SUMMARY

Skilled Cyber Security Program Manager Project Management Professional PMP certified. Possesses 17 years of practical expertise in IT delivery, information assurance, and cyber security program implementation. Manages IT programs, information systems and projects, provides information assurance, and INFOSEC program implementation. Emphasis in governance, risk, and compliance GRC solutions and cyber security standards and frameworks COBIT, ITIL, NEI, NERC/CIP, NIST/FISMA, HIPPA, SOX, PCI - DSS, ISO/IEC .

• Specializations: Cyber Security, Engagement Planning and Management, Information Technology Strategy,
• Architecture and Governance, Strategic Analysis and Planning, Leadership, Negotiation, Process
• Improvement, Compliance, Decision Analysis

WORK EXPERIENCE

INDEPENDENT and SUB-CONTRACTOR

Sr. Program Manager/ Consultant/ Business Analyst

Confidential

• Serves as a IT Project Manager providing support for Business Transformation / Organizational Change Management OCM across the enterprise, within the Technology Operations Group TOG
• Functions as the Business Liaison for LOBs within the Technology Operations Group to successfully implement the enterprise solution for Identity and Access Management IAM ensures business requirements are captured and integrated into the solution from design through engineering, testing and deployment
• Provided strategic planning contributions for phased approach to full solution deployment participates in steering committees to resolve functionality errors and deficiencies with pilot, generation releases, and service patches
• Develops strong stakeholder relationships to forge partnerships across the business units to understand changes plus impacts to the organization
• Collaborates with key stakeholders including business functions, executives, and communication colleagues as part of holistic communication and adoption process partners with department project managers to create and oversee strategy and tactical deliverables.
• Educates service liaisons on Change Management Program tenets and structured framework. Coordinates for training sessions with LOBs to enhance awareness and education for the Transformation Readiness workstreams utilizing the PROSCI model.
• Leads development of organization/function communication adoption strategy around changes to people, processes or systems by working with stakeholders or business functions to understand communications adoption needs / objectives, then develop a comprehensive strategy to meet those objectives asses People Readiness to determine when people are ready to adopt change by use of surveys, focus groups, message maps, ambassador network calls i.e. ADKAR evaluation .
• Creates Communication Org Adoption Plans based on strategy for use with internal and/or external audiences raises visibility and promotes changes in Program via partnerships with LOBs and key stakeholders.
• Partners with Learning Development Training Group to develop training plans to help employees ramp up on new systems and/or function/process tools such as presentation materials communication collateral using tools, Web platform, blogs, VODs, etc.
• Conducts impact analysis using stakeholder analysis and mechanics mapping to determine impact of change prior to rolling out change management gathers stakeholders requirements and synthesizes results to understand key program objectives identify key changes to occur
• Tracks and executes schedules, project plans, budget/resourcing plans, communication plans and Resistance Management Plans to manage communication of information using the most appropriate channels and messaging.

Confidential

Hired specifically to perform program and project management activities in support of the Information Security INFOSEC strategic vision and 'Running IT as a Business concept. Responsible for establishing guiding principles, roadmaps for the Path Forward, and strategic vision for integration across the business units. Designed work streams, RAC charts, standardized operating models, Program Charter and Communications Plans.

• Responsible for the development and delivery of programs and associated roadmap efforts for the Enterprise Access Control Governance and Information Security Governance, Risk Management and Compliance teams
• Provides tactical and strategic direction to support corporate growth and future technology advances at the enterprise level for distributed solutions ensures the availability, security, support and implementation of enterprise Information Security systems and applications
• Leads, develops, counsels and directs technical and non-technical team on job responsibilities includes oversight and development at varying leadership levels.
• Drives the implementation of programs and technologies to improve departmental governance provide consultative services to department management, IT project teams, internal and external customers to raise awareness of Information Security issues/concerns affecting the business
• Negotiates project dates and business/resource requirements with internal and external clients to ensure project timelines are met
• Manages vendor relationships to include negotiation of contract and SOW language and costs understand and communicate the relationships between various functional components of systems, applications, business units and technologies.
• Interacts with internal and external auditors to ensure that corporate security systems have appropriate levels of security controls under a prescribed framework SOX, ITIL, COBIT, PCI-DSS, NIST
• In support of priority GRC initiatives and Internal Audit Partnership Alliance, functioned as an incident response support resource offering advice and assistance to the general user community for the classification of data and handling and reporting security incidents.
• Uses research, data analysis and integration to identify, select and implement solutions that further department and corporate objectives. Includes analyzing business and technical requirements to assist in formulating implementation plans

