Information Security Architect
2019 - 2021Wells Fargo- Provided security assessment functions while identifying new and emerging security risks for high dollar payment applications (any transaction over $10 million per day and per user).
- Defined and assisted with security risk mitigation solutions for discovered security risks.
- Assisted with various security-related initiatives such as single sign-on (SSO), privileged access management (PAM), virtual desktop infrastructure (VDI), and multifactor authentication (MFA).
Technologies: Web Security, Database Security, Identity & Access Management (IAM), Security Assessments, Policies & Procedures Compliance, Application Security, File Integrity, File Confidentiality, Single Sign-on (SSO), Multifactor AuthenticationApplication Security Architect
2014 - 2019Wyndham Worldwide (now Travel + Leisure Co.)- Built security development guidelines, including security-related checklists. Provided guidance regarding implementation and usage of static code analysis (SCA) tools.
- Provided security consulting input and interpretations of the PCI DSS requirements related to compliance and verification of processes.
- Assisted with various security initiatives that include RESTful API services, SOA, single sign-on (SSO) using Oracle SSO and Okta SSO solutions, and RFP for API security gateway selection.
- Provided leadership with identity management (IdM) requirements for access recertification solutions across multiple technologies to ensure regulatory compliance requirements were addressed adequately.
- Led efforts to define API security requirements that include federated authentication solutions (SAML assertions) and OAuth 2.0 authorization processes.
- Participated in vendor selection for privileged access management (PAM) solution CyberArk, the initial integration into our single sign-on (SSO) solution.
- Assisted with the selection of a cloud access security broker (CASB) product and implementation.
Technologies: Application Security, Network Architecture Security, ISA, Information Security Architect, Third-party Security Assessments, Cloud Security Architecture, Security Architecture, Web Security, Database Security, API Gateways, Asset Security, Encryption, Session Handling, REST, PCI DSS, APIs, JSON, Architecture, Identity & Access Management (IAM), Virtual Desktop Infrastructure (VDI), Security Assessments, Session Management, Cloud Access Security Broker (CASB), Single Sign-on (SSO), Password Account Management, JSON Web Tokens (JWT)Senior Security and Compliance Specialist
2011 - 2014The Walt Disney Company- Provided senior-level security services and guidance to the numerous business units, technology support groups, and leadership committees within the Walt Disney companies globally.
- Consulted regarding compliance issues and security needs, including PCI DSS, HIPAA, SOX, GLBA, ISO 17799, Safe Harbor, and other regulatory requirements.
- Provided senior security support and guidance for industry-setting technology (MagicBand) deployment of wireless RFID solutions and other wireless (ZigBee) and mobile device (iOS and Android) solutions.
- Defined and developed security processes and guidelines for mobile devices and mobile applications for internal and internet-facing scenarios.
- Provided expertise of PCI DSS to various Disney business units as they built relationships with external vendors that process credit card transactions as part of the delivery solution.
Technologies: Application Security, Communication and Network Security, Database Security, Data Encryption, Asset Security, PCI DSS, RFID, WiFi Integration, Service-oriented Architecture (SOA), Certified Information Systems Security Professional, Security AssessmentSenior Security Consultant (QSA)
2007 - 2011Trustwave- Conducted Security assessment for PCI DSS, including clients like issuers, acquirers, payment gateways, service providers, merchants.
- Obtained and retained a Qualified Security Assessor (QSA) certification during the entire tenure with Trustwave.
- Provided ad-hoc consulting services for the various clients in assisting them with compliance issues and security needs, including HIPAA, SOX, GLBA, ISO 17799, FISMA, NIST, HITRUST, and other regulatory requirements.
- Developed and advised on new security measures or findings that contribute to the overall security requirements of the financial industry and other industries as a whole.
- Provided assistance to non-level one merchants in regards to self-assessment questionnaire (SAQ) interpretations, PCI DSS assessment requirements, compliance gap reporting, security controls, and various other security-related activities.
Technologies: PCI DSS, Compliance Specialist, Information Security, Database Security, Mainframe Security, Distributed Systems, Credit Cards, Security Assessments