Enterprise Systems Engineer

Endpoint Security and Management: Led the migration of all macOS devices to Apple Business Manager (ABM) for centralized management via MDM, transitioning away from manual control. Managed and optimized Kandji, Crowdstrike, and Qualys to effectively control assets, risks, and vulnerabilities. Successfully migrated the MDM platform from JAMF to Kandji, leading all phases of the transition, including Proof of Concept (PoC) development and End-User Acceptance (EUA) testing to ensure a smooth and effective implementation. This included developing and implementing security policies for endpoint devices.

Identity and Access Management (IAM): Successfully integrated the Microsoft 365 tenant with Okta to provide Single Sign-On (SSO) for end-users, enhancing security and user experience. This improved access control and simplified user authentication.

Compliance and Audit: Conducted audits and implemented procedures to align with the new ISO 27001:2022 standards, ensuring organizational security posture and compliance with industry best practices. This included documenting security controls and performing risk assessments and obtaining the recertification after transitioning the standard’ controls to the recent version.

IT Infrastructure Management & Optimization: Managed and optimized critical IT systems, including the Atlassian Suite (including contract negotiation) and Google Workspace (focused on license cost reduction). This involved ensuring system availability, performance, and security.

Identity and Access Management (IAM) Enhancement: Identified and implemented opportunities to improve IAM across multiple platforms, including increasing 2FA adoption to enhance security for all users. Successfully implemented Google Sign-in on Mosyle Fuse for both new and existing machines, further strengthening access control and streamlining user authentication.

Email Security & Threat Mitigation: Migrated DNS and implemented DMARC, SPF, and BIMI domain registries to significantly reduce email spoofing, spam, and phishing attempts, improving overall email security posture and protecting against email-borne threats.

Security Posture Improvement & Vulnerability Management: Proactively identified opportunities to enhance service quality while leveraging existing security tools. Enforced platform security best practices to minimize vulnerabilities and strengthen the organization's overall security posture. This included regular vulnerability scanning and penetration testing. (Added to strengthen the security focus)

SaaS Optimization & Cost Reduction: Optimized the utilization of SaaS services to reduce budgeting costs without compromising security or functionality. This involved reviewing licensing agreements and identifying opportunities for consolidation or optimization.

Data-Driven Security Analysis & Reporting: Developed and maintained continuous Salesforce/PowerBI reports to provide data-driven insights for security decision-making. These reports tracked key security metrics and identified potential risks.

Global IT Security Architecture & Support (Azure Integration): Expanded IT support coverage to the AMER region, providing multi-level support. Developed and implemented best practices to enhance the company's global IT security posture, encompassing incident response procedures, security awareness training, and a robust cloud security architecture within Microsoft Azure. This included defining secure configurations for Azure services and integrating Azure security tools.

IT Service Management & Security Incident Response (Azure Incident Response): Documented and improved the ticketing system (Zendesk), implementing automation to streamline workflows and enhance efficiency. Focused on security-related incident management and tracking, ensuring timely response and mitigation of security incidents, including those involving Azure resources.

Security Budget Optimization & Vendor Risk Management (Azure Vendor Risk): Optimized IT budget and vendor management, aligning expenditures with global security and IT objectives. Evaluated vendor security practices and contractual obligations, particularly for cloud service providers supporting Azure deployments, to minimize risks associated with third-party services. Endpoint Security & Management (AMER) (Azure Integration): Implemented Apple Business Manager (ABM) to improve the security and management of macOS devices. Implemented device configuration profiles and security policies, ensuring alignment with the overall security architecture and integration with Azure-based services where appropriate.

Security Awareness & Training (Azure Security Awareness): Developed and delivered security awareness training programs, focusing on phishing, password security, data protection, and secure use of Azure services, to strengthen the human element of cybersecurity and reduce social engineering risks.

IT Service Delivery & Vendor Management: Led the IT end-user support function, fostering a positive service culture. Managed vendor relationships and service level agreements (SLAs), including negotiating a significant USD $1 million IT equipment leasing contract. Oversaw a team of 10 IT professionals (5 in COL and 5 in MEX), demonstrating leadership and team management skills.

