SUMMARY:

• Cyber Security, Information Security, Risk Management
• As a thorough leader, consensus builder, and an integrator of people and processes I drive security compliance initiatives while remaining flexible to changing directives and customer requirements.
• Plans and develops enterprise - wide information security strategies, researches and advises on potential threats and respective remediation strategies, vendor solutions and management, logical and physical security initiatives.
• Leads the development, testing, implementation and sustainment of security strategies. Keeps senior management, business peers and all stakeholders informed on threats, vulnerabilities, and action plans to minimize or mitigate threats.
• Successful track record of developing and maintaining solid security postures within the healthcare industry, R&D, financial, manufacturing, software development, and SCRUM/AGILE environments, health and human services, and military commands.
• Liaison to Federal, State and Government Agency audit personnel and security representatives ensuring compliance mandates are address, mission objectives are attained and clearly communicated.
• Extensive experience planning, implementing and managing comprehensive industrial and cyber security programs under the DIACAP/RMF, NISPOM, Confidential 800 series, HIPAA/HITECH/HITRUST, INFOSEC, PCI-DSS, FISMA, OWASP, ISO 2700x series, SSAE16, SOX, GLBA, EU Data Security and Privacy Acts, and FFIEC guidelines.
• Significant experience developing and delivery of concise, motivating, adult security awareness programs.
• Conducts internal audits and internal incident investigations in a professional and confidential manner.
• Manages multiple projects and activities while remaining flexible to rapidly changing environments and requirements.
• Track-record and ownership of periodic internal and independent 3rd party audits assessing identified and managed risks ensuring compliance with multiple mandates and directives.
• Extensive experience applying risk management, classification management, access controls, and cybersecurity methodologies.
• Developed, tested and managed disaster recovery, incident response and continuity of operations plans.
• Solid understanding of system and software life-cycles, change management, change control, and document control.
• Skillful in identifying risk and potential threats, developing mitigating strategies, contingency and disaster recovery plans.
• Excellent written and verbal communication skills.
• Significant experience developing and delivery of concise, motivating, adult security training and awareness programs.
• Conducts internal audits and internal incident investigations in a professional and confidential manner.
• Manages multiple projects and activities while remaining flexible to rapidly changing environments and requirements.
• Extensive experience evangelizing and implementing risk management methodologies, conducting business impact assessments, and data classification management programs.

EXPERIENCE:

Confidential

Senior Manager - Cyber Security

Responsibilities:

• Responsible for managing the end-to-end processes, and developing policies, standards and Standard Operating Procedures (SOPs) in the areas of cyber data governance, risk and verification, cyber awareness and training, and cyber policy/standards/standard operating procedures.
• Embraces opportunities and develops strategies to bridge existing gaps and process improvement while aligning with subject matter experts (SMEs) and strategic goals. Drafted multiple procedural documents, identified mitigating strategies, and worked closely with the Confidential Global IT Compliance teams.

Confidential

Lead Security Architect

Responsibilities:

• Assessed the security posture of systems and software applications critical to Petco operations and strategic initiatives.
• Participated in change management assessing potential risks and threats for impact to current operations, driving root-cause analysis and remediation. Initiated and evangelized adoption of the Confidential cyber and risk management posture ensuring appropriate controls were addressed.
• This approach contributed to meeting audit requirements essential in certification and accreditation of Petco networks.

Confidential

Sr. Information Security Consultant

Responsibilities:

• I assessed the security posture conducting a gap analysis of current policies and procedure participating in BIA assessments identifying threats and potential risks.
• Based on the data value and ROI, effective remediation and/or mitigating strategies were documented and presented to the Confidential executives.
• Collaborating with team leaders, policies and procedures were updated, drafted and communicated.
• Standards were vetted and training programs implemented and presented to engineering teams, software development leads, and the legal/compliance departments in an understandable or common language.

Confidential

Sr. Information Security Engineer

Responsibilities:

• I developed innovative strategies for meeting the Confidential RMF transition program respective to information security, certification and assurance.
• I researched, interpreted and consolidated RMF policies, requirements, architectures, and standards for appraisal and vetting by the Confidential Information Assurance Technical Authority.
• I demonstrated excellent communications skills, authored sections or entire draft policies and procedures, and contributed to formal presentations.

Confidential

Sr. Information Security Consultant

Responsibilities:

• As a senior cybersecurity engineer I provided consulting services executing the Confidential DCAO (Data Consolidation Application Optimization) transition program.
• I conducted risk assessments, physical penetration tests, applied security technical implementation guides, and ensured appropriate security controls were implemented assuring data and assets were appropriately safeguarded.
• Incident response and disaster recovery plans were evaluated and edited accordingly, network architectures assessed, PII, PHI, and PCI compliance certified, and the feasibility analysis of the SDLC executed.
• Implemented and supported cybersecurity initiatives under the Confidential 800-53 Risk Management Framework, 800-66 HIPAA Security Rule, ISO Series, and the DoD Information Assurance Certification and Accreditation Program (DIACAP) for small and globally recognized organizations.

Confidential

CSO/CISO and Information Security Officer

Responsibilities:

• I provided guidance, planning, execution, oversight and sustainment of public-facing healthcare industry case management systems, applications, and websites.
• While remaining flexible to rapidly changing environments, I applied an innovative, successful approach from both a corporate strategic level and a functional practitioner.
• Technical, administrative, logical and physical security controls were efficient, assets and sensitive data protected, and a sound security reputation maintained.
• While working cross-functionally and shoulder-to-shoulder with system administrators and software development teams, customers and vendors, risks and vulnerabilities were managed, mitigated and/or remediated, and the adverse impact of a loss or compromise of critical and sensitive information and valued assets abated.
• Security awareness training and education and audit programs were delivered sustaining the corporate security posture. I lead strategic security initiatives, conducted periodic security audits, and implemented effective and reasonable policies and practices ensuring sensitive data, systems and networks were compliant with relevant legislation and legal mandates.
• In an Agile environment and throughout the system and software development lifecycles, I participated in SCRUM meetings as a chicken and stakeholder ensuring compliance factors were designed into the product specifications.
• Applying a clear understanding of mission needs for government and commercial healthcare systems, medical case management systems, and the development and engagement of in-home health care management tools, I effectively managed strategic programs and initiatives.
• I identified and contributed to successful mitigating and/or remediation strategies for cyber risks, and preventing aggregation of vulnerabilities ensuring the confidentiality, integrity and availability (privacy and security) of protected health information and personally identifiable information.
• During my tenure I developed successful and productive customer and vendor relationships by providing concrete leadership, sound guidance and maintaining a flexible and collaborative approach.
• Customer satisfaction evidenced in commendations for exceeding customer expectations and meeting fast-tracked deadlines.