Lucresia Gonzalez IT Security Governance Specialist III
NapervilleLucresia Gonzalez| 312.656.9283|[email protected]
Senior level management and technology expert with 10 + years of experience leading and providing secure frameworks and infrastructures. Strong in technology and business process background focused on implementing change, securing, and mitigating risks.
Core Competencies
· Excellent Communication and Organization Skills
· Team Building and Leadership/great at motivating staff
Professional Experience
DFS; Warrenville, IL February 2012 – Present
Governance Risk and Compliance Lead
· Monitor and perform governance risk assessments within the organization
· Audit and enhance cyber security Incident Response Plan and maintain Security Platform to NIST standards,
· Primary responsible for answering and coordinating efforts for customer questionnaires, RFP, and Security Audits. Review and work on contracts and redline where applicable and work closely with Sales
· Define standards across the organization. Establish and optimize information security operations that are effective in detecting and responding to information security threats and vulnerabilities. Audit process.
· Risk Management framework – develop and perform risk assessments and establish a third-party vendor management program
· Knowledgeable of GDPR rules and regulations; Establish workflow to audit data privacy workstream, enhance program by enforcing privacy by design, monitor Third Party Vendors and assess sub-processors
· Experience in SSA16/18, SOX 404, ISO 27001, SOC1, SOC2, PCI, NIST 800. Preparedness for audits and yearly successful reports/re-certifications with external auditors such as PWC and Deloitte.
· Maintain ISO 27001 standards
· Maintain Information Security Policy Exceptions by reviewing, verify plans, and conduct remediations plans
· Asses applications and cloud setup, Experience in SaaS, PaaS, and IaaS
· Work closely with Global teams and ensure Information Security is being followed; quarterly brochure sent out on Governance and Security best practices, perform mock training for call tree in a cyber incident, establish and review training material for IT Security Awareness. Audit Cyber Security Plan.
· Experience in GRC Service now and Archer System experience
· Work with different business units closely such as Sales, Investor Relations, Infrastructure, Legal, and C-Level executives; provide presentations and quarterly Governance and Risk reports
· Assist in Monitoring Security Awareness Training and enforcing Privacy Training
· Research and set policies for global needs in IAM and set security guidelines for new IAM application
· Knowledgeable of networking, public and private cloud environments and system virtualization
· Establish policy for Dual authentication
· Work with application teams and E-Commerce service for credit card data and research Paymetrics for future credit card business
· Experience setting the platform for VAST and SAST in application security working alongside Development groups; Experience with enforcing secure coding practices, threat modeling, identity and access management, and security incident response/recovery. Enforce SDLC policy
· Define and maintain polices, processes and standards that meet applicable regulatory requirements, industry accepted authoritative frameworks, and align to the evolving technical environment.
· Enforce and establish program for Penetration Testing – set guidelines for remediation’s. Utilize third party vendors such as Trustwave/RedLeg to perform test, conduct internal testing
· Establish and optimize information security operations that are effective in detecting and responding to information security threats and vulnerabilities
· Collaborate with business unit leaders, around the globe to serve as the champion of information security and influence the effective implementation of technical safeguards that align to standards and policy
· Experience in office 365, Unix, Windows, ERP /SAP Systems, Confluence/Jira, Sharepoint.
· Perform Cloud Security for applications that are migrating to AZURE from GPS
· Experience in various platform such as: ISO 27001, AT101 and COBIT
· Constant research on the latest threats and maintain a Secure Architecture Posture
· Experience using Nexpose and running reports in TripWire, Logrhythmn, Github
NYSE; Chicago, IL August 2010 – February 2012
Information Technology & Governance Consultant
· Manage Projects to prioritize change and help requests based on changing business values, which was standardized across 9 systems (avg. 480 requests per month) and adopted by other business units. Automation allowed us to focus limited resource on what was important to the business.
· Financial Expense: Operate within a pre-established budget. Control costs by managing internal resources and containing expenses. Assesses resource needs (materials, tools, information) and allocate in accordance with budget. Review expenses and prepares approval request within authority. Input into future budget recommendations with senior management
· Assist Sales, Marketing and VP with IT Security Marketing materials.
· Enforce Information Security initiatives such as; working along with controls in North America and Europe (prepare for audits internally)
· Extensive preparation and ongoing audit with the SEC and FINRA.
· Globalize systems for cost reductions and provide documentation and document new and existing features and enforce networking team to document and diagram all areas of the infrastructure.
· Established and improved Service Level Agreements (SLA) attainment from 85% to 94% for IT operations.
· Established CAB committee where changes are discussed internally and approve changes, for clients and where project managers update on projects and impact.
· Project Manage various technical (external facing applications) and business projects (integrating clearing project).
· Process Management: Align processes with department goals. Review information and take corrective action to maintain service levels and deliverables. Benchmark best practices and integrate in to existing processes. May define overall work processes for group’s tasks and identify better ways to perform work.
· 100% Uptime of systems in North America and Europe. Assisted in resilience and fault tolerance among data centers in Europe.
· Gather business requirements, capture technical requirements, create approach and project plans, present plans to leadership team and gain project approval. Determine overall goals initiatives.
· Manage Projects with Microsoft and UNIX platforms.
· Test disaster recovery and fail over to secondary nodes for documentation, legal reasons, and to perfect the fail-over process.