IT Service Management & Ticketing: Implemented and managed the Freshservice ticketing system, improving IT support workflows, incident tracking, and service delivery. This included configuring workflows and automations to improve efficiency.

SaaS & IT Infrastructure Administration: Administered a range of SaaS and IT infrastructure tools, including Google Workspace (managing invoicing and accounts), Freshservice, Teamviewer, Adobe, HelloSign, Apple Business Management, Miro, Zoom (including account administration, license management, and data retention policies), and Box (with a focus on secure administration for the Finance team). This demonstrates experience with diverse platforms and a focus on secure configurations.

IT Asset Management & CMDB: Implemented and maintained a Configuration Management Database (CMDB), incorporating a knowledge base of IT services and platforms to improve asset tracking, incident response, and change management. This is a crucial element of IT governance and security.

Budget Management & Cost Optimization: Managed the budget for SaaS tools, optimizing expenditures and ensuring cost-effectiveness. This included working closely with the finance team on IT procurement strategies and identifying opportunities for cost savings.

Security Posture Enhancement: While managing these systems, prioritized security best practices, including implementing appropriate access controls, data encryption, and vulnerability management strategies to protect organizational data and systems.

IT Service Delivery & Operational Excellence: Improved service level agreements (SLAs) and response times for new hire and exit user equipment configurations, enhancing operational efficiency and user satisfaction. This included streamlining processes and implementing automation where possible to improve service delivery.

Knowledge Management & Collaboration: Increased knowledge sharing of common IT issues and solutions across global teams, fostering a more informed and self-sufficient user base. This involved creating and maintaining knowledge base articles and conducting training sessions.

Secure Remote Access & Business Continuity: Provided critical support during the COVID-19 pandemic, ensuring business continuity and employee productivity by facilitating secure and reliable VPN connections for remote work. This highlights a focus on secure access solutions and business resilience.

IT Infrastructure Optimization: Analyzed IT infrastructure and identified areas for improvement to support remote work and improve overall performance and security. This included evaluating VPN capacity, network bandwidth, and security protocols.

IT Governance & Best Practices: Developed and maintained comprehensive IT documentation to ensure consistent processes and knowledge transfer. Drove the adoption of IT best practices in service management, end-user support, and Configuration Management Database (CMDB) implementation for effective asset control.

Secure Remote Connectivity & Business Continuity: Implemented robust connectivity solutions to support work-from-home arrangements, particularly for the collections area, minimizing downtime and ensuring business continuity. This included establishing clear SLAs for remote support.

IT Service Management & Automation: Led the implementation of Freshservice as the central ticketing and user interaction platform, unifying the knowledge base, improving asset control, and streamlining CMDB administration.

Identity and Access Management (IAM) Leadership: Led and coordinated the implementation of Okta across the organization, making the company a pioneer in adopting this IAM service in Colombia.

COVID-19 IT Strategy & Business Resilience: Led the IT response to the COVID-19 pandemic, ensuring high-quality service delivery to all employees during the transition to remote work.

Collaboration & Communication Platform Management: Administered Google Workspace, including license negotiation and account management. Managed Zoom, including account administration and the implementation of Zoom Meetings Hardware, demonstrating experience with collaboration and communication tools.

IT Project & Process Management: Managed IT projects and procedures, focusing on optimizing delivery times and maintaining comprehensive documentation. This included a focus on documenting architectural designs and implementation plans.

Team Leadership & Mentorship: Led and mentored a team of five individuals, assigning tasks and fostering professional development. This leadership experience translates to an ability to guide and collaborate with technical teams on architecture implementation. Cloud Architecture & Monitoring: Led the implementation and proof-of-concept testing of cloud monitoring tools, demonstrating experience with cloud-based infrastructure and a focus on observability and performance. This is directly relevant to cloud architecture management.

