Information Security Bridgman, MI Information Security Professional Duration- 1 Year Type-Contract Rate – DOE Business-focused information security professional with a background in application development. Several years of extensive IT experience with concentration on information security compliance, investigation, and consulting. This blend of experience allows a unique understanding of business requirements, technological capabilities and limitations, and regulatory compliance needs. Specific areas of expertise include: Risk Assessment and Remediation Vulnerability Management Security Architecture and Consulting Incident Response Digital Forensics eDiscovery WORK EXPERIENCE Lead internal investigator for eDiscovery, forensic, and incident response activities Discreetly performed digital forensics and investigations supporting physical security, human resources, and law enforcement Carried out eDiscovery activities in support of litigation. Interviewed data custodians, gathered electronically stored information, and interfaced with external law firms. Conducted incident response on compromised systems. Determined root cause and implemented controls to prevent future issues Experience in security risk assessments of new projects and initiatives Evaluated cloud-based collaboration and productivity suite, balancing business and security requirements to ensure safeguards were in place to protect corporate data Collaborated with Enterprise Architecture and business representatives on mobile device management solution delivering a tool that satisfied security needs while enabling access to corporate applications and data on personal devices Assumed enterprise security architecture and security standards development role Operational security risk assessments Led penetration tests of internal and external systems. Presented findings along with associated risks and recommendations to management. Assessed information security risk of subsidiaries and third-parties Security tool selection and implementation management Selected and implemented vulnerability assessment and management tool. Established associated processes, reporting, and prioritization mechanisms. Implemented initial web content filtering solution and related procedures Evaluated and ultimately deployed numerous security testing tools Supported information security governance activities Performed SOX IT general controls testing globally for company’s business units Led the integration of managed security service for IDS management and security event monitoring, correlation, and alerting Contributed to PCI assessment and compliance efforts Developed security awareness materials and gave multiple presentations on information security topics Worked closely with network engineering and operating system teams to secure perimeter systems as well as internal-facing devices Prepared business-relevant information security metrics for leadership Rewrote and maintained company’s information security policies as part of a team effort with legal and human resources Provided technical and information security consultation and troubleshooting to projects and individuals Mentored several co-workers on information security SKILLS AND TOOLS EnCase Rapid7 NeXpose Unix/Linux Windows Mac OS X TCP/IP Metasploit nmap SQL Unix shell scripting C language IDS/IPS