· Managed collocation projects for data center and other projects globally for costs relief.
· Projects manage applications/solutions that target market makers.
· Collaborate on a compliance standard across the exchange and global sites, work with SEC/CFTC.
· Assist clients, involved during negotiations, provide marketing materials, present areas of Technology to clients.
· QA and test changes for Development and provide adequate procedures when applicable.
· Work with releases in production and UAT. Work closely with developers and DBA.
· Improved application performance by 40% by recognizing failures in existing system and planning adequate upgrades.
· Plan Pen Tests to find weakness and enhance security where applicable.
· Gather all Assets and Inventory for adequate monitoring and scans for reporting purposes
· Extensive post mortem and root cause analysis on issues.
· Provide KPI and metrics reports to Upper Management monthly.
· Set standardization for server/pc builds, enhanced documentation on company’s wiki, published documentations of timelines and budget.
· Provide training to staff and schedule accordingly, meet with staff and relate company updates, promote team work.
· Interview new staff and review current staff objectives, progress and training.
· Experience in Windows, Linux, SQL, Oracle, Cisco and Call manager, Microsoft Exchange and other MSFT products.
Geneva Trading Chicago, IL January 2010 – August 2010
IT Manager
· Advised corporate in technology initiatives; long term and short-term goals that met business needs.
· Audit newly purchased company and performed business process enhancements to integrate both systems such as proprietary and ISV’s trading platforms.
· Out-sourced call center to Dublin and offered multi-lingual support and increased customer satisfaction to 98% favorable and decreased costs by $100K.
· Advised on measure of stabilizing the infrastructure and trading platform for less latency by means of upgrades of hardware/lines, provided quotes and augmented the staff, decreased staff and advised on business process.
· Analyzed capital expenditures between both parties and advised best methods to reduce costs.
· Implemented new helpdesk system for better tracking of support tickets and well as IS.
· Developed system testing, UAT and promotions to production within the development group for change releases.
· Established a set of standards for pc builds, server builds, and provided extensive documentation.
· Minimize downtime with infrastructure upgrades and software patches/security updates.
· Globalized applications for colocation moves, build fault tolerance, and less latency where applicable.
· Managed colo site with 2 different vendors Telex and Equinox.
· Support 250 traders (which traded energies market) with various trading issues such as: investigation of root cause of problem, test multicast traffic, provide solutions, work with ISV, research trade and troubleshoot with exchange in the energies and options trading.
· Work with various exchanges to test, connectivity, or troubleshoot any issues experienced, verify certain trades, bust trades when applicable.
· Maintain Windows and Linux windows servers, Microsoft Exchange, backups, and disk storage solutions.
· Plan and migrate Exchange 2010 an SharePoint 2010
· Maintain certify/development environment like production for adequate testing and system analysis.
· Suggest new enterprise applications such as; SharePoint, proper backup software, software licensing, overall new enterprise applications, colo site upgrades.
· Meet with partners for updates, new technological enhancements, and budgets.
Man Investments; Chicago, IL April 2001 – July 2009
Global Business Application Team Leader
· Provide support and work with offshore offices with projects and support a help desk environment.
· Plan accordingly projects and enhanced infrastructure when possible to handle bandwidth and ease of information globally.
· Engineered Follow-the-Sun Support Methodology, and restructured processes to follow the Microsoft Operations Framework (MOF) and Information Technology Infrastructure Library (ITIL).
· Reduced network costs by $400,000/year and increased network bandwidth by renegotiating contract.
· Led engineering, implementation, and testing of Business Continuity and Disaster Recovery for over 22 systems.
· Plan and migrate globally to Exchange 2007 and SharePoint 2003, plan and upgrade Active Directory for North America
· Established database administration team to oversee security, configuration, patching, disaster recovery, and performance optimization for database operations in Microsoft SQL Server 2000 & 2005 and Oracle 9i & 10g RAC.
· Negotiated agreement from fund directors, legal and compliance on corporate data visibility position (definition on customer data segregation between US and offshore), in order to maximize both client security and operational efficiency.
· Oversaw the worldwide implementation of a new CRM system for over 350 users in 4 countries for multiple business units including retail and institutional sales, legal, compliance, content engines and administrative teams.
· Redesigned and led internationally dispersed cross functional team instrumental in implementing global changes in their local offices. Defined and agreed team’s remit with senior management in order to acquire resource without increasing headcount.
· Globalized applications to reduce costs and plan for colocation moves and centralize systems.
· Led the development and implementation of the organization’s technology product ideation process.
· Led the development and implementation of the technology solution group’s business analysis road map.
· Conduct requirements elicitation, analysis, and documentation for all of the organization’s technology transformation projects (i.e. user story and acceptance criteria writing and prioritization sessions).
· Key contributor to the development and implementation of the business solution group’s technology program and delivery process.
· Led and coach a team of twelve software developers and quality assurance analysts through agile project planning and delivery process (i.e. release planning, biweekly iteration planning, stakeholder demonstration, and iteration retrospective sessions.)
· Interview and performed annual reviews.
· Eye trained for budget reductions, budget preparation, and forecasting (OPEX and CAPEx).
Education & Training
Wright College
Computer Science and Business Administration
Application Security – MIT – Begin Q4 2018
CISA candidate
ITIL Courses, Financial and Capital Markets, PMP courses, Fluent in Spanish