Christopher Brooks
Details
Northwell Health
Lead Operations Analyst - Risk Management
2016 :
Northwell Health
Senior Information Security Specialist
• Subject matter expert in the areas of information security, threats defense and security monitoring
• Coordinate external and 3rd party IT risk assessments, cyber security questionnaires, and security self-assessments
• Evaluate processes and suggest improvements and efficiencies to the organization (e.g. automation, streamlining, etc.)
• Develop and implement processes and metrics in the areas of security monitoring and incident management
a. Perform security monitoring of targeted systems and applications
b. Ensure targeted systems and applications feed into the logging and monitoring systems
c. Develop and implement process for managing privileged user accounts
• Analyze security reports, develop measures and indicators for tracking and reporting purposes
• Perform Security Classifications and Risk Assessments as needed
• Measure security performance through metrics; generate reports and provide feedback to management and business owners
• Lead the vulnerability management remediation efforts, coordinating with system administrators and IT staff to ensure they are engaged in the process; track remediation efforts to completion, reporting status against deadlines and escalating as required
2014 : 2016
GS-OS Security North America
Senior Information Security Specialist
Security Operations, Strategy / Project Management - Team Lead.
• Design and implement security administration strategy and manage projects for the IT Controls Group.
• Created Strategic Roadmap addressing key global and local account and password management challenges facing ING’s IT environment.
• Successful implementation of roles-based security approach for Windows File Share access.
• Project Manager for Cyber-Ark implementation and upgrades.
• CMMI process certification training.
• Conduct Process & Product Quality Assurance (PPQA) reviews.
• Coordinate and Remediate any findings related to IT Audit and SOX reviews.
• User workflow provisioning design.
• Respond and take action to counter audit points assigned to the IT Controls Group along with IRM, Compliance, and SOX related issues.
• Developed procedures for management of all privileged & non-personal accounts, including monthly baselining of accounts, & automation of password changes and storage of passwords in CyberArk vault to ensure confidentiality and integrity of accounts.
• Designed & implemented enhanced entitlement review process for all systems & applications utilized by ING New York users.
• Designed and implemented dormant account monthly cleanup process for all applications utilized by ING New York users.
• Designed and implemented process for review of all users with local administrative rights.
• Provide security-related support for key financial applications.
• Launched IT Controls Library & provided template for online storage of all IT Controls procedures & documentation.
• Develop policies & procedures for processes that involve the Security Operations team.
• Monitor security logs from numerous platforms & applications, which include RSA / Citrix Remote access, Windows Systems, Unix, Databases (SQL, Oracle, Sybase) and produce reports using NetIQ and DBProtect software.
• Train and mentor members of the Security Adminstration team on security products, technologies, and methodologies.
2006 : 2014
ING Financial Services LLC
IT Controls Group
• Team Lead on the ABN Amro, Inc account
• Responsible for staffing, training, scheduling, yearly reviews and daily over seeing of EDS Information Security Team at ABN Amro
• Assisted with the Transition from ABN Amro to EDS as far as the Procedures and requirements with in the Contract
• Architected and implemented solid Information Security systems, policies and procedures and controls across multiple environment and infrastructures.
• Recommend new security technologies, processes and methodologies and assist in budget preparation for these technologies
• Perform and manage vulnerability and risk assessments
• Frontline person for Sarbanes Oxley (SOX) Audit within Information Security
• Handling all quarterly and yearly Audit reviews and requirements with Internal, external and Federal Auditors
• Coordinated the SAS70 Audit work load between ABN Amro and EDS Information Security
• Confirmed requirements with senior management and advised on security related issues.
• Planned and evaluated enhancements or changes to security environment
• Documented and investigated all suspected violations of policies and procedures.
• Collaborated with the Swift systems support team on securing the Swift Alliance access environment
• Working with South American clients on a secure Bank money transfer system.
• Administering RSA/SecurID ACE Server, including : adding, deleting and modifying user access.
• Coordinate access requests with various provisioning departments.
• Successfully responsible for the Decommission of the Merva System and rolling out 1600 user’s to the Swift SAA system.
2003 : 2006
EDS Group
Security Administration Manager
About
Technically sophisticated Professional with demonstrated expertise in all phases of information security, including identity and access management and user provisioning on a global scale. Experienced with network security issues, including security strategy, architecture, firewalls, and operational services. Diverse background consisting of positions encompassing the creation of innovative, technologically advanced security solutions for Fortune 500 companies. Expert analyst, able to identify security issues and quickly apply effective resolutions, as well as establish and implement backup and recovery plans. Strong leadership skills, providing guidance to senior management in the field and at corporate levels. Expertise with financial transaction-based systems, IT audit, compliance, and global reporting issues. Solid interpersonal skills with end-users, vendors and client executives. Track record of contributions to standardized controls, automation tools.
• Excellent communications skills, with the ability to build and maintain relationships with upper level executives, leaders, managers, and staff.
• Expert organizational skills that include the ability to successfully manage complex projects and rapidly evolving requirements.
• Proficiency in rapidly learning new skills and applying the knowledge to improve the security environment.
• Staff Training & Supervision
• Vendor Sourcing & Evaluation
• Client Relationship Management
• Information Security Management
• Vulnerability and Patch Management
• Presentation Skills
• Team Leadership
• IT Audit
• SOX
Profile Photo
