Arthur deAlba
Information Security and Risk Manager

Information Security and Risk Manager

BMC Software

​April 2014 to present

 

Manage the operational, technical and organizational risks associated with the business. This includes but not limited to:

Consulting with service tower leads to convey the overall risk exposure levels to facilitate requisite baseline security requirements.

Manage encryption protocols to protect the business's data and manage authentication and access controls.

Researching new offensive security tactics, techniques, and procedures.

Support corporate risk leadership to review enterprise IT and cyber risks, assess capabilities, prioritize security and risk strategies, and communicate risk intelligence to drive business decision-making.

Drive quantifiable control improvements by working with the audit and compliance teams. This includes working directly with external auditors.

Provide mentorship and technical guidance to junior-level engineers.

Liaise with external partners, agencies, and peers to ensure the organization maintains a strong, proactive security posture; keep senior management advised about information security issues and implications for the company.

​

 

Proficient in information security domains, including policies and standards, risk and control assessments, access controls, technology resiliency, risk and control governance and metrics, incident management, SDLC, vulnerability management and data protection.

​

Security Solutions Architect

Cisco Systems

April 2008 to March 2014

​

Security, operations and project management specialist in several strategic capacities with acquisitions integration, special projects, led planning and execution, post-mortem reviews, and tools training. Managed several projects and efforts related to the company’s Tier 1 customers. Efforts included: project planning support, maintain project tracking repository, technical support, project staffing / resourcing, project process and compliance oversight, and portfolio status report preparation. Executed several security projects including: cloud computing integration, portal security, and security policy review / recommendations.

​

Senior Information Security Consultant

Avanade (Accenture)

January 2001 to April 2008

​

Formulated the national information security policy. Served as subject matter expert for Audit, Security Policy and Solutions, Risk Management and Operation frameworks. Provided pre-sales support including presentation, solution outline, proposal, and staffing requirements customized for each client. Executed several security audits and compliance assessments.

​

Information Security Engineer

Accudata Systems

November 1998 to January 2001

 

Performed several detailed security assessments, review and implementation of LAN and WAN designs for campus and enterprise organizations, designed and implemented a security awareness program. Moreover, served as a security advisor to select clients related to supporting security and technology recommendations and overall security posture.

​

Information Security and Network Administrator

Plains All American Pipeline

​September 1996 to November1998

 

Responsible for day-to-day operational security of in-house systems and remote office security and connectivity. Duties included management of remote dial-in services, account domain and enterprise application access, stability and upgrades of Windows and Unix based systems and backup/disaster recovery operations.