Summary

I am an Information Security professional with proficiency in IT for over 20 years and have concentrated on IT security, risk, and compliance for 14 years. Since 2007, I have worked as a Key Information Security, Governance, Risk, and Compliance Manager for General Dynamics Aerospace Group, consisting of Gulfstream Aerospace Corp., and Jet Aviation Corp. I held the roles of Lead Information Risk Manager, Information Security Operations Manager, IT Risk Sr. Manager, and IT Governance Sr. Manager. In addition, I am a member of the General Dynamics Cyber Security Subject Matter Expert program, providing support in regards to Cyber Security initiatives for several GD business units. I currently maintain the CISSP, CISA, and CISM Certifications. I am very familiar with such Security, Governance, Risk, and Compliance regulatory frameworks such as NIST, FISMA, COBIT, SOX, DoD, and ISO standards, and have performed compliance audits in these areas. I feel that with my background and experience. I am also currently assigned as a Cybersecurity subject matter specialist, working with the GD Internal Audit team, along with several GD DoD business units on Cybersecurity Compliance audits.

Some of my responsibilities include:

• Leading ongoing programs that facilitate information security assurance and governance across the enterprise e.g. security operations, security awareness, policy management, security incident handling, adherence to regulatory compliance, etc. .
• Ensuring the proper planning and resource prioritization needed to maximize the effectiveness of IT risk management activities.
• Supporting compliance initiatives through remediation tracking, exception processing and metrics reporting.
• Developing programs and building methodologies to ensure governance, risk and compliance management programs meet business needs and are delivered successfully.
• I am looking for a business in which not only can I can grow, but also support their goals and objectives. I believe that one of my key strengths lies in my business acumen, with demonstrated ability to learn new systems and concepts quickly. While I may not have all of the requirements as stated in the requisition, I believe that my combination of skills, knowledge, and experience, meets the expectations of the position I am applying for.

Summary

Highlights of Qualifications

• CISSP in Information Security, CISA Certified Information Systems Auditor , CISM Certified Information Security Manager
• Comprehension of IT Governance, Risk, and Compliance standards and frameworks including NIST, FISM, ISO27001, COBIT, SOX, FFEIC, PCI/DSS.
• 20 Years in an Information Technology, 14 devoted to IT Security, Governance, Risk, and Compliance Management
• Expert leadership and management skills
• Knowledge of the corporate operational environment with respect to IT and corporate governance, risk, and compliance
• Proactively identifies opportunities to improve existing information technology methodologies, processes or standards
• Builds, fosters and promotes positive relationships among key stakeholders internal and external to IT necessary for success
• Pragmatic problem-solver and accomplished change leader demonstrates a flexible approach and resilience to setbacks able to drive operating and culture change
• Promotes a culture of collaboration and teamwork across organizational boundaries willing to break down functional silos to optimize business results.
• Exceptional interpersonal and communication skills. Ability to build relationships and collaborate at all levels globally.
• Strong business acumen, with the ability to build a compelling business case for change

Professional Experience

Confidential

Senior Manager, IT Governance

• Establish the vision and strategy for the IT Governance function with senior and executive management.
• Create and manage a comprehensive IT governance mechanism to ensure senior leadership engagement on and approval of IT priorities, policies, programs and spend.
• Maintain a comprehensive listing of IT policies and author all general IT policies.
• Provide strong central oversight to deliver consistency and quality in governance work across the organization all IT functions and capabilities.
• Manage governance communication and education of the IT Community to ensure compliance and risk aware culture.
• Champion best practices in a high-volume, dynamic environment.
• Lead the innovation and continuous improvement of internal control framework.
• Assisting management to create and maintain process documentation.

