DOMINIC ALI

As the Director of Information Security, I initiate and implement an information security program by reviewing information security needs, priorities, and opportunities. I direct the security strategy, risk management, vulnerability assessments, and change management to prevent and remediate system issues while reinforcing security policies using leading security technologies. Additionally, I administrate various systems and solutions to monitor and enhance security posture to align with business objectives, increasing overall productivity and boosting daily operations. I deliver strategic leadership in information security compliance programs such as PCI, COBIT, ISO 27001, NIST CSF, and others to achieve security objectives and enhance client services. Moreover, I serve on the governance board by setting the IT goal, monitoring operations, and deciding on IT investments, pricing, and product strategies.

I have worked as a Sr. IT Program Manager, progressively enhancing performance, IT operations, and security by developing, preparing, and monitoring the IT budget across CapEx and OpEx vectors for multiple Microsoft programs. I utilize a business intelligence data-driven methodology to analyze and determine the standard distribution of low, medium, high, and critical service levels. In addition, I enforce a three-sigma policy based on standard deviation, trend-spotting scatterplots, and correlation-finding matrices. I introduce a multi-year IT plan with definitive goals and key performance metrics to guarantee alignment of our strategy, goals and objectives, mission, and vision. Flourish strong connections with executive management, board leadership, and other stakeholders to fully grasp the organization's IT needs and strategic direction while remaining aligned with business goals. Finally, I undertake service governance and apply metrics to services to track performance against KPIs and OLAs, deliver information security services within agreed-upon service standards with customers and dependent IT teams, and negotiate Service Level Agreements (SLAs).

Key Achievements:
✓ Improved program processes by Defining, Measuring, and Analyzing (DMAIC) complex problems using the Lean Six Sigma methodology, eliminating over 17% waste across production critical policies and     procedures.
✓ Operated as a Security Officer, offering guidance on information security and risk management, maintaining safety and security.

At Microsoft, I assumed the position of the key point of contact for major and interrelated IT projects on several rapidly expanding programs conveying project needs and scope to all stakeholders. I handled daily activities, project timelines, presentations, deliverables, security-related documentation, risk analysis, and IT governance for all workflows.
I also oversaw the entire project lifecycle and operations for the IT service management system integration; this included hiring and managing IT staff to support multiple programs (remote and onsite), building and implementing an Information security management system, and engaging all departments to develop ITSM workflows. I integrated and arranged the programs' transition from outsourced vendor hardware solutions to an in-house asset management shipping and receiving department. In addition, I restructured ITSM security workflows to comply with ITIL and ISO 27001 governance frameworks. Finally, I leveraged my technical acumen to initiate project integrations and migrations for VolP, MFA, ITSM, and 3rd party software solutions for multiple programs.

Key Achievements:
✓ Acquired ISO 27001 certification by proposing, implementing, and managing the ISO 27001 information security management system and performed quarterly and annual evidence-based audits.
✓ Developed, implemented, and managed an IT Service Management system functioning across several programs and departments such as IT Support, Asset Management, IT Systems, Client Engagement, Human Resources, Knowledge Management, and more.

As an IT Supervisor for Change Healthcare, I fostered a culture of dependable relationships, excellent customer service, and constant progress in directing IT initiatives. I successfully managed, trained, and hired a team of 17+ IT professionals. Additionally, I developed dependable relationships with key stakeholders by traveling to corporate acquisitions and collaborating with other departments to create IT plans aligned with business objectives. Further, I evaluated current systems and identified areas of improvement while recommending new technologies to improve efficiency. I also coordinated with external vendors and internal departments for system improvements, upgrades, and installations. As part of my role, I also developed detailed reports utilizing data from multiple systems to identify areas of opportunity for process improvement, scheduled regular maintenance on all IT systems, and monitored performance using automated tools. Finally, I defined, documented, and implemented all information security procedures to ensure the confidentiality, integrity, and availability of sensitive data.

Key Achievements:
✓ Led a team of 17+ IT professionals to support 2500+ onsite and remote users across 6 locations.
✓ Reduced service desk ticket volume by 27% within the first six months.
☆ Mentored, coached, and influenced a positive career culture for junior staff. Provided tools and guidance to excel in their desired fields.

As the security administrator, I developed and enforced security policies to ensure compliance with federal regulations. In addition, I Coordinated incident response efforts in the event of a security breach. Also, I monitored network activity for signs of intrusion, responded accordingly, and conducted regular audits of systems and networks to identify vulnerabilities. Further, I created user awareness training programs to educate employees on proper security. Lastly, I performed regular backups of systems and data to minimize the impact of security incidents.

In my capacity as the application security engineer, I developed and led the implementation of multiple in-depth security audits that uncovered vulnerabilities and led to improved security protocols. I published comprehensive security reports detailing findings and recommendations to various stakeholders. In addition, I collaborated with IT and engineering teams to investigate and resolve incidents, including analyzing log data, packet captures, and system configurations. Finally, I established and maintained relationships with key vendors to ensure the timely resolution of security incidents.

Key Achievement:
✓ Successfully reduced the number of application vulnerabilities by 23% over a 6 month period

As a Lead Infrastructure Engineer, I was accountable for engineers installing and upgrading desktop operating systems, troubleshooting hardware and software issues, deploying desktop images, managing Active Directory user accounts, groups, and computer objects, and training tier I and II service desk agents on IT hardware and software processes and standards. In addition, I was responsible for ensuring the organization's physical assets were well-maintained and adequately utilized. This includes developing and implementing policies and procedures related to asset management, conducting regular audits of assets, and working with other departments to ensure that all assets are accounted for and used efficiently and effectively.
Additionally, I assisted admins with other IT projects as needed. This position required deep knowledge of security policies, the ability to work independently and as part of a team, and strong analytical and problem-solving skills, which led to my promotion to Application Security Engineer.

Key Achievement:
✓ Researched and developed a supply chain to refresh and streamline the deployment of 2000+ hardware kits to seasonal medical coders in less than four weeks, resulting in quarterly savings of $103,000. The chain consisted of but was not limited to, vendor management, client tracking (SaaS), hardware imaging, calculated boxing dimensions, color-coated hardware packaging, preventative maintenance, and documentation such as AUPs, instructions (QR Codes), and support.