Marcos Romero

Cyber Security and Risk management leader

Orangeburg, NY, United States

Details

Education: Master of Science in Law

Cybersecurity

University of Maryland Francis King Carey School of Law

2019 : 2021

Master of Business Administration (MBA)

Management Information Systems, General

Shippensburg University of Pennsylvania

2012 : 2017

Graduate Certificate

Secure Network Systems Design

Stevens Institute of Technology

2010 : 2011

Master of Science

Telecommunications

Iona College

2006 : 2008

Bachelor of Science

Computer Science

Mount Saint Mary College

2001 : 2003

Experience: ● Implementing information security controls to protect the organization’s assets.

2018 : Present

Weill Cornell Medicine

Information Security Manager

● Lead the information security program.

2016 : 2018

DASNY (Dormitory Authority - State of New York )

Information Security Officer

● Performs information security risk assessments on applications moving to the AWS cloud architecture ensuring that the confidentiality, integrity, availability and accountability of the systems and information are in compliance with the internal security policies.

● Security lead for different projects that involve the evaluation of cloud-based systems. The migration from in-house systems to public cloud-based systems required a rigorous evaluation on how the cloud provider architecture is designed and how they manage the security of the data in transfer and at rest.

● Defines security goals and objectives for all the applications supported by the department. Make sure the architecture and applications comply with the internal corporate security policy.

● Systems engineer lead for projects that involve data transfer between Verizon and external vendors managing the implementation of processes, and tools to transfer information. These projects require an emphasis on security, encryption, integrity and availability of the data being transferred.

● Implementation of the plan to perform the Disaster recovery exercise for our applications.

● Project lead for the security access control to the different environments (development, test, and production) for the off-shore and on-shore teams.

● Development and support of the Web-based Identity Management application.

2005 : 2016

Verizon

Systems Engineer

• Development of HIPAA and SOX compliance applications for different departments (Enrollment, Actuary, Claims, COB and Finance) using T-SQL, Visual Basic .NET and MS-SQL. Development of automated reports such as business indicators for senior management.

• The main part of my daily job was to analyze, design and code the different types of requests to be able to create database applications that contain the right information, which will be used for statistical, decision-making, and tracking purposes.

• This position involved intensive interaction with users of different departments to gather the requirements to design and implement the different applications.

2004 : 2005

GHI

Data Analyst

• Installation, configuration and administration of servers, networking switches, routers, and PBX System of the WAN.

• Ensure the proper functioning and HIPAA compliance of all the systems in the different departments (ABRA/human resources system, ADP/payroll system, and Fund EZ/accounting system).

• Development of database applications such as Automobile Maintenance Control, and Fixed Asset Control using PL/SQL.

• Developed the web site using HTML, JavaScript, and Flash.

2002 : 2004

Maranatha Human Services

Systems Analyst / Network Specialist

Company: Weill Cornell Medicine

Years of Experience: 26

Spoken Language: English, Spanish

Skills

active directory, amazon web services (aws), application security, Blockchain, C++, cloud computing, cloud security, Cyberlaw, Cybersecurity, Cybersecurity Law, disaster recovery, endpoint security, identity management, iis, incident response, Information Security, information security awareness, it management, it risk management, it security policies & procedures, javascript, Linux, linux system administration, microsoft sql server, networking, network security, oracle, pl/sql, Privacy Compliance, Privacy Law, programming, project management, python, Risk Management, Security , security information and event management (siem), Shell Scripting, Smart Contracts, software development, SQL, sso, Strategic Leadership, u.s. health insurance portability and accountability act (hipaa), vulnerability management, windows server, databases, SDLC, Software Documentation, Troubleshooting, Visual Basic, Access, servers, unix shell scripting, wan, tcp/ip, Solaris, network administration, Red Hat Linux, apache, Systems Analysis, computer security, Database Design, System Deployment, Linux System, database administration, lan-wan, requirements analysis, c

About

Information Security professional with a passion to protect the confidentiality, integrity and availability of information and infrastructure assets by identifying risks and applying the right controls, processes, policies and procedures.