John Sisco

Background

About John Sisco

Highly motivated Information Security Advisor, Assurance and Audit professional with great analytical skills to identify risks and help mitigate/reduce vulnerabilities. Excellent customer focus and problem solving skills for technology issues. Notable success in a broad range of corporate IT Risk initiatives while participating in the planning and implementation of IT Risk solutions in direct support of business objectives with 23 years of experience in a broad range of technologies. Ability to use sound judgment, and use critical thinking to help resolve security issues and drive constant improvement in the IT Risk Governance space while still being balanced on the needs of the end users and support staff. I have ability to act as a liaison with technical support,engineering teams, and upper management. I can help bridge the gaps that exists with Information Risk Managers and IT Support/Engineering staff by being able to apply technical expertise and understanding to help translate issues between the groups to help create controls and mitigate risks that are effective yet reasonable. This comes from being in the role of a custodian of information systems and being a Information Risk Manager as well. Experience:Network, and Desktop Administration, Business Continuity, IT Disaster Recovery Planning, IT Project Management, User Acceptance Testing, Work Flow & Process Flow Improvement, Technical Writing for DR Plans, Vulnerability Management, and Risk Assessment, and IT Security Policy and Standards. Data Protection (End Point Security, System Hardening: Server & Workstation). Application Security Assessments, IT Audits, FFIEC Compliance. Secure Access Remediation to enforce least privilege at the application level, platform level for both server and workstation and database levels. Communication Skills: Public Speaking-Presentation, Writing for policy,standards,procedures and BC/ DR Plans. Certification: CISA,CRISC,CISM,MCP, Security +, CNA, A+, and Network +