Other Duties:

• Leverage expertise and experience to assist Internal Audit team in defining and fulfilling Cyber-Security audit objectives
• Gain an understanding of the security controls being tested and their importance in mitigating risk
• Participate in control owner interviews to gain an understanding of the security processes and identify potential process gaps
• Assist audit team in developing audit procedures to best test the audit area participate in audit testing as needed
• Identify specific practices and processes from business units visited that can be applied at home business unit
• Member of the Cyber Security Subject Matter Specialist program

Confidential

Senior Information Risk Manager

• Planning, developing, establishing and managing technical security projects.
• Management of the Vulnerability Assessment and Response Team consisting of internal and outsourced subject matter experts
• Management of vulnerability scanning process, including deciphering, reporting, and recommending on remediation of vulnerabilities.
• Coordinating the implementation of GD security policy.
• Ensuring compliance with IT security requirements.
• Establish and maintain a process for planning, implementing, evaluating, and documenting remedial action to address any deficiencies in the information technology security policies, procedures, and practices of the institution
• Managing disputes, requests for exceptions, and complaints regarding IT security policies, procedures, and related issues
• Provide strategic thought in the selection, implementation and maintenance of security equipment and software
• Support the Information Security Officer in the development, implementation, and refinement of the disaster recovery plan.
• Development and implementation of an ongoing IT risk management program.
• Performing, and remediation of audits and findings, based on GD Corporate policy, SOX, and other standards as required.
• Periodically assess risk and magnitude of the harm resulting from unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of the institution.
• Performing of IT security risk assessments of all third-party and outsourcing contracts.
• Management of risk assessments on systems, and coordinate remediation based on identified risks.
• Consolidate reports from routine internal security reviews on network infrastructure components to provide management a proactive assessment of the network's security state

Confidential

• Information Security Operations Manager for both EMEA and US Operations
• Planning, developing, establishing and managing technical security projects.
• Providing IT security direction and oversight for IT-related systems and projects
• Management of the Vulnerability Assessment and Response Team consisting of internal and outsourced subject matter experts
• Management of vulnerability scanning process, including deciphering, reporting, and recommending on remediation of vulnerabilities.
• Coordinating the implementation of GD security policy for JET operations.
• Ensuring compliance with IT security requirements.
• Establish and maintain a process for planning, implementing, evaluating, and documenting remedial action to address any deficiencies in the information technology security policies, procedures, and practices of the institution
• Managing disputes, requests for exceptions, and complaints regarding IT security policies, procedures, and related issues
• Development, implementation, and management of an Incident Reporting and Response System to address IT security incidents, alleged IT policy violations, or complaints.
• Management and supervision of incident handling, including performing analysis to determine the scope of the incident. Supervise and perform investigations of security incidents
• Provide strategic thought in the selection, implementation and maintenance of security equipment and software
• Support the Information Security Officer in the development, implementation, and refinement of the disaster recovery plan for JET Operations.
• Establish the development and maintenance of Disaster Recovery Planning/Business Continuity Planning DRP/BCP for IT Specific services.
• Establish and provide BCP/DRP exercise training to ensure readiness in the event of a disaster.
• Development and implementation of an ongoing IT risk management program.
• Performing, and remediation of audits and findings, based on GD Corporate policy, SOX, SAS-70, and other standards as required.
• Periodically assess risk and magnitude of the harm resulting from unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of the institution.
• Performing of IT security risk assessments of all third-party and outsourcing contracts.
• Management of risk assessments on systems, and coordinate remediation based on identified risks.
• Consolidate reports from routine internal security reviews on network infrastructure components to provide management a proactive assessment of the network's security state

