TECHNICAL KNOWLEDGE:

Xacta Web Security Certification & Accreditation Tool

CSAM Certification & Accreditation Tool

WebInspect Vulnerability Assessment Tool

RSA Archer Security Center

NESSUS eEye Digital Security Retina Vulnerability Assessment Tool

IBM BigFix - Patch and Vulnerability Management Tool

ArcSight Confidential Auditing Logging Tool

PROFESSIONAL EXPERIENCE:

Confidential, Washington, DC

Information System Security Officer

Responsibilities:

• Developing and implementing Confidential - wide security policies and procedures
• Managing corporate-wide IT security awareness training programs
• Develop Confidential ’s PCI-DSS audit policies and procedures
• Manage a team of project managers responsible change and configuration management activities for all of Confidential
• Oversee the development of new learning content for Confidential ’s Incident Response Program
• Manage the development and dissemination of Security tips and security compliance campaigns
• Manage a team of Security Help Desk Professionals
• Prepare executive level presentations detailing Confidential ’s IT security posture from a compliance (PCI-DSS and SCADA) standpoint
• Manage Confidential ’s IT Litigation Hold requests
• Create and manage Confidential ’s Privacy Program
• Create and manage Confidential ’s Data Governance Program

Confidential, Reston, VA

ISO27001 Internal Audit Consultant

Responsibilities:

• Assessing the clients internal business function to determine what is in or out of scope of the ISO27001 Audit
• Assess the security risks for key/essential internal and external business processes.
• Identify and assess the security controls used to secure key/essential business processes
• Develop a risk remediation plan for all identified risks within key/essential business processes

Confidential

Information Assurance Specialist

Responsibilities:

• I also perform Security Test and Evaluations for all Confidential systems.
• I am responsible for conducting audits on each Confidential system in support of the Certification and Accreditation efforts. I also developed the following security artifacts
• Deliverables include: Risk Assessments; IT Controls Assessments; System Security Plans; Contingency Plans; NIST 800-60 Data Types Report; FIPS 199 Reports; e-Authentication Reports; Security Test and Evaluation Reports; Contingency Plan Test Results and Findings; Privacy Threshold Agreements; Privacy Impact Assessments; System of Records Notice; Configuration Management Plans; Incident Response Plans; and Plan of Action and Milestone Reports.
• I also conducted software assessments of two products to assist Confidential with Patch and Vulnerability Management.

Confidential

Information System Security Officer

Responsibilities:

• In this role I was responsible for assisting the Federal Information System Security Officer for the Office of Financial Stability create an information technology security program for a new federal agency that was developed to manage bail-out funds to banks and American industry.
• I was responsible for defining and assisting with the deployment of IT user roles, review OFS IT System audit logs, develop IT security policies and procedures, developing security awareness training, and developing IT access control tools via a custom developed SharePoint Tool.
• I attended meetings and strategy sessions that shaped the security posture of the newly formed organization.
• I also advised OFS technical teams on security related issues at OFS Change Control Board meetings.
• I also assisted OFS developers with building secure application code by conducting readiness reviews and sitting through test initiatives.
• I also was responsible for conducting audits on each OFS production application or system in support of the OFS Certification and Accreditation efforts.
• I also developed the following security artifacts for OFS: Risk Assessments; IT Controls Assessments; System Security Plans; Contingency Plans; NIST 800-60 Data Types Report; FIPS 199 Reports; e-Authentication Reports; Security Test and Evaluation Reports; Contingency Plan Test Results and Findings; Configuration Management Plans; Incident Response Plans; and Plan of Action and Milestone Reports.

Confidential, Arlington, VA

Operations and Maintenance Security Manager

Responsibilities:

• I provided IT Security expertise to the Department of Homeland Security (DHS) in support of their Operations and Maintenance efforts.
• I also provided Executive Leadership in managing Accenture’s Security Operations Team, which is a mini Security Operations Command Center for the high-profile DHS/US - Visit program. In this role, I was responsible for managing the following security processes and procedures; system hardening, monitoring, audit and logging, PKI and secure token management, network access support via Active Directory, ensure operational compliance with DHS Directives, vulnerability assessment management, patch management, security policy review, secure code reviews, Confidential planning and management, and other security support tasks for the largest biometric repository in the world.

