Lead, Governance, Risk And Compliance Resume
SUMMARY:
Governance, Risk Management and Compliance (GRC) Information Security specialist with nearly fifteen years of hands - on consulting and leadership experience. Equally proficient working autonomously or as part of a team to evaluate and apply federal, healthcare, financial, and private industry regulations while ensuring that organizations meet IT security compliance.
SKILL:
Compliance standards and frameworks: RMF, COBIT, Privacy Act, OMB, HSPD-12, FISCAM, DIACAP, STIG, CIS Benchmarks, HIPAA, ITIL, PCI-DSS, SOX, Confidential / A, ISO 27001); IT security; risk management; control mapping; cloud computing IaaS, PaaS, SaaS; client-server; mainframe; assessment/audit planning and response; contingency planning; disaster recovery/COOP planning; privacy impact assessments; continuous monitoring; boundary scoping; organizational policies and procedures; automated vulnerability scanning; mobile device management; identity and access management; data loss prevention; endpoint protection; SCADA; Service Oriented Architecture; data center consolidation; physical security; data and network security/encryption
PROFESSIONAL EXPERIENCE:
Confidential
Lead, Governance, Risk and Compliance
Responsibilities:
- GRC service delivery lead responsible for overseeing and contributing to all phases of Confidential security assessments and advisory tasks. s include: leading and participating in teams of up to five staff produce high-quality (QA/QC) deliverables on-time and within budget; successful completion of more than ten Confidential (cloud) assessment efforts for Confidential 500 and federal clients; developed a federal agency’s common control catalogue and customer responsibility matrix; performed security gap analyses for Confidential 500 IaaS, PaaS and SaaS cloud offerings.
- Other responsibilities: serve as the primary client interface; up to 50% travel; develop and maintain project schedules and budgets; proctor client working sessions; evaluate and develop technical documentation, policies and procedures; and conduct manual and automated technology tests on cloud (AWS, Azure, VMware) and client-server (Windows, Linux, database, web) based systems.
Advisor, Governance, Risk and Compliance
Confidential
Responsibilities:
- Worked with C-level executives and Security PMOs for various federal agencies ( employees) to develop and implement GRC programs in compliance with the Confidential Risk Management Framework.
- Aided in the development of comprehensive risk management and continuous monitoring programs to ensure that: technical documentation, policies and procedures were developed; organizational common controls identified; information system and organizational weaknesses identified; and corrective actions, compliance and audit activities were properly planned for and addressed.
- Aligned solutions with client strategic goals while achieving a pro-active security posture to meet IT security compliance.
Confidential
Program Manager
Responsibilities:
- Established and oversaw security architecture, physical security, and contingency planning requirements related to datacenter relocation efforts to ensure that federal and industry compliance requirements were met. Information System Security Manager for Army Management Staff College contract:
- Performed DIACAP and security gap assessments while assisting in the development of organizational policy and operational procedures.
Confidential
Program Manager
Responsibilities:
- Managed a ten person ISSO/advisory team successfully deliver more than ten Confidential moderate and accreditation packages and provide subject matter expertise to agency stakeholders. Developed security compliance and continuous monitoring framework for the organization to eliminate stovepipes and promote cohesion across various operating divisions. and process improvements resulted in noticeable cost savings and increased work efficiency associated with IT security compliance and continuous monitoring activities.
Confidential
Team Lead
Responsibilities:
- Project Lead for several Treasury, IRS C&A efforts. Managed client interfaces and aided teams achieve 100% agency ATO for more than ten C&A packages.
- Performed advisory services which included documenting agency system security plans, contingency plans, policies, procedures and other technical artifacts.
Confidential
Information Systems Engineer
Responsibilities:
- Developed a comprehensive understanding of the Confidential C&A process, documentation and reporting requirements while successfully leading and contributing to numerous.
- Served as Project Manager for the Confidential frequency modulation database development effort prior to joining Confidential ’s InfoSec group.
Privacy Policy
Resume Categories
- .NET Developers/Architects Resumes
- Java Developers/Architects Resumes
- Informatica Developers/Architects Resumes
- Business Analyst (BA) Resumes
- Quality Assurance (QA) Resumes
- Network and Systems Administrators Resumes
- Help Desk and Support specialists Resumes
- Oracle Developers Resumes
- SAP Resumes
- Web Developer Resumes
- Datawarehousing, ETL, Informatica Resumes
- Business Intelligence, Business Object Resumes
- MainFrame Resumes
- Network Admin Resumes
- Oracle Resumes
- ORACLE DBA Resumes
- Other Resumes
- Peoplesoft Resumes
- Project Manager Resumes
- Quality Assurance Resumes
- Recruiter Resumes
- SAS Resumes
- Sharepoint Resumes
- SQL Developers Resumes
- Technical Writers Resumes
- WebSphere Resumes
- Hot Resumes
