Information Security And Privacy Officer Resume
4.00/5 (Submit Your Rating)
Albany New, YorK
SUMMARY:
- Confidential is an internationally recognized as an expert in Software and Systems Engineering practices, processes, metrics, testing, risk, program management, process improvement and assessments, audits, standards and quality assurance.
- Confidential is experienced in implementing and managing efforts such as: Medicaid programs such as which include State Level Registry (SLR), Provider, Member/Third Party Liability (TPL), PBM, EPIC and Financials, Confidential, MECT and MITA requirements, HIPPA, Information Security, Privacy and Confidentiality security and privacy controls, HITECH, Confidential 800 - 53, Confidential 800-53A, Confidential 800-30, Confidential SP 800-37, CNSSI 1253, CIS, OWASP, PCI, ICD 503, HL7, ICD 10, FIPS 140-2, FIPS 199, Agile and Sprint methods, ISO 27001/2, SOC1/2 audits, ISO 9001, Capability Maturity Model Integration (CMMI), FISMA, Sarbanes-Oxley, FedRAMP, DIACAP, C&A, DISA STIGs, FARS, SDLC, POA&M's, Information Technology Infrastructure Library (ITIL), Cloud Services, Data Analytics, disaster recovery, Control Objectives for Information Technology (COBIT), DOD 8510, Process Improvement and Metrics, ISO 12207 Standard for Software Life Cycle Processes and ISO 15288 for System Life Cycle Processes.
- Confidential received the Quality Assurance Institute’s (QAI) Lifetime Achievement Award for overall contributions to the Information Technology profession in May 2005. Confidential regularly keynotes at conferences and was the subject of a feature article in Computerworld. Confidential, co-authored with William Perry the past CEO of QAI, the Quantitative Software Testing Assessment Rating (Q*STAR) methodology for measuring the effectiveness of testing.
- Confidential also participates on the Department of Homeland Security’s (DHS) Software Assurance Forum to identify and develop new cyber security standards for Information and Software Assurance.
PROFESSIONAL EXPERIENCE:
Confidential, Albany, New York
Information Security and Privacy Officer
Responsibilities:
- Overseeing compliance to the Confidential by all teaming partners, Cloud Services and Data Centers
- Created policies, procedures and process for security and privacy
- Working with NYS client to create the Privacy Impact Assessment (PIA) for CMS
- Development of Interconnection Security Agreements (ISA) to assure secure encrypted data transfer of PHI/PII
- Overall Incident Response, Unauthorized Exposure and Breach management and reporting
- Developed a Security and Privacy Requirements Traceability Matrix used for reporting purposes
- Compliance auditing of the teaming partners and data centers for the security and privacy controls
- Creating Corrective Action Plans (CAP) to address incidents, breaches as well as audit findings
- Evaluation of POA&Ms as well as compensating security controls to protect PHI/PII
- Third Party Audit reviews of SOC 1 and 2, ISO 27001/2, ISO 9001 and SSAE 16/18 reports
- Assuring adherence to Security and Privacy Service Level Agreements (SLA)
- Reviewing Vulnerability scans Confidential 800-37 and Confidential 30 Risk Assessments
- Overseeing IDS, SIEM, Multifactor Authentication, Identity Assurance, Penetration Testing at Data Centers
- Participated in Agile Sprints, User Stories and Test Case generation for functional requirements
- Developed and conducted training on security, privacy, incident response and safety
- Involved in disaster recovery, CMS certification requirements as well as COOP for Confidential
- Responsible for the physical security of staff at the site facility
Confidential, Columbia, MD
President/Principal Consultant
Responsibilities:
- Provided consulting activities implementing standards and models such as CMMI DEV/ SVC, SCAMPI Appraisals, IS0 20000, ITIL, ISO 9001, ISO 27001 and ISO 14001
- Performed IV&V assessments and testing for Maryland Health Care Exchange (HIX) using HIPAA, HHS, EDI, CMS, and MITA standards
- Created Quality Control Plans, User Acceptance Test (UAT) Plans, Project Management Plans, System Security Plans (SSP), Disaster Recovery, Continuity of Operations Plans, and Quality Assurance Surveillance Plans and acquisition documentation
- Assessed requirements for testability, executed test plans for mobile applications, generated manual and QTP/ALM test cases, created risk-based testing strategies, functional and requirements testing, generated operational scenarios for end-to-end testing, Software as a Service, Agile Sprints, and managing product backlog
- Developed policies, procedures, and security controls in accordance with Confidential 800-53: Security and Privacy Controls for Federal Information Systems and Organizations to include all phases of the system development life cycle (SDLC)
- Developed a comprehensive System Security Plan (SSP) to assess the Contractor’s compliance, including all CMS and HIPAA requirements, as well as establishing internal security controls which included: risk assessments; configuration management, security policies; system and communications protection; personnel security; awareness and training; physical/media/environmental protection; contingency planning; intrusion detection; maintenance; system and information integrity; incident response; identification and authentication; access control; annual compliance audit and Federal Information Security Management Act (FISMA) evaluation, plan of action and milestones; identifying vulnerabilities, accountability and audits; certification assessment and criteria for collection, storage, access, and destruction of information assets
- Utilized CMS MITA Framework 3.0 and Seven Standards to implement security and privacy principles as guidelines for system enhancements across the entire SDLC for the development and testing of several HMO’s and PPO’s
- Developed HIPAA Privacy and Security training briefings for project team and assured compliance via project assessments and audits
- Familiar with federally mandated CAQH Committee on Operating Rules for Information Exchange (CORE) operating rules for eligibility, benefits, electronic remittance, and other claim-related transactions, and with the Affordable Care Act ( Confidential ) Rule, Mandated Certification Process Under Section 1104
- Worked as a Subject Matter Expert at Honeywell Government Systems, now KBRWyle, to support proposal generation for TSA and internal audits.
