Senior Information Security Professional Sample Resume Format in Word Free Download

Sample Template Example of Beautiful Excellent Professional Curriculum Vitae / Resume / CV Format with Career Objective, Job Description, Skills & Work Experience for Freshers & Experienced in Word / Doc / Pdf Free Download

Sarah Harding

309 N. 110^th Lane • Glendale, AZ 85001

602-330-9876 • sarah-harding@cox.net

SENIOR INFORMATION SECURITY PROFESSIONAL

A highly motivated, analytical, and results-oriented information security professional with 16 years experience in information technology and 12 years experience in information security and IT audit. Possesses excellent communication skills and can easily converse with all levels of management and technology staff.

This creative achiever holds a M.S. in Information Systems Management with a minor in Information Security as well as CISSP, CISA, and CISM certifications. Combined with broad business knowledge in areas such as IT, audit, accounting, purchasing, project management, and information security this quick learner is ready to hit the ground running and has proven experience designing, managing, securing, and auditing large, multi-site technology environments.

SKILLS SUMMARY

·         Information Security and IT Auditing

·         Business Continuity and Disaster Recovery Planning

·         Policy, Standard, and Procedure Development

·         Business Process Improvement

·         Information Systems Management

·         Enterprise Software Architecture

·         Enterprise Security Architecture

·         Vendor Selection and Management

·         Technology Evaluation

·         Small and Large Team Leadership

·         Staff Mentoring and Development

·         Network Security and Protocols

·         PCI-DSS Compliance

·         HIPAA and HITECH Compliance

·         State Privacy and Data Security Laws

·         Information Privacy

·         Project Management

·         Software Design and Programming

·         Advanced SQL Knowledge

·         Numerous Programming and Scripting Languages

PROFESSIONAL EXPERIENCE

Software Architect

Neustar, Tempe, AZ • September 2011 – Present

Neustar was originally founded in 1996 to meet the many technical and operational challenges that arose when the U.S. Government mandated local number portability. Today, they solve the world’s most complex global challenges through data insights and intelligence for the Internet, telecommunications, entertainment, advertising and marketing industries.

Responsibilities and Work

·         Research, design and implement security software solutions related to detecting DNS poisoning, malware infection, route hijacking, and spam using Python, C, and Bash programming.

·         Research, design and implement large data storage solutions using databases, NAS, and server clustering.

·         Research, design, and implement interfaces for third party solutions to consume data from our solution in formats such as JSON, XML, CEF, and CSV.

·         Analyze multiple data sets to report on potential threats to client networks and computing systems.

Security Operations Manager

Catholic Healthcare West, Phoenix, AZ • February 2010 – September 2011

Catholic Healthcare West (CHW) is a family of more than 60,000 caregivers and staff that deliver excellent care to diverse communities across Arizona, California, and Nevada. Founded in 1986 and headquartered in San Francisco, CHW is the fifth largest hospital provider in the nation and the largest hospital system in California.

Responsibilities and Work

·         Lead the Security Operations and Security Engineering teams that include 12 people.

·         Provide input to IT Director and VP levels to assist in setting strategy for security across the enterprise.

·         Manage incident response and coordinate activities related to high severity incidents in the environment.

·         Manage security risks in coordination with internal and external auditors, compliance, legal, and privacy groups.

·         Manage and coordinate security initiatives across 41 hospitals residing in California, Nevada, and Arizona.

·         Create and manage CHW's vulnerability management program to include malware remediation processes and employing continuous vulnerability scanning and remediation practices to reduce risk across approximately 50,000 IP devices.

·         Oversee management of security projects including log and event analysis and correlation, file and device encryption, X.509 certificates, data loss prevention, access control, endpoint protection, and network perimeter filtering.

·         Research security solutions for use across the enterprise.

·         Coordinate vendor relations to include gathering quotes and negotiating prices on behalf of CHW. Negotiations led to a significant decrease in expenditures for SSL certificates with an annual savings of $50,000 per year.

·         Provide security consultation to all hospitals and act as a subject matter expert in vendor contract negotiations to ensure systems meet CHW’s security, compliance, and privacy policies.

·         Update and create security policies, standards, procedures, and guidelines as necessary.

·         Mentor and train security staff in the use of technologies and scripting to automate mundane tasks.

·         Perform Manager on Duty tasks across the enterprise one to two times per month to be the first-line contact for all high severity items in the environment.

Sr. Security Engineer / Security Operations Team Lead

Catholic Healthcare West, Phoenix, AZ • September 2008 – February 2010

Responsibilities and Work

·         Promoted to Security Operations Team Lead within 5 months of joining CHW; assumed management of the Security Operations and Security Engineering teams that included 8 employees.

·         Assumed numerous Security Manager responsibilities after the position became vacant around June 2009 in order to ease the burden of the Security Director.

·         Assumed several Security Director responsibilities after the position became vacant around September 2009 in order to ease the burden of the V.P. of Infrastructure.

·         Negotiated approximately $2M worth of security solutions with various vendors.

·         Managed and coordinated security initiatives across 41 hospitals residing in California, Nevada, and Arizona.

·         Defined security controls for new and existing IT and bio-medical systems in accordance with established CHW security and compliance policies and HIPAA rules.

·         Designed network controls to provide access to external entities. Access provided using IPSEC VPN, SSL-based web access methods, and dial-up.

·         Provided security consultation to all hospitals and acted as subject matter expert in vendor contract negotiations to ensure systems met CHW’s security and compliance policies.

·         Performed security risk assessments on proposed solutions.

