Information Security Program Manager Resume
5.00/5 (Submit Your Rating)
SUMMARY
- An Information Security Professional with diverse experience and skills in assessing information security environments, leading teams, delivering technical and strategic Security Governance, Risk, and Compliance expertise to both public and private sector organizations like Cisco, DoD, FBI, Honeywell, Lockheed Martin, and NASA.
- Cloud Security: Federal Risk Assessment and Management Program (FedRAMP) independent assessor of cloud service providers for obtaining the Authorization to Operate credentials
- Compliance: Lead the development of compliance strategies, preparation and assessment for: FISMA, FedRAMP, and NIST Risk Management Framework based programs. Familiar with other industry security frameworks such as SOC 2, PCI DSS and HITRUST
- Governance: Implement and manage information security governance programs, strategies, and security frameworks based on known industry standards like the ISO 27001. Develop security control cross mapping between multiple security frameworks to simplify framework integration
- Program Management: Information Security Program Management; Lead teams ranging from 5 to 50 members
- Security Risk Management: Maintain organization - wide security risk management program and framework (i.e. ISO 27000 and NIST), identify and assess emerging security risks. Create risk mitigation strategies, solution and coordinate with cross-functional groups
- Security Policies & Standards: Develop, manage, oversee the approval, and dissemination of information security policies, standards, practices, and training
PROFESSIONAL EXPERIENCE
Confidential
Information Security Program Manager
Responsibilities:
- Authored security control narratives in support of ISO 27001 and SOC 2 Framework based audits
- Established and maintained security control mappings between applicable security frameworks
- Consulted functional departments and leadership on policies and standards for FedRAMP, ISO 27001, and SOC 2 framework implementation
- Facilitated external audits with auditors and stakeholders for ISO 27001, SOC2, and third party
- Provided responses to Request for Information (RFI) from customers
- Supported FedRAMP programs for ATO continuous monitoring requirements
- Contributed in the development of new acquisition integration processes related to compliance and governance
Confidential
NASA Information Security Consultant
Responsibilities:
- Developed and lead a NIST focused security compliance project to allow the integration of six FAA Designated Unmanned Aircraft System (UAS) Test Sites systems into the NASA Live, Virtual, Constructive-Distributed Environment
- Lead the successfully NIST Risk Management Framework (RMF) (NIST 800-37) based security assessments for a space operations data center in support of research spacecrafts and systems utilized to conduct aeronautics research and development
- Maintained Change Management Plans, Incident Response Plans, Business Contingency Plans, and other required programs in support of FISMA and operational requirements
- Lead annual testing of Business Contingency Plans for numerous systems to ensure recovery and restore capabilities
- Authored and facilitated system interconnection agreements between government and external organizations
Confidential
Information System Security Officer
Responsibilities:
- Enhanced the site-specific information security program to ensure proper compliance with agency policies, Confidential standards, and industry best practices
- Lead the first successful site C&A project of various non-enterprise information systems to ensure compliance with FISMA requirements and NIST Standards
- Supported the successful physical security certifications of all SCIFs assigned to the field office
- Prepared and supported the field office for successful internal information security audits
- Provided information security related consultation to enhance investigations and operational activities
- Created and presented briefings to Special Agents and analysts addressing security awareness on multiple disciplines to include information security, physical, personnel, and operational security
Confidential, Sunnyvale, CA
Information System Analyst Associate Manager
Responsibilities:
- Lead the mitigation efforts which prevented the loss of the ATO credentials and potential termination of network connectivity to the Confidential’s Confidential for two sensitive/classified information systems
- Managed Confidential program for all systems on-site subject to Confidential Information Assurance Certification and Accreditation Process (DIACAP) compliance
- Provided support on multiple information system integration and change management activities to ensure continued compliance with DIACAP compliance, established organizational policies/standards, and NIST standards
Privacy Policy
Resume Categories
- .NET Developers/Architects Resumes
- Java Developers/Architects Resumes
- Informatica Developers/Architects Resumes
- Business Analyst (BA) Resumes
- Quality Assurance (QA) Resumes
- Network and Systems Administrators Resumes
- Help Desk and Support specialists Resumes
- Oracle Developers Resumes
- SAP Resumes
- Web Developer Resumes
- Datawarehousing, ETL, Informatica Resumes
- Business Intelligence, Business Object Resumes
- MainFrame Resumes
- Network Admin Resumes
- Oracle Resumes
- ORACLE DBA Resumes
- Other Resumes
- Peoplesoft Resumes
- Project Manager Resumes
- Quality Assurance Resumes
- Recruiter Resumes
- SAS Resumes
- Sharepoint Resumes
- SQL Developers Resumes
- Technical Writers Resumes
- WebSphere Resumes
- Hot Resumes