Confidential

• Provided oversight to ensure project management resources are actively working on program/project deliverables and are operating in adherence to agreed requirements. Developed and maintained workplans and WBS to capture assigned deliverables and report on a weekly basis.
• Collaborated across the business units and agencies to ensure integration across correlated projects and strategic initiatives. Develops vision briefs, management updates, and project health reports.
• Provides consulting and program/project management services for chartered projects and integrated project management teams IPTs . Facilitated meetings, create agendas, record meeting minutes
• Monitors the completion of projects within the defined performance baselines. Maintained and monitored identified risks and takes corrective action to ensure schedule, budget, and project objectives are met.
• Prepared and presented management status reviews of activities including costs, schedules, and strategic progress.
• Responsible for WBSs and coordinating resources for identity and access management with multifactor authentication platforms 'Big ID/ Big Data' Project included Managed PKI services and CA technology implementation additional efforts included network optimization and segmentation Lancope, application security, security education and awareness, contingency planning, risk management, and security planning and implementation.
• Ensured consistency among project tracks, client standards, regulatory requirements, and company policies. Utilizes Primavera P6, Clarity with Open Workbench, Microsoft Project, and IBM Business Glossary and Analytics .

Regulatory Compliance Strategic Initiatives

Confidential

Hired specifically as a Senior Program Manager for NERC/CIP Compliance. Organization had a mandatory Reduction in Force RIF due to budget cuts and contract changes.

• Functioned as a Sr. Program Manager for Industrial Control Systems Cyber Security. Responsible for policy development and program implementation for governance, risk, and compliance GRC and related physical security of power generation facilities.
• Ensured standard process and procedures align with Federal standards for energy and utility reliability under North American Electric Reliability Corporation NERC/ Critical Infrastructure Protection CIP requirements.
• Enforced organizational policy to ensure secure, defense-in-depth, and compliant operations for fleet readiness with NERC/CIP Ver.3 5 and FISMA related standards. Provided senior level management with security briefings and updates on critical issues impacting cyber security posture, investments, and strategic initiatives
• Participated in industry committees, working groups, and standards development task forces related to cyber security at power generation facilities and assets participated in industry benchmarking, developing and executing improvement initiatives, updating, tracking, and closing Plans of Action Milestones POA Ms
• Established standards and programmatic controls for cyber security technologies involving significant costs and benefits forecasts initiatives for continuous operational protection and regulatory compliance for cyber security.
• Initiated and implemented projects based on Cyber Security Program strategies and coordinates initiatives serves as the primary Generation contact with Transmission Planning and Compliance for CIP standards
• Evaluated effectiveness for enterprise business continuity and contingency strategies to include developing incident response tests/exercises test the incident response and handling capabilities for critical digital assets such as preparation, detection and analysis, containment, eradication, and recovery.
• Tracked, documented, analyzed, and monitored information system security incidents on an ongoing basis. Reported for the executive dashboard to assess enterprise risk and security posture for the infrastructure partnered with Technology Group and network engineers to remediate/ improve anomalies and malicious behavior.

Confidential

Hired specifically as an IT Project Manager to implement cyber security policies. Left the organization due to PMO placement instead of IT Security Department. Skillset was not an ideal match for assigned tasks.

