recovery positions
- Technical Manager for the HIPAA Security Rule compliance efforts for the agency
- Served as the designated HIPAA Security Officer for the agency
- Developed a risk management profiling process to assess and analyze security risk
- Directed the Information Security Awareness program to educate agency users
- Developed agency Information Security policies and procedures
- Security Audit response and remediation management
- Directed the vulnerability assessment and incident response programs
- Led the agency Patch Vulnerability Group (PVG)
- Served as Chief Technical Officer for agency for five-month period
0-5 years of experience
Scheduled meetings with Stakeholders, Board of Directors and Senior Management for Information Security plan creation, Compliance alignment, mapping and IT controls assessments strategy.
- Responsible for submitting status reports of policy approval process and on audits done to the Audit Committee.
- Implemented innovative structured policy guide rules based on compliance directives for review where necessary and recommended written revisions to the internal audit guidelines and policy and controls protocols.
- Ensured compliance with PCI DSS v2 standards, SOX, FFEIC, ITIL, ISO 27002, Basel II and SAS70 transition
- Coordinated build schedules and code releases with Project Leads, Development Managers, and Change Managers.
- Utilized open and industry standard tools for penetration testing (IBM Rational AppScan, Web Inspect, Typhon III, WebGoat, and WebScarab) to cover the following objectives:
- Cross-Site Scripting (XSS) – (Session hijack, Track user activities, Browser exploitation).
- Injection Flaws – (SQL injection, XPath injection, LDAP injection, SSI injection).
- Malicious File execution, cyber breach security.
0-5 years of experience
Developed and interpreted organizational goals, policies, and procedures.
- Developed computer information resources, providing for data security and control, strategic computing, and disaster recovery.
- Consulted with users, management, vendors, and technicians to assess computing needs and system requirements.
- Met with department heads, managers, supervisors, vendors, and others, to solicit cooperation and resolve problems.
- Scheduled vulnerability assessment, scanning, and patching of all networked company computers.
- Evaluated data processing proposals to assess project feasibility and requirements.
- Stayed abreast of advances in technology.
- Authorized purchases relating to the information systems and security of the company’s network.
- Developed and conducted information awareness training for the employees and upper level management.
0-5 years of experience
Responsible for Enterprise Information Security Architecture, Risk Management and Compliance by performing gap analysis, understanding business issues and concerns, determining business and security requirements, designing architecture and applying Information Security Technologies to mitigate risk and ensure compliance.
- Provide Information Security Expertise and Risk Assessment and Consulting for internal projects.
- Periodically review Information Security Metrics and ensure compliance as well as assist with related Risk Mitigation efforts.
- Work closely with internal and external audit towards regulatory requirements and compliance objectives.
- Play a key role in end-user awareness, education and communications.
- Led Enterprise Identity and Access Management, workflow and provisioning efforts.
- Implemented Role Based Access Control Model for Enterprise Asset Management system.
- Integrated security lifecycle with RUP project management methodology.
- Evaluated Enterprise Security Products for encryption, theft prevention, secure messaging, privacy data monitoring, intrusion detection and led implementation efforts.
0-5 years of experience
Developed online marketing, promotional and other communications materials through direct collaboration with all levels of executive management. Designed and maintained company’s internal and external websites, leveraging proficiency in HTML, CSS, Javascript, and other web technologies. Provided creative direction for print and online marketing materials, and led launch of website under new brand. Conducted project management of development resources for website back-end programming. Utilized Adobe Creative Suite, PowerPoint, 3D modeling and animation, and other audiovisual applications. Aligned sites with web design and security best practices following company’s purchase.
- Refactored code for all web sites to use more fluid design and build in branding standards of parent company.
- Converted websites previously built on outmoded web design principles to lightweight, minimal code, CSS-driven sites.
- Negotiated with domain registrant to release domain name to company in exchange for non-enforcement of organizational rights as trademark-holder.
0-5 years of experience
- Built the OpenMarket Security Program from the ground up. Developed Risk Management process that included Risk Management program definition and KPI’s, Risk Assessment Methodology, Risk Assessment procedures and schedules as well as reporting and non-conformity templates.
- Established a repeatable vulnerability management program, a security architecture and operational security assessment program as well as legal and regulatory governance program to establish and maintain customer confidence in managed service security.
- Managed the ISO/IEC 27001 certification of the Information Security Management Program, managed the compliance to the PCI-DSS and Safe Harbor regulatory requirements and provided architectural and operational guidance for the security of mobile and location information.
- Worked with developers and services teams to build a PCI-DSS compliant credit card tokenization environment for mobile payment processing. Successfully reduced the compliance scope and operational security cost of mobile credit card payment processing within OpenMarket managed services.
