OBJECTIVE:

• I want to use my deep knowledge of technical issues & regulatory compliance to create, enhance and extend business value for my employer. Having spent the better part of 30 years in the technical issues & regulatory compliance trenches, I want to begin bringing my vast knowledge to bear on larger, more complex business problems.

PROFESSIONAL EXPERIENCE:

Confidential

Consultant

Responsibilities:

• Act as the Lead Privacy Project Manager/SME for the project
• Created CCPA - GDPR crosswalk matrix
• Created a cohesive CCPA & GDPR privacy program
• Reviewed and modified current policies & procedures
• Created missing privacy policies and procedures
• Tested the policies, procedures, processes and methodologies against the requirements set forth in the CCPA and GDPR requirements
• Used both NIST and ISO-27001 frameworks
• Trained appropriate staff on the privacy program

Confidential

Responsibilities:

• Project work focusing on compliance
• Created processes, policies & methodologies for countering audio and video Deep Fake Technology attacks
• Assisted clients such as Pango, Pikolinos and Sabor Tropical in developing PCI programs, methodologies, documentation and test plans related to critical infrastructure protection
• Created CCPA, PCI, ADA, GDPR and HIPAA regulatory compliance programs and trained multiple staff
• Created policies/procedures for pertaining to PCI & HIPAA security
• Developed policies/procedures for Network & Security Operations Centers (NOC/SOC)
• Updated an international bank’s AML/CFT program to include using the latest technology on an Enterprise wide basis in lieu of multiple local levels
• Streamlined the AML/CFT response programs for 314(a) requests, subpoena’s etc
• Created AML/CFT programs for bank’s staff

Confidential - Houston, TX

Responsibilities:

• Directly led and implemented execution of the regulatory compliance business operations
• Assist clients in developing compliance strategies and multi-year implementation and remediation programs based on business priorities and risks
• Advise clients in developing and tailoring of approaches, methods and tools to support compliance programs and initiatives using existing compliance programs such as SOX, HIPAA, IoT, OSHA, GLBA etc
• Lead, manage and collaborate in the development of the company’s Center of Excellence for regulatory compliance
• Conducted SOC1 & SOC2 assessments to include SOC report generation.
• Manage and execute client engagements across the project lifecycle - strategy, design, implementation and managed services for regulatory based compliance solutions
• Operate across both technical and management leadership capacities
• Remain current on industry trends in cyber risk with industry standards and regulatory requirements (e.g., NERC CIP, NERC PRC, FERC)
• Work collaboratively with executive team and stakeholders to create programs using an Lean Six Sigma (LSS) approach
• Create data migration program from physical data center to cloud storage
• Present and obtain buy-in for overarching compliance strategies from Executive Leadership
• Build solid, trust-based relationships with client stakeholders
• Work collaboratively with the client to identify and solve key constraints, risks and issues
• Developed quality and meaningful deliverables that suit specific client needs
• Developed Physical Security Threat Assessment programs for multiple clients
• Conducted on-site threat assessments of power generation stations, transmission sub-stations, switchyards and nuclear facilities
• Designed and implemented NPIR for nuclear facilities
• Communicate with clients in an organized and knowledgeable manner
• Demonstrate flexibility in prioritizing and completing tasks
• Coordinate/manage compliance projects across multiple verticals and contracts
• Built business in multiple verticals of Government, Commercial and Financial industries to include Sarbanes-Oxley, CCPA, OSHA, HIPAA, PCI, PIDX, FISMA, GDPR and others
• Conducted regulatory compliance presentations and workshops
• Demonstrated experience in defining and deploying regulatory compliance strategies and programs for large and complex organizations
• Strong expertise in the following areas:
• Risk Management
• Compliance strategy
• Safety
• Corrective Action Plans (CAP)
• Compliance program management and delivery
• CIP Auditor

Confidential - Houston, TX

Responsibilities:

• Acted as the PMO Process/Deployment Lead for the PG&E CIP, version 5 development program
• Communicate with FERC, NERC and Regional Reliability Organizations such as WECC, RFC, SERC, TRE etc for specific guidance, daily
• Created various Facility Ratings Methodologies required by FAC-008 for GO & TO registered entities
• Analyze regulatory compliance Standards and Requirements for NERC, HIPAA, PCI DSS, AML/CFT, SOX, ADA, HITECH, NIST and others so that they can be properly cross-walked into other ongoing compliance efforts
• Created full CIP Programs for more than 30 clients
• Created the only NERC approved CIP, version 5, Auditors program
• Created multiple NERC approved CEH programs to include GO/GOP/TO/TOP/DP/LSE/BA/RC/TSP 693 Auditor and CIP Infrastructure Design
• Designed / Re-designed 6 data centers totaling more than 900,000 megawatts of control
• Designed and implemented multiple EMP detection and reporting programs
• Member of the NERC Standards Development Team (SDT)
• Consulted with clients in more than 120 audits (NERC, HIPAA, PCI DSS, SOX) without a single financial penalty
• Created test plans for various station and sub-station equipment such as batteries, CT’s, PT’s, breakers (air & pneumatic) etc
• Worked with organizations such as PG&E, Upwind Solutions, e.On, TransAlta, BP, Algonquin Power & Hydro-Quebec to determine the SCADA requirements for their control rooms/centers
• Created logical boundaries via one-line diagrams determining the various registered entity owners of step-up transformers, Special Protection Systems (SPS), Power System Stabilizers (PSS) etc.
• Created HIPAA (Privacy & Security), NERC (693 & 706), PCI DSS compliance programs
• Created multiple monitoring programs for ERCOT entities registered as a QSE
• Created NPIR’s for facilities in TRE, WECC, RFC and NPCC
• Design custom PRC-005 Testing Methodologies with MS Excel Matrices in order to properly evaluate existing controls and measures
• Design Control Matrices which document the current nature of a corporation’s governance environment
• Instruct management personnel on how to design effective processes and controls
• Worked with Schlumberger and Baker-Hughes to ensure their compliance programs with the PIDX were current within the upstream and downstream markets
• Created multiple and audit programs for companies such as National Grid, PG&E, Trans Canada and others
• Created multiple Blackstart programs under EOP-008 and EOP-009
• Created and conducted multiple AURORA assessment programs
• Workshop for a functional SDLC process for achieving business objectives within accepted IT Business Standards
• Train clients and regulatory authority staff with interpretations as a NERC Continuing practitioner
• Recommend Standards and Requirement adjustments to NERC and RE’s
• Authored Policies and Procedures with management input and approval
• Documented Business Processes from an “As-Is” perspective
• Designed and Implemented comprehensive Testing Methodology according to Control Activities and Measures
• Created procedures/assumptions for establishing Capacity Benefit Margin (CBM) for each Available Transfer Capability (ATC) Path and/or Flowgate
• Made numerous strategic recommendations and designed strategies for upper management as needed.
• Coordinated database and network security upgrades to meet NERC Compliance minimums
• Worked with numerous renewable organizations such as PG&E, Upwind Solutions, Oklahoma Gas & Electric, TransAlta, e.On, Algonquin Power, Enbridge Energy, Hydro-Quebec, Hydro-One, BP Wind, EDPR and many others

Confidential - Houston, TX

Senior Manager

Responsibilities:

• Created Security Policies and Procedures using CoBIT and best practices
• Created existing corporate policy cross-walk with HIPAA, Sarbanes-Oxley and G-L-B rules.
• Created RFI for a Security Awareness program
• Created several cost-savings plans for the IT department (Phone, Electric, Network Infrastructure & Outsourcing Services)
• Headed the Cyber Security Vulnerability Assessment project

Confidential - Chicago, IL

D irector of Global Network Security

Responsibilities:

• Responsible for securing and maintaining the Sonet (OC1, OC 3 & OC12) LAN/WAN integrity at the 19 remote U.S. locations as well as the 4 Mexican and 1 Chinese locations.
• Designed and maintained B2B project plans for clients via Tibco ActiveExchange and ActivePortal.
• Used LoadRunner’s web transaction breakdown monitor to split end-to-end transaction response times.
• Designed and implemented a new, fully secured Frame Cloud with MCI. Responsible for maintaining the data storage facilities for the 49 members of the SAP R/3 team.
• Responsible for designing and implementing the Voice Over IP communications using Cisco routers with TripWire for Routers for the Juarez and Tijuana Mexico sites as well as the China, Germany and Swedish sites.

Confidential - Chicago, IL

Cyber Security Manager

Responsibilities:

• Provide HIPAA Security compliance direction and recommendations.
• Approve of draft HIPAA compliance documentation.
• Work directly with Legal Counsel to create HIPAA policies and procedures.
• Chairperson of the 34 member HIPAA Privacy/Security Action Group (P/SAG).
• Defined our clients business functions.
• Created and implemented ISACA approved project plans
• Created and performed gap analysis and mock audits.
• Conducted JAD Sessions.

Confidential - San Francisco, CA

Security Operations Center Manager

Responsibilities:

• Designed VPN’s for remote dedicated clients.
• Designed and implemented the RAS server configurations.
• Managed the 21 technicians and their Windows ‘95 rollout of 2300 users.
• Assisted in the design of the POP sites.
• Responsible for the set up and design of the network’s customer service department (75 people), Security Operations Center (16 people) and the Network Operations Center (14 people), hiring and technicians (31 people), setup remote monitoring and recording software.