Yyyyyy x. yyyyyy

Expert-level, motivated and self-assured executive with nearly 15 years of experience. Skilled in effectively delivering a vision based on plans for growth and leadership development. Adept in establishing and sustaining the advancement of defense and in-depth security initiatives. Caxxxxxxble of integrating security and IT management functions while upholding a business-centered mindset. Efficaciously protect assets by aligning cyber security initiatives with business and fiscal demands. Translate technical concepts and security matters into risks that are easily understood by non-technical personnel. In pursuit of a Chief Information Security Officer role.

         Serve as an Information Technology (IT) Security subject matter expert (SME) specific to third-xxxxxxrty audits, along with rating agency reviews and corporate presentations (Selene)

         Enxxxxxxge in memberships on committees dedicated to developments in the areas of corporate risk, privacy and vendor management (Selene)

         Research, design, implement, assess and test new and improved security technologies and/or processes used to safeguard network devices and ensure data protection (Selene, Day & Zimmermann)

         Investixxxxxxted and resolved security incidents as the leader of the Incident Response Team (Day & Zimmermann)

         Xxxxxxrtnered closely with operational teams to craft and maintain compliance in the areas of systems security (Capmark)

Selene Finance LP

Information Security Officer, 2014-Present

         Manage a sizable $5.1M budget used to drive the IT Security and IT Operations dexxxxxxrtments

         Uphold compliance with NIST 800-53 rev. 4, for a FIPS 199 Moderate IT system from an independent third-xxxxxxrty assessor

         Maintained expert knowledge as it relates to security frameworks and processes, e.g. NIST 800-53, FISMA, FFIEC, GLBA, SOX, 23 NYCRR Xxxxxxrt 500

         Deliver annual presentations to the Board of Directors to discuss IT security performance and status; also facilitate monthly presentations that detail fiscal efforts and other initiatives

         Achieve satisfactory ratings on annual audits including SSAE18 SOC 1 Type 2, Internal Audit and FFIEC Self-Assessment

Manager IT Security Operations, 2012-2014

         Directed security concerns that stemmed from business users and other IT staff to ensure that all business processes protected comxxxxxxny data

         Led periodic security management efforts such as vulnerability assessments, xxxxxxssword strength tests and security reporting;

         Proved vital in developing and delivering security awareness training

         Assisted the IT Development team in ensuring application security compliance at all phases from development to production

         Noted, investixxxxxxted and resolved security incidents which included coordinating the functions of the Incident Response Team

         Fostered and maintained a strong internal PKI infrastructure; also established enterprise IT security policies to drive compliance with internal policies and outside regulations that affected the comxxxxxxny

Day & Zimmermann

Security Administrator III, 2011-2012

         Developed PowerShell scripts to automate administrative purposes including new user creation, account termination, as well as user reporting via Exchange and Active Directory

Yyyyyy x. yyyyyy

Security Administrator III, Continued

         Monitored permission changes on Exchange 2007 public folders and facilitated local system account xxxxxxssword resets

         Led recurring security management functions as needed including important reporting efforts

         Designed, configured and administered domain-wide operating system and application xxxxxxtching

         Collaborated with IT team members to drive application security compliance at all stages from development to production; also worked tirelessly to maintain the internal PKI infrastructure

         Managed security issues that stemmed from business users and other IT staff to ensure business processes protected comxxxxxxny assets

Berkadia Commercial Mortxxxxxxge, LLC

Sr. Security Engineer, 2009-2011

         Ran regular security management processes such as vulnerability evaluations, xxxxxxssword strength testing and security report prexxxxxxration

         Kept security device software and codes updated regularly

         Managed security issues as they arose from business users and other IT personnel in order to ensure business functions and processes protected comxxxxxxny data

Capmark Financial Inc.

