Gabriel Jimenez

Information Security Leader

CONTACT SUMMARY

562.340.1187 Performance-driven leader with expertise in leading all aspects of a successful Information
Security Program for large enterprises. Proven ability to manage seamless implementations and
gjimenez@cybersp.net deliver next-generation solutions which improve the Availability, Confidentiality, and Integrity
Rialto, CA of an organizations critical data, systems and processes.

EDUCATION WORK EXPERIENCE

BACHELOR’S DEGREE
Informati on Technology
Western Governors Univ.
Graduated - 2021
MASTER’S DEGREE (M.S)
Cybersecurity & Assurance
Western Governors Univ.
Graduated – 2022
MASTER’S DEGREE (MBA)
IT Business Administration
Western Governors Univ.
Expected Graduati on – Feb 2023
CERTIFICATIONS
 CISSP
E x e c u ti v e S e c u r i t y A dv i s o r ( v C I S O ) - C o n s u l t a n t
Cyber Security Professionals LLC | 03/21 – Present (Multi ple Companies: USDM,
Planet9 Security, Enrollment123)
 Accountable for developing sustainable processes to ensure compliance with PCI,
HIPAA, FedRAMP, CCPA and GDPR regulatory requirements.
 Partnered with organizati ons to assist with the alignment of Informati on Security
and Compliance programs with strategic objecti ves and best practi ces.
 Developed several pillars of USDM’s cyber security consulti ng practi ce.
Accountable for working with USDM customers to earn new business, maintain
relati onships with existi ng customers, and providing excepti onal cyber security and
privacy advisory services.
 Responsible for performing informati on security maturity and risk assessments
against the CIS 18 and NIST 800-53 frameworks for customers.
P ea r Th e r a p e u ti c s – P e r m a n e n t E m p l o y e e
Director of Information Security | 06/21 – 07/22

 CRISC  Responsible for the development and oversight of the companies Data Loss
Preventi on (DLP) and Cyber Risk Management Programs.
 CISA
 Accountable for ensuring the company achieved compliance with SOC 2, and
 CISM remained CCPA, GDPR, and HIPAA compliant.

 CEH  Responsible for administering the following technical security soluti ons (DLP, E-
Mail security gateway, GRC, Vulnerability Management, Cloud Security Posture
 CIPP & CIPM (In Progress) Tools, CASB, MDM, EDR, STAT, DAST, and SIEM.
 Worked with the DevSecOps, Development, and Quality Assurance teams to
FRAMEWORKS develop SDLC security requirements that aligned with our policies, standards,
& regulatory requirements and industry best practi ces.
STANDARDS  Authored and trained company personnel on all Informati on Security policies.
 HIPAA

 PCI DSS Security Advisor & Cloud Architect - Consultant

Cincinnati Bell Technology Services (Anthem) | 08/21 – 04/22
 NIST 800-53, 800-171
 Responsible for the development of cloud security assurance program across Azure,
 GDPR GCP and AWS cloud environments.
 ISO 27001  Assisted in the development of security governance and technology focused
guardrails for clouds approved services.
 SOC 2
 Helped drive Netskope IaaS and SaaS integrati on with the implementati on of DLP
 CIS 18 policies and processes to address fi ndings.
 Worked with cross-functi onal teams to develop secure AWS and Azure architecture
soluti ons.
 Gabriel Jimenez
Information Security Leader

WORK EXPERIENCE CONTINUED

Technology WORK EXPERIENCE CONTINUED
Sr. Security Advisor - Consultant
 Netskope (CASB/DLP) L ea d S e| c01/21
Lenovo urity A
– n04/21
alyst - Permanent Employee
 M i me c a s t ( E m a i l )
CalOpti ma | 04/14 – 11/14
 Retained to develop Business Impact Assessment (BIA) and Vendor Risk
Partnered with various
Management healthcare
processes organizati ons
and procedures for to
thebett er understand
organizati on. their criti cal
 Jupiter One (GRC)
business processes to align security controls and policies with the organizati ons security
 Accountable for authoring processes for the company’s BIA and Vendor Risk
 P r o of p o i n t ( E ma i l ) framework, regulatory compliance requirements, and applicable privacy laws.
Management Program.
 M i me c a s t ( E m a i l )  Accountable for results, identi fying gaps by conducti ng focus groups to
 Preformed comprehensive risk assessments of each lab environments (100+).
determine the need for new systems, ti meliness of existi ng systems and the
 Az u r e ( I n f r a s t r u c t u r e ) impact of proposed changes that in turn helped identi fy gaps and prioriti ze
Sr. Security Advisor and Architect - Consultant
 AWS (Infrastructure) initi ati ves.
Cyber Security Professionals LLC | 11/17 – 08/20 Multiple Organizati ons (Taco Bell,
 Union
Apria, Created audit
Bank, procedures to ensure security controls met both legal and
Kaiser)
 GCP (Infrastructure)
regulatory compliance requirements. Audit procedures included but were not
 Partnered with organizati ons to bett er understand their criti cal business processes
 O365 (AIP/DLP) limited to the following audit acti viti es: User access review, system and
to help with the alignment of Informati on Security and Compliance programs with
applicati on hardening, network and fi rewall review, system logging reviews,
 C r ow d S t r i k e ( M a l w a r e ) their strategic objecti ves and industry best practi ces.
Standard Operati ng Procedures (SOP), etc. Implementati on of these procedures
 Authored
allowed documentati
the organizati onon
fortoorganizati
achieve and ons maintain
to establish compliance
HIPPA, with
HITRUST, andIndustry
ISO
 Carbon Black (Malware)
Standards
compliance. such as NIST 800-53, 800-171, SOC 2, etc.
 DataDog (SIEM)  Established an Identi ty and Access Management (IAM) processes and technology

