Joe Woods Curriculum Vitae

 

Personal Details

 

  1. Name:  Joe Woods
  2. Experience:  Over 20 years in Information Technology (IT) and Information Security roles.
  3. LinkedIN: http://uk.linkedin.com/in/josephwoods

 

Personal Profile

 

I am an honest, dedicated and hard working team player with a self motivated drive to learn. My aptitude to comprehend new information and keen eye for detail enables a proactive response to changing needs and expectations.

 

Career Aspirations

 

  1. To take on roles with a progressively higher level of responsibility
  2. To be the owner and driver of improvements at a tactical and strategic level
  3. To be able to help organisations identify and manage their risk effectively
  4. To be recognised as a transformational and positive change catalyst

 

Key Skills

 

  1. Communication skills
  2. Attention to detail
  3. Organisational/administrative skills
  4. Presentation skills
  5. Project Management
  6. Interacting with people at different levels
  7. Stake holder management
  8. People / team management
  9. Strong Analytical skills
  1. Information Security (ISO 27001/17799)
  1. Business Continuity and Crisis Management
  2. Personal and Physical Security  
  1. Strong IT Systems Design and Implementation skills ( Unix, Windows, Cisco)
  2. Microsoft Office (Word, Excel, PowerPoint, Access)

 

Career History

 

Information Risk Manager / Information Security

Operational Risk Management - XXXXX, XXXXX, UK

November 2004 – Present

 

Key Achievements

  1. Established and maintained an effective information security framework, ensuring compliance to industry standards, including all UK regulatory and legal requirements (e.g. Data Protection and ISO 27001/17799) leading to a strong risk culture.
  2. Designed and implemented a process within the organisation to classify and manage our assets and information in line with information security standards (Confidentiality, Integrity and Availability), which has ensured that an appropriate level of control is applied based on the value of the asset or information.
  3. Managed and carried out Sarbanes-Oxley (SOX) control testing across the enterprise, this includes definition, testing and reporting of control weaknesses and has helped the enterprise better understand the risks relating to our SOX systems and processes.
  4. Established an information security awareness program for employees utilising a number of techniques to ensure fresh and up to date information is available (Posters, Intranet Messages, Newsletter, Presentations and computer based training). This ensures that a company wide awareness is in place and further enforces the requirements when new or existing processes or systems are implemented or changed.
  5. Designed and implemented the customer security zone on the banking website to provide security advice and information to help them to protect themselves against the growing threat from Internet and Social engineering risks (Phishing, Scams, Antivirus and Antispyware, Firewalls, how to identify the real banking Website). The result is that our customers are better aware of the risks and have information to help reduce the threat, leading to a reduction in fraud and an increase in customer satisfaction.

 

Responsibilities

  1. Carried out regular monitoring and testing of the information security procedures, including management of ethical hack process. (Performing penetration testing, vulnerability assessment and coordinating the annual ethical hack performed by an independent 3rd party)
  2. Managing of risk and control processes (Identification, Confirmation, Analysis, Remediation and mitigating actions reviews) to ensure that risks are managed appropriately (Testing of closed actions, review of acceptance requests)
  3. Testing of system and applications using manual and automated tools to establish if our Control Framework (Local Policies, Security Guidelines, and System Reviews) is in relation to IT implementation. (Technical risk remediation)
  4. Regular risk assessments on information security issues and market trends and developments. Business Impact Assessment (BIA) and IT Risk Assessments (ITRAM) performed to Identify Assets, Impacts, Threats, and Vulnerabilities which will define a plan to reduce or accept risks.
  1. Ensuring that Business Continuity designs and plans are effective and include the correct impact assessments and critical IT component requirements.
  2. Provide oversight and input into the Personal and Physical security plans to ensure that our employees, customers, sites and services are protected to a level appropriate the risk.
  1. Approval of all changes to External Connections (from the company to external parties) to ensure security controls are implemented in line with requirements with a goal to prevent risk or abuse by internal or external parties (Encryption of transport and storage, access control at the user, systems and network layers, segregation of network and systems to prevent “jumping” from one connection to another, etc)
  2. Approval of all changes (Business and IT) to our systems and applications, this involves the reviewing of design documentation, business plans, technical changes and implementation to ensure that security has been thought about throughout the life-cycle, in addition the review will ensure that any risks relating to the change are thought about and mitigated before implementation. (Risk mitigation plans, change to the design/specification in order to reduce Reputation, Financial and business Risk)  
  3. Monitor significant information security problems and incidents. Analyse and report on any information security incidents (Incident detection and recording, classification and initial support, Investigation and diagnosis. Resolution and recovery, Incident closure, Incident ownership, monitoring, tracking and communication), including ensuring that the root cause is established in order to reduce the possibility of the same or similar happening again.
  4. Co-ordinate and authorise changes to user classes and facilitate regular review of user access by the business owners. (Detailed documents defining Role Based Access Control (RBAC) mapping of functions to roles in systems and applications in order to ensure Segregation of Duties across the enterprise)

