SUMMARY

• Accomplished Information Security Professional and Military Intelligence Veteran with prior Top Secret (TS SCI) Security Clearances offering 13+ years of IT governance, risk and compliance (GRC) assessments, analysis, and project management for information systems security (Infosec). Industry expertise includes government - intelligence, defense, aerospace, private sector- healthcare, communications, financial and professional services. I am a creative and dedicated collaborator experienced in leading dynamic on/off shore teams, business partners and vendors in successfully delivering information security project GRC initiatives, software/infrastructure and solutions for client cyber and information security posture improvements.
• ROI Driven Execution-managed the initiation, approval and execution of my remediation plan to correct deficiencies for HIPAA, PII, PCI, SOX and identity access management (IAM) and MS Active Directory. This plan ensured electronic medical records (EMR) and adopted its supporting processes, procedures and policies were compliant with federal & state standards. As a result of successfully delivering remediated solutions on time, and within budget Aventis Health qualified for receiving a
• Detailed and Focused Accountability-Accountable for auditing and validating Infosec for Kiev Embassy-US Department of State, (USDOS) IDS/IPS and Firewall configurations to prevent outside access to classified environments in compliance with USDOS, FISMA & NIST policies. Achieved a 9% reduction in IAM deficiencies by improving contractor/vendor Infosec compliance by reviewing actual performance against SLA terms & conditions, and instituting a bi-monthly audit and evaluation review procedure to rapidly identify terminated, or reclassified vendors, contractors, and employees ensuring that moves, adds and changes in access both physical and data Infosec processes were immediately executed and assured. (Authorized on USDOS Passport & Security Clearances)
• Determined Problem Solver- Increased accuracy of Infosec reports by 41% and improved meeting deadline reporting timelines 13% to executive management, by designing more time/cost efficient IRIS database input/output data sets, logs, reformatting and customizing reports for a role specific dashboard design. These reports addressed the precise needs of various executive leadership teams, across several stakeholder departments within Kiev Embassy & USDOS.
• Infosec Transformation Evangelist- Improved information systems compliance enterprise wide by 37% by creating and providing automated web-based training programs and certifications for government regulation-National Industrial Security Program Operating Manual (NISPOM) (Raytheon). Increased surveyed performance metrics for Infosec Stakeholder awareness and voluntary compliance by 27% within a multi-project portfolio by managing and delivering creative, intuitive and time- sensitive, classroom, online self-paced Infosec tutorials, webinars and workshops (Pgm IT Inc.)

CORE COMPETENCIES

• Infosec Vulnerability Assessment/Remediation
• Governance: (GRC)-PII, PHI,HIPAA,SOX,PCI,NIST/FISMA
• Incident Risk Mitigation & IP-Asset Management
• Certified International Configuration Manager
• Identity Access Management - IAM Audits/Mgr.
• Certified Information System Quality Assurance Professional
• Infosec Project Management & Awareness Training
• E-Discovery/Electronic Medical Records (EMR) Reviews
• Certified Master Infosec Awareness Technical Trainer

TECHNICAL SKILLS

Technology: Assessed, Audited and/or Utilized

Operating Systems & Platforms: MVS, Unix/AIX, AS400, Windows, Linux, IaaS, and SaaS

Hardware: Mainframes, PCs, Compatibles, Routers/Switches & IVRs

Software: SAP, Oracle, Psoft, RSA Archer, eGRC, Centrify, OneLogin, Workday, MobileLion, SailPoint, CyberArk, Tripwire, Qradar, Imperva, Splunk, Mcafee Epo, MS Office, Captivate, Sharepoint, Scribe, MS Project, Planview, Clarify Smartsheet

PROFESSIONAL EXPERIENCE

Confidential, El Segundo CA

Sr. IS Security Consultant

Responsibilities:

• Lead and supported pre-post sale client engagement project teams to achieve cyber and Infosec regulatory compliance, provided engagement management support to prepare clients for external audits, assisting clients with assessing vulnerabilities, risk assessments, analysis, and mitigation. Managed multi-client project SOWs, including independent reviews of vendor IaaS and SaaS information security applications and tools including auditing IT General Controls, planning and developing strategic remediation for deficiencies, reviewing and writing corporate policies, and creating, implementing, and deploying security awareness education and training programs. Identified opportunities to upsell products and services to clients with integrity.
• Led a team of security professionals to achieve a 27% increase in stakeholder compliance within our multi-project portfolio’s Security Awareness Program. The client-surveyed results demonstrated that our unique customizations and design of role specific, automated, self-paced tutorials, entertaining hosted classroom workshops and webinars, along with expedient content design, elicited a 31% increase in utilization among diverse stakeholder roles. This effort generated broad client interest in the web portal’s educational training tools across the project portfolio for multiple clients. Financial performance bonuses were awarded for exceeding client satisfaction and performance goals.
• Delivered substantial costs savings for project portfolio by championing a comprehensive IT cost reduction program including repeatable processes for efficiently conducting Infosec internal control audits, monitoring and managing vulnerability, risk, incident and multi-vendor management assessments, monitoring and remediation processes, procedures and policies. Saving the multi-client project portfolio $ 321K in redundant vendor software/licensing procurement costs along with significant labor costs savings by eliminating duplicative contractor and vendor tasks, and consolidating information security systems applications and tools including SaaS/IaaS options.

Confidential

Sr. Security Consultant

Responsibilities:

• ROI Driven Execution-managed the initiation, approval and execution of my remediation plan to correct deficiencies for HIPAA, PII, PCI, SOX and identity access management (IAM) and MS Active Directory. This plan ensured electronic medical records (EMR) and its adopted supporting processes, procedures and policies were compliant with federal & state standards. As a result of successfully delivering remediated solutions on time, and within budget Aventis Health qualified for receiving a $ 20,000.000.00 federal grant by the deadline.

Confidential

Technical IS Manager

Responsibilities:

• Detailed and Focused Accountability-Accountable for auditing and validating Infosec for confidential, (USDOS) IDS/IPS and Firewall configurations to prevent outside access to classified environments in compliance with USDOS, FISMA & NIST policies. Achieved a 9% reduction in IAM deficiencies by improving contractor/vendor Infosec compliance by reviewing actual performance against SLA terms & conditions, and instituting a bi-monthly audit and evaluation review procedure to rapidly identify terminated, or reclassified vendors, contractors, and employees ensuring that moves, adds and changes in access both physical and data Infosec processes were immediately executed and assured. (Authorized on USDOS Passport & Security Clearances)
• Determined Problem Solver- Increased accuracy of Infosec reports by 41% and improved meeting deadline reporting timelines 13% to executive management, by designing more time/cost efficient IRIS database input/output data sets, logs, reformatting and customizing reports for a role specific dashboard design. These reports addressed the precise needs of various executive leadership teams, across several stakeholder departments within Kiev Embassy & USDOS.

Confidential

CA Information Assurance Supervisor

Responsibilities:

• Infosec Transformation Evangelist- Improved information systems compliance enterprise wide by 37% by creating and providing automated web-based training programs and certifications for government regulation-National Industrial Security Program Operating Manual (NISPOM)
• Provided Strategic Business Partnerships- Created and managed communication plans for inter-agency rulings, interpretations, and compliance with government regulations. These plans increased attendance and awareness training opportunities at IS Security meeting by Generals and executive managers by 71.5% due to customized revised dashboard reporting. Critical classified information was disseminated at these meetings regarding results of our team’s investigations of violations, DLP, security breaches, and preventive/corrective remediation measures.
• Creative Innovator and Collaborator Revolutionized the User Acceptance Testing (UAT) by hosting strategic and entertaining UAT requirements workshops for #20 separate secret and classified business systems across the CA and nationally, facilitating the most comprehensive updating for a UAT playbook in department history. This effort involved coordinating with 26 offices and several cross-purposed engineering departments nationally. Received recognition for successfully managing the execution of system wide UAT for #20 systems requiring immediate remediation to ensure information quality assurance system and contract compliance with all DoD, NISPOM, FISMA and NIST regulations.