Alex Oros
Details
Responsible for North America (NAM) and Europe (EMEA) Private Bank Metrics, reporting process development research as related to electronic transmission.
Engaged Private Bank IS and business management at many levels on Information Security (IS) related programs, policies, and standards to improve IS Security event management.
Integrated Information Security into business priorities and business objectives to align Information Security (IS) and Business initiatives.
Introduced metrics and reporting to improve escalation as appropriate for all supported businesses and processes. This demonstrated scaled improvement as the systems were adopted for all of private bank .
Directly engaged with incident response teams to Legal and Risk Departments regarding event investigations.
Directly involved in the definition and implementation of IS & Risk standards.
SME in Citi IS, committees and cross-business / functional, IS standards and best practices.
Review status of business IS program and oversees corrective action when necessary.
Develop corrective action language for all IS-related gaps and approves all closures by reviewing evidence to ensure the closure meets Citi requirements or industry best practices.
Collaborates to create Risk Acceptances (RAs), Risk Exceptions (REs), and Corrective Action Plans (CAPs) in the appropriate tools (iCAPs, CIRAS, etc.).
Risk Management for all In-Scope Businesses
Perform IS awareness and training activities, including IS education of new employees.
Assist with Third Party IS Assessment (TPISA).
Ensure IS Risk Assessment is performed according to Citi standards by partnering with the businesses throughout the ISRA process and determines the impact of control deficiencies.
Risk/IS Reviews with Information Owners.
2016 : Present
Citi
VP/Business Information Security Officer (IS Technology Specialist)
• SME on a wide domain of security, technology, control, compliance, policy and risk related tasks, processes and projects for more than 200 applications with varying architectures.
• Responsible for risk assessment, identification, analysis and compliance tasks for all applications, and subsequent processes within scope.
• Planning, coordination, and timely execution of security and control activities.
• Collaboration with security, application, control and support management to deploy and maintain strategic as well as global security efforts.
• Project Management, working with global and virtual teams.
• Research & documentation on security, vulnerability, threats, business risk, technical risk as well as compliance as it applies to projects, processes, tasks and the responsibility to provide subject matter expertise to application development teams and stakeholders.
• Regular global meetings with worldwide staff to disseminate information regarding policies, standards, and many control specific subjects. Regular feedback and participation.
• Regular review of security control compliance project metrics, scorecards and reporting.
• Responsible for escalation of priority items within Business As Usual (BAU) processes
• Required to represent varying levels of technical documentation to audiences with varying levels of technical ability requiring excellent written and verbal communication skills.
• Business information security officer responsibilities
• Application and infrastructure security assessments.
• Review and process global onsite security assessments.
• Primary responsibility for connectivity connection security reviews.
• High demand on organization skills, multi-tasking and accuracy in a highly detailed, pressure heavy, high-volume environment.
2014 : 2016
Citi
AVP, IS COB & Controls Sr Analyst-Technical/Business Information Security Officer
• IT Security Administration and Analysis
• Security Policy Creation, Administration, Project Management, Systems Analysis and Business process analysis/improvement.
• Network Monitoring, Cisco IDM, Web Gateway, Web Reporter, TripWire, Nessus, Altiris, ProofPoint, Mcafee Web Gateway/Reporter
• Security Change Control Administration
• Risk Assessment, Network Analysis
• Created Incident Response Plan while integrating change control system
• Authored Security Newsletter and reports for Awareness Program
2014 : 2014
SNI Companies
IS Security Analyst
• IT Security Administration and maintenance for Charlotte County Government information systems and infrastructure
• Security Policy Administration, Project Management, Systems Analysis
• Firewalls and VPN (Checkpoint, Dell/SonicWall (supermassive), Cisco)
• Switches Routers and access points (Cisco, Dell/SonicWall)
• Network Monitoring, traffic analysis and incident response
• Security Penetration testing (hardware, software)
• Deployed Dell/SonicWall 9400’s ahead of schedule
• Deployed and maintained SonicWall endpoints for entire county
2013 : 2014
Charlotte County
IT Security Administrator
• Project Management of Web Design Maintenance and Hosting
2008 : 2011
Ginormous WebWorks
Project Manager, Developer, Owner
About
I am a driven professional with a passion for information security that brings a diverse background backed by extensive training. Recent studies make my skill set fresh and relevant with new methodologies, analytical techniques and a stimulating rejuvenation of 20+ year career. I am a strategic thinker that is adept at tactical decisions to create operational value. I am seeking the opportunity to work for an organization that will appreciate my tenacity and dedication to team success.
I was on the Dean’s list for honor students in each and every semester that I attended Hodges University. I graduated Magna Cum Laude in August of 2012. I earned an Interdisciplinary Masters Degree at Liberty University in Virginia Management of Information Systems/Education. I found Graduate school to be a highly rewarding experience that both enlightened and stimulated my career.
In the Last 8 years I have completed the following:
Masters Degree Liberty University
Interdisciplinary - Management of Information Systems/Education
Undergraduate Degree Hodges University
Magna Cum Laude
Obtained the following Certifications
ISC2
CISSP
Sans Institute
GIAC: GISP
Cisco
CCENT, CCDA, CCNA
CCNA Security
National Security Agency
NSA CNSS 4011
I also hold the CompTIA Security+ and A+.
Profile Photo