 

Senior Systems Engineer

Information Technology - XXXXX, XXXXX, UK

January 2003 – October 2004

 

Key Achievements

  1. Working alongside the project team, put in place systems and processes to enable the company to launch in the United Kingdom.
  2. Designed and implemented an IT security incident and vulnerability management (CIRT) process and toolset to allow IT to identify and manage security incidents and vulnerabilities.
  3. Created and defined a process to allow the encryption (PGP) of adhoc files being transferred to external parties. This process has ensured that confidential information is protected when sent outside to approved third parties.
  4. Designed and Implemented an employee Internet cafe in the Reading and Cardiff offices to allow safe Internet use without compromising on the security of our customers and corporate information.

 

Responsibilities

  1. Maintaining all External Connection Documentation (Change management of technical external connections)
  2. Creating and maintaining information security, access control policies and procedures
  3. Acting as the Technical IT gateway for ISO 17799/BS7799 compliance
  4. Performing penetration testing and IT system security assessments
  5. Auditing of systems for vulnerabilities (Missing Patches, invalid configuration, etc)
  6. Firewall administration (Checkpoint Firewall-1 NG/Cisco PIX)
  7. Intrusion Detection administration (ISS RealSecure Site protector)
  8. Managing the Remote Access System (Dial-up and VPN)
  9. Two Factor (Token)  Access Control administration (RSA ACE Server, Cisco ACS Server)
  10. Telecoms administration (Avaya Definity, Avaya CTI, Websphere IVR, Agent, ACD and Huntgroup administration)
  11. Network Administration (TCP/IP, IOS, VLAN, Access Control Lists, IOS Switch)
  12. Server administration (Redhat Linux. Windows Server)
  13. Web Services (IBM HTTP Server, DNS/Bind Name Server, Internet Mail Relay)
  14. Application support (Microsoft ISA Server)
  15. Implementing and maintaining our system and application monitoring services (Big Brother, Solar Winds, MRTG)

 

Systems Lead Engineer

Managed Services – Bluewave, London, UK

August 2002 – November 2002

 

Responsibilities

  1. Managed Services Monthly reports (Bandwidth usage, Server patching, Availability, Security incidents)
  2. Systems architecture design (Network Infrastructure, Server Infrastructure)
  3. Re-design of new Managed Services infrastructure (provide redundancy and growth)
  4. Coordinating ISO 17799/BS7799 Security compliance

 

Solutions Architect

Professional Services EMEA - Vignette, Maidenhead, UK

June 2000 – July 2002

 

Key Achievements

  1. Team technical mentor providing other architects and consultants with help in understanding IT infrastructure design and implementation practices.
  2. Setup an on-site critical situation troubleshooting support practice to enable on-site support for enterprise customers experiencing critical issues affecting production use of our products.

 

Responsibilities

  1. Technical consultancy:  presales (technical resource to show future clients the vignette offering, Proof of Concept design and build), Architecture and Design (Requirements gathering and documentation of architectural design) and implementation (project engineer, coordinating and architect, build engineer) for the following Enterprise clients:
  1. Financial Services: Barclays Bank (UK), LloydsTSB (UK),  UBS Warburg (UK), Societe General (France), ING Post Bank (Holland), Volkswagen Bank (Germany), WestLB Bank (Germany), AMB Generali (Germany), ABSA (South Africa), BSCH (Spain).
  2. Telecom: British Telecom (UK), Nokia (Finland), Skanova (Sweden), Telia (Sweden).
  3. Media: BSkyB (UK), FIFA 2002 (UK), TF-1 (France).
  4. Retail: Diageo/GuinnessUDV (UK).
  5. Transportation: BMW (UK).
  1. Systems administration (Solaris, Windows Server, Windows NT, IBM AIX), Web server administration (Apache/IBM HTTP Server, iPlanet/Netscape, IIS), Java server administration (WebSphere, Web Logic, iPlanet Application Server, Tomcat), Database administration (Oracle, MS SQL Server), Enterprise storage solutions (Network Appliance, Sun Network File System [NFS], IBM Distributed File System [DFS])

 

Network Engineer

EMEA IT - Autodesk, Neuchâtel, Switzerland

April 1999 – May 2000

 

