SUMMARY

• Experienced professional Information technology, with specialized experience working with clients to define and develop security approaches.
• Known for ability to act as a liaison between technical and non - technical individuals. value by helping to achieve a secure environment.
• Known for completing as manager information security to provide recommendations for improvement and work with clients to achieve their cyber security goals. Also known for providing leadership to the company and team.

TECHNICAL SKILLS

• Cyber Risk Management
• Strategy Planning
• Budget Management
• PMP
• NIST CSF
• HIPAA
• HITRUST
• FFIEC
• NYDFS/NAIC
• CCPA
• COBIT
• ITIL
• ISO
• CMMC certified
• EU - GDPR

PROFESSIONAL EXPERIENCE

Confidential, ohio

Cybersecurity Consultant

Responsibilities:

• As a consultant worked on updating policy and procedures for confidential including working with the Cybersecurity Maturity Modell Certification (CMMC).
• Wrote policies and procedures based on NIST 800-171, NIST-53 for disaster recovery, contingency planning, Incident response planning. Asset Management, Access Control.
• Worked on confidential CMMC model and developed policies and procedures based on CUI.
• Worked with the team inputting the policies into a template format.
• Developed Policy and procedures and document processes.

Confidential

Manager

Responsibilities:

• Review and evaluate organization business continuity and disaster recovery processes to determine effectiveness of Business continuity planning and Disaster Recovery processes. After the evaluation was completed, we provided recommendations and roadmap on how to improve capabilities of how to recover from business disruptions and disasters. The recommendations may include the need for testing the plan on an annual basis, documentation and establishing runbooks to help the technical team in the future or use for training other members of the team.
• Perform physical security review to determine if appropriate controls are in place to protect the workplace environment and the information being maintained. Provided recommendations based on industry practices, such as how to improve the physical environment where servers are maintained, recommendations included frequency of testing plans and what type of security measures we see as most effective.
• Improved policy, procedures and standards for leading healthcare client. Reviewed the policies, identified gaps in policies, procedures and standards. Working with the client our team reviewed the policies, and procedures and wrote new policies and procedures in a concise and clear manner. The main objective was to write the documents so the workforce could follow and comply. This included working sessions and workshops with the client over a period. Client attested that we improved over 70% of the existing policies that were outdated and had not been improved in 7 years.
• Technology company had limited insight on their current cyber security capabilities. Performed assessment based on NIST CSF assessment. Our assessment included conducting interviews of key stakeholders, reviewed documents to identify areas where improvements could be made. Our deliverables included current maturity level and the roadmap provided a target state with recommendations to achieve the next level.
• A leading financial organization required an assessment of their current cyber capability based on FFIEC. Reviewed the organization current state, assessed areas where opportunity needed improving and provided recommendations to remediation, this may have included improving processes with concise procedures outlining the steps for workforce to follow, implementing the use of lessons learned after examination is completed by federal regulators.

Confidential

INFORMATION SECURITY ANALYST

Responsibilities:

• Improved overall employee awareness, performed new hire awareness training orientation improving awareness by 98% approval rating using a metric to measure employee retention.
• Developed awareness and training campaigns utilizing different methods of learning, including posters, short video snippets on monitors throughout the facility.
• Managed and inventoried identified risks discovered during assessments and worked to reduce risk items and managed a risk registry.

Confidential

It manager and data security officer

Responsibilities:

• Directed the information technology team responsible for storage and handling of highly sensitive information. Scheduled team to ensure that processes where being maintained to protect critical information and met with leadership to provide direction on policy, procedures and standards that were required to maintain security of HIV and STD data
• Reviewed the annual budget and provided estimates on technology needed to maintain a high level of dependability for network systems. Reviewed the privacy HIPAA laws to ensure information was protected based on those HIPAA laws.
• Worked with the team and hands on with developing and providing security awareness training and conducted the training for all MDCH employees improving awareness by 85% by using campaigns over a period of years utilizing training tools and gaming methods to educate employees.
• Developed policy, procedures and standards and reviewed HIPAA policies on an annual basis to determine if any changes were required and if changes were needed to either policy or procedures.
• Managed network system team and engineers handling the infrastructure storing the sensitive data. Responsibilities included implementing security measures to ensure confidentiality, availability and integrity of data was maintained
• Managed IT network, systems and routers including all communications between MDCH and SEMHA.
• Supported the HIV and STD users including workstations, PC’s, laptops and all devices.
• Performed risk assessments of the information system to ensure protective measures are appropriate.
• Developed disaster recovery, contingency planning, and incident response planning.
• Implemented a strategic plan to secure information to ensure integrity, confidentiality, and availability of sensitive information.