• Functioned as an IT Project Manager within the integrated Progress/ Duke Energy Program Management Office PMO lead and coordinated new projects for the Cybersecurity Operations Team and Power Delivery organizations utilized the IT Delivery Methodology ITDM and the Solution Delivery Lifecycle SDLC for all project phases.
• Developed Business Case and Class 5 estimates for budget baselined projects and established project stage gates to identify major milestones and critical path progression maintained resource forecasts and work breakdown structures developed project work plan and Statement of Work SOW .
• Developed Microsoft Project schedules complete with milestones and project stage gates conducted project stage gate review points to confirm project deliverables were accomplished on time based on the project lifecycle ensured appropriate stakeholders approved current estimates, scope, and schedule.
• Managed project scope and risk using risk registers and SWOT analyses worked with stakeholders to assess risk tolerance managed scope changes as they occurred to minimize disruption ensured changes were controlled, consistently handled, and tracked throughout the SDLC.
• Assisted Sr. Program Manager and business units with strategic planning and short-range resource forecasting for application development support team CMM/SEI, Waterfall, Agile, SCRUM tasks . Utilized knowledge of cost and performance management and resource allocation to control project work developed work breakdown structures WBS, process flows, and project charters.

Confidential

NEI Implementation AP1000 NPP Design : Hired specifically as part of the AP1000 Consortium spearheaded by Westinghouse Corporation. Multiple staffing firms transitioned resources for each phase of the AP1000 standard Nuclear Power Plant NPP design and construction. Duties included cyber security program design, requirements specifications, and security policy and operational procedure writing. Contract phases varied from 3 months to 6 months with each organization in the Consortium.

Confidential

• Functioned as the subject Matter Expert SME and senior engineer for cyber security requirements, design criteria and implementation strategies for Critical Digital Assets CDAs, Instrumentation Control I C systems, and information security strategy performed project management duties/ responsibilities
• Enforced integration of nuclear cybersecurity standards, the Code of Federal Regulations Title 10 10 CFR 73.54, and Nuclear Energy Institute NEI policy 10-09 principles into all corporate policy implementations analyzed impacts to Nuclear facilities and current upcoming regulatory compliance requirements.
• Responsible for leading application development support teams including: policy, design, build, implementation, configuration, cross-functional coordination, business continuity and disaster recovery, daily O M, auditing security assessment, IV V testing, and controls design.
• Liaised with stakeholders and senior leaders, nuclear facility managers, and System Owners to ensure Cyber Security Program objectives are being met across fleets adjusted strategy as appropriate to meet regulatory requirements set forth by the US Nuclear Regulatory Commission NRC .
• Communicated with various business contacts on new and emergent technologies coordinated with vendors, application developers, database administrators, Corporate IT, and other technology groups to establish, develop, sustain, and/or enhance the cyber security program and to meet project deliverables.
• Responsible for developing and communicating project plans, milestones, and deliverables for cyber security Vetted strategies, metrics, policies, practices and standards to ensure all critical digital assets are secured IAW compliance requirements Developed project documentation, Requirements Traceability Matrices RTM, system requirement specifications SRS and Design Change Reports ENDCR
• Provided cyber security guidance, CDA identification, evaluation, and design principle implementation for all AP1000 projects sites per fleet structure. Ensured proper integration of the Cyber Security Plan to include all security control requirements and scoping instructions.
• Refined procedures to span NIST security control families and NEI cyber security standards to achieve high assurance that digital computer and communication systems and associated networks are adequately protected against cyber attacks
• Provided guidance on detecting malware-based attacks through malicious code protection software i.e. fuzzers, IPS/ IDS and network monitoring software

Confidential

Hired specifically as a permanent employee contracted out to the Department of Labor DOL for a cloud computing initiative and FISMA Compliance Program. Upon relocation to Dallas, TX, a Senior PM role was not available within the Accenture Midwest Division.

• Worked collaboratively with key senior/executive stakeholders to ensure understanding and commitment to program objectives and development and refinement of deliverables. Ensured the program adheres to all standards including IS Project Delivery Methodology IS PDM, quality, and compliance, as well as processes, defined technical capabilities and best practices.
• Responsible for planning, executing, and finalizing projects comprising Federal information security programs responsible for daily operations and IT delivery oversight
• Responsible for the FISMA Compliance Implementation Plan to ensure security controls were properly assessed and implemented. Developed security artifacts ranging from system security plans SSP, risk assessments, security testing evaluation STE plans, vulnerability assessment reports VAR, contingency plans with testing scenarios, and operational support guides for business continuity.
• Responsible for oversight and development of work statements, scope/priority definitions and the creation of budgets and schedules for large complex programs. Developed documents with appropriate standards and client requirements and needs.
• Maintained grade and quality of program deliverables within defined and agreed upon program requirements. Identified and resolved matters of significance impacting the productivity of several large, complex programs. Responsible for oversight of change implementations and adjustments as appropriate.

