Enterprise Systems Engineer

Endpoint Security and Management: Led the migration of all macOS devices to Apple Business Manager (ABM) for centralized management via MDM, transitioning away from manual control. Managed and optimized Kandji, Crowdstrike, and Qualys to effectively control assets, risks, and vulnerabilities. Successfully migrated the MDM platform from JAMF to Kandji, leading all phases of the transition, including Proof of Concept (PoC) development and End-User Acceptance (EUA) testing to ensure a smooth and effective implementation. This included developing and implementing security policies for endpoint devices.

Identity and Access Management (IAM): Successfully integrated the Microsoft 365 tenant with Okta to provide Single Sign-On (SSO) for end-users, enhancing security and user experience. This improved access control and simplified user authentication.

Compliance and Audit: Conducted audits and implemented procedures to align with the new ISO 27001:2022 standards, ensuring organizational security posture and compliance with industry best practices. This included documenting security controls and performing risk assessments and obtaining the recertification after transitioning the standard’ controls to the recent version.

IT Infrastructure Management & Optimization: Managed and optimized critical IT systems, including the Atlassian Suite (including contract negotiation) and Google Workspace (focused on license cost reduction). This involved ensuring system availability, performance, and security.

Identity and Access Management (IAM) Enhancement: Identified and implemented opportunities to improve IAM across multiple platforms, including increasing 2FA adoption to enhance security for all users. Successfully implemented Google Sign-in on Mosyle Fuse for both new and existing machines, further strengthening access control and streamlining user authentication.

Email Security & Threat Mitigation: Migrated DNS and implemented DMARC, SPF, and BIMI domain registries to significantly reduce email spoofing, spam, and phishing attempts, improving overall email security posture and protecting against email-borne threats.

Security Posture Improvement & Vulnerability Management: Proactively identified opportunities to enhance service quality while leveraging existing security tools. Enforced platform security best practices to minimize vulnerabilities and strengthen the organization's overall security posture. This included regular vulnerability scanning and penetration testing. (Added to strengthen the security focus)

SaaS Optimization & Cost Reduction: Optimized the utilization of SaaS services to reduce budgeting costs without compromising security or functionality. This involved reviewing licensing agreements and identifying opportunities for consolidation or optimization.

Data-Driven Security Analysis & Reporting: Developed and maintained continuous Salesforce/PowerBI reports to provide data-driven insights for security decision-making. These reports tracked key security metrics and identified potential risks.

Global IT Security Architecture & Support (Azure Integration): Expanded IT support coverage to the AMER region, providing multi-level support. Developed and implemented best practices to enhance the company's global IT security posture, encompassing incident response procedures, security awareness training, and a robust cloud security architecture within Microsoft Azure. This included defining secure configurations for Azure services and integrating Azure security tools.

IT Service Management & Security Incident Response (Azure Incident Response): Documented and improved the ticketing system (Zendesk), implementing automation to streamline workflows and enhance efficiency. Focused on security-related incident management and tracking, ensuring timely response and mitigation of security incidents, including those involving Azure resources.

Security Budget Optimization & Vendor Risk Management (Azure Vendor Risk): Optimized IT budget and vendor management, aligning expenditures with global security and IT objectives. Evaluated vendor security practices and contractual obligations, particularly for cloud service providers supporting Azure deployments, to minimize risks associated with third-party services. Endpoint Security & Management (AMER) (Azure Integration): Implemented Apple Business Manager (ABM) to improve the security and management of macOS devices. Implemented device configuration profiles and security policies, ensuring alignment with the overall security architecture and integration with Azure-based services where appropriate.

Security Awareness & Training (Azure Security Awareness): Developed and delivered security awareness training programs, focusing on phishing, password security, data protection, and secure use of Azure services, to strengthen the human element of cybersecurity and reduce social engineering risks.

IT Service Delivery & Vendor Management: Led the IT end-user support function, fostering a positive service culture. Managed vendor relationships and service level agreements (SLAs), including negotiating a significant USD $1 million IT equipment leasing contract. Oversaw a team of 10 IT professionals (5 in COL and 5 in MEX), demonstrating leadership and team management skills.

IT Service Management & Ticketing: Implemented and managed the Freshservice ticketing system, improving IT support workflows, incident tracking, and service delivery. This included configuring workflows and automations to improve efficiency.

SaaS & IT Infrastructure Administration: Administered a range of SaaS and IT infrastructure tools, including Google Workspace (managing invoicing and accounts), Freshservice, Teamviewer, Adobe, HelloSign, Apple Business Management, Miro, Zoom (including account administration, license management, and data retention policies), and Box (with a focus on secure administration for the Finance team). This demonstrates experience with diverse platforms and a focus on secure configurations.

IT Asset Management & CMDB: Implemented and maintained a Configuration Management Database (CMDB), incorporating a knowledge base of IT services and platforms to improve asset tracking, incident response, and change management. This is a crucial element of IT governance and security.

Budget Management & Cost Optimization: Managed the budget for SaaS tools, optimizing expenditures and ensuring cost-effectiveness. This included working closely with the finance team on IT procurement strategies and identifying opportunities for cost savings.

Security Posture Enhancement: While managing these systems, prioritized security best practices, including implementing appropriate access controls, data encryption, and vulnerability management strategies to protect organizational data and systems.

IT Service Delivery & Operational Excellence: Improved service level agreements (SLAs) and response times for new hire and exit user equipment configurations, enhancing operational efficiency and user satisfaction. This included streamlining processes and implementing automation where possible to improve service delivery.

Knowledge Management & Collaboration: Increased knowledge sharing of common IT issues and solutions across global teams, fostering a more informed and self-sufficient user base. This involved creating and maintaining knowledge base articles and conducting training sessions.

Secure Remote Access & Business Continuity: Provided critical support during the COVID-19 pandemic, ensuring business continuity and employee productivity by facilitating secure and reliable VPN connections for remote work. This highlights a focus on secure access solutions and business resilience.

IT Infrastructure Optimization: Analyzed IT infrastructure and identified areas for improvement to support remote work and improve overall performance and security. This included evaluating VPN capacity, network bandwidth, and security protocols.

IT Governance & Best Practices: Developed and maintained comprehensive IT documentation to ensure consistent processes and knowledge transfer. Drove the adoption of IT best practices in service management, end-user support, and Configuration Management Database (CMDB) implementation for effective asset control.

Secure Remote Connectivity & Business Continuity: Implemented robust connectivity solutions to support work-from-home arrangements, particularly for the collections area, minimizing downtime and ensuring business continuity. This included establishing clear SLAs for remote support.

IT Service Management & Automation: Led the implementation of Freshservice as the central ticketing and user interaction platform, unifying the knowledge base, improving asset control, and streamlining CMDB administration.

Identity and Access Management (IAM) Leadership: Led and coordinated the implementation of Okta across the organization, making the company a pioneer in adopting this IAM service in Colombia.

COVID-19 IT Strategy & Business Resilience: Led the IT response to the COVID-19 pandemic, ensuring high-quality service delivery to all employees during the transition to remote work.

Collaboration & Communication Platform Management: Administered Google Workspace, including license negotiation and account management. Managed Zoom, including account administration and the implementation of Zoom Meetings Hardware, demonstrating experience with collaboration and communication tools.