 SumoLogic (SIEM) L ea d (e.g.,

S e c uSSO,
r i t y MFA,
A r ch iPAM,
t e c t -etc.)
P er m a n e n t E m p l o y e e
Panasonic Avionics
 Developed | 07/13 –reference
cloud-based 04/14 architectures and security guardrails for AWS,
 Splunk (SIEM) Azure, and
Responsible GCP.
for the oversight of all technical security controls and maintaining
 K n ow B e 4 ( S e c A w a r e n e s s ) compliance with Sarbanes-Oxley (SOX)
S r . I n f oAutomated
r m a ti o n S all
e c uSOX
r i t y responsibiliti
M a n a g er - es
P e ras
m they
a n e nrelated
t Emplotoy e e
Informati on Security.
 C h e c k P o i n t (N G F W ) Ingram Micro | 03/16 – 10/17
 Worked with internal teams to mature and drive Informati on Security program
 Ci s c o A S A ( F W )  Responsible for the
and audit initi oversight
ati ves and maturity
(i.e. Secure network of the Global
design Informati
reviews, securityonarchitecture
Security &
program which supported over 50K employees, 130+ locati
engineering, PCI/SOX/ISO2700x compliance, Incident Response andons, and 100+
 Qradar (SIEM) applicati
investions.
gati ons, polices, security awareness, change management, Intrusion
 LogRhythm (SIEM)  Preventi
Areas on and Detecti
of responsibiliti on Systems,
es included: Penetrati on
Vulnerability and Vulnerability
Management, testi
Security ng, etc.)
Operati ons,
AFFILIATIONS  Architecture, Identi ty and Access Management, Compliance, Incident Response,
Day-to-day administrati on consisted of tuning SEIM alerts, IPS alerts, incident
Network Security,
response, and
fi rewall Advisory
change services.
review, Malware response and investi gati ons.
 ISC2: OC Chapter  Successful in obtaining full executi ve support for corporate Risk and Vulnerability
Management
Sr. Se programs
c u r i t y S o l u ti o n s A r cwhich
h i t e c tfacilitated
- C o n s u l taa65%
n t decrease in vulnerabiliti es.
 ISACA: OC Chapter
Farenheight
 Achieved IT GDPR,
(Union SOC2,Bank) 10/12
ISO27001, – 07/13
and PCI compliance.
 ISSA: OC Chapter
Responsible for coordinati
 Developed "playbooks"ng,for
planning, and managing
the integrati a data
on of vendor riskcenter fi rewall migrati
assessments, on for
and Mergers
 Toastmasters Unionand
Bank.
Acquisiti ons (M&A) lifecycles.
 IAPP  Responsible for managing the Enterprise fi rewall migrati on projects of
E x e c u tiinfrastructure
ve Security A fi rewalls
dv i s o r from
( v C I SJuniper
O ) - C o(ScreenOS
n s u l t a n t and JUNOS) to CheckPoint Gaia
REFERENCES R75.46. Professionals
Cyber Security Migrati on consisted
| 12/14of– eight02/1621600
(Multifiple rewalls, thousands of rules,
Contracts)
business partner coordinati on and the development
 Responsible for the development and oversight of customers of a detailed migrati
Security on plan.
Architecture,
Available upon request  Incident
Developed Risk Architecture
Response, Engineering,process’s for reviewing
and Compliance the security posture of new
programs.
bank acquisiti ons. This included procedures for review of new organizati
 Created security reference architectures that mapped regulatory complianceons
security policies, vendor access,
standards to produce requirements. security methodologies, and infrastructure
design review.
 Implemented enterprise-scale security soluti ons such as DLP, Web Content
Filtering, E-Mail Security, NGFW, GRC, Vulnerability Management, SIEM, etc.
Gabriel Jimenez
Information Security Leader

WORK EXPERIENCE CONTINUED

D i r e c t o r o f I n f o r m a ti o n S e c u r i t y E n g i n e e r i n g - P e r m a n e n t E m p l o y e e
DirecTV 01/08 – 07/12
 Responsible for the oversight of the Security Engineering team for DirecTV which
consisted of 12 direct reports, over a dozen broadcast centers, hundreds of
satellite offi ces and 60K + employees.
 Responsible for the integrati on, deployment and tuning of all technical security
controls. Team was responsible for reviewing business and functi onal
requirements, HLD’s, Pre-Build designs. Projects included but were not limited to
network and applicati on integrati on, streaming video and 3rd party integrati on.
 Automated a majority of key PCI and SOX responsibiliti es as they related to
Informati on Security. Responsibiliti es included but not limited to the following:
vulnerability assessments, penetrati on testi ng, monitoring and logging, incident
response, fi rewall confi gurati on review, policy and procedure creati on, etc.
 Developed Reference Architecture “play book” for new company acquisiti ons and
DirecTV data centers. Architectures included security controls and processes that
mapped to ISO27001, PCI, SOX and HIPPA requirements.

S r . M a n a g er o f I d en ti t y a n d A c c e s s M a n a g e m e n t - P er m a n e n t E m p l o y e e
Ameriquest & Argent Mortgage 03/03 – 01/07
 Implemented Sun’s Identi ty and Access Management soluti on which supported
user provisioning for close to 10,000 employees across four different Lines of
Business.
 Responsible for developing automati on for user provisioning upon new hire
onboarding, role change, and terminati ons.
 Managed access for over 100 + internal applicati ons.
 Managed and mentored a team of 15 security administrators.

** Additi onal work experience available upon request