Profiles search
John Robinson, CISSP, CISA
Senior Information Security Assessor at Ellucian
Malvern, PA, United States
Details
Education:
Masters of Science
Information Sciences
Penn State University
1999 : 2003
Information Sciences
Penn State University
1999 : 2003
Experience:
• Manages a portfolio of Managed Services on-site CIS control-based assessments.
• Conducting internal review audit in preparation for ISO27001 : 2013 certification.
• Attended ISO/IEC 27001 : 2013 Lead Auditor class by BSI Group America
• Remote site assessments based upon the ISO/IEC 27001 : 2013 and CIS standards.
• Internal business unit assessments based upon the ISO/IEC 27001 : 2013 standard.
• Worked to upgrade present remote site assessment process to use the ISO/IEC 27001 : 2013 standard.
• Third party vendor information security assessments
• Review SOC1 and SOC2 Type 2 reports
• Reviews based upon the SANS/CIS 20 controls
• Reviews of site documentation of processes and policies
• Reviews of vulnerability scanning tool reports such as Rapid7 and Nessus by Tenable
• Reviews of Networking architecture, firewall ACLs, TCP/IP and Wireless security, System/Access administration and Application Secure SDLC
• Interface directly with remote site CIO and Technical Director
• Participated in an information security assessment at a major university in Bogota, Colombia
• Microsoft Word, Excel and Smartsheet used in creating reports.
2014 : Present
Ellucian
Senior Information Security Assessor
Manages a portfolio of Managed Services on-site control reviews
Reviews based upon the SANS 20 controls
Reviews of site documentation of processes and policies
Reviews of vulnerability scanning tools such as Nessus and Rapid7
Reviews of Networking architecture, firewall ACLs, TCP/IP and Wireless security, System/Access administration and Application SDLC
Interface directly with site CIO and Technical Director
Participated in an assessment at a major university in Bogota, Colombia
2014 : 2014
Ellucian for TechUSA
Information Security Assessor
• Manages a portfolio of Third Party control reviews
• Provide TPRM support to the CCS LOB business channels, IRMs and Relationship Managers.
• Identify, analyze, manage and track Third Party Information Technology risks.
• Domains include System/Access Administration, Physical Security, Change Management, Network Architecture, Event Logging, Vulnerability Monitoring
• PCI DSS; SSAE-16; CSAE 3416
• Interface directly with third party vendors
2013 : 2014
Collabera Inc.
Information Risk Management
2012 : 2013
Downingtown, Pennsylvania
IT Management, Security Account Administration, Security Project Management and Incident Management
SIEMENS HEALTH SERVICES (formerly Shared Medical Systems), Malvern, Pa. 1998-2012
Security & Risk Management
• Performed in an ISO9001 and HIPAA environment
• Served as product administrator for the RSA enVision central logging product.
• Performed log data analysis for firewalls, router and servers.
• Performed third party contract reviews.
• Created processes based upon Security Policies.
• Performed account administration for Active Directory, AS/400 and ACF-2 (Mainframe).
• Conducted Security audit reviews including follow-up resolution.
• Performed administration of RSA SecurID token user accounts.
Host Networking
• Managed 24 hour/365 day operations for the mainframe telecommunications environment.
• Executed all facets of effective Incident Management.
• Responsible for team Change Management processes.
• Monthly analysis of incident root cause to determine trends
• Successfully managed external customer relationships.
• Responsible for administrative tasks for two teams.
• Conducted technology research and evaluation.
• Maintained key vendor relationships including contracts review and price negotiation.
• Involved in the BCP/DR design.
• Maintained department activities within budget.
• Performed continuous Process review and improvement.
• Successfully established a customer facing technical support team.
1998 : 2012
Siemens Health Services
IT Security Analyst / IT Management
• Conducting internal review audit in preparation for ISO27001 : 2013 certification.
• Attended ISO/IEC 27001 : 2013 Lead Auditor class by BSI Group America
• Remote site assessments based upon the ISO/IEC 27001 : 2013 and CIS standards.
