SUMMARY

• 13 + years’ experience performing cybersecurity, governance, risk, and compliance work
• Extensive cybersecurity knowledge/competencies and credentials
• Broad industry sector functional experience
• Excellent oral and written communication skills
• Personal characteristics - Honest, critical thinker, planner, reliable, adaptable, team player
• Areas of interest/Study - Data Privacy and Protection, GDPR, Internet of Things, Risk Management, PCI, Cyber Resilience

PROFESSIONAL EXPERIENCE:

Confidential, Herndon, VA

Cyber Security Consultant

Responsibilities:

• Subject Matter Expert providing support services for PayPal Enterprise Risk and Compliance standardization initiative
• Evolved PayPal’s independent technical processes and controls supporting high-priority Business Units and Products into a standards-based Enterprise Framework derived from Cobit 5 and ISO27001
• Cybersecurity champion for GE Digital’s Predix Industrial Cloud hardening and FedRAMP compliance initiative
• Conducted risk, cybersecurity, and privacy assessments of supply chain organizations and vendor IT products/services procured for integration with GE’s Predix Industrial Cloud infrastructure and services
• Performed supplier/vendor contractual reviews and risk management assurance activities
• Performed risk identification and evaluation activities for operational and technical security controls supporting Predix Industrial Cloud Data Centers in the U.S., U.K., and China
• Engineered and authored GE Digital Data Center Security Standard
• Key contributor to Gilead Sciences Information Security Risk Management program development initiative
• Developed and engineered enterprise cybersecurity policies and IT system minimum security baselines (MSBs)
• Conducted third party application/software security assessments and designed a repeatable security assessment process for use by the cybersecurity organization
• Identification, evaluation, registration and tracking of application/software security risks
• Engineered secure application usage, data protection, and privacy guidelines for Gilead Sciences enterprise users
• Performed comprehensive cybersecurity risk assessment of VISA’s Core Transaction Processing ecosystem (including credit authorization and clearing & settlement processes)
• Conducted cyber and information security risk and compliance assessments encompassing all VISA business segments
• Performed security readiness evaluations of information systems and applications prior to migration into production
• Conducted merger and acquisition, supply chain, and third-party vendor/service provider cybersecurity risk assessments
• Cybersecurity risk advisor to multiple business segments. Worked with business/IT stakeholders and project teams to assure alignment of business/project objectives with internal and external regulatory compliance requirements
• Partnered with cybersecurity teams across VISA to identify IT and product related vulnerabilities and threats. Identified and categorized risks, developed risk scenarios, risk responses/mitigation options, and cataloged risks
• Member of VISAs GIS (Global Information Security) Cybersecurity Risk Management Committee
• Performed 50+ PCI DSS assessments for level 1 merchants and service providers as a PCI QSA (Qualified Security Assessor). Authored merchant ROC (Report on Compliance) and AOC (Attestation of Compliance) reports
• Provided PCI DSS consulting and readiness services for all merchant levels and service providers
• Provided consulting and planning services for ISO27001 and FISMA controls implementations
• Developed enterprise, operational, and technical level client security policies and guidelines
• Performed PCI DSS security assessments for a wide range of industry sector organizations as a PCI QSA (Qualified Security Assessor)
• Conducted client ISO27001control assessments
• NIST 800-53 v2 compliance assessment support for the U.S. Dept. of Agriculture
• Managed 40 + client accounts and delivered full range of Confidential ’ Enterprise Risk Management Program services
• Performed technical security assessments of client networks (design, architecture and penetration tests)
• Performed Identity and Access Management (IAM) domain assessments (Identity data, Identity management, Access governance, and Access enforcement) for client networks, systems, applications and databases
• Performed physical data center security assessments (physical facility, environmental monitoring, surveillance, etc.)
• Developed client strategies for vulnerability mitigation
• Certified Information Systems Security Professional - CISSP
• Certified Cloud Security Professional - CCSP
• Certified Information Systems Auditor - CISA
• Certified in Risk and Information Systems Control - CRISC
• U.C. Berkeley Extension: Telecommunications Engineering
• Information Systems Audit and Control Association - ISACA
• International Information Systems Security Certification Consortium - ISC2
• International Association of Privacy Professionals - IAPP
• Open Web Application Security Project - OWASP
• Institute of Electrical and Electronics Engineers - IEEE