0-5 years of experience
Supervised the installation and build out of the information security systems. Designed and had certified the open storage area for the information system.
- Built the units new account and successfully transferred over 400 items from nine different states with the value of 4 million dollars.
- Successful transfer over the account and all equipment with the new Manager.
- Trained my replacement and assist whenever needed. Act as a reference manual for her to ensure she is able to complete the tasks at hand.
0-5 years of experience
Manage security strategy, risk management, and awareness enterprise-wide
- Vendor management owner. Conduct audits based on vendor risk. Work with business leaders in providing timely responses for risk level classification
- Coordinate with IT and business units in testing Business Continuity (BCP), Disaster Recovery (DR), Data Loss Prevention (DLP) and Crisis Management programs
- Establish Risk Management parameters and Business Impact Analysis (BIA). Work with IT Operations in ensuring infrastructure meets the goals for system recovery based on risk and tiered analysis of the BIA
- Manage and support internal and external security compliance regulations and initiatives (HIPAA, ISO 27001, and Governance)
- Ensure applicable controls address standards in order to comply with regulatory requirements
- Participate and provide input to IT design and software code reviews
6-10 years of experience
Conduct cyber security awareness campaigns for utilities (outreach to 1000+ agencies). Relay customer needs to software/hardware producers.
- Create marketing messaging to gain mindshare, to educate, and to obtain qualified leads targeted to end users (prospects and current customers), system integrators, and partners (i.e., DHS, AWWA). Developed messaging for industry events, and lead generation campaigns; developed newsletters and websites.
- Develop and enforce policies, manage security technology (intrusion prevention, content filtering, VPN, endpoint security, mobile/wireless, cloud, identity management), and conduct outreach staff for new cyber security policies that address non-repudiation, password management, asset management, and change control processes for ITIL, NIST 800-82 and 800-53, PCI and ISO 27001 compliance.
- Mitigate SCADA and Business network vulnerabilities associated with laptops, social engineering, physical security, network access controls, firewalls, and applications. Manage external penetration tests and conduct internal assessments (CS2SAT, ISO 27001), PeopleSoft financial and human resources modules.
- Oversee software solution development for business units, including CRM dashboards, heat maps, web viewers, field operations and synthesize customer requirements into new solutions.
6-10 years of experience
Accountable for the creation, implementation, and daily administration of the Corporate Information Security Program.
- Managed a Staff of 5 Information Security Professionals including their Development Plans and Annual Performance Appraisals
- Accountable for the architecture, design, and implementation of a centralized Corporate ID Provisioning Department to assist with company efforts to meet SOX, GLBA, and PCI regulatory requirements. Program included converting 7000+ existing user ID’s
- Designed and implemented an Enterprise Violation Monitoring Program to ensure company compliance with Information Security Policies and Regulatory Compliance. Program encompassed 800 Windows Servers, 100+ Unix Servers, and 2 Mainframe Systems
- Implemented an Automated Compliance Scanning Program to ensure Windows and Unix systems were conforming with Information Security Policy Requirements and to ensure Operating Systems were up to date with Patches and Hot Fixes
- Member of Enterprise IT Architecture Team. Responsibility encompassed ensuring changes/additions to current environment remained secure and did not introduce vulnerability or compliance related issues
- Consulted with Business Unit Leaders to provide assistance and education with regulatory remediation efforts. Utilized information to drive consistency in resolution approaches across individually managed Business Units
- Managed Intrusion Detection and Prevention Systems. Partnered with Enterprise Communication Managers to develop Company Wide Incident Response Procedures
- Implemented SPAM and Antivirus Scanning Capabilities at company SMTP Gateways
- Created Enterprise Antivirus Program including the implementation of a Centralized Antivirus Management System to ensure maximum protection of all devices running Antivirus Software
- Designed and implemented company Centralized Web Filtering and Reporting Program
0-5 years of experience
Control all access to Smart Plant Foundation for [company name] and BP employees and suppliers to ensure all vendor documentation/drawings are routed correctly.
- Grant/remove access to [company name] critical project data via SharePoint administration.
- Maintain PAM (Partnership Access Management) accounts for BP employees/vendors to enable access to [company name] systems.
- Track access to all BP data systems to maintain system integrity when personnel join or leave various BP projects.
- Coordinate with [company name] and BP upper management to ensure all IT hardware and software requirements are met effectively and efficiently.
- IT Site Manager at [company name] Energy Center facility.
- Responsible for patching network ports in the IDF rooms to ensure network connection availability at all workstations.
- Maintained Voice over IP Cisco telephony system.