• Internal business unit assessments based upon the ISO/IEC 27001 : 2013 standard.
• Worked to upgrade present remote site assessment process to use the ISO/IEC 27001 : 2013 standard.
• Third party vendor information security assessments
• Review SOC1 and SOC2 Type 2 reports
• Reviews based upon the SANS/CIS 20 controls
• Reviews of site documentation of processes and policies
• Reviews of vulnerability scanning tool reports such as Rapid7 and Nessus by Tenable
• Reviews of Networking architecture, firewall ACLs, TCP/IP and Wireless security, System/Access administration and Application Secure SDLC
• Interface directly with remote site CIO and Technical Director
• Participated in an information security assessment at a major university in Bogota, Colombia
• Microsoft Word, Excel and Smartsheet used in creating reports.
2014 : Present
Ellucian
Senior Information Security Assessor
Manages a portfolio of Managed Services on-site control reviews
Reviews based upon the SANS 20 controls
Reviews of site documentation of processes and policies
Reviews of vulnerability scanning tools such as Nessus and Rapid7
Reviews of Networking architecture, firewall ACLs, TCP/IP and Wireless security, System/Access administration and Application SDLC
Interface directly with site CIO and Technical Director
Participated in an assessment at a major university in Bogota, Colombia
2014 : 2014
Ellucian for TechUSA
Information Security Assessor
• Manages a portfolio of Third Party control reviews
• Provide TPRM support to the CCS LOB business channels, IRMs and Relationship Managers.
• Identify, analyze, manage and track Third Party Information Technology risks.
• Domains include System/Access Administration, Physical Security, Change Management, Network Architecture, Event Logging, Vulnerability Monitoring
• PCI DSS; SSAE-16; CSAE 3416
• Interface directly with third party vendors
2013 : 2014
Collabera Inc.
Information Risk Management
2012 : 2013
Downingtown, Pennsylvania
IT Management, Security Account Administration, Security Project Management and Incident Management
SIEMENS HEALTH SERVICES (formerly Shared Medical Systems), Malvern, Pa. 1998-2012
Security & Risk Management
• Performed in an ISO9001 and HIPAA environment
• Served as product administrator for the RSA enVision central logging product.
• Performed log data analysis for firewalls, router and servers.
• Performed third party contract reviews.
• Created processes based upon Security Policies.
• Performed account administration for Active Directory, AS/400 and ACF-2 (Mainframe).
• Conducted Security audit reviews including follow-up resolution.
• Performed administration of RSA SecurID token user accounts.
Host Networking
• Managed 24 hour/365 day operations for the mainframe telecommunications environment.
• Executed all facets of effective Incident Management.
• Responsible for team Change Management processes.
• Monthly analysis of incident root cause to determine trends
• Successfully managed external customer relationships.
• Responsible for administrative tasks for two teams.
• Conducted technology research and evaluation.
• Maintained key vendor relationships including contracts review and price negotiation.
• Involved in the BCP/DR design.
• Maintained department activities within budget.
• Performed continuous Process review and improvement.
• Successfully established a customer facing technical support team.
1998 : 2012
Siemens Health Services
IT Security Analyst / IT Management
Company:
Ellucian
Years of Experience:
26
Skills
Active Directory, Cloud Administration, Cloud Management, Cloud Operations, Cloud Security, Cybersecurity, DNS, Firewalls, Information Security, Integration, IT Management, IT Security Policies, Life Skills, Management, Network Administration, Operating Systems, Personal Development, Project Management, Risk Management, Security, Software Development Life Cycle (SDLC), Software Documentation, TCP/IP, Technical Support, Testing, Work Life Balance
About
Information Technology Professional with knowledge and expertise in IT Management, Security Administration, Incident Management and Business Continuity/Disaster Recovery looking to apply innovative solutions to challenging tasks. Experience in team management with tenure in Fortune 500 companies, as well as small and mid-size entrepreneurial organizations. Combines solid hands-on technical ability with management skills to successfully motivate team members and drive to the successful completion of organizational goals. CISSP certification.
Profile Photo
