Summary

• Evaluate the enterprise security and business environment - policy, standards, operational procedures, controls, culture, practices, and awareness.
• Determine if the company security objectives and applicable regulatory requirements are being met, tempered wif industry best practice.
• Proactively identify viable threats and existing, exploitable vulnerabilities tan focus on implementing appropriate and cost-effective security solutions that remain wifin budget.
• Provide services to assess and strengtan clients’ internal controls and, in so doing, halp to improve their security posture
• Identify business and technology risks as well as documenting and testing related processes and controls
• Assist wif the design and implementation of processes and controls to achieve business security objectives, risk management and regulatory requirements
• Develop and implement business and IT process, risk and control frameworks, and Governance, Risk and Compliance (GRC) technologies
• Specialize in the harmonization of security controls unifying the collection of evidence for SOX, SSAE-16 SOC 1-2, PCI-DSS, GLBA, HIPAA, HITECH, FISMA, NIST, and NERC CIP.
• Collect evidence once for overlapping audit requirements to streamline the process, increase efficiency, reduce cost, and save valuable time for all the organizations involved. Internal/external audit and security compliance liaison of Information Technology organizations
• Human Resources, Legal, and the Business Units. Services include personality and behavior analysis, assessment and identifying Insider Threat (intentional and unintentional) but also team member strengths, weaknesses, interests and motivations.
• Currently hold 6 active professional security certifications including CISSP, CISM, CISA, CEH, ECSA, Security+, and ITIL Foundations. Actively participate as a volunteer, coordinator, and speaker at regional and national security conferences hosted by ISACA, ISSA, ISC² and EC-Council.

PROFESSIONAL EXPERIENCE

Senior IT Audit Consultant

Confidential

Responsibilities:

• As a Senior IT Audit Consultant wifin the Confidential Internal Audit department, responsible for evaluating the company’s current systems’ internal controls, design and effectiveness (including but not limited to efficiency and security protocols
• Development processes, and IT governance/oversight). Additionally, responsible for the successful completion of assigned audit engagements, inclusive of planning, fieldwork, reporting, and follow-up activities.

Senior Security Assessment Analyst

Confidential

Responsibilities:

• Establish strong working relationships wif third parties, service managers, various business stakeholders and information security officers
• Operate in alignment wif National Institute of Standards and Technology (NIST) Cyber Security Framework
• Perform comprehensive Information Security risk assessments on third-parties, evaluating the enterprise’s security posture across all layers and security domains
• Identify and evaluate risks internally and/or at third parties, controls that mitigate risks, and related opportunities for control improvements
• Leverage existing independent audit reports (e.g., SOC 1 and 2, PCI Compliance, GLBA, HIPAA, etc.) to better ascertain the environment in which Confidential data will be accessed, processed, transmitted and/or stored
• Evaluate risk and rate issues relying on threat landscape and context of service(s) being rendered
• Determine risk acceptance or remediation plans and communicate wif the business and IT organizations
• Establish remediation plans wif vendors to meet Confidential enterprise baseline standards and SOX, PCI, HIPAA and GLBA security compliance requirements (as appropriate)
• Issues Management developing and tracking to completion a Plan of Action and Milestones
• Developed internal control documentation for various business processes.

Senior Audit and Compliance Program Manager

Confidential

Responsibilities:

• Harmonization, simplification, and streamlining of interrelated audit and compliance processes and frameworks (SOX, SSAE 16 SOC 1-2, PCI, HIPAA, HITECH). Internal/External Audit
• Qualified Security Assessor (QSA), and Compliance liaison of Information Technology organizations
• Human Resources, Legal, and Business Units.
• Development of an Enterprise Security Compliance program - unified approach, synchronization of evidence collection, and unified communication of audit control requirements.
• Utilization of security compliance automation tools, techniques, strategies, and the building of organizational alliances. Realization of time and cost savings related to internal audit, external audit (billing), enterprise compliance, and the process owners.
• Managed the corporate Security Awareness Training program.

