Roje Hay
Senior Information Security and Cyber Risk Analyst at Clarien Bank Limited- Claim this Profile
Click to upgrade to our gold package
for the full feature experience.
-
English -
Topline Score
Bio
Credentials
-
Become an (ISC)² Certified Secure Software Lifecycle Professional (CSSLP)
LinkedInJan, 2022- Sep, 2024 -
Prepare for the Certified Information Systems Security Professional (CISSP) Exam
LinkedInOct, 2021- Sep, 2024 -
Android App Penetration Testing
LinkedInSep, 2021- Sep, 2024 -
Become a Certified Information Systems Auditor (CISA)
LinkedInSep, 2021- Sep, 2024 -
Implementing the NIST Risk Management Framework
LinkedInAug, 2021- Sep, 2024 -
Security for the SMB: Implementing the NIST Cybersecurity Framework
LinkedInAug, 2021- Sep, 2024 -
Using SABSA to Architect Cloud Security
LinkedInAug, 2021- Sep, 2024 -
Microsoft Certified: Azure Fundamentals
MicrosoftFeb, 2021- Sep, 2024 -
ITIL Foundation Version 3
PeopleCertMar, 2018- Sep, 2024 -
Certified White Hat Hacker Level 1 (CWHH Level1)
Udemy | Cyber Security & Privacy Foundation Pte LtdFeb, 2016- Sep, 2024 -
Certified Information Systems Security Professional (CISSP)
(ISC)²Jan, 2022- Sep, 2024 -
Certified Cloud Security Professional (CCSP)
(ISC)²Oct, 2021- Sep, 2024 -
Certified Data Privacy Solutions Engineer™ (CDPSE™)
ISACAOct, 2020- Sep, 2024 -
Microsoft Certified: DevOps Engineer Expert
MicrosoftMay, 2021- Sep, 2024 -
Microsoft Certified: Azure Administrator Associate
MicrosoftMar, 2021- Sep, 2024 -
Microsoft Certified: Azure Security Engineer Associate
MicrosoftMar, 2021- Sep, 2024 -
CISM
ISACAApr, 2019- Sep, 2024 -
Certified Information Security Manager
ISACAApr, 2019- Sep, 2024 -
CompTIA Security+ ce
CompTIAAug, 2016- Sep, 2024 -
Microsoft Certified: Azure Solutions Architect Expert
MicrosoftJul, 2021- Sep, 2024 -
ISO 22301 Certified Business Continuity Manager (CBCM)
Certified Information SecurityNov, 2017- Sep, 2024 -
ISO 22301 Certified Business Continuity Strategist (CBCS)
Certified Information SecurityOct, 2017- Sep, 2024 -
ISO 31000 Certified Internal Controls Risk Analyst (CICRA)
Certified Information SecuritySep, 2017- Sep, 2024 -
Certified Penetration Testing Engineer
Mile2 Latam -
Project Managment Essentials Certified
Mangement and Strategy Institute
Experience
-
Clarien Bank Limited
-
Bermuda
-
Financial Services
-
100 - 200 Employee
-
Senior Information Security and Cyber Risk Analyst
-
Jul 2021 - Present
-
-
-
National Commercial Bank Jamaica Limited (NCB)
-
Jamaica
-
Financial Services
-
700 & Above Employee
-
Senior IT Security and Risk Management Analyst
-
Jul 2021 - Present
-
-
-
Digicel Group
-
Jamaica
-
Telecommunications
-
700 & Above Employee
-
Senior Security Operations Specialist
-
Feb 2019 - Jul 2021
Review and triage all incidents raised by the SOC and assign it to the appropriate team members for resolution. Ensure proper incident resolution process is followed and completed within SLA. Do final checks on all SOC tickets to determine is additional actions are needed or confirm resolution. Security Operations Maturity Assessment (current state vs desired state), Develop and optimize runbooks/playbooks pre and post security incidents. Track incidents by kill chain phase, measure effectiveness of protection controls, develop and optimize SOP's. Support all markets and business units to improve their overall KPI scores. Continuously improve security operations processes, and tools. Increase security coverage through regular scanning of the network perimeter, newly discovered public facing systems can be assessed and all applicable security monitoring tools put in place to ensure security coverage. Support all markets to improve the remediation of severe vulnerabilities. Ensure that vulnerabilities are re mediated (patched/fixed/exception). Tools: IAM Firewalls SIEM Email Security Gateway IDS DDoS EDR
-
-
-
National Land Agency
-
Government Relations
-
300 - 400 Employee
-
Network Security Specialist
-
Mar 2018 - Feb 2019
Administrate, Monitor and Configure Rapid 7 Insight VM (Nexpose) for Vulnerability Management Administrate, Monitor and Configure Manage Engine Desktop Central for Patch Management and ensure compliance with CIS 20 Security controls. Administrate and configure Fortigate firewall, Fortigate IPSEC VPN, Fireye ETP for email security, Splunk SIEM, Rapid 7 Insight IDR for UBA,SIEM and EDR Manage Carbon Black Defense and IBM Maas 360 for mobile devices Configure Cisco switches and routers Develop Information Security Policies Ensure compliance with Information Security Standards:GDPR, ISO 27001,ISO 22301,PCI Manages Incident Response and Threat Hunting processes and procedures Develop and monitor Business Continuity and Disaster Recovery plans n procedures Monitors Forescout Counteract for Network Access Control
-
-
-
-
Volunteer Computer Technician
-
Aug 2011 - Aug 2018