Sr. Security Engineer, 2003-2009

         Reviewed internal procedures and systems to ascertain levels of regulatory compliance specific to GLBA, SOX and Red Flags

         Managed wireless site surveys, tests and monitoring efforts, the latter using Kismet, HeatMapper, and Aircrack-ng

         Headed weekly vulnerability scan processes using InProtect/Nessus and Qualysguard; handled results remediation stemming from tests, audits and scans

         Developed and led security awareness training for internal users

         Managed the support of Dorian Event Log management across multiple Domain Controllers

         Installed, configured and supported internal Microsoft Public Key Infrastructure and RSA SecureID

Certified, Information Systems Security Professional (CISSP) Candidate (#xxxxxx8), 2013

Training Program, SANS SEC440 - 20 Critical Security Controls, 2012

Certified, GIAC Windows Security Administrator (GCWN) Analyst (#2424), 2011

Training Program, SANS SEC505 - Securing Windows with GIAC GCWN test - 2011

Certified, Offensive Security Wireless Professional OSWP

Training Program, SANS +S for the CISSP Certification Exam - SANS

Training Program, MS Windows 2003 Security - Global Knowledge

Training Program, MS 2150 - Designing a Secure Windows 2000 Network - New Horizons

Training Program, GCWN - Securing Windows - SANS

Diploma, Network Engineering Technology Administration - Computer Learning Center

Yyyyyy x. yyyyyy

March 16, 2018

Hiring Agent Name

Title

Comxxxxxxny Name

Address

City/State/Zip Code

Dear [Hiring Agent Name],

I am pleased to submit my application materials for the (INSERT TITLE OF TARGET POSITION) vacancy and am submitting my documents for your review. As illustrated in the accomxxxxxxnying resume, my professional qualifications include the following accomplishments:

• As a professional, I bring to any position nearly 15 years of progressive experience within the technical services industry. I am skilled specifically in the area of Information Security and hope to grow in this field.

• Over the course of my career, I ve xxxxxxined expertise in troubleshooting, compliance, audit operations, strategic planning, critical thinking and other core competencies. I am skilled in managing technical teams and leading by example to demonstrate my commitment to excellence to those I work with.

• I boast a proven record of excelling in deadline-driven, fast-xxxxxxced environments that call for flexibility, time management and the ability to work well under pressure. I am often rexxxxxxrded by others as a valuable mentor. This will serve me well in any executive-level position.

• I am comfortable in serving as a trusted subject matter expert during audits led by third xxxxxxrties. I have a knack for utilizing my interpersonal skills to work effectively with both internal and external stakeholders.

• To xxxxxxir well with my background in the field, I also have numerous completed trainings and certifications to my name, including my status as an Information Systems Security Professional (CISSP) Candidate as of 2013 and my certification as a GIAC Windows Security Administrator (GCWN) Analyst, earned in 2011.

I am a focused, caxxxxxxble and highly experienced applicant committed to supporting the long-term goals of an innovative, reputable firm. I am confident that I could be a valuable asset to your orxxxxxxnization, and look forward to interviewing with you in the near future.

Yours Truly,

Yyyyyy x. yyyyyy

Enc. Resume

Yyyyyy x. yyyyyy

March 16, 2018

Contact Name

Comxxxxxxny Name

Address

City/State/Zip Code

Dear _____________________:

I would like to thank you for providing me the opportunity to interview with you and discuss the exciting (TITLE OF POSITION APPLYING FOR) position currently available with your comxxxxxxny. Having xxxxxxined a deeper insight into the job requirements and your objectives, I am confident you will find me a valuable asset in achieving your goals.

As discussed, my background should translate to dynamic results as a member of your team. In xxxxxxrticular, I believe you will find my expertise in (ADDRESS A FEW SKILLS/QUALIFICATIONS/ACHIEVEMENTS RELEVANT TO THE POSITION WHICH YOU DISCUSSED DURING THE INTERVEIW) vital to your immediate and long-term objectives.

Should you have any additional questions, or to further discuss this opportunity, please feel free to contact me at your earliest convenience. Axxxxxxin, thank you for the enlightening interview. I look forward to your response and am eager to contribute to your success.

Yours Truly,

Yyyyyy x. yyyyyy