SUMMARY:

• Advanced understanding of regulatory compliance such as GBLA, PCI - DSS, SOX, and HIPAA
• Advanced understanding of best practices such as ISO 27000 series, Cloud Security Alliance, OWASP, DIACAP, HITRUST
• Proven hands-on experience implementing HITRUST, ISO/IEC 27000 series, FIPS 140-2, NIST 800 series/Risk Management Framework, FBI Criminal Justice Information Security, FFIEC IT Security Controls, COBIT4/5, IRS 1075 FTI Safeguards, and HIPAA/CMS Frameworks
• Proven experience with data privacy principles
• Certified Information Security Systems Professional (CISSP)
• Systems Security Certified Practitioner (SSCP)
• Healthcare Information Security and Privacy Practitioner (HCISPP)
• COBIT 5 Foundation and Implementation Certifications
• Cybersecurity subject matter expert volunteer for ISC(2) to revise SSCP exam, September 2017
• Certified Information Security Manager (CISM)
• Certified Authorization Professional (CAP) candidate
• Experienced implementing Information Classification and Data Loss Prevention program
• Experienced implementing Insider Threat program
• Created architecture strategy, directed, monitored, and assessed information security management program (ISMP)
• Experienced in auditing information systems
• Experienced in certification and accreditation of information systems
• Experienced developing information security policies, standards, and controls
• Proficient in developing metrics and key risk/performance indicators for the ISMP
• Proficient in information security risk and privacy impact assessments
• Experienced in vendor risk management assessments and program implementation
• Expert in secure systems development lifecycle
• Proficient risk assessor of technology infrastructure, operating systems and applications
• Internal controls assessment (Identity and Access Management, IT Service Management, Network, Application, Server, Database, Policy Compliance Testing, Physical Security)
• Trained in Information Technology Infrastructure Library (ITIL) best practices

TECHNICAL SKILLS:

• Experienced with implementing, monitoring, and managing Governance, Risk and Compliance (GRC) Tools
• Security event logging and monitoring
• Symantec Control Compliance Suite
• Symantec Data Loss Prevention
• Archer GRC
• OpenPages GRC
• Qualys (security event management)
• QualysGuard (application,network vulnerability scanning)
• Solarwinds (network/server)
• Vulnerability assessments
• Active Directory management
• Identity and access management (IAM)
• Privileged access management (PAM)
• Secure application development
• Network and perimeter security
• Database and server security configuration
• Cloud security configuration
• SharePoint sites and custom workflows, administration in SharePoint 2003-2010, 2013, 365
• Microsoft Office: Word/PowerPoint/Excel/Access/Project/Visio 2003-2016 (expert level)

PROFESSIONAL EXPERIENCE:

Confidential

Management Consultant

Responsibilities:

• Provided HIPAA regulatory guidance to the county of Oakland
• Led NIST 800-53A risk assessment project to assess compliance with HIPAA Security Rule
• Provided input and drafted security requirements in countywide HIPAA Policy and Procedures
• Established countywide HIPAA Compliance Committee and ongoing compliance activities
• Developed audit schedule, risk acceptance and corrective action plan templates
• Developed and implemented countywide HIPAA Compliance Program
• Developed and implemented HIPAA IT Compliance Program and related handbook
• Provided HIPAA Privacy and Security Officer training to compliance officers
• Provided regulatory guidance on IRS 1075 FTI audit requirements
• Provided input on cloud security requirements
• Issued and monitored plan of action and milestones (POA&M)
• Implemented vendor risk management program, internal audit, and privacy impact assessments in the system development lifecycle

Confidential,

Business Unit Risk Analyst II, Assistant Vice President

Responsibilities:

• Implemented COBIT 5 and FFIEC controls frameworksPerformed pre-implementation technology maturity testing and assessments
• Developed, reviewed, and revised information security policies, standards, and controls
• Developed and implemented assurance monitoring department to perform compliance auditing of systems as first layer of defense (Operations, Risk, Internal Audit)
• Performed system process capability and maturity assessments against controls framework
• Performed organizational technology maturity risk assessments
• Developed form and custom in SharePoint to capture and address self-identified audit issues (SAIs)Developed custom notification and approval workflowsDeveloped custom reporting using SharePoint Reporting Services

