SUMMARY

• An experienced IT Security leader with 20 years of IT Security Implementation and Delivery, Cyber Security, Risk and Audit, IdAM, Governance and Strategy experience in driving business value, and mitigating risks across large and complex environments.
• A result driven Information Security professional with a demonstrated ability to lead cross - functional technical and non-technical groups.
• Extensive hands on and management experience in Data Security, IdAM, PIM/PAM, Mainframe ZOS/MVS audit, Cyber Security, Corporate Security, Enterprise Risk Management.
• Accustomed to working against stringent deadlines and proven ability to deploy complex IT security solutions.
• Good experience in working with audit and risk Industry Standard. Familiarity with security industry standards

PROFESSIONAL EXPERIENCE

Confidential

Information Security - Internal Audit

Responsibilities:

• Drive the selection, implementation, and operation of security controls necessary to achieve confidentiality, integrity, and availability goals all layers of the technology stack, to include specific experience securing systems built on AWS.
• Manage and drive implementation of security controls and resolution of security defects in an agile, DevOps environment across multiple independent project development and operations teams.
• Ensure compliance with applicable security laws, rules, regulations, contract provisions, policies, standards, procedures, and guidelines, including NIST SP800. Ensuring that security controls are implemented and operated consistent with these compliance objectives.
• Monitor security controls in a continuous manner across all system layers and effectively addressing alerts and discrepancies. Define indicators of compromise and respond to potential and confirm security incidents. Ensure that security controls and processes operate as intended and in compliance with established policies and standards, as well as identifying and responding to security anomalies including misuse or abuse of access to sensitive data.
• Identify, track, and manage security risks at all system, and driving timely resolution, in accordance with established agency risk management policy.
• Evaluate, recommend and monitor third parties to ensure security risks arising from third party dependencies are well managed.
• Monitor the evolution of industry best practices related to cyber and information security and making compelling recommendations for security enhancements.
• Oversees the operational and administrative functions of IT policy development, agency engagement and governance, IT modernization and digital service delivery
• Advises on the formulation of state/federal IT policy and applications of such policy and on the clearance of legislative proposals and the development of executive orders, and provide input into the development of the annual President's Budget Request so that it reflects Federal CIO and Administration priorities across federal departments and agencies, and ensure coordination and integration with the overall federal IT budget process
• Works closely with the Chief Information Officer (CIO), Chief Digital Officer (CDO), Chief Audit Executive (CAE) and internal stakeholders, to coordinate the smooth flow of work activities including legislative response and outreach, budget and policy development and implementation
• Assists with oversight of relevant agency IT practices, and implementation across federal information technology systems in accordance with the direction provided by the Chief Information Officer (CIO) and in coordination with internal stakeholders
• Assists the Chief Audit Executive (CAE) as the Federal Government's lead IT policy strategist in the ongoing assessment of operational risks to the agency commercial and federal IT environment
• Ensures effective coordination and alignment among agency CIOs through the exercise of effective governance
• Design, implement and maintain effective IT performance measures for the Federal Government, and ensure that agency reviews are conducted in accordance with established policies, standards, and regulations.

Confidential

Information Security SME- IT Audit

Responsibilities:

• Perform and manage IT general controls testing with respect to security (RACF, MVS, application, network, database)Manage and provide leadership, supervision and guidance to the engagement team and integrate IT audit objectives and work
• Ensures effective coordination and alignment among agency SVPs through the exercise of effective governance
• Design, implement and maintain effective IT performance measures for the Federal Government, and ensure that agency reviews are conducted in accordance with established policies, standards, and regulations.
• Serve as the acting Director of IT Audit when required due to a vacancy in the position; supervising resources to accomplish assigned duties.
• Manage multiple IT auditees and projects utilizing knowledge of internal control, risk management, IT and business processes
• Manage results of the audits and advise Senior Management on improving controls to mitigate risks
• Support external audits from regulatory organizations and external auditors by providing timely and accurate responses to requests
• Perform audit planning, fieldwork, and wrap-up of engagements, including development and refinement of work programs
• Assist with identifying and documenting issues identified during audit and developing recommendations for improvement
• Defines, executes and manages Information Technology audits to assist in completion of the annual audit plan
• Assist in performing an IT risk assessment and development of the IT audit plan Individual work papers and evidence of work performed are completed on time and are organized to fully support conclusions and findings
• Perform testing, assesses results, and develops meaningful recommendations for management

Confidential

Sr. Program Manager

Responsibilities:

• Identify and evaluate complex business and technology risks and remediation methods to mitigate risks
• Perform vulnerability scanning and remediation, system hardening and endpoint protection.
• Develop and maintain data security plan and architecture.
• Extensive experience in problem solving, critical thinking and logical structuring skills
• Assist in the selection and tailoring of approaches, methods and tools to support service offering or industry projects
• Actively participate in decision making with engagement management and seek to understand the broader impact of current decisions
• Develop and implement ERM strategic and annual plans.
• Develop and implement risk assessment methodologies, models and systems in line with best practice principles
• Develop and roll out a risk based incentive compensation plan
• Assess and maintain the ERM risk maturity profile of the organization
• Facilitate the identification of relevant risks identified at the strategic and operational levels utilizing appropriate tools and techniques taking note of changes in the risk environment
• Risks are appropriately assessed with severity ratings
• Work with business partners to develop enterprise-wide uniform risk and severity categorizations
• Facilitate the compilation of risk metrics (including risk tolerance levels and appetite) developed for business units and the organization in line with the ERM framework and best practice principles
• Facilitate the development of risk mitigation strategies and project plans
• Report all relevant ERM matters including; findings, risk positions and recommendations to relevant stakeholders in line with ERM framework, policies and procedures
• Establish, promote and maintain a risk management philosophy, culture and ERM awareness within the organization
• Manage the effective coordination of ERM with all assurance providers, including; internal/external audit, regulators and compliance functions
• Active coordination, support and involvement in governance committee activities
• Active management of key person risk and succession planning
• Involvement in new product budgeting process and tracking and recording material plan to actual expenditure overage explanations
• Development of process capacity studies