6-10 years of experience
- Lead and provided strategic direction, ranging from planning and budgeting to motivational and promotional activities championing the value of information security.
- Lead the design, implementation, operation, maintenance, and audit of the Information Security Management System based on the ISO/IEC 27000 series, NERC CIP, and Smart Grid regulatory standards.
- Provided internal management consultancy advice and practical assistance on information security risk and control matters throughout the organization.
- Designed and operated compliance monitoring and improvement activities to ensure compliance both with internal security policies, SOX, Business Continuity, and applicable laws and regulations.
- Developed and provided security and privacy awareness training to the organization.
- Acted as Liaison with and offered strategic direction to related governance functions (Physical Security/Facilities, IT, HR, Legal and Compliance) plus management throughout the organization as necessary, on information security matters such as routine security activities plus emerging security risks and control technologies.
6-10 years of experience
Audit of company business processes and IT operations, providing recommendations for remediation of deficiencies and process improvements
- Assist senior management in the development, implementation, and maintenance of new department and company procedures
- Validate Sarbanes-Oxley compliance assurance through self-assessment and testing
- Identify/assess business processes and internal control and IT risks and design appropriate audit procedures, plans, execute and wrap up infrastructure and security projects.
- Develop and Maintain information security policies, procedures, and control techniques to address system security planning. Also, manage the identification, implementation, and assessment of common security controls.
- Project managed a security assessment to define a road map for the development of a Security program to meet ISO 27002 security best practices. Provide guidance on developing security controls and policies as defined by ISO 27002 standards. Conducted product evaluation, selection and implementation for security projects including security awareness training, encryption, vulnerability management,
- Conduct security reviews for applications and new third party vendors to ensure they are using security best-practices.
0-5 years of experience
Establish enterprise information security vision and overall strategy
- Create and maintain information security policies and procedures
- Effectively collaborate with internal IT groups – Infrastructure, Networks, Applications
- Cultivate relationships with security product and services providers
- Promote the value of security to senior management and IT staff
- Coordinate with and assist Internal Audit functions
- Manage and train security analysts
- Saved nearly $500,000 while providing increased functionality by re-architecting the SIEM
- Developed numerous information security policies and procedures based on ISO 27K
- Implemented risk assessment methodology
- Began molding IT thinking processes to be more security-centric
0-5 years of experience
Responsible for the maintenance and expansion of organization’s ISO 9001:2008 and ISO 27001:2005 certifications across all facilities and operations
- Currently managing the creation and expansion of a Business Continuity Management System throughout our global organization, using ISO 22301:2012 standard.
- Developed and supervised global implementation of medical device-specific processes for translation production to ensure HIPAA, FDA, EU and MERCOSUR compliance related to ISO 13485 and ISO 14971 certification.
- Supervise the maintenance and improvement of the Quality Management System (QMS) and Information Security Management System (ISMS) within our organization’s Business Management System
- Created and delivered new hire and re-certification training for Information Security awareness across global organization as part of ISO 27001:2005 certification
- IRCA-certified Lead Auditor for ISO 27001:2005 and PECB-certified Lead Implementer for ISO 22301:2012 – I manage a cross-functional team of internal auditors for both ISO 9001:2008 and ISO 27001:2005 standards. I have led the successful re-certification of our organization for both certifications in 2012
0-5 years of experience
Create policies, Member of ERM, conduct Risk Analysis, work with Audit and Compliance teams to ensure external auditor’s requests are met and deficiencies mitigated.
- Evaluate new tools (MDM, Trusted access, RSA, Etc.)
- Work closely with IT and other teams to minimize risk in change control process.
- Perform internal and external network scans and track remediation activities.
0-5 years of experience
Implement an Application Security Program to include secure SDLC processes
- Implement an enterprise wide GRC tool
- Perform a PCI DSS v3 gap assessment against the enterprise
- Perform Incident Management/Handling duties
0-5 years of experience
developed and implement methods for management and control of access to 360Networks Information Technology assets and proprietary company information.
- Provided in-depth technical assistance and guidance relating to the design and implementation of security, controls and disaster recovery/fail over for networks, distributed systems, telephony and operation system platforms.
- Responsible for the management, support, redundancy planning and monitoring of all the corporate IT security systems including firewalls, VPN, network monitoring, RSA SecureID and intrusion detection devices on ISS Real Secure and Etrust platforms.
- Performed information security risk assessments and serve as an internal auditor for Information Security issues. Implement information security policies, business contingency planning and procedures for the organization.
0-5 years of experience
- Responsible for creation, implementation, and administration of the Information Security Program at MSM.
- Tasked with assessing security risks across academic, clinical, and research technology resources, encompassing information subject to Federal regulations including electronic Protected Health Information (ePHI).
