Profiles search

Cristina Waligura

Accomplished, resourceful, and result-oriented with 17+ years’ experience executing corporate IT and security projects, as well as enhancing information security infrastructure.
Houston, TX, United States

Details

Experience: In my current role as Project Manager for Information Security Office, I manage various agile hybrid matrix projects activities from initiation and planning to execution, monitoring, and closure of workstreams on multi-million-dollar cloud security controls initiatives, including logging and monitoring automation of AWS CloudTrail and GuardDuty cyber events into SIEM tool to generate automated ticketing and runbook activities; security tools proof of concept, including WAF effectiveness; application security health scoring automation by employing architectural review outcomes and security tool yields; security tool incorporation of database/application monitoring; implementation of security architectural evaluations of approximately 300 applications; execution process enhancements and staff training; AWS security blueprint updates on almost 20 services; log gap analysis and baseline improvements; and security controls assessment and policies/standards redlines.

Key Accomplishments/Contributions :

• Completed security proof of concepts on identify best in class security and implementation configuration for Web Access Firewall (WAF), endpoint security/system management, scanning, and assessment tools.

• Successfully implemented endpoint and system management agents within the AWS environment.

• Finished reviews of existing cloud application security assessments against new governance standards

• Diligently oversaw clouds cyber threat monitoring and alerting automation onto Security Information and Event Management (SIEM) platform and identified future continuous monitoring improvements.

2019 : Present

OST - Open Systems Technologies, Inc | Contractor AIG, Inc.

Project Manager, Information Security Office

In my last role as Information Security Analyst for Information Security Office, I oversaw the internal/external IT and information security audit projects starting from groundworks, interview and resource scheduling/management, secured documentation transfers, audit conclusion and remediation. I supervised several engagements such as SSAE18, NIST 800-53, FFIEC Cyber Security Self-Assessment, Third Party and Internal Audits (6-9 annual engagements) customer and vendor year-end tax statements (Internal Revenue Service). I executed program projects to Remediate NIST Plan of Action and Milestone (POA&M/POAM), while outlining the technology audit framework, statistics, and regular control review procedures. I informed statistical data on internal vulnerability scans, third-party penetration testing, risk classifications, prioritization, remediation timelines, and remediation validation.

Key Accomplishments/Contributions :

• Assigned and applied risk classifications in Tenable.sc utilizing corporate risk classification to re-cast risk assignment or accepting risks to facilitate resource management on vulnerability remediation.

• Generated effective secondary scans of vulnerabilities by utilizing Nessus Tenable.sc and Tenable.io (infrastructure devices), Trustwave DBProtect (database), and Acunetix (web-facing URLs), for approving remediation efforts.

• Completed approximately 25 annual third-party vendor security assessments under the auspices of vendor management program oversight.

• Finished recovery testing reviews, artifact finalization, and improvement opportunities/recommendations

• Formalized project, audit, security documentation, including project plans, meeting minutes, data and process flows, testing documentation, procedures, frameworks and training materials.

2016 : 2019

Selene Finance LP

Security Analyst, Information Security Office

Senior Project Manager, Technology PMO

As the Senior Project Manager at Technology PMO, I administered major IT projects with multi-faceted deliverables, time constraints, along with industry/regulatory compliance within the electronic funds' transfer industry (EFT/Debit Card). I orchestrated and executed entire project phases, including requirements assessment, technical design, security/architectural/financial approvals, built completion, technology, and end-user testing, implementation, and operational yield.

Some of the key projects are as follows :

• Interfaced Multiple Organizations and Divisions within National/Global Corporation

• Application Security Redesign Project

• Server Infrastructure Refreshes

• EFT Settlement System Upgrades/Code Development

• Web Site Redesign

• Internal Financial Systems Reporting Redesign (SOX Oversight)

• Financial General Ledger/Journal Entry Automation

• Debit Card Business Process Automated Client Boarding and Changes

Key Accomplishments/Contributions :

• Refined project management methodologies, processes, and tools based upon project needs and challenges, such as Matrix, Waterfall, Iterative, and Agile Hybrid Approach with Embedded Change Management Frameworks of Information Technology Infrastructure Library (ITIL) and Systems Development Life Cycle (SDLC).

2012 : 2016

Discover Financial Services

Business Technology, PMO Senior Associate

IT Project Manager Supporting Debit Card/Electronic Funds Transfer (EFT), Audit and Disaster Recovery Initiatives

Additional details available upon request

2004 : 2012

Jack Henry & Associates

Project Manager
Company: OST - Open Systems Technologies, Inc | Contractor AIG, Inc.

About

I have been instrumental in devising effective strategies for diverse IT and security improvement activities such as Amazon cloud, software development, financial reporting, data warehouse, website redesign, business recovery and disaster recovery planning, testing, and internal/external communications. I have demonstrated success in third-party security and control audit program management, while performing infrastructure asset, database, and website scanning through internal scanning applications/appliances. An expert in incident response tabletops, vendor security assessments, security-driven project management, disaster recovery testing review, and effectiveness of testing. Moreover, I have skills in ensuring compliance with information security audits, security initiatives, and remediation (SSAE18, FFIEC Cyber Security and Technology, NIST 800-53 (ISO 27001 and 27003), PCI-DSS, Visa/Mastercard PIN Audits.



I am technically proficient in:

• Project Tools: Microsoft Office, Microsoft Project/Project Server, Clarity, Microsoft Visio, Microsoft Access

• Physical Security: Card Reader Systems, Facility Segregation

• Logical Security: Active Directory, LDAP, Last Pass, Identity Manager, Azure (limited)

• Operating Systems: Windows, UNIX, Solaris, Mainframe/RACF, AS400, Virtual: Citrix XenApp, VMWare, Exadata

• Database: SQL, Oracle, DB2, Third Party

• Data Warehouse: Microsoft Extract-Transform- Load (ETL), SQL Server Integration Services (SSIS), SQL Server Reporting Services (SSRS)

• Software Development: Third Party, .NET, Visual Studio, Mainframe

• Communications: Frame, ISDN, Firewalls, Routers, IP Filtering, Firewall Requests for Secured Environments

• Encryption: Transparent Data Encryption (TDE), Trusted Key Entry (TKE), Tamper Resistant Security Modules (TRSM)

• Security Tools: Nessus Tenable.sc/Tenable.io, Trustwave DBProtect, Acunetix, Symantec Encryption Desktop, Symantec Endpoint Protection, Symantec Data Loss Prevention, Symantec PGP, Websense, Cisco Firepower, Cisco Orion, Cisco Log and Event Manager

• Change Management: ManageEngine, ServiceNow, Proprietary

• Vendor Management: Quantivate

• Cloud: AWS (High Level)



Connect with me today to find out how I’ll make your mission my mission, to help bring ALL of your business objectives into focus!

Please feel free to contact me at twaligura@gmail.com with any thoughts, comments, or questions about my work—I’m always interested in making new professional acquaintances.