Repair and Maintenance of Computers in a lab environment Secure Wireless LAN: WPA, WEP and SSID Configure Modems, Routers and Switches Repair and Maintenance of Computers in a lab environment Secure Wireless LAN: WPA, WEP and SSID Configure Modems, Routers and Switches
-
-
-
Office of the Prime Minister of Jamaica
-
Jamaica
-
1 - 100 Employee
-
Technical Support Assistant
-
Jan 2015 - Feb 2018
Achievements Successfully remediated ransomware attacks at two Government Ministries. Successfully supervise installation and configuration of a fibre network between National Works Agency, Office of the Prime Minister and Public Broadcasting Corporation of Jamaica (PBCJ). Successfully supervise upgrade of structured cabling infrastructure project for three locations from CAT 5 to CAT 6 and 6A. Successfully supervise installation of cabinet enclosures for network equipment.Daily Operations. Develop Security Incident Response Plans for various possible attacks (Ransomware, DDos, Credential Compromise and Malware)• Develop Draft Business Continuity Plan for approval, Business Unit Continuity Plan Prioritization Strategy, Business Impact Analysis Framework, and Business Continuity Incident Response Management Guidelines.• Develop Draft Disaster Recovery Impact Analysis Tool, DRP Maturity Scorecard, Severity Definitions and Escalation rules procedures. • Monitor and ensure regulatory compliance such as: ISO 27001, NIST, PCI, GDPR, HIPAA for file server auditing and reporting Security Information and Event Management (SIEM) via Manage Engine Event Log Analyzer and File Audit Plus.• Configure Nessus/OpenVAS/Rapid 7 Nexpose/Fortigate EMS for vulnerabilities• Configure and administer MailMarshal email filter, N-Stalker/Mcafee Site Digger for web application scanning and testing, Fortigate firewall and Fortigate EMS for APT,WAF and DLP• Mcafee File and Removable Media Protection, Mcafee Viruscan Enterprise forStorage: Netapp scanner, Mcafee Data Loss Prevention: Discover• Network monitoring via Manage Engine OpManager, PRTG Network Monitoring solutions for (Switch port, IP address, network and firewall log management) and Spice works for inventory of ICT assets
-
-
Acting MIS Manager
-
Dec 2016 - Feb 2017
Achievements Achieved a doubling of the ICT’s unit budget for the next financial year through collaboration with the Executive Management team and external partners to automate and provide additional ICT services to internal clients. Manage the implementation and successful configuration of the following: SSL VPN, Radius Authentication for staff wireless network and Forti Client Enterprise Management Server Network Access Control and Vulnerability Patch Management solution. Successfully supervise upgrade of structured cabling infrastructure project for eight locations from CAT 5 to CAT 6 and 6A. Expand the reach of the wired and wireless infrastructure by connecting all entrance and exits to the existing network via fibre.
-
-
-
National Environment and Planning Agency
-
Jamaica
-
Environmental Services
-
1 - 100 Employee
-
Intern System Administrator/DBA/Web Master
-
Dec 2013 - Jan 2014
Created user accounts and grant permission to users for AMANDA Application and Permit Tracking system using SQL Server Cable installations, Avaya and Nortel PBX IP phone installations Windows Server Group Policy Updates, Active Directory Management Microsoft Exchange Server Mailbox Configuration Network Inventory with DEKSI Software and documenting procedures Created user accounts and grant permission to users for AMANDA Application and Permit Tracking system using SQL Server Cable installations, Avaya and Nortel PBX IP phone installations Windows Server Group Policy Updates, Active Directory Management Microsoft Exchange Server Mailbox Configuration Network Inventory with DEKSI Software and documenting procedures
-
-
-
Ministry of Agriculture and Fisheries, Jamaica
-
Jamaica
-
Fisheries
-
100 - 200 Employee
-
Intern
-
Jun 2012 - Jun 2012
Compiled a report on the status of MOAF’s Closed User Group Contract with Vendors. Assist in vendor selection process Compiled a report on the status of MOAF’s Closed User Group Contract with Vendors. Assist in vendor selection process
-
-
-
-
Intern/System Administrator
-
Jan 2012 - Jan 2012
Windows Server 2003 Configuration and Administration Internal Audit of the status of ICT Equipment Windows Server 2003 Configuration and Administration Internal Audit of the status of ICT Equipment
-
-
Education
-
Excelsior Community College
Bachelor of Science in Management Information Systems, Enterprise Resource Management, E-Commerce,Advance Computer Networking, Advance Database Management -
Excelsior Community College
Associate of Science in Management Information Systems, Database Management, Oral Communication, Operating Systems Concept, Marketing,Data Communications -
St. Catherine High
High School Diploma