Information Security Architect2019 - 2021Wells Fargo
Technologies: Web Security, Database Security, Identity & Access Management (IAM), Security Assessments, Policies & Procedures Compliance, Application Security, File Integrity, File Confidentiality, Single Sign-on (SSO), Multifactor Authentication
- Provided security assessment functions while identifying new and emerging security risks for high dollar payment applications (any transaction over $10 million per day and per user).
- Defined and assisted with security risk mitigation solutions for discovered security risks.
- Assisted with various security-related initiatives such as single sign-on (SSO), privileged access management (PAM), virtual desktop infrastructure (VDI), and multifactor authentication (MFA).
Application Security Architect2014 - 2019Wyndham Worldwide (now Travel + Leisure Co.)
Technologies: Application Security, Network Architecture Security, ISA, Information Security Architect, Third-party Security Assessments, Cloud Security Architecture, Security Architecture, Web Security, Database Security, API Gateways, Asset Security, Encryption, Session Handling, REST, PCI DSS, APIs, JSON, Architecture, Identity & Access Management (IAM), Virtual Desktop Infrastructure (VDI), Security Assessments, Session Management, Cloud Access Security Broker (CASB), Single Sign-on (SSO), Password Account Management, JSON Web Tokens (JWT)
- Built security development guidelines, including security-related checklists. Provided guidance regarding implementation and usage of static code analysis (SCA) tools.
- Provided security consulting input and interpretations of the PCI DSS requirements related to compliance and verification of processes.
- Assisted with various security initiatives that include RESTful API services, SOA, single sign-on (SSO) using Oracle SSO and Okta SSO solutions, and RFP for API security gateway selection.
- Provided leadership with identity management (IdM) requirements for access recertification solutions across multiple technologies to ensure regulatory compliance requirements were addressed adequately.
- Led efforts to define API security requirements that include federated authentication solutions (SAML assertions) and OAuth 2.0 authorization processes.
- Participated in vendor selection for privileged access management (PAM) solution CyberArk, the initial integration into our single sign-on (SSO) solution.
- Assisted with the selection of a cloud access security broker (CASB) product and implementation.
Senior Security and Compliance Specialist2011 - 2014The Walt Disney Company
Technologies: Application Security, Communication and Network Security, Database Security, Data Encryption, Asset Security, PCI DSS, RFID, WiFi Integration, SOA, Certified Information Systems Security Professional, Security Assessment
- Provided senior-level security services and guidance to the numerous business units, technology support groups, and leadership committees within the Walt Disney companies globally.
- Consulted regarding compliance issues and security needs, including PCI DSS, HIPAA, SOX, GLBA, ISO 17799, Safe Harbor, and other regulatory requirements.
- Provided senior security support and guidance for industry-setting technology (MagicBand) deployment of wireless RFID solutions and other wireless (ZigBee) and mobile device (iOS and Android) solutions.
- Defined and developed security processes and guidelines for mobile devices and mobile applications for internal and internet-facing scenarios.
- Provided expertise of PCI DSS to various Disney business units as they built relationships with external vendors that process credit card transactions as part of the delivery solution.
Senior Security Consultant (QSA)2007 - 2011Trustwave
Technologies: PCI DSS, Compliance Specialist, Information Security, Database Security, Mainframe Security, Distributed Systems, Credit Cards, Security Assessments
- Conducted Security assessment for PCI DSS, including clients like issuers, acquirers, payment gateways, service providers, merchants.
- Obtained and retained a Qualified Security Assessor (QSA) certification during the entire tenure with Trustwave.
- Provided ad-hoc consulting services for the various clients in assisting them with compliance issues and security needs, including HIPAA, SOX, GLBA, ISO 17799, FISMA, NIST, HITRUST, and other regulatory requirements.
- Developed and advised on new security measures or findings that contribute to the overall security requirements of the financial industry and other industries as a whole.
- Provided assistance to non-level one merchants in regards to self-assessment questionnaire (SAQ) interpretations, PCI DSS assessment requirements, compliance gap reporting, security controls, and various other security-related activities.