Confidential

Lead Information Risk Manager

• Serves as the primary focal point to the customers on all security matters and audits.
• Coordinating the implementation of GD security policy by all Product Lines
• Defining and managing security procedures. Security processes and procedures are implemented effectively across the account
• Requesting and managing the leveraging of security services from CSC Security Line of Service as required
• Ensuring that security service delivery meets required service level agreements
• Managing security vulnerability analysis and security patching by the responsible lines of service
• Delivering security compliance reports as required.
• Planning, developing, establishing and managing technical security projects
• Developing, advocating and managing account security budgets
• Supporting account expansion initiatives by promoting CSC's security capabilities
• Ensuring that audits are successful
• Security activities are coordinated with other Product Lines
• The account and security projects are properly staffed to meet business and service delivery requirements
• Financial commitments and reporting requirements are met
• Assists in opportunity identification strategy and service offering development proposal writing and client presentations
• Disaster Recovery Planning/Business Continuity Planning DRP/BCP for IT Specific services.
• Review and provide BCP/DRP exercise training to ensure readiness in the event of a disaster.
• Work with CSC Data Center to ensure BCP/DRP activities are performed and tested.

Confidential

Sr. Information Security Advisor

• Manage audits performed on behalf of the Centers of Medicare and Medicaid Services CMS such as SAS-70, CFO/EDP as well as FISMA based audits and reviews. This includes creating, maintaining, and tracking audit findings from identification to resolution based on Federal Govt. standards and Guidelines NIST, DISA, CMS, GAO, OMB, HIPAA, etc. .
• Provide business and technical advice on a wide variety of information security issues, concerns and problems to ensure proper technical, administrative, and operational controls are implemented in order to support Medicare Contract processing. This includes both Infrastructure and Application Development.
• Prepare, update, and maintain the policies, procedures, architectures and other technical documents needed to ensure Information Security within the Medicare program.
• Provide in-depth technical advice for investigations of information security incidents including internal frauds, hacker break-ins, and system outages.
• Provides with the documentation and analysis of information security incidents.
• Participate on the computer emergency response team CERT , responding to various security incidents such as denial of service attacks, virus infestations, and internal frauds.
• Presents concerns and makes recommendations to team members.
• Participate in, and act as a technical leader in, information system risk assessments including the development of new or significantly enhanced business applications.
• Perform security reviews, risk assessments, penetration testing etc, using various tools, including open-source and commercially available tools. This includes infrastructure, network, and application reviews.
• Perform pre-deployment testing on mission-critical applications.
• Draft information security policies, architectures, standards, and/or other technical requirement documents needed to advance information security at the Company.
• Review of the security posture of the Company's Internet devices, internal devices, modems, and wireless devices to ensure that they meet the standards as defined by the DISA STIG's iase.disa.mil , NIST guidance, CMS Guidance, etc.
• Ensure compliance of software design and development standards, protocols, and methodologies as defined by commonly accepted SDLC practices and principles, C A Certification and Accreditation methodologies, DISA STIG's iase.disa.mil , NIST guidance, CMS Guidance, industry best practices, etc.
• Analysis of Vulnerability scans performed using such application as Internet Security Systems, Velosecure, AppDetective, Penetration testing, etc. Review the detailed results identified and provide guidance as to the most appropriate method to develop a course of action to correct vulnerabilities and to mitigate the associated risks in regards to the current state of the security environment within UGS.
• Research, development, and deployment of various identity access management solutions. This includes policy-based access management, RBAC Role-based access management , Smart-Card HSPD-12 initiative, single sign-on, and others.
• Disaster Recovery Planning/Business Continuity Planning DRP/BCP for IT Specific services.

Confidential

Sr. Network Security Engineer

• The primary role is that of designing, implementing, and supporting the operation of our clients Networks including Servers, Routers, Switches, Firewalls, and Intrusion Detection Prevention system etc.
• Other Roles and responsibilities include developing strategy and roadmap for supporting and deploying the above technologies and appliances into a production environment in a timely and effective manner, Monitoring firewall and intrusion detection system logs for malicious activity and attack patterns including backdoor, Trojan and Virus attacks, Developing, maintaining and promoting Information Security policies and procedures, and participating in regular network and security assessments and audits
• Perform security reviews, risk assessments, penetration testing etc, using various tools, including open-source and commercially available tools. This includes infrastructure, network, and application reviews.
• Perform pre-deployment testing on web-based applications including, but not limited to, Apache Web Server, Microsoft IIS server, etc.