SUMMARY:

• Proven success in project management in large, diverse organizations with experience in lab - wide to nation-wide projects with minimal or no supervision. Information Security Project Manager, overseeing information security portfolio.
• Highly experienced with Risk Management Framework and Certification & Accreditation (C&A) processes. Firmly adept at creating and maintaining System Security Plans for government agencies such as Department of Energy and the Indian Health Service.
• Strong work history demonstrating expertise in complying with federal regulations such as FISMA, FIPS, OMB, NIST, ISO, HIPAA and HITECH.
• A developed and established ability to create new programs and processes.
• Created the Sanitization and Destruction of Classified Media Program for Confidential in accordance with DOE, OIG, NSA, and NNSA regulations.
• Designed and implemented the HIPAA Compliance Program for the NM Confidential .
• Requested to speak as a featured presenter as a local subject matter expert on compliance at the 2010 NM ISACA Governance, Risk & Compliance Workshop.
• Selected through high recommendation as an Audit Subject Matter Expert to conduct an independent audit of the Bureau of Indian Affair’s (BIA) annual COOP exercise.
• Highly rated as an effective and engaging instructor experienced in creating various training programs for a wide variety of audiences from executive management and general support staff. Proven success in developing training material to include: online modules, in-person multi-day training sessions, and creation of HIPAA and government security training videos.

PROFESSIONAL EXPERIENCE:

Managing Partner

Confidential

Responsibilities:

• Experienced CISSP professional with more than 17 years of experience in maintaining current knowledge regarding information security, compliance and governance in both the public and private healthcare industries as well as regulatory compliance at both the state and federal levels.
• Maintains strong social skills accompanied by a well-rounded understanding of the information security industry, offering a direct and material impact for clients.
• Continued adeptness at analyzing IT security systems and operations, defining achievable goals, developing, implementing and enforcing security policies standards and guidelines that effectively mitigate risks, aligning with the customer’s strategic business objectives.

Compliance and Information Assurance Project Manager

Confidential

Responsibilities:

• On contract with Indian Health Service (IHS), functioned as the Project Manager effectively managed a $4.3 million budget and a staff of 12 information security staff of professionals specializing in intrusion detection, penetration testing and technical writing.
• Successfully led company’s re-compete effort for information security contract in 2011.
• Regarded as subject matter expert on federal regulations such as FISMA, FIPS 199, NIST Special Publications (800-53, 800-37, 800-30), OMB and HIPAA.
• In addition to management responsibilities, continually reviewed and updated IHS information security policies and procedures to ensure compliance with federal information security rules and regulations.
• Analyzed new and proposed changes to federal policies and guidance to determine the impact to the Agency in terms of security policy, procedural and program changes.
• Managed the Business Continuity and Disaster Recovery Program to ensure the availability of systems that support the IT health initiatives for approximately 2 million American Indians and Alaskan Natives. Active participate in emergency exercises that ranged in scope from local to nation-wide (FEMA). Continually ran COOP maintenance and testing, conducted tabletop and full scale exercises, ensured backup data availability, conducted agency-wide business impact analysis (BIA), and created and conducted COOP training programs.

Cyber Security Analyst

Confidential

Responsibilities:

• Contracted to update and maintain System Security Plans for over 100 classified systems in accordance with federal regulations including DOE Orders.
• Successfully managed the lab-wide Automated Transfer Process program for SNL assuring the protection of classified information while extracting unclassified information identified for removal or transfer.
• Created monthly, quarterly and annual self-assessment metrics for senior management and accurately reporting security incidents to the DOE.
• Designed and implemented new lab-wide process for the destruction of classified material affecting 16,000 employees and more than 100 classified systems.
• Analyzed daily Internet activity logs for the entire lab and identified security risks allowing SNL to investigate and neutralize security threats.
• Successfully rolled-out CATSWeb software for SNL’s assessment and information assurance and regulatory compliance teams, completing the project ahead of schedule and within budget.

Information Security Consultant

Confidential

Responsibilities:

• Areas of analysis included: physical security, network security, wireless security, policy enforcement, vulnerability reduction, data integrity, business continuity and disaster recovery, training, risk assessment and management, network architecture, software standards and licensing, and privacy.
• Developed the first clearly defined Internet Usage Policy for the Confidential, affecting over 15,000 state employees.
• Successfully conducted a public hearing in Santa Fe to receive feedback from the citizens of New Mexico on the proposed changes in state policy to reflect the new HIPAA regulation.

Chief Privacy Officer (CPO)

Confidential

Responsibilities:

• Contracted for six months to bring Confidential compliant with HIPAA security and privacy regulations.
• Assumed the project a half-year behind schedule with unfavorable reception and without staff or budget funds, yet quickly turned around the failing project and it was completed on-time and was well received by executive management.
• Conducted department-wide risk assessments and analyses to determine and mitigate risks to Confidential ’s network.
• Developed and implemented new HIPAA-compliant security and privacy policies, procedures and standards, including sanction policies for non-compliance.
• Reviewed and monitored POA&Ms and corrective action plans to assure continued compliance. Worked with IT staff to ensure that all forms of electronic transactions met the HIPAA requirements.
• Designated liaison between government auditors and Confidential for HIPAA security and privacy policies and procedures.
• Created HIPAA compliance training program to educate 1,500 Confidential personnel about their responsibilities regarding security and privacy of patient’s health information (PHI) and personally identifiable information (PII).
• Created Confidential ’s Notice of Privacy Practices in English and Spanish while still complying with the state’s sixth grade reading-level comprehension requirement.
• Authored HIPAA-related New Mexico Administrative Code that became law for the Confidential .

Information Security Administrator & HIPAA Project Manager

Confidential

Responsibilities:

• As HIPAA Project Manager, ensured company’s IT compliance with new HIPAA security regulations and created and conducted HIPAA training program for executive management and general staff.
• Named company's first Information Security Administrator and implemented new security technologies, created new security policies & procedures, and successfully initiated company-wide password program affecting 40,000 employees.
• Developed, monitored & enforced information security policies and procedures for the company’s 240 long-term care living facilities.