Confidential, Washington, DC

Security Manager

Responsibilities:

• In this role I provide IT Security expertise to the Veterans Administration Executive Leadership Team for the entire continuum of security certification and accreditation activities.
• I plan, design/build, and implement security controls that properly align government standards with the VA’s security requirements and directives.
• I also work with the VA’s Risk Management Team to support the Risk Assessment auditing process and provide risk assessment analysis reports provided to management.
• I work with the VA Executive Team to develop and deliver the Application Security Plan used as the essential part of the Certification and Accreditation process for Automated Information Systems.
• I work closely with the Independent Auditing Team to support the Security Test & Evaluation phase of the VA security certification process.
• I am also responsible for providing support to the Certification Agent (application security expertise) in the form of answers to questions to assist in the facilitation of their independent assessment.
• I have also been tasked with working with the VA Executive Team to evaluate the results of all audits.
• My tasks also include; providing a plan of action and milestones to address all security related issues generated by the ST&E audit, assessing responses to the VA security findings that present an unacceptable level of risk for the Client (the level of effort will depend on certification results), respond to questions related from persons conducting data sensitivity analysis, coordinate all security related initiatives throughout each phase of system testing, and effectively leverage the experience and system knowledge of the assigned resources to carry out my duties.

Confidential, Rockville, MD

Sr. Consultant

Responsibilities:

• I have been asked to assist Confidential with preparation for their year 2 SOX compliance initiative.
• My primary role is to evaluate Confidential ’ IT internal controls for both operational and design effectiveness.
• I am responsible for assisting Confidential ’ IT Management identify and augment all controls identified as not being designed effectively or operating effectively.

Confidential, Harrisburg, PA

Sr. Consultant

Responsibilities:

• I have been asked to assist Confidential with preparation for their SOX compliance initiative.
• My primary role is to evaluate Confidential ’ IT internal controls for both operational and design effectiveness.
• I am responsible for assisting Confidential ’ IT Management identify and augment all controls identified as not being designed effectively or operating effectively.

Confidential, Mt. Laurel, NJ

Audit Team Lead

Responsibilities:

• I have been asked to lead a testing initiative of Confidential ’s information Technology internal controls for several operational areas.
• As the lead auditor, my primary responsibilities include coordinating all audit activities for each operational area, coordinating testing efforts with the key stakeholders within Confidential, coordinating and managing the evidence receipt process, developing the reporting framework for each operational area evaluated, and debriefing each evaluated operational area’s senior management team with all of the findings/exceptions found.

Confidential

External Auditor

Responsibilities:

• I have been asked to lead a team of auditors to review several operational divisions of the Confidential .
• As the lead auditor, my primary responsibilities include coordinating all audit activities at each operational division, coordinating my team’s efforts with the key stakeholders within each evaluated division, coordinating and managing the evidence receipt process, developing the reporting framework for each operational division evaluated, and debriefing each evaluated operational division’s senior management team with all of the findings/exceptions found.
• I also coordinate and oversee the work performed by Ernst & Young Staff assigned to each operational division evaluated.

Confidential

Senior Consultant

Responsibilities:

• I have been tasked with assisting Confidential prepare themselves for their external audit by testing key ERP controls in their North Carolina Data Centers.
• By conducting site assessments, data research, and client interviews I helped Tyco assess vulnerability point within their two data centers.
• I developed and executed test scripts and reported my findings to Confidential Senior Management Team.

Confidential

Senior Consultant

Responsibilities:

• I was asked to leverage my Sarbanes-Oxley knowledge and experience to assist Protiviti’s client with remediation testing on their AS400 system.
• In this role I was responsible for conducting and documenting client interviews, discussing with the client potential risks and vulnerabilities that existed within their IT environment that supports the generation of financials, and retesting previously tested controls and documenting the results.