SUMMARY

• Program Manager, Governance, Risk and Compliance Consultant, Business Systems Analyst, Process Engineer, Archer Developer and Trainer with a passion for regulatory compliance, risk, technology, designing and developing solutions, Team Builder - effectively managing and capitalizing on internal and Third Party resources; over 16 years of experience in Information Technology/Security across multiple industries: Healthcare, Banking, Insurance, Telecommunications, Airline and Automotive; SME in Policy and Vendor Management, Risk Assessments, Security Awareness; confidential Veteran

TECHNICAL SKILLS

• Enterprise GRC expert; RSA Archer platform
• Regulatory Controls - NIST
• HIPAA
• CMS
• HITRUST CSF
• GLBA
• FISMA
• FFIEC
• SOX
• FIPS
• COSO
• ISO 27001/2
• PCI-DSS; SB-1386; Implementations; KPIs and KRIs; Process Engineering; Change Management; Quality Assurance; Testing
• Corrective Actions Plans (CAP); Root Cause Analysis and Remediation; Microsoft Office Suite; Familiar with Splunk Tool
• IDS/IPS
• Firewall Policies
• Networks and Cloud

PROFESSIONAL EXPERIENCE

Confidential

Sr. GRC Program Manager/Developer

Responsibilities:

• Built bridges and evangelized the efficiency, effectiveness and capabilities of the confidential product
• Consulted and managed enterprise-wide requirements gathering and assisted stakeholders (HR, Policy Management, Compliance, Vendor Management) re-engineer processes for automation in GRC platform
• Designed and developed Solutions and Custom Applications for Compliance (SOX Controls, Control Standards and Procedures), Issue Management (Findings, Risk Exceptions and Remediation), Vendor and Policy Management; wrote Statements of Work (SOWs) and Business Requirements Documents (BRDs)
• Eliminated and replaced the use of Excel files in both North America and International risk exception reporting with centralized enterprise wide real-time reporting and monitoring
• Re-engineered original Policy Application and process, introduced and stood up the Control Standards and Control Procedures Applications in preparation for confidential audits
• Architect roadmap, evaluated changes, performed test and root cause analysis, proposed problem resolution, collaborated and trained team members, quality test team and internal business units

Confidential

Optum Security/Risk Analyst/Technical Writer

Responsibilities:

• Consultant under the Information Risk Management Department restructuring Security Policies and Standards in confidential
• Analyzed and rewrote existing Security Policies and Standards for international applicability, clarity and regulatory compliance; provided recommendations for Archer enhancements
• Restructured Policies and Standards in Archer to enhance ease of use and search functionality
• Mapped Standards to confidential CSF framework, NIST, HIPAA Security Rules and identified gaps

Confidential

Consulting Security Risk Intelligence

Responsibilities:

• Confidential Consultant, developed Applications and requirements for the Archer platform to provide Security, Vulnerability and Risk Intelligence reporting, utilized SDLC (Agile and Waterfall) and Lean methodologies to design and implement
• Product Owner and liaison for Security Team enterprise wide; promoted the use of enterprise Governance Risk and Compliance (eGRC) platform throughout the organization to develop a seamless, integrated and relational system that produced effective C-Level reports providing a true picture of Risk, Vulnerabilities, Incidents, Asset Management and Regulatory Compliance, Findings and tracking of Remediation Plans with assigned Task
• Designed and established enterprise Custom Risk Exception application in Archer with multi-layer approval
• Worked with the Splunk team to parse large volumes of Archer data from Policy and Threat to reduce latency
• Managed the Vendor Security Risk Management product initiative gathering insight on current and future state
• Contributed to integration of confidential  Cybersecurity Assessment into confidential platform to assess and measure gaps and enterprise compliance and Vulnerability Management Patch reporting and remediation

Confidential

Security Assurance Consultant

Responsibilities:

• Project Manager of multiple confidential implementations in conjunction with the development of Solutions in the Archer confidential system; planned system migrations; consulted on system design and risk/audit requirements
• Business Systems Analyst for Risk application development and implementation; developed test plans and requirements for Access Control Attestations; managed budget hours for projects
• Independently provided Risk and Vendor assessments, clients included Nursing Homes and Business Associates

Confidential

HIPAA and Security Assurance Policy Manager

Responsibilities:

• Under the Security team wrote, mapped and implemented confidential and Security policies and standards; conducted policy reviews, gap analysis with Executive teams; identified findings and established exception protocol; developed Corrective Action Plans (CAPs); improved internal and external audit scores; responded to client assessments included 43 States (CA/SB-1386) - Medicaid and Medicare, Government - Tri-Care
• Provided technical enhancements to the confidential application for Policy, Issue and Vendor Management and Business Continuity applications; rolled out campaigns for Compliance and Human Resources
• Assisted Legal with reviewing Business Associates Agreements and Service Level Agreements (SLAs)
• Trained personnel, Sales and EDI teams on understanding the “Why” behind regulations and applicability
• Served as confidential and regulatory point person under the Compliance and Legal department; performed internal and external risk assessments; responded to 90% of client Security Assessments; key point of contact for the confidential Audit in addition to SOC 1 Audit, worked with cross functional departments throughout the organization to gather process information and validated with test scripts; provided technical enhancements to the confidential platform for Policy, Exceptions, Findings and Business Continuity applications
• Created and enhanced Security Awareness program and Vendor Management framework, brought key C-Level stakeholders from Security, Risk, Purchasing, Legal, Sales, IT, and Compliance to form governance committees; consulted on the custom Business Continuity solution in Archer and conducted Business Impact Analysis

Confidential

Account Executive

Responsibilities:

• Account Manager and Wireless Consultant, provided strategic, technical and business solutions reducing loss of city government accounts; drove new business; consulted and presented to City Managers and Executives

Confidential

Technical Consultant/Account Manager

Responsibilities:

• LAN/WAN Consultant and Account Manager designed audio visual solutions and network integration

Confidential

Responsibilities:

• Marketed Life, Health, Fixed Annuities, Property/Casualty, Cafeteria Plans and Supplemental Insurance

Confidential

Sr. Sales Engineer

Responsibilities:

• Network Architect for Sales Team designing infrastructure solutions on Frame Relay, X.25, VPN networks
• Contributed to writing RFPs, SOWs, Service Level Agreements with legal team and negotiated contracts

Confidential

Sr. Sales Engineer/ Product Marketing/Sr. Accountant

Responsibilities:

• Consulted, designed, implemented and closed deals on 95% of frame relay WAN designs, VPN and LAN integration, 90% travel - covering Global Accounts within the US, Canada, and Caribbean
• Product Manager and developer of the Frame Relay Wide Area Network offering, created pricing scenarios and cost analysis; trained engineers, management and clients on networks, IP addressing, routing and switching
• Sr. Accountant and Financial Systems Analyst, provided forecasting, budgeting, executive reporting, testing, debugging and remediation; created a temporary billing system for data telecom group