Confidential,

Information Security Governance Lead

Responsibilities:

• Led project to implement HITRUST in the information technology environment
• Developed, reviewed, and revised information security policies, standards, and controls
• Conducted risk assessments on third parties for vendor risk management program
• Security event monitoring and incident response/investigations
• Responded to information security control questionnaires/assessments from external stakeholders (group customers/regulatory agencies)
• Advised internal stakeholders on policies and standards compliance
• Assessed policy, standards, and controls effectiveness
• Evaluated technical, physical, and administrative controls against information security frameworks/legislation/industry best practices
• Assisted in developing information security metrics program
• Assisted in conducting Information Security training and awareness events and related reporting
• Information security governance administration

Confidential

Audit, Risk, and Compliance Lead

Responsibilities:

• Led organizational campaigns for Data Loss Prevention, Identity and Access Management, and Compliance Risk Assessments
• Used Clarity PPM to manage audit and RCSA projects
• Managed policy compliance and risk control self-assessments (RCSA) using OpenPages
• Directed work on information technology audits and security assessments of areas such as operating systems, infrastructure and applications
• Responsible for reviewing and approving information security policies and standards
• Responsible for approving security exceptions and risk acceptances, ensuring compensating controls are metResponsible for assessing regulatory compliance, security, and privacy (PCI-DSS, SOX, HIPAA, GBLA) on new IT projectsEnsuring compliance with corporate policy, financial and internal controls
• Participated in Internal, SOX, and other regulatory audits and created/supported management responsesMonitored remediation of audit comments progress to closure of issues within technology infrastructure (TI)Subject matter expert in data protection, company records management, and audit compliance
• Responsible for executive KRI/KPI reporting of audit and compliance efforts
• Maintained Business Continuity/Disaster Recovery Plans in SunGard for the TI Business OfficeResponsible for plan testing and training
• Data Privacy Officer, ensuring company data is (according to HIPAA, PCI Compliance, GBLA) protected by analyzing security events in the Symantec Data Loss Prevention toolPerformed incident response and forensics analysisConducted privacy and security impact assessments during projects

Confidential

Reporting Analyst Consultant

Responsibilities:

• Created reports and dashboards for International Logistics using Excel and Access for executive management
• Used advanced Excel and Access functions to populate data within the forms
• Created Access databases Data mined other databases to gather data Used reports created from SQL queries within SAP Materials Management Module Analyzed and tracked customer service, parts fulfillment, and inventory levels for Europe, Middle East, Africa, and Latin America Ran Access and Excel Macros to update daily, weekly, monthly dashboards
• Managed data audit logs Provided weekly status on project tasks/deliverables

Confidential

Compliance Analyst

Responsibilities:

• Coordinated on six-week project to conduct an audit, risk and security assessment on existing banking applications with technologies noncompliant with the company’s technology lifecycle management, regulatory compliance, and information security policies Created exception request forms for risks outside of feasibility to remediate Ensured compensating controls were met
• Tracked and reported status of project to Executive Management
• Scheduled and facilitated working sessions to complete analysis of applications
• Used advanced Excel functions to populate data within the form Data mined other databases to gather dataAnalyzed system diagrams to identify system interdependencies Analyzed system integration documents to produce financial reports for executive management Used ChangePoint to pull support hour information for use in building business cases for exception forms
• Managed data audit logs Managed data privacy through GRC tool Provided weekly status on project tasks/deliverables Created system architecture roadmaps for business banking, corporate, and service banking applications Ensured documents were complete, current and stored appropriately in Domino Lotus Notes Database Used Lotus Notes to schedule meetings, manage the database, and for project communication Provided thought leadership to identify and correct issues

Confidential

Implementation Consultant

Responsibilities:

• Project Manager on MSP implementation project for Caterpillar Third Party Labor Program into the VMS tool IQ Navigator Implemented three full iterations/cycles Responsible for regulatory privacy compliance
• Responsible for vendor risk management for compliance and enrollment in the program
• Created test plans and scripts
• Conducted pre-implementation and post implementation software testing
• Used SharePoint for documentation and version control
• Responsible for reporting in IQNavigator tool and Excel
• Responsible for conducting classroom and individual training to suppliers, employees, and other users of the tool
• Created documentation
• Responsible for training and knowledge transfer

Confidential

Program Coordinator Consultant (Remote)

Responsibilities:

• Program Coordinator on network hardware refresh project for Siemens using ITIL standards, hired for definite length to absorb project duties of Senior Project Managers
• Scheduled, assigned, and tracked resources
• Managed a staff of thirty-forty network administrators
• Managed ten-million-dollar hardware budget
• Created and managed change controls for standard hardware changes in HP Project and Portfolio Management
• Used SAP PPM Module for project scheduling and financial reporting
• Responsible for risk assessments and regulatory self-assessments
• Using Microsoft Excel 2007 to create reports Data mining various databases/spreadsheets to extract information for weekly status reports Used VBA to create macros
• Gathered, documented, and translated user requirements
• Responsible for database regression and user acceptance testing post upgrade
• Used SharePoint for document management Created Access database on team site
• Created and maintained action logs and status reports
• Updated documentation
• Updated and maintained project communication

Confidential

Identity and Access Management Compliance Analyst

Responsibilities:

• Responsible for ensuring compliance with the role-based access controls within the bank
• Conducted reviews of user access to ensure access to systems were appropriate role
• Updated access in Active Directory
• Executed daily macros to ensure data access controls were current, researching and resolving variances
• Performing daily variance reviews, importing data from and to Excel/Access 2010
• Updated and enhanced user access templates and user lists in Excel
• Used SQL to create user access and identity management queries in Symantec Control Compliance Suite
• Created and updated process documentation

Confidential,

Business Systems Analyst Consultant

Responsibilities:

• Worked as business analyst on project with Ford to upgrade and manage database tool in Global Securitization
• Responsible for role-based access control administration, ensuring compliance with IT Security Controls and regulatory compliance
• Performed risk and security assessments on in-house developed tools for compliance to policy and regulations
• Performed security controls testing throughout the phase of the lifecycle to ensure hardening of system controls
• Designed SharePoint workflows using SharePoint Designer
• Modified custom SharePoint web parts and page design
• Responsible for business continuity and disaster recovery planning and testing
• Responsible for creating/modifying test plans
• Coordinated regression and user acceptance testing

Confidential,

Project Manager

Responsibilities:

• Developed project plan using MS Project- managing resources, deliverables, scope, time, and cost
• Managed resource budget of five million dollars
• Responsible for resource management
• Created SharePoint site for documentation
• Responsible for access control procedures and user access reviews
• Responsible for controls compliance and risk management
• Responsible for procurement assessments and vendor risk management
• Responsible for change management
• Responsible for stakeholder management
• Responsible for training and development of new team members
• Utilized VB script to modify records and run reports in Access 2003 database
• Managed communication and requested changes

Confidential

Project Manager

Responsibilities:

• Developed project plan using MS Project- managing resources, deliverables, scope, time, and cost
• Managed resource budget of two million dollars
• Responsible for vendor risk assessments and service level management
• Created reports using MS Excel, MS Access and Crystal Reports for management
• Scheduled and participated in sessions to create work instructions
• Created process flows and organizational charts using MS Visio
• Reengineered raw data into financial reports using Excel according to HP Project Management Office standards
• Developed work instructions for project requirements
• Tracked and reported request status to PMO office
• Introduced SharePoint site to hold project documents
• Created SharePoint site for documentation
• Responsible for access control in SharePoint
• Responsible for controls compliance and risk management
• Responsible for change management
• Submitted change requests on behalf of business customers
• Created Access 2003-2007 database for asset management
• Responsible for training and development of new team members
• Utilized VB script to modify records and run reports in Access 2003 database
• Managed communication and requested changes
• Designed and implemented database for asset, human resource, and time management using MS Access 2007
• Initiated requests using HP Open View Service Desk