·         Managed SSL certificates across IIS, Apache, Tomcat, IBM WebSphere, and Java Key Store (JKS)

·         Managed the configuration and maintenance of ISA 2000, 2004, and 2006.

·         Conducted vulnerability analysis, vulnerability remediation, and penetration testing.

·         Streamlined security operations’ processes that resulted in more efficient use of employee time.

·         Wrote Perl scripts as necessary to automate security tasks such as data collection, filtering, and correlation.

Chief Technology Officer / Chief Information Security Officer

CWIE Holding Company, Tempe, AZ • November 2004 – July 2008

CWIE is the parent company of several Internet-based businesses with gross revenue exceeding $800M per year and over 350 employees. Business includes data center operations, credit card processing, digital rights management, and merchant account underwriting.

Responsibilities and Work

·         Lead a corporate security team of 6 security professionals that designed and implemented security solutions for desktop, server, network, physical, and applications; Planned and lead IT audits to ensure regulatory compliance and worked with external auditors on PCI and insurance audits.

·         Lead and acted as subject matter expert for a geographically-disperse, 47-member software development department that included software architecture, development, quality assurance, and testing; employees resided in the U.S. and in Malta.

·         Managed a combined capital and operating budget of approximately $7M for security and software engineering.

·         Acted as senior technical member for the Executive Planning Committee to ensure non-ambiguous communication of business needs to the technical and security teams; Analyzed business needs and how to solve them using technology while ensuring high levels of security.

·         Lead enterprise software and hardware architecture teams, network engineers, and system administrators to ensure correct system implementations within all data center locations; Ensured data center locations met power, cooling, security, and space needs; Researched and selected appropriate hardware and network devices.

·         Reduced Phoenix data center footprint by 60% through intelligent selection of racks and servers. Lead the re-design effort and interfaced with Level 3 engineers to redistribute power to new racks.

·         Established the company’s first information security program using ISO 17799, ISO 27001, PCI, and NIST documents as guidelines and templates.

·         Established the company's first Business Continuity and Disaster Recovery plan.

·         Developed technology and security strategy according to business needs and goals; Aligned security policies and standards to meet the needs of the business and ensure regulatory compliance with PCI.

·         Negotiated vendor contracts and managed relationships for all security and software engineering related activities.

·         Developed security awareness via monthly newsletters, weekly email snippets, and recurring training classes to ensure employees understood their role in organizational security.

Applications & Security Architect

CWIE Holding Company, Tempe, AZ • 2002 – November 2004

Responsibilities and Work

·         Lead and acted as subject matter expert for a 15-member software development department that included software architecture, development, quality assurance, and testing; employees resided in the U.S.

·         Acted as senior technical member for the Executive Planning Committee to ensure non-ambiguous communication of business needs to the technical and security teams; Analyzed business requirements and turned them into system and software specifications while ensuring a high degree of security.

·         Lead enterprise software and hardware architecture teams, network engineers, and system administrators to ensure correct system implementations within all data center locations; Ensured data center locations met power, cooling, security, and space needs; Researched and selected appropriate hardware and network devices.

·         Wrote database table parsers in C and Perl to determine database structures and automatically configure table permissions for various Perl scripts that ran within the credit card processing environment. This resulted in less work for System Administrators as the parsers automatically detected changes.

·         Maintained a secure environment to comply with PCI standards; Maintained broad knowledge of security frameworks, regulations, and laws.

·         Worked with external auditors to achieve PCI compliance each year; Ensured company policies and procedures were up to date and valid; Coordinated with various business units to conduct in-house audit of information systems prior to external auditor’s arrival.

·         Designed and implemented credit card processing systems including databases, software, network, and security.

·         Designed and implemented system and network level security including authentication, encryption, data access, VLANs, firewall selection and placement, and VPNs.

·         Lead proof of concept research to determine the best open source solutions for projects; Trained and mentored developers on the use of chosen technologies.

·         Performed network scans and lead remediation efforts found by the scans. This included open ports, data leakage, incorrectly configured servers, and weak encryption detection.

·         Mentored employees in software development, quality assurance, information security, and project management functions.

Other Roles Held at CWIE Holding Company

·         Security Software Engineer – 2000 to 2002

·         Software Engineer – 1998 to 2000

EDUCATION

Master Information Systems Management • Minor in Information Security

Keller Graduate School of Management, Phoenix, Arizona • 2006

Bachelor of Science Computer Information Systems

DeVry University, Phoenix, Arizona • 2004

CERTIFICATIONS

Certified Information Systems Security Professional (CISSP)

ISC²

Certified Information Security Manager (CISM)

Information Systems Audit and Control Association

Certified Information Systems Auditor (CISA)

Information Systems Audit and Control Association

NSTISSI 4011 – Information Systems Security Professional

University of Fairfax

CNSSI 4012 – Senior Systems Manager

University of Fairfax

Building, Leading & Sustaining the Innovative Organization

MIT Sloan School of Management, Boston, Massachusetts

Developing and Managing a Successful Technology and Product Strategy

MIT Sloan School of Management, Boston, Massachusetts

PROFESSIONAL ASSOCIATIONS

Information Systems Audit and Control Association (ISACA)

Information Systems Security Association (ISSA)

INTERFACE 2010 – Phoenix Advisory Council

PUBLICATIONS

Enhancing Terminal Output in Perl (2003). The Perl Journal.

Medical Device Risk Assessment (2010). University of Fairfax.

REFERENCES

Available on request.

Download Resume Format