Confidential

Hired specifically for Base Realignment and Closure BRAC coordination and relocation efforts. The organization was relocated from Falls Church to Fort Meade ahead of schedule just under 2 months, and funding was not extended as the project was completed ahead of schedule.

• Executed project milestones developed training plans updated project documents provided daily, weekly, monthly project status reports updated Functional Area Portfolio identified PMO team meeting presentation topics in support of Business Process Reengineering/ Improvement
• Defined requirements for successful operation of the Enterprise Connection Division Information Assurance Branch within DISA program level support activities include consistent recommendations in support of mission and strategic goals, performance tracking reporting, project management, and developing Quality of Service initiatives.
• Ran multiple projects for all functional areas within the branch to include Cross Domain Solutions, special projects, tactical or strategic NIPR/ SIPR Defense Information System Network DISN connections to the Global Information Grid GIG, and Quality Assurance/ Control of information security artifacts and request packets within the Connection Approval Office CAO .
• Worked with senior leadership for process improvement and to define better operational policies and procedures planned short-term and long-term strategies that addressed potential risk for the IA Branch and overall DISA mission.
• Served as the Senior Team Lead for sub-contractors within the IA Branch provided senior management routine status reports on resources, performance, and events with contractual implications established working groups to collaboratively address challenges impacting task orders, contractor performance, or Statement of Work SOW requirements.

Confidential

Hired specifically as a cybersecurity compliance analyst and internal auditor performing additional project management duties. Left the organization to return to the Department of Defense DoD opportunities that sustained an active security clearance.

• Developed Certification and Accreditation C A artifacts and system security documentation for FISMA compliance requirements using the NIST SP-800 series. Provided project status reports for detailed and thorough visibility of contract performance. Developed security products for the Department of Energy DOE under NIST standards, the Code of Federal Regulations Title 10 10 CFR 73.54, and Department of the Navy DON cyber security guidance.
• Interfaced with senior client management and business users to map out and document business and/or IT requirements documented baseline business processes, systems, information, and technologies. Identified opportunities for organizational improvement and communicated strategies to achieve desired results.
• Validated information system boundaries in support of the C A process creates system architecture diagrams worked with information system managers to verify operating environment, system interconnections, and user and system level boundary protections.
• Evaluated security controls for the Computer Security Incident response Team CSIRT providing policies, procedures, training, and testing exercises in conjunction with Contingency Plan Testing and/or Continuity of Operations Planning COOP .
• Assessed information security requirements for NRC Safeguards Information SGI Sensitive Unclassified Non-Safeguards Information SUNSI, and Restricted Data RD as typed for the Office of Nuclear Security and Incident Response NSIR Responsible for NSIR modifications to Human Resource Management System decommissioning legacy due for modernizations

Confidential

Hired specifically as a Team Lead to spearhead the NRC Cyber Security and Governance Risk, and Compliance GRC Team of up to 25 personnel. Left the organization after obtaining the Project Management Certification PMP due to lack of role availability for additional Project Managers on the contract.

• Lead project teams in application customizations and decommissioning of legacy applications. Responsible for inception to completion of specialized applications leading application development support teams to project completions with emphasis on IT delivery and app modifications i.e. PeopleSoft implementation, Electronic Information Exchange, License Tracking System, and BPIAD customizations/ modernizations
• Developed C A deliverables in accordance with FIPS and FISMA compliance requirements under the NIST frameworks. Developed project status reports for detailed and thorough visibility of contract performance and Quality Assurance. Created security products for the US Nuclear Regulatory Commission under NIST standards, the Code of Federal Regulations Title 10 10 CFR 73.54 .
• Interfaced directly with all levels of management e.g. Directors, System Owners, administrative personnel, and Information System Security Officers throughout all phases of C A prepared Memoranda of Agreement and Interconnection Security Agreements for interconnecting general support systems
• Performed security testing and evaluation ST E as lead certification agent developed contingency plans and conducted contingency testing liaised with customer organizations during the Capital Planning and Investment Control CPIC process and assisted in mission/ business planning.
• Provided assessments of security controls and documents implementation status and security posture documented system security plans, risk assessments and Plans of Action and Milestones POA M for continuous monitoring activities worked with system administrators to develop disaster recovery procedures and operational support guides.