Confidential, McLean, VA
President/Principal ConsultantResponsibilities:
- Formerly, the Senior Director, Quality Management responsible for the project management and technical oversight of the Independent Verification and Validation (IV&V) practice including staffing as well as profit and loss. Responsible for overseeing implementation of ISO 9001:2008 and CMMI Level 3 for Development as well as CMMI for Services efforts for the company. In addition, responsible for developing proposal responses and technical solutions for the government and public sector client in the areas of quality, testing, IV&V, process improvement and configuration management. Interfaced with our off shore staff in India providing technical support across various time zones.
- Supported numerous federal government and Department of Homeland Security (DHS) clients such as the Federal Emergency Management Agency ( Confidential ), Department of the Interior (DOI) and Customs and Border Protection (CBP) Secure Border Initiative as a subject matter expert in testing, metrics, quality, configuration management and business process re-engineering. Acted as IV&V Program Manager to approve invoices, generating weekly status reports, monthly program reviews, hiring staff as well as interfacing directing with the customer. Confidential was also involved in doing an IV&V end-to-end assessment of the DHS United States Visitor and Immigrant Status Indicator Technology ( Confidential ) program to determine the overall status of the project for the government.
- Supported a Federal Bureau of Investigation (FBI) contract in Washington, DC. as the Quality Manager for the Security Management Information System (SMIS) responsible for establishing processes and procedures to assure quality for integration of over forty new and legacy applications. Other duties include project management oversight of software development and integration efforts; system acceptance testing, risk management assessments; earned value analyses; process and product auditing; requirements analysis; and configuration management. Responsible for assuring contract compliance to standards such as CMMI and the FBI’s Information Technology Life Cycle Management Directive (LCMD).
Confidential, Baltimore, MD
Vice President of Quality Assurance
Responsibilities:
- Responsible for: managing quality processes and procedures; setting metrics; conducting management reviews; setting quality objectives; oversaw quality assurance for projects; internal compliance audits; managing departmental budgets and resources; oversaw recycling efforts; software testing; customer satisfaction; facilitating process improvement; cost estimation for new work; implementing risk management and mitigation; conducting trend and root cause analyses as well as resolving corrective actions. Frequently presented ISO 9001CMMI and ITIL audit findings with recommendations for process improvements to executive management.
- Additionally, contributed to proposals, supported projects, and internal programs such as the Software Engineering Institute (SEI) Capability Maturity Model Integration (CMMI) and Information Technology Infrastructure Library (ITIL) initiatives as well as being certified in quality, testing, program management, and process improvement. Frequently interfaced with top management and staff from other divisions of the company.
- Served as the Program Manager for a CMMI Level 2 certification attained in nine months as well as being responsible for Process and Product Quality Assurance (PPQA) audits and process improvement for ISO 9001 for the company.
Confidential, Rockville, MD
Managing Director
Responsibilities:
- At Amtrak, Confidential led the System and User Acceptance testing for the Amtrak Food and Beverage Point of Sale system. The testing included all aspects of on-board service including: all functionality of the POS devices, end to end testing to include testing of all interfaces to legacy systems, on-board terminal functionality, reporting, and POS functions.
- Served as the Quality Manager on the Departmental Grants Management System (DGMS) at Department of Housing and Urban Development (HUD) responsible for testing the system including designing and developing test processes, plans, cases, procedures and scenarios for testing requirements, stress, verifying the user guide, threads, load, capacity, interfaces with other systems, performance under key operational conditions with Oracle access and the data repository. At the Office of Real Estate Management ( Confidential, responsible for leading a team to develop exemplar models for IT initiatives in support of Clinger-Cohen, OMB and Raines Rules. Created models of effective Business Cases, Project Plans and Work Breakdown Structures (WBS) for activity based costing.
- Responsible for the staffing, establishment of teams and performance of IV&V, System Acceptance and Requirements Verification Testing for the Data Capture and Imaging System supporting the Year 2000 Decennial Census. Duties included: Technical Lead for Independent Verification and Validation (IV&V), System Acceptance Test (SAT) and Requirements Verification Test (RVT) and CMMI Level 3 audits.
- Developed a comprehensive CM strategy including processes that encompassed software, hardware, and documentation change control management.