Expert Details
Cybersecurity; Governance, Risk and Compliance
ID: 739098
Oregon, USA
Currently, work for a Fortune 500 Energy Company. Largest U.S. customer base of any utility; 36 million customers worldwide.
- Implemented numerous cyber compliance programs:
- SOX, NERC CIP, TSA, FTC RedFlags, GLBA,
- Governance, Risk Mgmt and Compliance (GRC)
- NIST CSF Cybersecurity Framework, SP 800-53, SP 800-171, ISO 27001, RiskIT, SANS20, SOC 2, type II, and many others.
- Vendor/ Supplier/ Third Party Risk Management, Application Development, Network Engineering, Information Security, Project Management, Audit, Compliance, Policy and Risk Management, IT Risk Management, Cybersecurity, IT Audit, IT Governance and IT Compliance related projects, technologies and methodologies.
AREAS OF EXPERTISE
Vendor and Third-Party Risk Management • Program Management • Process Development & Testing • Information Security • Cyber Security • IT Governance • Regulatory Compliance – SOX, PCI, GLBA, NERC CIP, Privacy, FACTA • IT Audit • Information Risk Management • IT Controls • Team Leadership • Relationship Management
Education
| Year | Degree | Subject | Institution |
|---|---|---|---|
| Year: 1991 | Degree: BS | Subject: Business Mgmt | Institution: Canisius College |
Work History
| Years | Employer | Title | Department |
|---|---|---|---|
| Years: 2009 to Present | Employer: Undisclosed | Title: Cybersecurity Principal- Governance, Risk and Compliance | Department: |
Responsibilities:Exemplary record working within various areas of IT’s Cyber Security Division. Charged with building and maintaining the Assurance, Compliance, Governance, Risk and Security programs at Employer.• Oversaw daily operations and project initiatives in compliance program testing, information security and data collection. • Developed Enterprise Information Technology Risk Management Program. • Developed strategies, policies and standards to support the enterprise information security program and ensure alignment with governance models. • Managed testing efforts for compliance with internal standards, Sarbanes Oxley (SOX) compliance and regulatory requirements. • Assisted in identifying security risks enterprise-wide and directed on-going remediation efforts. • Maintained secure handling of enterprise data and information, reporting status regularly to senior management. • Primary liaison with internal and external auditors and Federal regulators on IT security and compliance. • Supervised 3-4 personnel, providing mentoring and on-going skill development. • Developed management reporting metrics on program performance. • Project Manager for 2008 NERC CIP implementation |
|||
| Years | Employer | Title | Department |
| Years: 2007 to 2008 | Employer: Kintera, Inc. | Title: Lead Auditor/IT Security and Controls Specialist | Department: |
Responsibilities:• Assist in the planning and execution of information technology (IT) internal control and SOX 404 audits.• Lead the IT SOX 404 effort by managing in-house resources and outsourced internal auditors, performing compliance work, coordinating internal SOX efforts and coordinating external auditor procedures. • Gather, analyze and document complex information systems in accordance with best practice, SAS 70, PCI and Audit Standard 5. • Analyze and evaluate evidentiary data as a basis for an informed, objective opinion on the adequacy and effectiveness of the control being audited, compliance with policies and/or procedures and the efficiency of the performance of information system practices. • Identify appropriate solutions to incorporate process improvements and formulate sound reasonable recommendations for management's corrective action, using appropriate criteria, best practices and cost-benefit considerations. • Prepare formal written reports, expressing opinions on the adequacy and effectiveness of the system and efficiency with which activities are carried out. • Act as a liaison between internal/external audit staff, IT, Business and Senior Management. |
|||
| Years | Employer | Title | Department |
| Years: 2002 to 2007 | Employer: Accredited Home Lenders | Title: Manager, Information Systems Security | Department: |
Responsibilities:• Constructed the “AHL Information Security Program” including the creation and implementation of all security related policies, standards, procedures and guidelines. Ensured compliance with Program.• Performed complex audits of Accredited's new and current information systems evaluating operating practices to determine if controls and security measures were adequate. • Established objectives and procedures for audit review of computer systems. Developed programs to obtain required data. Presented written findings and recommendations to IT and Audit Management. Assisted with remediation and best practice recommendations on audit findings. • Managed numerous security related projects and initiatives. Ensured integration/involvement of proper Information Security risk assessment activity and control measures in other non-security projects. • Managed External and Internal Audits of IT Division. Skilled in ITIL and CoBIT. • Assisted on SDLC framework creation. Ensured integration of change control and security in SDLC. • Prepared/ planned/ tested Disaster Recovery and Incident Response plans for business systems. • Conducted risk analysis on systems to identify and prioritize risks. Initiated consensus driven agreement on proper acceptance, rejection and mitigation of identified risks. • Worked as a liaison with Facilities, HR, Legal and other business units to ensure the appropriate physical and administrative controls were in place in support of the Information Security Program. • Reviewed, tested and adjusted all technical, administrative and physical controls to ensure compliance with SEC, GLB and Sarbanes-Oxley as well as local, state and federal regulations. |
|||
| Years | Employer | Title | Department |
| Years: 1998 to 2002 | Employer: American Express | Title: Senior Security Technician | Department: Worldwide Security Division |
Responsibilities:• Assisted and trained WorldWide Security Fraud Investigators on technical issues during investigations. For example the backtracking of IP addresses, Usenet/Internet research, computer forensics, etc.• Conducted computer forensic examinations on PC’s, media and PDA’s utilizing Encase software and state of the art equipment. Assisted with search/seizure issues in regards to technical equipment. • Utilized specialized “Xtec” equipment to conduct technical forensic examinations on confiscated magstripe readers (skimmers). • Maintained enterprise-wide networking installations and access controls of Windows NT-based network infrastructure consisting of over 300 nodes, 15 servers and 11 remote branches. • Worked with Security Investigators and local law enforcement on a large counterfeit credit card scheme. • Contact for physical security issues and projects related to security technologies and methodologies. • Defined and implemented network stability, security and disaster recovery policies and procedures. • Helped design and implemented a SQL database housing confidential fraud investigations data. • Interacted with American Express Technologies divisions as well as outside vendors, suppliers on technical and security related issues and projects. |
|||
| Years | Employer | Title | Department |
| Years: 1998 to 1999 | Employer: Ciber Informatin Services | Title: Network Engineer/ Consultant | Department: |
Responsibilities:Network Engineer• Served as a senior-level networking consultant in the Phoenix area. • Implemented flexible report writing functionality to a customer database. Consulting Services Manager • Coordinated various consulting management duties with over 25 consultants in the field. • Conducted technical phone interviews with prospective candidates. |
|||
| Years | Employer | Title | Department |
| Years: 1996 to 1998 | Employer: State Savings Bank | Title: Senior Systems Administrator / Analyst | Department: |
Responsibilities:• Completed all facets of various bank division’s technical projects including requirement/functional definitions, business plans, data flow, entity relations, code specifications, test plans, installation/configuration, user training and project documentation.• Administered the 41-LAN infrastructure containing NetWare, Windows NT, and UNIX servers. |
|||
| Years | Employer | Title | Department |
| Years: 1993 to 1996 | Employer: Huntington National Bank | Title: Systems Administrator / Business Systems Analyst II | Department: |
Responsibilities: |
|||
| Years | Employer | Title | Department |
| Years: 1991 to 1993 | Employer: Huntington Mortgage Company | Title: Management Trainee | Department: |
Responsibilities: |
|||
Career Accomplishments
| Licenses / Certifications |
|---|
| CISSP, CISA |