Michael C.

Experience

• 

  Fiserv

  Jun 1999 - Jul 2022

  • Threat and Vulnerability Management: ◦ Coordinate with development teams to assure applications are on-boarded to automated code scanning systems. ◦ Track progress of application vulnerability remediation with applications to meet corporate standards. ◦ Assist centralized team with ownership assignment of business unit infrastructure vulnerabilities. • Risk Management: ◦ Assist with business units risk identification and categorization. ◦ Track business unit risks to ensure accurate information, timely remediation and closure. • Policy and procedure: ◦ Assist business units with understanding policy and procedure requirements. ◦ Liaise between business units and other security groups to clarify and set expectations for adherence to policies and standards. • Reporting: ◦ Assist with creation of business unit executive reports to highlight areas of risk and accomplishments. ◦ Produced a standard BI report for teams to reference to view progress in adherence to standards by normalizing disjointed data inputs. Show less • Threat and Vulnerability Management: ◦ Track all threats and vulnerabilities for our division related to corporate threat and vulnerability management standards. ◦ Track and coordinate with divisional and organizational teams to resolve findings. • Log Analysis: ◦ Analyze and review daily logging reports for potential issues including Weblogs, Tripwire, ArcSight and FileSight. ◦ Track and coordinate with divisional and organizational teams to resolve findings. • Inventory: ◦ Created and maintained divisional inventory process and scripts used to automate the review and comparisons of production and DR systems. ◦ Quarterly review of all systems assigned to division, process and review all changes in inventory with emphasis on identifying discrepancies. ◦ Created and maintained divisional external IP inventory mapping. • Audit: ◦ Maintain Information Security Office Policy and Procedures with annual review. ◦ Provide functional and technical support during PCI, FFIEC and Corporate audits. ◦ Functional responsibility for quarterly divisional firewall rule set review. ◦ Created and maintained the divisional process for user entitlement review. ◦ Wrote and maintained divisional scripts to automate entitlement review process. Assisted in the transition to an enterprise standard review process globalizing scripts for use by the enterprise. • Automation: ◦ Implementation of automated forms to process divisional software and encrypted exception requests with managerial workflow, assisted with transition to an Enterprise level process encompassing these. ◦ Implementation of an electronic chain of custody tracking system for sensitive data. Show less • GRC: ◦ Assisted in testing and selection of Enterprise GRC application. ◦ Performed installation, configuration and maintenance of selected Enterprise GRC application. ◦ Researched and designed an expanded installation of EGRG application to increase capacity and availability. ◦ Researched and designed an external installation of EGRC application for vendor risk management. ◦ Assisted in the onset of GRC utilizing excel to collect data from organizational business units. ◦ Performed analysis and report generation of findings for organizational business units. ◦ Assumed responsibilities for an internal Access database used for tracking audit findings within Checkfree's IT department. ◦ Maintained tracking and requests for updates to issues being monitored by IT. ◦ Audited online banking systems and networks for policy compliance. • Log Analysis: ◦ Review reports from CFDS for Phishing and hacking on all hosted financial institutions. ◦ Review daily IDS logs for abnormal network traffic. ◦ Review weekly Nessus scans of all hosted networks. Show less • GRC: ◦ Audit all online banking systems and networks for policy compliance. ◦ Perform department audits within the company for policy and procedure adherence. ◦ Wrote the initial procedures for handling and transmission of sensitive corporate and customer data. • Automation: ◦ Assisted in the creation of a new product CFDS to analyze web logs for hacking and Phishing. ◦ Developed a wrapper program to automate log processing of weblogs by CFDS. ◦ Developed a custom auditing script to increase productivity in performing automated system audits in our hosting data center. • Log Analysis: ◦ Review reports from CFDS for Phishing and hacking on all hosted financial institutions. ◦ Review daily IDS logs for abnormal network traffic. ◦ Review weekly Nessus scans of all hosted networks. Show less Sr. Systems Engineer • Network / Systems: ◦ Network design, equipment recommendations, implementation, and migration of the corporate networks to a new facility. ◦ Design and implement a Windows 2000 Active Directory and migration of the company from Exchange 5.5 to Exchange 2000. ◦ Assisted in the review and implementation of a S.A.N. solution for increased system drive space and availability for critical servers within Corillian. Systems Engineer • Network / Systems: ◦ Maintained my previous duties while testing new standards for workstations, servers and operating systems. ◦ Incorporated management of the core Cisco routers for connectivity to the Internet as part of my usual job duties within the company. ◦ Design and implementation of the company’s international WAN utilizing point to point VPN . Sr. LAN Administrator • Network / Systems: ◦ Setup and administration of Windows NT 4.0 servers, Microsoft Exchange 5.5 server, Raptor Firewall, Windows NT 4.0 workstations. ◦ Setup and maintenance of all users within the corporate domains, end user and desk side support. ◦ Migrated the company from a POP3 server and Schedule+ to Exchange 5.5. Show less

  • Cyber Risk Manager

    Dec 2019 - Jul 2022

  • Sr. Security Engineer

    Jul 2013 - Dec 2019

  • IT Risk Analyst

    Dec 2007 - Jul 2013

  • Corporate Security Engineer

    Jun 2003 - Dec 2007

  • Sr. Systems Engineer / Systems Engineer / Sr. LAN Administrator

    Jun 1999 - Jun 2003
• 

  Conduent

  Aug 2022 - now

  Information Security Engineer

  • Audit and Pen testing: ◦ Coordinate with BU and PCI teams on internal and external audit scope. ◦ Validation scope connectivity and availability to testing systems, work with networking teams to facilitate connectivity. ◦ Coordinate with external pen test vendor on scope and requirements for pen testing activity to be performed. ◦ Validation, review and categorization of findings by 3rd party pen testing team and coordinate with resolution management team. ◦ Provide technical assistance and understanding for findings to BU staff and remediation teams. ◦ Validation and retesting of remediation efforts by BU and IT. • Risk Management: ◦ Created initial Attack Surface Management scope. ◦ Implemented scope into management tools. ◦ Review and process findings based on risk with distribution of finding to proper contacts for validation and resolution. Show less