Ming Chan

Experience

• 

  Technology Associates

  Jan 2012 - Jan 2012

  IT Security Analyst

  Managed the C&A for new IT infrastructure & Integrated Audio/Video systemsDeveloped the Risk Assessment (RA), System Security Plans (SSP), Contingency Plan (CP), Privacy Impact Assessment (PIA), E-Authentication for mission critical communication systems in the Operations CenterResponsible for implementing and maintaining Symantec Antivirus and Symantec Backup Exec within the corporate and production environments

• 

  DrFirst

  Oct 2012 - Jun 2014

  Security Analyst

  Managed requirements outlined by the HITECH security rule and worked with various groups in the organization to establish and maintain complianceMaintained NIST SP 800-53, SOC2, ISO27001, and ISO27002 standardsResponsible for handling security risk assessments from clientsImplemented a company-wide HIPAA training program Formulated metrics compiled from multiple IT-related departments for senior management briefingsWorked closely with Operations, System Operations, and legal managers to resolve security related issuesWorked closely with Human Resources, Sales, and Legal team to ensure information security protections were in place with suppliers, vendors, partners, etc. Show less

• 

  Federated IT

  Jul 2014 - May 2017

  Spearhead internal preparation of and external audit for the organization's ISO 27001 certification to win a multi-year, multi-billion-dollar IT contracts. Guided leadership efforts, coordinated between with multiple department heads, and oversaw multiple project priorities while maintaining IT operational responsibilities. Develop risk assessment and treatment, threat prevention/mitigation strategy, security compliance, and technical protections for the corporate offices and as a SME for others supporting customer-facing engagements.Managed incident response efforts including root cause analysis, evidence preservation, and compiled forensics/legal report. Establish and presented a company-wide information security awareness programImplemented Operating System hardening security configurationsMaintained company DNS configuration to increase interoperability with Office 365 functionalitiesMaintain company headquarters IT infrastructure and provided support for hardware, software, and networking issuesCultivate situational awareness for the various operational processes within Federated IT in order to proactively provide solutions Show less

  • IT Manager

    Dec 2015 - May 2017

  • Microsoft Office 365 Consultant

    Mar 2015 - May 2017

  • Information Assurance Specialist Level III

    Sept 2015 - Dec 2015

  • Systems Administrator/Infrastructure Engineer

    Jul 2014 - Sept 2015
• 

  Exostar

  May 2017 - now

  Manager of Governance & Engineering

  Serve as the information security department’s lead for integrating security initiatives into Product, Development, Technical Operations, Operations, HR, and Legal interests.Manage the security engineering and risk assessment program that to align identified risks with the organization’s risk tolerance.Work with product, development, and technical teams to establish plans to address information security risks and mitigate future occurrences.Provide security engineering support to customer-facing initiatives while taking into account the business, technical, financial, and legal perspectives when architecting a solution.Manage customer and supplier security assessments, maintain customer flow downs, and standardize requirements for suppliers. Align the information security program with frameworks such as ISO 27001, ISO27002, NIST SP800-53, NIST SP800-171, GDPR, etc.Lead internal and external audits including ISO27001, SOC 2 Type 2, FBPKI, Kantara, etc. These efforts include coordinating audit responses, driving findings to closure, and maintaining an audit playbook to increase preparedness for internal stakeholders.Attend industry working group sessions to monitor for compliance and regulatory changes; then translate the impact of potential changes to operations, security, or audit interests.Maintain standing meetings with the CISO and with each team member. Establish metrics throughout this vertical to highlight performance, risks, and quantifiable progress towards security initiatives and map advancement towards departmental goals. Develop an information security awareness program including new hire training, annual courses, phish email testing, newsletters, etc.Standardize processes and cross-train to promote functional resiliency within the team.Coach team members to lead their part of the security organization. Coach team members to build working relationships with others while supporting the projects and initiatives of other groups. Show less