James Anthony Mariano, CISSP

IT Security Manager and Data Privacy Advocate

Philadelphia, Pennsylvania, United States

About

I'm energetic and hard working; quick-learning and action oriented; a people person who's fearless in flying solo. I have experience in a multitude of professional outlets, from customer-facing retail to tech support. My ideal job is one that continues to offer professional challenges and stimulate personal growth—ideally, one set in a professional environment that's not afraid to think and operate with creativity and innovation.

Experience

  • NBME (Full-time · 7 yrs)
    • Information Technology Security Manager
      Jun 2024 - Present · 2 yrs 1 mo

      Leader in protecting the confidentiality, availability, and integrity of high-quality assessments for healthcare professionals.

    • Senior Information Security Analyst
      Oct 2021 - Jun 2024 · 2 yrs 9 mos

    • Information Security Analyst
      Jul 2019 - Oct 2021 · 2 yrs 4 mos

      Supporting various IT security projects including: • Security incident and event management (SIEM) • Endpoint detection and response (EDR) • Identity and access management (IAM) • Incident response • Security training and awareness • Policy and process development

  • Technology Consultant at Protiviti
    Sep 2018 - Jul 2019 · 11 mos

    • Worked with others in performing internal audits, assessments, and vendor reviews based on frameworks and control lists such as NIST CSF, HIPAA, PCI DSS, and SANS Critical Security Controls. Tasks included interviewing key personnel, documentation/policy reviews, framework cross-mapping, and report writing. Additionally, a customized questionnaire was developed for a global client based based on various frameworks to help support a better implementation of security controls. • Performed vulnerability assessments, both internal and external, using tools such as Nessus and Qualys. Analyzed results for false-positives and reported findings to clients based on risk. Assessments were performed both remotely and on-site when required. • Crafted social-engineering scenarios for clients to evaluate the security awareness of their employees. Tasks included registering domains and SSL certificates, creating phishing websites to capture credentials, composing and delivering e-mail messages with unique identifiers to track the actions of the recipients, and reporting the findings to the client. Additionally, PowerPoint slides were created for some clients to assist in better training employees. • Assisted with penetration testing through reconnaissance work, social engineering, vulnerability scanning with manual verification on findings such as cross-site scripting, and password guessing.

  • IT Support Technician at University of Pennsylvania
    Sep 2017 - Sep 2018 · 1 yr 1 mo

  • Security and Privacy Consultant at Protiviti
    Sep 2016 - Mar 2017 · 7 mos

  • IT Technician at Drexel University
    Feb 2016 - Jul 2016 · 6 mos

    • Prepare computers and workstations for the Office of Institutional Advancement • Facilitate basic troubleshooting service for a team of 115 people • Collaborate with IT team in organizing and managing imventory