Profiles search
Kevin Y.
IT Security Manager at Wyndham Destinations
Orlando, FL, United States
Details
Experience:
2018 : Present
Wyndham Destinations
Manager, Risk and Compliance - Information Security
• Conducted and led internal PCI compliance assessments, gap analyses, and actionable recommendations for remediation for in-scope properties across all business units (hotels, rentals and resorts)
• Facilitated in external questionnaires to meet QSA and ROC requirements
• Collaborated in risk assessment reviews and processes following industry standards (such as ISO27005, NIST, SOX or PCI)
• Conducted vendor risk assessment activities on third parties as needed
• Developed and coded new functionality and maintains existing functionality for the RSA Archer eGRC (Governance, Risk and Compliance) program
• Coordinated with the Technical Manager to continue to enhance the eGRC program as it relates to specific business requirements. The environment consists of the Enterprise, Policy, Risk, Audit, Compliance, Threat, Vulnerability, Incident, Vendor Management, Facilities, and BCP modules
• Coordinated with the Technical Manager with end to end configuration of new and existing Archer applications, managing every aspect of the SDLC including : layout, workflow, reporting, notifications, questionnaires, access control, packaging, etc.
• Performed admin tasks, access control (Groups, Roles and record permissions configuration)
• Supervised all incidents raised to the Service Desk that affects Risk and Compliance team day-to-day support operations, ensuring proper handling and remediation are fulfilled within specified SLA
2015 : 2018
Wyndham Hotel Group
Risk & Compliance Analyst - Information Security
* Ensured authorized access by investigating improper access; revoking access; reporting violations; reviewing about 15 – 25 daily information requests.
* Performed vendor risk assessments on third party vendor relationships, privacy matters, risk remediation planning and tracking, and security project management.
* Monitored and performed detailed reviews of ongoing vendor management oversight and provided management information to appropriate stakeholder.
* Reviewed third party attestation regarding SOX controls and identify potential risks in vendor’s environment (Ex. Application security scans, Penetration Tests, SOC reports, ISO certifications).
* Collaborated with governance and administrative functions with Archer GRC Platform tool by identifying and implementing IT security procedures and processes, monitoring security risks and controls, building solutions and metrics and evaluating security controls.
* Established computer and physical security by developing standards, policies, and procedures; coordinating with risk management and compliance team.
* Worked with information security custodians (i.e., department managers, user community) at different levels in the organization to understand their respective security needs and assisted with implementing procedures following Information Security Policy.
2013 : 2015
Wyndham Hotel Group
IT Security Analyst - Information Security - Corporate Services
• Managed and participated in special projects; contributed to monthly IT Security online article related to information security issues, researched and developed a presentation for Case Custody Project regarding initiatives that demonstrate how cause-related marketing and Corporate Social Responsibility (CSR) impacts Wyndham Worldwide’s bottom line and ROI
• Enhanced security review process during software development; performed periodical audit to ensure compliance. Supported and updated a centralized repository of security controls aligned with corporate and regulatory requirements in the eGRC Archer tool
• Worked on a team within Wyndham Corporate Service, focusing on IT Security compliance processes and risk assessments, acted as the central point of contact and collaborated with other organization units within and outside the company in these matters.
2013 : 2013
Wyndham Hotel Group
Corporate Services Information Security - Risk & Compliance Intern
General
•Attended and participated in weekly staff meetings
•Assisted in the supervision of the residence hall, responding to all requests and emergencies during duty hours
•Developed positive and productive working relationships with all housing and residence life staff, and promoted a consistent, high level of performance at all times
•Maintained confidentiality with personal student and university information
Community Development
•Counseled residents regarding personal and academic concerns.
•Mediated roommate conflicts and community living issues
•Designed and implemented programming events to enhance the social, educational, community, and personal development of residents that connected them to the floor, living-learning community, and university
•Designed and constructed door decorations and residence hall decorations that coordinates with the overall residence hall theme prior each semester and monthly
•Conducted periodic floor meetings for the purpose of planning experiences, disseminating information, and explaining residence hall policies and procedures.
•Relate well to individuals of all ethnic, racial, cultural, and religious backgrounds, encouraging better understanding of cultural diversity
•Respond to all witnessed violations of Residence Life and University policies occurring within any university residence hall. Prepared and submitted the appropriate report to the Hall Director within 24 hours
Administrative
•Assisted as requested, in the handling of all emergency situations (e.g., fire, health, safety, weather threatening conditions)
•Assisted in the opening and closing of the residence halls, prior to the beginning of semester courses and time following the completion of semester
•Assisted with daily operational procedures : check-ins, check-outs, damage assessment, room changes, lock-outs, identifying and reporting maintenance and safety concerns, etc.