Responsibilities

  1. Managed the worldwide WAN (Frame Relay) and Remote Access Service (Ascend MAX / Nortel Contivity VPN) in 20 EMEA and 30 US sites.
  1. Designed, implemented and documented a VPN Solution within EMEA giving small offices and home office user’s access to the corporate network via secure Internet access. (Replace the existing infrastructure with cost effective alternative using Internet and Cisco IPSEC VPN)
  2. Maintained the Autodesk DMZ network. (Cisco PIX Firewalls, Cisco Routers, Cisco Switches covering VLAN, Access-Lists, Spanning Tree and other cisco security and availability technologies)
  3. Implementation of Bandwidth management technologies. (Packetshaper)
  4. Maintained the Autodesk Internal Network. (Cisco Routers and Catalyst 5500 Switches)

Internet Systems Architect

EMEA IT - Autodesk, Neuchâtel, Switzerland

July 1997 – March 1999

 

Responsibilities

  1. Managed all aspects of customer facing web services, intranet services and employee Internet access. (DNS, Web Servers, Proxy Servers, Sendmail, Routers and Firewalls)
  2. Developed service availability tools to monitor Internet services (Perl, Sed, Awk, Shell scripts).
  3. Perform security audits and take action as required. (Solaris, Windows, Cisco)

 

Information Systems Technical Specialist

EMEA IT - Autodesk, Neuchâtel, Switzerland

February 1996 – June 1997

 

Responsibilities

  1. Working as part of a global team, implemented a worldwide Autodesk Domain across three data centres. (Windows NT Advanced Server PDC in San Fancisco and two BDC’s in Neuchatel and Tokyo) This included the migration from Novell Network 3 to Windows as our primary authentication directory and file services platform.
  2. Managed and Implemented an enterprise based backup system for our Sun Solaris Source Control systems (CVS running on Sun Solaris)
  3. Managed all Sun Solaris, Microsoft Windows NT and Novell NetWare servers across Autodesk (EMEA).

 

Technical Services Specialist

Localisation - Autodesk, Neuchatel, Switzerland

March 1992  – January 1996

 

Key Achievements

  1. Implemented Antivirus, Check-sum and version control tools and procedures for checking media before release to manufacturing.
  2. Developed internal tools to aid the localisation of Autodesk products in C/C++

 

Responsibilities

  1. Message and GUI comparison tools to allow product separation from translated text and graphics. Allowing translators and testers to test and compare strings before end to end integration testing.
  2. Managed the Local Quality Assurance network and file server infrastructure (Sun Solaris, Novell Netware)
  3. Set-up and maintained the Autodesk Localisation ports lab for porting AutoCAD to the following platforms, Sun Solaris, IBM AIX, HP-UX, SGI IRIX, Apple Macintosh with operating systems and applications running in French, German, Italian and Spanish.

 

Quality Control Assistant   Quality Assurance - Autodesk, Guildford, UK

January 1990 – February 1992

 

Responsibilities

  1. Managed production quality checks for media production facilities (Trace/Mountain Duplicators)
  2. Software Quality Assurance of the AutoCAD AEC Architectural Product (AutoLISP)
  3. Development of database to aid in calculating disk/media failure and sample rates (Clipper/dBase)

 

 

Analyst/Programmer and IT Support  Insurance Courier Services, Watford, UK

April 1987 – December 1989

 

Responsibilities

  1. Development of database applications to track customer deliveries and payments
  2. Supporting the business by providing IT Help-desk, IT Server support Novell NetWare) and developing solutions (Dbase).

 

Analyst/Programmer and Client Support  Samson Bond, London, UK

January 1986 – March 1987

 

Responsibilities

  1. Development and maintenance of an accounting and stock control system written in PL/I
  2. Customer support (presales and post sales support)

Training Courses

 

  1. Influencing Skills
  2. Project Management
  3. Customer Satisfaction
  4. Presentation Skills
  5. Time Management
  6. Software Quality Assurance and Testing
  7. Sun Unix System Administration
  8. Windows NT 4.0 Advanced Administration, TCP/IP, Domain Management
  9. Introduction to Cisco Router Configuration
  1. Firewall Management and Configuration Vignette Architecture, Design and Administration   (V3, V/5)
  2. Vignette Template Development (V3, V/5)
  3. Object Orientated Design using UML
  4. Microsoft Exchange 5.5 Administration
  5. Netscape Messaging Server and Collaboration
  6. Lotus Notes 3.1 Administration
  7. C++ Object Orientated Programming

 

Education

 

St Paul's R.C. Secondary School, London

September 1979 - October 1985

 

  1. 6 CSE in English, Maths, History, Computer Studies, R.E., Metalwork
  2. 1 O Level in Computer Science

 

References

 

Will be provided upon request

Will be provided upon request