Security professional with over 25 years’ experience in various industries working in fast - paced IT & security environments. Maximizing efficiency and Enterprise Security Posture through Confidential Planning and Execution. Aligning Business and IT to obtain optimal results. Embodies the experience of aiding, organizing, and delivery with results. Possesses extensive experience leading cross-functional teams to successful project completion, delivering on time and within budget. Exceptional ability to collaborate and foster interdepartmental relationships.
TRUSTED ADVISOR TO EXECUTIVE MANAGEMENT IN THE FOLLOWING AREAS:
- IT Program/Project Management
- IT and Cyber Security Governance
- Application Security & Operations
- Incident Management & Response
- Enterprise Risk Management
- Audit & Compliance
Confidential, Washington, DC
Sr. Information Security
- Lead and direct the development and maintenance of Confidential ’s IT security policy documentation and annual review procedures.
- Strengthened successful day-to-day business and technical operations by working with Director and VP, Chief Technology Officer, providing advice regarding Security Governance, Risk, and Compliance issues.
- Sparked quality improvements and effectiveness within information security and management of Confidential partners and relationships.
- Assist in the development, improvement, and next generation management of Confidential ’s security systems and maintain compliance with Confidential ’s privacy and security policies and procedures. Interface frequently with peers and management leaders of IT and additional firm departments to achieve compliance and audit objectives.
- Lead and direct sensitive and high priority projects and execute full lifecycle from inception to execution
- Support responses provided to Firm clients regarding client security questionnaires and security posture of the organization as it relates to HIPAA, PCI, NIST, and ISO Security controls.
- Manage and lead the management and tracking of open issues requiring resolution in the form of Plan of Action and Milestones (POAMs) or other reporting mechanisms
- Develop and maintain Security Standard Operating Procedures (SOPs)
- Support security awareness and initiatives at the Firm
- Develop and maintain annual Security Policy review program
- Manage and lead the execution of Disaster Recovery program development, planning, and documentation
- Monitor support and coordinate reporting of security events, incidents, and vulnerabilities
- Lead the effort in mapping internal procedures to company information security policy, and creation of a comprehensive audit methodology and plan annually
- Effectively communicate relevant IT-related information systems are compliant with appropriate corporate policies, industry standards, government regulations, and contractual requirements, when applicable
- Implement solutions and guidelines for adherence to information security frameworks, requirements, direction and system recommendations; General contribution to the information security risk management program
- Create guidelines and remediation plans as a result of audit findings to maintain existing capabilities, provide recommendation and implementation guidance related to security technologies such as encryption, anti-virus software etc. as needed
Confidential, Washington, DC
Manager, Information Security, Risk Management
- Set and lead enterprise corporate security strategy, initiatives, and programs that cover security, security risk management, Governance, Compliance, and Identity & Access Management.
- Ensured continuous management of the IAM program for the overall administration of rights for over 10k+ end users (staff, contracts, vendors, etc.) through project scheduling, resource, and vendor management.
- Monitored work progress of IAM project team members and reviewed findings, recommendations, client requirements, and related testing needed prior to deployment.
- Foster strong communication and Confidential partner relationships with assigned vendor.
- Avoided unnecessary expenses by controlling and monitoring expense of $27.3M per annum budget (operating/capital) for all Information Security expenses, including product purchases Identify and reduce information security risks by performing and/or overseeing performance of periodic risk assessments focused on current/future vulnerabilities.
- Management of 3rd party vendor management and relationships related to information security for the purchase of security tools, review of maintenance contracts/renewals, acquisition of new business, etc.
Confidential, Bowie, MD
- Increase information security compliance posture by performing internal security audits and external security risk assessments following regulations/methodologies, including HIPAA, HITRUST, NIST SP Rev1, & NIST SP Rev4 frameworks, as well as risk management framework.
- Familiar with PCI requirements. Inform executive reporting by reviewing consensus audit guidelines/CIS Critical Security Controls and preparing metrics and performance gap analysis. Contribute to the successful completion of vendor assessments, IT internal audits, risk assessments, and SSAE16 controls.
- Worked with organizational leaders to facilitate solutions that brought acceptable levels of residual risk.
- Identify and reduce information security risks by performing and/or overseeing performance of periodic risk assessments focused on current/future vulnerabilities.
- Mitigate risk by maintaining compliance with company procedures for de-identification of information, HIPAA privacy/security requirements, & other mission critical components.
- Report and regularly deliver Incident Management Program to Security and Compliance Governance Committee and Board and Security Incident review meetings.
- Establish/guide internal Security Incident Response Program while leading the computer security incident response team ( Confidential ) and HIPAA incident/event violations, reporting to senior management.
- Prevent/respond to security violations by leading investigations, preparing reports, conducting post-mortem analyses, and preparing public briefings with PR team.
- Perform security reviews of engineering or technology changes requested from external teams to be used in the corporate environment. Reviews were held on a scheduled bi-weekly basis or as needed to meet the need of the business and to ensure compliance with HIPAA/Hi-Tech/Hi-Trust regulations.
- Lead representative for security on matters related to Change Control process and approvals.
- Assist the security operations teams/engineers with the planning, selection, and deployment of an endpoint detection and response solution; reported on ticket status and updates on issues when in progress.
- Reported and identified gaps between the detection, response, and prevention needed to minimize risk.
- Resolve and document complex security issues including root cause analysis, prevention, and workarounds.
- Lead team in clearly defining, with the customer (internal/external) requirements, deliverables, and timeframes. Escalate issues and make recommendations to resolve them to the appropriate audience.
- Develop, lead, and supported security awareness and initiatives for special interest and high risk groups (i.e. Engineers) and for entire organization. Spearhead security awareness program, including new hire /yearly compliance .
- Guide program management for application pen testing and network pen testing conducted by internal and third party vendors, managing contacts, relationship, review, and remediation of findings.
- Developed and maintained a security risk register
- Track risk and remediation activities to conclusion
- Manage operational team that develops/implements tests of computer systems to monitor effectiveness of security, including SOC2 audit, tabletop exercises, and penetration testing.
- Develop and formalize disaster recovery program for 25 applications of various levels of importance.
Information Security Program Manager & Project Manager
- Realized 7.5% bottom-line savings on $69.9M technology budget by assisting with the development of a comprehensive strategy that included automation, resource cost optimization, contract negotiation, etc.
- Developed, initiated, and executed enterprise programs, including business continuity, disaster recovery planning, final security review, least privilege exercises, penetration testing, VPN, etc.
- Facilitated vendor performance measurement/monitoring by enabling vendor management program office.
- Built and fostered more than 20 Confidential vendor partnerships, ensuring business objectives were met.
- Monitored industry best practices and trends. Developed security requirements for projects/programs
- Coordinated with other stakeholders to facilitate the development of the technology elite program, which defined career progression and leader succession for each resource.
Confidential, Duluth, GA
CEO/Complimentary & Alternative Medicine & Wellness Therapist
- Proved strength in ICD-9 Codes, Current Procedure Terminology, & Healthcare Como Procedure Coding.
- Propelled organization for success by providing mission and vision.
Senior Infrastructure Specialist/Project Manager
- Led information security business office and assisted with operations requirements of 500+ personnel.
- Led by example; established clear expectations, set direction and priorities, kept staff informed of all appropriate information, and delegate at appropriate level.
- Avoided unnecessary expenses by controlling and monitoring expense of $8M per month budget for all Information Assurance expenses, including product purchases.
- Facilitated the development of staff by providing opportunities and support.
- Enhanced performance by supervising and teams of 30+ staff and subcontractors on Special Access Facility requirements for performing server validations.