Vendor & Contract Management: Maintained strong business relationships with vendors, verifying contracts and ensuring service level agreements are met. This includes evaluating vendor security posture and compliance with architectural requirements. IT Architecture Governance: Developed and maintained IT architecture documentation, including diagrams, standards, and best practices. This ensures consistency and alignment across IT projects and initiatives, contributing to effective architecture governance.

Identity and Access Management (IAM) Administration & Governance (Azure Integration):Administered end-user access and permissions through Okta and Active Directory, ensuring secure authentication and authorization. Leveraged Azure Active Directory for cloud-based identity management and integration with on-premises systems. Contributed to the development and implementation of IAM policies and procedures, including those specific to Azure resources.

IT Infrastructure Project Management & Architecture Implementation (Azure Focus): Successfully managed the IT relocation of all BOG offices, achieving high user satisfaction. This demonstrates project management skills relevant to implementing architectural changes and deploying new infrastructure, including potentially migrating some services to Azure.

IT Service Delivery & User Support (Azure Support): Provided comprehensive IT support, addressing daily tasks and requirements. Focused on reducing SLA times and increasing user satisfaction. This included supporting users accessing Azure-based applications and services.

Knowledge Management & Security Awareness (Azure Security Best Practices): Implemented best practices for knowledge sharing, improving self-service capabilities and reducing support requests. Developed and maintained documentation for security procedures and best practices, including those specific to Azure security.

Vendor & SLA Management & Security Assessment (Azure Vendor Management): Coordinated with vendors and managed SLAs, ensuring timely and effective service delivery. Evaluated vendor security practices, including those providing Azure-related services, and incorporated security requirements into contracts.

Cybersecurity Awareness Training & Education (Azure Security Awareness): Implemented and promoted cybersecurity awareness training programs, including specific training on Azure security best practices, to strengthen the organization's security posture and reduce risk.

IT Service Delivery & User Support: Provided comprehensive IT support to end-users, projects, and clients, addressing daily tasks and requirements. Focused on reducing SLA times and increasing user satisfaction.

Endpoint Management & OS Deployment: Improved best practices for deploying OS images to machines, streamlining the process and enhancing efficiency. This contributes to consistent and secure endpoint configurations.

Collaboration & Development Platform Administration: Administered Atlassian tools (Jira, Confluence, Bitbucket), managing user permissions and access approvals to ensure secure access to development and collaboration resources.

Unified Communications & VoIP: Coordinated and configured VoIP services for end-users, managing their access to communication tools and ensuring reliable service.

Identity and Access Management (IAM): Performed Active Directory tasks, including onboarding and offboarding processes, ensuring proper access provisioning and deprovisioning across multiple synced tools. This highlights experience with core IAM functions.

IT Process Improvement & Automation: Identified and implemented opportunities to automate routine IT tasks, such as OS deployments and user onboarding/offboarding, to further improve efficiency and reduce manual effort.

IT Support & Service Delivery: Provided end-user support at Diageo Colombia as a third-party service provider, resolving technical issues and fulfilling service requests.

Endpoint Optimization & Productivity Enhancement: Increased user productivity by optimizing the Windows main image, addressing common issues and streamlining daily tasks. This included evaluating and implementing software and configuration changes.

Secure Wireless Network Implementation: Implemented an open-wide Wi-Fi network for end-users at Diageo's office, reducing mobile data charges while maintaining secure access. This involved considering network security protocols and access controls.

Identity and Access Management (IAM): Coordinated and verified end-user access and permissions through Active Directory services, including Microsoft 365, ensuring proper access provisioning and deprovisioning. Citrix Infrastructure Management: Administered Citrix services, including thin client terminals, and managed the relocation of Global Diageo Business Services within the Bogotá office. This demonstrates experience with virtualized desktop infrastructure.

IT Service Management & CMDB Administration: Managed ServiceNow and conducted regular audits of SLAs and assets in the CMDB as part of ITIL adoption procedures in the LATAM region. This highlights a focus on IT governance and asset management. Security Best Practices Implementation: Implemented security best practices across the supported systems and services, including access controls, patch management, and security awareness training, to protect organizational data and systems.