IT Security Consultant

Confidential

Responsibilities:

• Develop corporate security policy, standards, and operating procedures; evaluate risk and vulnerabilities tan select the most appropriate security architecture and tools.
• This evaluation includes not only external risks but places emphasis on Insider Threat. Evaluation of the work environment to determine the security - culture and posture of a company.
• Utilize both technical and non- technical security tools to monitor, track, report, and appropriately mitigate identified, exploitable vulnerabilities, exposures and applicable threats.
• Develop a unified response plan and standard operating procedures based on the significance and importance of the type of data protected and the business impact of the potential compromise.
• Contractor for Encompass Digital Media, Confidential Confidential, and Dynetics corporations; proposals for Google Analytics (security vendor selection), Halogen Software (Insider Threat non-technical reporting)

Security Risk Consultant

Confidential

Responsibilities:

• Oxford International Contractor - Design and development of the corporate Enterprise Risk Management (ERM) program. Services including risk assessments, reviews, reporting, and security project portfolio management for Confidential
• Performed - network, computer, endpoint, source code, and application system vulnerability evaluation and risk assessments. Risk assessments include analyzing results fromvulnerability scanning, penetration testing, and manual audit analysis.
• Responsibilities also include identifying security gaps, defining the associated risks, determining exploitability, rating and ranking, determining risk mitigation alternatives, cyber security executive management and business owner committee reviews
• Developing action plans, managing and tracking each vulnerability to resolution.

IT Security Infrastructure Design Engineer

Confidential

Responsibilities:

• Insight Global Contractor - Department of Energy (DOE) Pilot Program - design, develop, configure, test, implement and establish the Confidential (TVA) integrated Security Operations Center (iSOC).
• The effort entails the engineering, selection and ordering of network, computer, and appliance hardware and software. Develop vulnerability management, malware protection, change and configuration management plans, security awareness training, and standard security personnel operating procedures.
• Lead contractor for the selection and approval of security tools and vendors which meet the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Version 5 compliance requirements.
• The focus encompasses providing strategic security planning, infrastructure protection, and

IT Security Consultant

Confidential

Responsibilities:

• Design, develop and certify the IT Security Architecture and Infrastructure for Confidential . Selected the most appropriate security vendor solutions to meet stringent US Department of Defense (DoD) MAC III Sensitive requirements.
• Created the IT Security portion of a US Army contract bid for Encompass. Selection of the most fitting and cost-effective security solutions including hardware, software, and services to meet budget limitations and applicable
• DoD security requirements. Adequately protect sensitive DoD data and information resources. Responsibilities included risk management and audit compliance to meet FISMA, FIPS, DIACAP and NIST requirements and industry best practices.Senior Security Compliance Manager at Confidential

Information Assurance Manager / Analyst

Confidential

Responsibilities:

• Network Operations Security Center (NOSC) responsibilities included security technical analysis and incident response using a wide variety of security tools to ensure 24 x 365 protection.
• Supported the Defense Contract Management Agency (DCMA), developed and modified the NOSC operating procedures to obtain and maintain ISO 27001, FSIMA, and DIACAP certification and accreditation.
• Responsibilities included monitoring, identifying, tracking and reporting - vulnerabilities and compliance variances, controlling access, responding and blocking malware and attacks.
• The Agency manages $2.3 trillion of government contracts. My team was responsible for securing the global DCMA computer systems, networks, and sensitive information protecting both classified and unclassified data.

Network Operations Manager / Analyst

Confidential

Responsibilities:

• Managed a team wifin the Defense Information Security Agency (DISA), Global Network Operation Support Center (GNOSC). Supported United States government agencies and branches of the military.
• My team supported the US Government’s global, classified and unclassified voice, video and data networks. Resolve performance and encryption issues, managed and resolved network performance and outage issues.
• Incidents included diverse problems encompassing 27 networks and satellite missions. Utilization of various network analysis and monitoring tools. Developed and maintained network Incident Response and operating procedures.
• Managed resolution of security, outage and performance issues wif telecom companies, network engineers, site communication technicians, transport support and independent service providers.
• Mission was to ensure network security, minimize customer and core network downtime and maintain agreed network performance levels 24x365.

Senior Enterprise Security Program Manager

Confidential

Responsibilities:

• Led a technical team that analyzed and selected security vendors' products and services for the most appropriate and cost-effective solutions for the desktop platform. Designed, developed
• Implemented and managed the Desktop Enterprise Security Management program which also included the development of enterprise security compliance and vulnerability analysis tools.
• Awarded a US Patent (July 2013) for the development of compliance management tools, processes, and methodologies.
• Created the desktop support certification process which ensured deployment of standard security policies and controls. These tools and methods were implemented globally by all (21)
• Service Desk and internal desktop support organizations including employees and external contractors.