- Responsible for communicating security principles via Security Awareness Training.
- Experience with balancing security requirements with established business workflows to determine controls that protect data while minimizing impact to data custodians and users.
0-5 years of experience
Manage an Information Security team of a Business Continuity Planner, Vendor Risk Manager, Information Security Assurance Engineer, Information Security Team Lead and Information Security Support Specialists
- Manage servers and appliances for security related technology including Websense web proxy and content filtering, Dell SecureWorks Inspector log management system, Dell SecureWorks iSensor IPS / IDS, TrustWave Vulnerability Management system, MobileIron Mobile Device Management system, Symantec Control Compliance Suite, EnCase forensic investigation system, Quantivate Enterprise Risk Management system
- Monitor and evaluate the effectiveness of the Corporate Information Security Program (CISP) and develop and implement policies and procedures related to the CISP
- Oversee the SOX Information Technology implementation and auditing, including identifying and documenting all controls, determining the key controls and auditing the key controls for effectiveness
- Oversee the GLBA information security risk management program. This would include risk assessments for business applications, technical infrastructure, service providers and business processes
- Serve as a member of the Bank’s internal Incident Response Team (IRT), IT Steering Committee and Operational Risk Management Committee
- Develop, maintain and test an actionable enterprise wide business continuity and resumption plan
- Manage the enterprise wide Vendor Management Program and server as the Enterprise Vendor Manager
0-5 years of experience
- Provide Support to the Chief Information Security Officer and Corporate Compliance Officer in overseeing the development and implementation of the Health Insurance Portability and Accountability Act (“HIPAA”) compliance Plan while meeting all JAHCO standards.
- As the Information Security Manager, serve an intricate team member for HIPAA investigative matters, while monitoring appropriate access of health records.
- Serve as the lead in breach response, mitigation and identity protection.
- Additionally, provide Project Management support for security risk analysis and risk assessment by managing all ongoing activities related to the development, implementation, and adherence to security, privacy policies and procedures.
- Reviews all system-related information security plans throughout the organization’s network to ensure alignment between security and privacy practices, and acts as a liaison to the information systems department.
- Provides expertise for applying HIPAA standards with new IT software including Electronic Medical Records (EMR) for all hospitals and employed physician clinics.
0-5 years of experience
- Peered to CISO of a global financial organization to provide reporting on current information security services being provided, consultation concerning the organizations information security program, and act as an escalation point to help drive resolution to issues encountered.
- Provide oversight and direction of multiple global InfoSec teams providing services of security program administration, security architecture, threat and vulnerability management, system and network security, account administration, incident response, and compliance
- Provide management of 4 director reports, Security Architect, Vulnerability Program Manager, Quality and Standards Expert, and a personal Security Generalist
- Ensure delivery of services is in compliance with SLO’s and SLA’s as set by contractual obligations and statements of work
- Presentation to senior leadership and executives during monthly and quarterly board meetings covering the status of the organization’s information security program and performance of the services provided.
0-5 years of experience
- Manager of the Information Security Group responsible for the supervision of Information Security personnel, performance evaluations, budgeting, and staff development through effective objectives setting, delegation, and communication.
- Establish and maintain network security policies, standards and processes making use of defined industry standards (e.g. NIST, COBIT). Provide ongoing management of Information Security practices, specifications, and architecture design facilitating continuous organizational improvement while providing maximum network efficiency and security.
- Lead and oversee information security audits to identify potential threats, vulnerabilities, and associative risk, while recommending information security controls to mitigate and/or remediate risks to an acceptable level.
- Lead incident prevention, detection, analysis, containment, and eradication activities. This includes the development of detection rules and profiles, monitoring events, responding to incidents, conducting forensic investigations, and reporting findings.
- Provide leadership and oversight for the sustainment of IT security infrastructure systems, including but not limited to Check Point firewalls, RSA SecurID, Varonis, EiQ SecureVue SIEM, and Snort intrusion detection systems.
- Continuously improve upon relationships with other teams, partnering to balance functionality, ease of use, and security for IT related projects.
- Manage Information Security projects including writing requirements, managing the procurement process, installation and configuration of the solution, and overseeing the project lifecycle.
Data Systems Administration Cover Letter Examples
Rate This Article
[Information Security Manager]
Last edited by: Gabriela Barcenas, CPRW, Content Writer II -
Gabriela Barcenas
CPRW, Content Writer IIGabriela is a Certified Professional Resume Writer (CPRW) and career adviser. With 10 years of digital media experience and five years of resume writing expertise, her publication history includes fashion, education, travel, social justice, equitable design and career advice.
