SUMMARY:

• Information Assurance | Cybersecurity | Risk Management
• TS/SCI Security Clearance IT Leader with a proven record of achievement delivering strategic vision and astute direction building, managing, and maintaining secure systems.
• Experience encompassing both federal and private sector organizations, developing efficient security programs while delivering technical leadership, addressing complex issues impacting enterprise risk mitigation, and communicating value of security, cultivating a consensus among the executive suite, users, and stakeholders.
• Lead, plan, and conduct initiatives to improve methodologies to assess overall security posture and risk exposure.
• Demonstrated ability to define, develop and implement comprehensive standards, governance and security policies that significantly reduce vulnerability and optimize compliance with federal, state and industry regulations.
• Recognized for capacity to foster positive and highly collaborative partnerships with internal and external cross - functional divisions, bureaus, and agencies.
• Excel at steering day-to-day operations, and overseeing administrative functions along with applying business and management acumen to develop and manage budgets.
• Detail oriented and skilled communicator with experience in conducting research, analyses and formulating recommendations influencing C-Suite decision-making and supporting senior level government leaders.

CORE COMPETENCIES:

• Information Assurance ISCM Project Coordination Risk Assessment/Management/Mitigation
• Vulnerability Management Gap Analysis Privacy Policy & Governance Compliance COR/COTR
• Cloud & Virtualization SDLC Agile Methodology Procurement Program Management
• Internal/External Audits WBS Team Leadership Training & Development Budget Planning & Management
• Supply Chain Management Inter-Agency Collaboration Strategic Partnerships Conference Speaking

PROFESSIONAL EXPERIENCE:

Confidential

Executive Director

Responsibilities:

• Designed and implemented a community cyber awareness campaign on time and within budget.
• Lead, motivate, and develop staff, plan, assign and manage tasks.
• Provide nonprofits and small businesses with cybersecurity assistance and best practice/RMF recommendations; Identify risks and provide recommendations for determining appropriate mitigation techniques or strategies
• Facilitate a curriculum for K-12 teachers, students and parents on safe social media practices, and cyber-dangers.
• Provide training to senior citizens on safe cyber practices, social engineering pitfalls, and protecting their Personal Identifiable information (PII) & financial accounts.

Confidential

Cybersecurity Director

Responsibilities:

• Designed a cohesive ISSO/ISSM program for communication and collaboration of Cybersecurity policies, standards, and practices, ensuring compliance to applicable standards; maintain oversight of 54 ISSMs/ISSOs in the field.
• Managed a multi-million dollar budget, along with major procurement efforts.
• Provided leadership and guidance on customized Risk Management Framework (based on Confidential RMF) to better align with Confidential ’s corporate needs and requirements; manage real-time and continuous monitoring efforts.
• Reengineered the System Development Lifecycle (SDL) within a Waterfall/Agile environment to ensure sufficient cybersecurity gates; prepared and conducted security control testing for new and existing systems.
• Defined and developed a corporate Security Assessment and Authorization (SA&A) process to ensure system accountability; managed the compliance (SA&A) team to ensure accurate security control testing.

Confidential

CISO/Director of Information Security

Responsibilities:

• Worked collaboratively in this highly diverse agency comprised of numerous employees and contractors from foreign countries and different cultures, including those in areas hostile to the U.S.
• Effectively redesigned and implemented a new and highly efficient International Cybersecurity Program and Risk Management Framework (RMF) in alignment with NIST standards.
• Managed third-party risk, business continuity risk, vulnerability management and IT operational risk for owned and operated, on premise, SaaS/Iaas/PaaS environments, and licensee; provide risk acceptance recommendation.
• Steered first agency-wide Computer Security Awareness Training exercise; achieved 99% compliance.
• Successfully mitigated 65% of (legacy) Confidential audit recommendations, avoiding any material weaknesses.
• Successfully led reengineering of legacy environment, moving major applications into a hosted cloud environment.

Confidential

Chief Information Security Officer

Responsibilities:

• Responsible for effectively and efficiently restructuring, redesigning and implementing a new and efficient Confidential Cybersecurity Program, focusing on both cybersecurity defense and resiliency.
• Created Confidential 's first Cybersecurity Compliance, Audit and Policy team (SA&A, policy analysis, auditing, Confidential & Confidential ) and in-house Network Security Operations Center (defense-in-depth and perimeter controls, continuous monitoring, audit logging, incident response team.) Prepared and conducted cyber security control testing.
• Lead SME for team facilitating move to a virtualized (cloud) environment.
• Designed and implemented Confidential audit tracking and mitigation strategy; successfully moved Confidential out of the "red," avoiding any material weaknesses.
• Developed performance measurements, metrics, dashboards and project plans to establish, monitor and audit Security Program objectives and performance goals; development, implementation, and maintenance of cyber security tools; and the monitoring, troubleshooting and management of security risks and strategies.

Confidential

Cybersecurity Chief/ ISSM

Responsibilities:

• Worked collaboratively with cross-functional teams and internal/external stakeholders to ensure system sustainability and continuous improvement; managed cyber security control testing for new and existing applications, systems, and programs.
• Built and developed the first technology-centric security engineering and architecture team as OBIM and led the development and implementation of robust cybersecurity architecture.
• Played a key role as member of the Five Country Conference ( Confidential ) for International Biometric Data Sharing, working collaboratively with international leaders on the design and establishment of polices and solutions for secure international data releases.
• Efficiently oversaw multimillion-dollar IT security budget, including formulating budget requirements, management of procurement, and ensuring adherence to OMB requirements for funding allocation and congressional reporting.