A dedicated Information Security Professional with 16 years of experience in; local and network systems design, access administration, risk analysis, project development, training, and maintaining data privacy and security. Known to be a detail-oriented and flexible technology leader, and has the ability to work efficiently and effectively in diverse environments. Recognized as a self-motivated professional that is able to prioritize workload tasks to meet critical deadlines.
Technical expertise includes:
AD / Novell / UNIX PCI / HIPAA Encryption Risk Management
NIST / COBIT / ISO Vulnerability Management Network / Web Security Access Provisioning / Auditing
Identity Access Management
Managed the implementation of an automated access management resulting in reduced manual work.
Created security standards for current operating systems and key applications resulting in reduced risk profile.
12/2010 to Current
Information Security ManagerHENNEPIN COUNTY MEDICAL CENTER － Minneapolis, MN
Design and manage the Information Security operations program including user access management, access review and investigations, information security architecture, policies and procedures.
Encryption methods, levels and protocols.
Network, Firewall and Internet rule set configuration and review.
Email and file transfer processes and procedures.
Web-based application security.
Remote access and VPN solutions, protocols, and controls.
IS System activity or unauthorized access.
Server, desktop and mobile device configuration standards and reviews.
Change Management to assure that security controls are enabled and that unusual activity is recorded, investigated, and mediated.
Patient and business databases with Protected Health Information, to ensure that security controls are enabled and that unusual activity is recorded, investigated, and remediated.
Software application security to assure that security controls are enabled and that unusual activity is recorded, investigated, and remediated.
Business continuity and disaster recovery plans/processes, including an evaluation of standards for disaster recovery and back up processes and make recommendations.
Develop and maintain tactical and strategic plans for the continued development of an information security program and architecture within HCMC.
Establish and maintain successful working relationships with internal and external audit teams regarding annual organizational and focused audits.
Facilitates the closing of audit gaps related to access control by managing resources to remediate the gap or understand and find mitigating controls.
Support business resource owners in developing relevant security access policies and establishing mechanisms to enforce them.
Assist and advise HCMC during security investigations as a lead member of the Cyber Incident Response Team (CIRT).
Assist and advise the Technical Review Committee on the security requirement for all new and upgraded technologies brought into HCMC.
01/2007 to 12/2010
Information Security Engineer/AnalystPRIME THERAPEUTICS LLC － Eagan, MN
Ensured data privacy and compliance with PCI, HIPAA, State, and Federal regulations through enforcement of Security best practices and standards.
Performed risk assessments and remediation based on NIST standards for various network architectures.
Performed annual review of security access and developed an automated approval/rejection process.
Processed statistics and created monthly metrics and security status summaries for executive, managerial, and technical level reports.
Detailed areas of focus include; Risk posture, Administration, Security Incident Response Team (SIRT), and Security Architecture.
Designed and implemented a Network and Host based Intrusion Prevention / Intrusion Detection system.
Performed duties as primary contact and liaison to a Managed Security Services Provider (MSSP).
Performed as a subject matter expert (SME) on multiple new client acquisitions for information security architecture and administration.
Created, reviewed and maintained all information security policies, procedures and standards.
Including document version retention and archiving.
06/2006 to 01/2007
Data Security AnalystUNITED HEALTH GROUP － Plymouth, MN
Administered and monitored Microsoft network access for United Health Group's 63,000 employees.
Security policy education and enforcement, file and print access, and email administration.
Successful integration of newly acquired businesses into the United Health Group's network.
Including gap analysis of existing application configurations and integration into existing systems.
Produced documentation for access administration procedures to applications in a variety of operating systems including UNIX, Oracle, SQL, Windows, RACF, VMS, and Web Portals.
01/2002 to 01/2006
Data Security AdministratorALLINA HEALTH SYSTEM － Minneapolis, MN
Administered and monitored Novell & Microsoft network access for Allina Health System's 23,000 employees.
Including application delivery, file and print access, and email administration.
Active member of the Computer Security Incident Response Team (CSIRT).
Responsible for rapid response to any potential danger to the network integrity including virus outbreaks, power outages / natural disasters, and hackers.
Responsible for investigations involving network recourse abuse by employees.
Requiring skills in collection of data from Blue Coat web monitoring, email records, network and local files, application logs, and physical security videos.
Trained help desk personnel and general employees on proper data security procedures and practices through a security awareness program.
Including how to select effective passwords and understanding laws and regulations regarding data confidentiality.
Executed a risk assessment of more then 50 applications with focus on the requirements of the Health Insurance Portability and Accountability Act (HIPAA) of 1996.
Assessing the current status of each system and producing a project plan to meet federal requirements.
Worked with a team to develop an automated provisioning system granting basic access to all new employees.
Developed a role based model for application design teams to integrate into each system allowing for administrators to grant more accurate and reliable access rights.
Assisted with Disaster Recovery (DR) and Business Continuity Plan (BCP) development and implementation on an application level as well as the network level.
Education and Training
Bachelor of Science: Computer Information TechnologySouthern New Hampshire University － Manchester, New Hampshire, USA
Computer Information Systems Security Professional (CISSP)
Minnesota Chapter of Information Systems Security Association (MN-ISSA)
HITRUST MN Special Interest Group (HITRUST MN SIG)
Healthcare Security Professional Interest Group (HSPIG)