Rafael Cruz, CISSP
Details
Computer Science
University of Puerto Rico -Bayamón Campus
2001
2022 : Present
Magic Leap
Information Security Manager (Governance, Risk and Compliance)
Implement processes, such as GRC (governance, risk and compliance), to continuously monitor information security controls, exceptions, risks, testing; develop reporting metrics, dashboards, and evidence artifacts.
2022 : 2022
Magic Leap
Lead Information Security Engineer
Provide technical security guidance and leadership with the design, installation, operation, service, and maintenance of a variety of information systems, identify security gaps, develop controls, determine functional and non-functional security requirements, and design solutions that meet business objectives while complying with security standards to achieve Security-by-Design principles based on the needs of the business and organizational security requirements.
2021 : 2022
Magic Leap
Senior Information Security Engineer
Assisted in developing security standards and best practices for the institution, and recommended security enhancements to management, as needed. Also, developed strategies to respond to and recover from a security incident.
2020 : 2020
Miami Dade College
Lead Information Security Admin
Responsible for maintaining audit evidence and artifacts pertaining to IT SecOps to demonstrate compliance as requested by the IT Security and Risk Division. Our unit created processes to ease the recurrent collection and verification of audit evidence with the implementation of semi- and fully- automated methods.
2019 : 2020
R1 RCM
Manager, Global Security Audit and Automation
Skills
Business Strategy, CEH, Cisco Technologies, COBIT, Computer Hardware, Computer Security, Cybersecurity, Encryption, Endpoint Security, FISMA, Hardening, Hardware, HIPAA, Incident Handling, Information Security, Information Security Governance, Information Security Management, Information Technology, Infrastructure Security, Internet Security, Intrusion Detection, IPS, ISO 27001, IT Audit, Log Management, Metasploit, Network Forensics, Networking, Network Security, NIST, Nmap, PCI DSS, Penetration Testing, PKI, Qualys, Risk Assessment, Risk Management, Security, Security , Security Incident Response, Strategic Planning, System Administration, TCP/IP, Threat , Threat & Vulnerability Management, VMware, Vulnerability Assessment, Vulnerability Management, Web Application Security, Wireless Security
About
High-caliber, self-motivated, goal-oriented and analytical Cyber Security Professional with 19-years’ experience in financial, health, insurance, telecommunications and non-profit industries.
* Solid knowledge of information security principles and best practices.
* Vast knowledge in Information Security Management, IT and IS Risk Assessment, IT Governance, IT Security Compliance, Business Continuity, Disaster Recovery, Physical Security, GLBA, FISMA, FFIEC Standards, NIST 800-53, ISO 27001/27002, SOX, HIPAA/HITECH, HITRUST, SSAE18/SOC 1 & 2, and PCI.
* Solid technical troubleshooting skills. Implemented necessary IT/IS controls.
* Knowledgeable in IT architecture, software and hardware acquisitions; ensuring security and integrity of corporate data.
* Able to interact and work in a team environment. Interface with non-technical cross-functional business teams in determining IT/IS approach.
* Proven leadership skills involving managing, developing and motivating teams to achieve their objectives.
* Outstanding organizational, follow-up and problem solving skills.
* Speak and write English and Spanish.
Specialties: IT and IS Auditing, Vulnerability Management, IT Governance, Information Security (IS) Compliance, Intrusion Detection and Prevention Systems (IDS/IPS), Data Loss Prevention (DLP), Internet and Email Security, Information Security Awareness and Training
Profile Photo