2013 : 2015
Fairleigh Dickinson University
Resident Assistant
Wyndham Destinations
Manager, Risk and Compliance - Information Security
• Conducted and led internal PCI compliance assessments, gap analyses, and actionable recommendations for remediation for in-scope properties across all business units (hotels, rentals and resorts)
• Facilitated in external questionnaires to meet QSA and ROC requirements
• Collaborated in risk assessment reviews and processes following industry standards (such as ISO27005, NIST, SOX or PCI)
• Conducted vendor risk assessment activities on third parties as needed
• Developed and coded new functionality and maintains existing functionality for the RSA Archer eGRC (Governance, Risk and Compliance) program
• Coordinated with the Technical Manager to continue to enhance the eGRC program as it relates to specific business requirements. The environment consists of the Enterprise, Policy, Risk, Audit, Compliance, Threat, Vulnerability, Incident, Vendor Management, Facilities, and BCP modules
• Coordinated with the Technical Manager with end to end configuration of new and existing Archer applications, managing every aspect of the SDLC including : layout, workflow, reporting, notifications, questionnaires, access control, packaging, etc.
• Performed admin tasks, access control (Groups, Roles and record permissions configuration)
• Supervised all incidents raised to the Service Desk that affects Risk and Compliance team day-to-day support operations, ensuring proper handling and remediation are fulfilled within specified SLA
2015 : 2018
Wyndham Hotel Group
Risk & Compliance Analyst - Information Security
* Ensured authorized access by investigating improper access; revoking access; reporting violations; reviewing about 15 – 25 daily information requests.
* Performed vendor risk assessments on third party vendor relationships, privacy matters, risk remediation planning and tracking, and security project management.
* Monitored and performed detailed reviews of ongoing vendor management oversight and provided management information to appropriate stakeholder.
* Reviewed third party attestation regarding SOX controls and identify potential risks in vendor’s environment (Ex. Application security scans, Penetration Tests, SOC reports, ISO certifications).
* Collaborated with governance and administrative functions with Archer GRC Platform tool by identifying and implementing IT security procedures and processes, monitoring security risks and controls, building solutions and metrics and evaluating security controls.
* Established computer and physical security by developing standards, policies, and procedures; coordinating with risk management and compliance team.
* Worked with information security custodians (i.e., department managers, user community) at different levels in the organization to understand their respective security needs and assisted with implementing procedures following Information Security Policy.
2013 : 2015
Wyndham Hotel Group
IT Security Analyst - Information Security - Corporate Services
• Managed and participated in special projects; contributed to monthly IT Security online article related to information security issues, researched and developed a presentation for Case Custody Project regarding initiatives that demonstrate how cause-related marketing and Corporate Social Responsibility (CSR) impacts Wyndham Worldwide’s bottom line and ROI
• Enhanced security review process during software development; performed periodical audit to ensure compliance. Supported and updated a centralized repository of security controls aligned with corporate and regulatory requirements in the eGRC Archer tool
• Worked on a team within Wyndham Corporate Service, focusing on IT Security compliance processes and risk assessments, acted as the central point of contact and collaborated with other organization units within and outside the company in these matters.
2013 : 2013
Wyndham Hotel Group
Corporate Services Information Security - Risk & Compliance Intern
General
•Attended and participated in weekly staff meetings
•Assisted in the supervision of the residence hall, responding to all requests and emergencies during duty hours
•Developed positive and productive working relationships with all housing and residence life staff, and promoted a consistent, high level of performance at all times
•Maintained confidentiality with personal student and university information
Community Development
•Counseled residents regarding personal and academic concerns.
•Mediated roommate conflicts and community living issues
•Designed and implemented programming events to enhance the social, educational, community, and personal development of residents that connected them to the floor, living-learning community, and university
•Designed and constructed door decorations and residence hall decorations that coordinates with the overall residence hall theme prior each semester and monthly
•Conducted periodic floor meetings for the purpose of planning experiences, disseminating information, and explaining residence hall policies and procedures.
•Relate well to individuals of all ethnic, racial, cultural, and religious backgrounds, encouraging better understanding of cultural diversity
•Respond to all witnessed violations of Residence Life and University policies occurring within any university residence hall. Prepared and submitted the appropriate report to the Hall Director within 24 hours
Administrative
•Assisted as requested, in the handling of all emergency situations (e.g., fire, health, safety, weather threatening conditions)
•Assisted in the opening and closing of the residence halls, prior to the beginning of semester courses and time following the completion of semester
•Assisted with daily operational procedures : check-ins, check-outs, damage assessment, room changes, lock-outs, identifying and reporting maintenance and safety concerns, etc.
2013 : 2015
Fairleigh Dickinson University
Resident Assistant
Company:
Wyndham Destinations
Spoken Language:
Spanish
About
It was with Wyndam Worldwide, the leader in the hospitality industry, that I developed a passion and understanding for IT security. My peers know me as a leader, role-model, organized, team-player and trust worthy individual. I’m always willing to learn new things and I adjust well to new environments. I look forward to learn new advancements in technology, especially concerning cyber security and top Info-Sec related issues. I enjoy researching and self educating about latest threats, vulnerabilities and security measures to protect an organization's computer networks and systems.
I currently support the Information Security group at Wyndham Destinations reporting to the Sr. Director of Risk & Compliance.
Profile Photo