Confidential

Hired specifically to produce NIST Certification and Accreditation C A artifacts for Federal organizations in support of FISMA Compliance efforts. Left the organization for a leadership role with more repsonsibility.

• Created security Certification and Accreditation products under NIST standards i.e. System Security and Contingency Plans Risk Assessment Reports and contract deliverables based on fixed price terms and/or other forms of contractual agreements developed critical system documentation to support the Certification and Accreditation process using NIST, FIPS, and FISMA standards and guidance.
• Provided assessments of security control implementation and recommended methodologies to improve system security posture s and related information security practices and procedures incorporated guidance for continued organizational information assurance and control measures for effective data management
• Evaluated existing information security controls and standard operating procedures as applicable to the information system categorization based on FIPS and Privacy Impact Assessment PIA .
• Developed Security Testing and Evaluation Plans ST E according to the system categorization, operating environment, and information system functionality and capabilities.
• Coordinated with vendors as for Contingency Plan development and Service Level Agreements SLA outlined damage assessment, recovery roles, and system reconstitution procedures.
• Evaluated disaster recovery procedures for business continuity services warm, hot, and mirrored site support and implemented enterprise-wide system security policies for contingency operations developed Business Impact Analyses for System Owners and customer organizations.
• Conducted Independent Verification Validation IV V assessments, Annual Security Control Testing Annual Self- Assessments, and internal audits.
• Assisted with corporate Proposal Development providing content for IT Support Services and Program Delivery drafted Quality Assurance Plan and Compliance Monitoring Strategy for Veteran's Administration VA Security Control Assessment project.

MILITARY SERVICE

Confidential

• Functioned as ISSO/ CISO developing and implementing security policies to maintain regulatory compliance under DOD and Federal guidance.
• Functioned as a Contracting Officer Technical Representative COTR and CIO for contracted LAN/WAN services appraised work performed and evaluated technical support services for IT acquisitions. Managed delivery of enterprise-wide Operations and Maintenance O M services.
• Provided decision-support advisement assisting senior management to ensure that IT investments were well thought out, cost effective, and strategically aligned with overall organizational missions
• Performed system administration and DITSCAP/ DIACAP Accreditation SSAA and Risk Mitigation development as an information management / information assurance officer incorporating new Enterprise Technologies into unit LAN/WAN infrastructure facilitated Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance C4ISR initiatives for brigade level operations.
• Provided expertise and technical skills covering the entire Federal CIO agenda for Governance, Enterprise Architecture EA, Information Assurance IA, Emerging Technologies, and IT Process Improvement
• Responsible for advanced IT acquisitions and IT Life Cycle Management for unit command appraised all communications related equipment prepared staff studies and security impact analysis reports.

Confidential

• Provided ad-hoc network automation support for cable infrastructure and desktop solution upgrades provided technical support for operating system installations, Help Desk Services and hardware repair.
• Supervised and directed junior Help-Desk Support personnel. Created routine and preventive maintenance and operations support plans for Cameron University Computer Operations Center and Digital Library systems, proven to be most instrumental to maximizing productivity and efficiency.
• Optimized security and integrity of operations by strategically establishing and proactively executing disaster recovery and business continuity operations for the University Computer Programming Lab developed procedures to track and resolve computer security issues and incorporate visible trends into ADP Support Plans.
• Provided technical support for computer aided-design, drafting laboratory and computer systems. Performed configuration management of audio visual equipment in multimedia environments
• Collaborated closely with the Industrial Safety Officer to enforce workplace safety measures in networking environments. Spearheaded the mass cleanup of University Electronics Lab leading to establishment of a hardcopy data archiving system.

DISTINGUISHED SKILLS

• Program Management
• Project Management/ Strategic Planning
• Cyber Security Evaluation Assessment
• Certification Accreditation/ system Authorization various frameworks
• Security Program Implementation /Security Control Assessment Risk Analysis
• Information Assurance
• Operations Management
• Leadership/ Personnel Management/
• Written Oral Communication
• System threat identification System Security Plan Development