Profiles search
William Ocasio Jr., CISM, CISA
Enjoying Life - Semi Retired
New York, NY, United States
Details
Experience:
Specializing in executing and managing Security Risk assessments of information and Information systems since 2009. Expertise includes evaluating the risks and controls related to the enterprise-wide applications and infrastructure. Possesses strong knowledge of Risk management, Third Party Risk assessments, IT Risk Frameworks, Application Security control assessments and regulatory requirements.
Responsible for performing end to end security risk assessments of information and information system to protect the confidentiality, integrity and availability of the organizations data.
Performs detailed information security assessments of information and information systems evaluating controls related to various aspects of the organization’s applications, third party and infrastructure. These consisted of an analysis of the inherent risk, existing controls, reviewed for vulnerabilities, and assisted in the implementation of remediation solutions. Security evaluations consisted of internal and external IT vulnerability assessment, privacy reviews, Active Directory evaluations, and Internet application security assessments.
Created, evaluated, and tested technical controls related to Sarbanes-Oxley and Gramm Lech Bliley compliance. This involved working with internal and external regulators to derive appropriate controls.
2014 : Present
Bank of Tokyo-Mitsubishi UFJ - MUFG Union Bank
Vice President - Enterprise Information Security
Responsible for conducing risk assessments for Third party vendors and projects introducing new technology or major upgrades to existing applications and/or infrastructure following the project lifecycle. Responsibilities include :
• Conduct vulnerability scans of OS and Databases
• Conduct compliance scans to ensure compliance with hardening standards
• Conduct Web Application scans and review results
• Conduct control effective testing for key controls
• Identification of control deficiencies and communicating to all stakeholders
• Provide recommendations to address key control deficiencies to stakeholders
• Evaluate management responses to ensure remediation tasks adequately address identified gaps
• Provide regular reporting of status for assigned project and Third party assessments
• Review Vendor BIT SIG, SSAE16 SOC 2 Type 2 report, Website controls, ISO 27001 certification, Pentest results, Onsite reviews, AUP, etc.
• Certify and approve all information systems, technologies based on results and risk mitigation efforts before going into production
2009 : 2014
The Bank of Tokyo-Mitsubishi UFJ
AVP – Information Security Risk Analyst
● Security monitoring of WindowsNT/2003, TACACS+, RACF, and RSA Ace Server systems
● IDS/IPS monitoring using ISS Secure Site Protector
● Application Firewall monitoring and troubleshooting customer related errors
● Project lead for security implementation of the Windows Group policy and Delegation control for Active Directory
● Performed security reviews for vendor submitted RFI’s
● Participate in addressing and implementing audit (internal & external) recommendations
● Promote security awareness by issuing warnings of security violations
● Assist IT operations, helpdesk, workstation support, systems support, and business unit managers when implementing new security enhancements to existing applications
● Work closely with data operations, helpdesk, system administrators and business unit managers when implementing system changes, reviewing standards or troubleshooting system problems
● Monitor internet user activity and provide senior management with detail reporting
● Provide backup support for Corporate Data Security staff, disaster recovery testing and recent merger activities
2002 : 2009
The Bank of Tokyo-Mitsubishi UFJ
Security Monitoring Specialist
● Responsible for administration of WindowsNT/2000, TACACS+, Internet, Cisco Dialout, and RSA Ace Server systems
● Assisted internal and external auditors with obtaining requested system, procedural, and documented information
● Maintained internal information security handbook with guides for account administration, working with system settings, generating reports, and following policies and procedures
● Develop and review plans for migrating security administration of new systems from IT Development teams to Corporate Data Security Department
1999 : 2002
The Bank of Tokyo-Mitsubishi
IT Security Administrator
● Responsible for administration of RACF
● RACF permissioning
● Provide security reporting data for RACF
1998 : 1999
The Bank of Tokyo-Mitsubishi
RACF Administrator
Responsible for performing end to end security risk assessments of information and information system to protect the confidentiality, integrity and availability of the organizations data.
Performs detailed information security assessments of information and information systems evaluating controls related to various aspects of the organization’s applications, third party and infrastructure. These consisted of an analysis of the inherent risk, existing controls, reviewed for vulnerabilities, and assisted in the implementation of remediation solutions. Security evaluations consisted of internal and external IT vulnerability assessment, privacy reviews, Active Directory evaluations, and Internet application security assessments.
Created, evaluated, and tested technical controls related to Sarbanes-Oxley and Gramm Lech Bliley compliance. This involved working with internal and external regulators to derive appropriate controls.
2014 : Present
Bank of Tokyo-Mitsubishi UFJ - MUFG Union Bank
Vice President - Enterprise Information Security
Responsible for conducing risk assessments for Third party vendors and projects introducing new technology or major upgrades to existing applications and/or infrastructure following the project lifecycle. Responsibilities include :
• Conduct vulnerability scans of OS and Databases
• Conduct compliance scans to ensure compliance with hardening standards
• Conduct Web Application scans and review results
• Conduct control effective testing for key controls
• Identification of control deficiencies and communicating to all stakeholders
• Provide recommendations to address key control deficiencies to stakeholders
• Evaluate management responses to ensure remediation tasks adequately address identified gaps
• Provide regular reporting of status for assigned project and Third party assessments
• Review Vendor BIT SIG, SSAE16 SOC 2 Type 2 report, Website controls, ISO 27001 certification, Pentest results, Onsite reviews, AUP, etc.
• Certify and approve all information systems, technologies based on results and risk mitigation efforts before going into production
2009 : 2014
The Bank of Tokyo-Mitsubishi UFJ
AVP – Information Security Risk Analyst
● Security monitoring of WindowsNT/2003, TACACS+, RACF, and RSA Ace Server systems
● IDS/IPS monitoring using ISS Secure Site Protector
● Application Firewall monitoring and troubleshooting customer related errors
● Project lead for security implementation of the Windows Group policy and Delegation control for Active Directory
● Performed security reviews for vendor submitted RFI’s
● Participate in addressing and implementing audit (internal & external) recommendations
● Promote security awareness by issuing warnings of security violations
● Assist IT operations, helpdesk, workstation support, systems support, and business unit managers when implementing new security enhancements to existing applications
● Work closely with data operations, helpdesk, system administrators and business unit managers when implementing system changes, reviewing standards or troubleshooting system problems
● Monitor internet user activity and provide senior management with detail reporting
● Provide backup support for Corporate Data Security staff, disaster recovery testing and recent merger activities
2002 : 2009
The Bank of Tokyo-Mitsubishi UFJ
Security Monitoring Specialist
● Responsible for administration of WindowsNT/2000, TACACS+, Internet, Cisco Dialout, and RSA Ace Server systems
● Assisted internal and external auditors with obtaining requested system, procedural, and documented information
● Maintained internal information security handbook with guides for account administration, working with system settings, generating reports, and following policies and procedures
● Develop and review plans for migrating security administration of new systems from IT Development teams to Corporate Data Security Department
1999 : 2002
The Bank of Tokyo-Mitsubishi
IT Security Administrator
● Responsible for administration of RACF
● RACF permissioning
● Provide security reporting data for RACF
1998 : 1999
The Bank of Tokyo-Mitsubishi
RACF Administrator
Company:
Bank of Tokyo-Mitsubishi UFJ - MUFG Union Bank
Spoken Language:
English
About
Specializing in executing and managing Security Risk assessments of information and Information systems. Expertise includes evaluating the risks and controls related to the enterprise-wide applications and infrastructure. Possesses strong knowledge of Risk management, Third Party Risk assessments, IT Risk Frameworks, Application Security control assessments and regulatory requirements.
Profile Photo
