Profiles search
Andy Lewis, CISSP
Risk and Remediation Manager, Information Security at Capital One
San Francisco, CA, United States
Details
Experience:
2023 : Present
Capital One
Senior Manager, Information Security
2020 : 2023
Capital One
Risk and Remediation Manager, Information Security
Initially updated and implemented Vulnerability Remediation process for Infrastructure systems and deivces, and implemented the monthly scanning. Coordinated with system owners for remediation planning and scheduling for updates to systems as well as decommissioning of servers. Reviewed antivirus and anti-malware platforms to assist with incident handling and inventory tracking. Functioned as the primary point of contact for incident handling and response (SIEM management). Performed security assessments for third party software for integration within Jazz’s infrastructure. Assisted on projects to reconcile inventory, and centralize record sources. Made recommendations for streamlining and optimizing security procedures. Developed documentation for the processes developed to strengthen the IT Security posture for the company. Also performed forensic analysis of hard drives and other external devices in relation to incident investigation.
2015 : 2019
Insight Global
Security Operations Engineer
Functioned as the Regional Information System Security Officer (ISSO) for a federal agency, specifically focusing on compliance and certification and accreditation. Served as a Registration Authority for PKI certificates for differing security clearance levels and enclaves. Functioned as the general point of contact for my division for Information Security questions and concerns. Advised end users and units on policies and guidelines for acquisition of new systems to be used within SCIF facilities as well as for operational use while outside of secure operating environments. Supported Chief Security Officers (CSO) with policy review and revisions to streamline procedures for the acquisition process. Performed root cause analysis on security incidents, and prepared reports for the CSO regarding trends of incident types. Acted as a Data Transfer Officer to perform cross domain data transfers of files for end users. Provided training to end users for the use of removable storage media and other best practices determined by agency policy.
2014 : 2015
Harrington Technology & Associates
ISSO - Federal Contractor
Worked with management on requirements analysis and developed plans for expansion of the Dayton office IT infrastructure. Created System Security Plans and packages for certification and accreditation to the Department of Defense for secured computing environments. Implemented a local virtual server for localized data operations to assist in optimizing network bandwidth. Performed compliance audits and reporting for the secured computing environment. Also functioned as the on-site Information Technology support person to troubleshoot issues locally.
2013 : 2014
Radiance Technologies
Information System Security Manager
Capital One
Senior Manager, Information Security
2020 : 2023
Capital One
Risk and Remediation Manager, Information Security
Initially updated and implemented Vulnerability Remediation process for Infrastructure systems and deivces, and implemented the monthly scanning. Coordinated with system owners for remediation planning and scheduling for updates to systems as well as decommissioning of servers. Reviewed antivirus and anti-malware platforms to assist with incident handling and inventory tracking. Functioned as the primary point of contact for incident handling and response (SIEM management). Performed security assessments for third party software for integration within Jazz’s infrastructure. Assisted on projects to reconcile inventory, and centralize record sources. Made recommendations for streamlining and optimizing security procedures. Developed documentation for the processes developed to strengthen the IT Security posture for the company. Also performed forensic analysis of hard drives and other external devices in relation to incident investigation.
2015 : 2019
Insight Global
Security Operations Engineer
Functioned as the Regional Information System Security Officer (ISSO) for a federal agency, specifically focusing on compliance and certification and accreditation. Served as a Registration Authority for PKI certificates for differing security clearance levels and enclaves. Functioned as the general point of contact for my division for Information Security questions and concerns. Advised end users and units on policies and guidelines for acquisition of new systems to be used within SCIF facilities as well as for operational use while outside of secure operating environments. Supported Chief Security Officers (CSO) with policy review and revisions to streamline procedures for the acquisition process. Performed root cause analysis on security incidents, and prepared reports for the CSO regarding trends of incident types. Acted as a Data Transfer Officer to perform cross domain data transfers of files for end users. Provided training to end users for the use of removable storage media and other best practices determined by agency policy.
2014 : 2015
Harrington Technology & Associates
ISSO - Federal Contractor
Worked with management on requirements analysis and developed plans for expansion of the Dayton office IT infrastructure. Created System Security Plans and packages for certification and accreditation to the Department of Defense for secured computing environments. Implemented a local virtual server for localized data operations to assist in optimizing network bandwidth. Performed compliance audits and reporting for the secured computing environment. Also functioned as the on-site Information Technology support person to troubleshoot issues locally.
2013 : 2014
Radiance Technologies
Information System Security Manager
Company:
Capital One
Spoken Language:
German
About
Familiarity, some conversational
Profile Photo
