Attleboro, MA 2017 to Present Sensata Technologies (NYSE: ST) is one of the world's leading suppliers of sensing, electrical protection, control and power management solutions with operations and business centers in 12 countries. Sensata's products improve safety, efficiency and comfort for millions of people every day in automotive, appliance, aircraft, industrial, military, heavy vehicle, heating, air-conditioning and ventilation, data, telecommunications, recreational vehicle and marine applications.
Information Security Manager
• Leading the partnership with MSSP for Security Operations
• Cyber Security Budget & Strategy Planning
• Incident Response policy & procedure planning, including table top exercises for cyber portion
• Developing event investigation processes and procedures
• Developing new KPI with MSSP and internal teams
• Developing and enhancing Vulnerability Management Program
• Developing Cyber Risk Program utilize FAIR and NIST CSF controls
- Information Security Manager at Sensata Technologies
- Global Team Lead Security Engineers and Threat Monitoring (Promoted) at Computershare
- Manager Information Security at Boston Children's Hospital
- Manager of Information Security at Aramark Uniform & Career Apparel
2 years at this Job
- Masters of Science in Cybersecurity Intelligence - Cybersecurity Intelligence
- Bachelors of Science in Information Technology - Information Technology
March 2004 - Present
Information Security Manager/Information Systems Security Manager/Communications Security Manager/Communications Chief/Assistant Security Manager
• Perform assessments of systems and networks within the networking environment or enclave and identify where those systems and networks deviate from acceptable configurations, enclave policy, or local policy, achieved through passive evaluations such as compliance audits and active evaluations such as vulnerability assessments.
• Establish strict program control processes to ensure mitigation of risks and supports obtaining certification and accreditation of systems. Include support of process, analysis, coordination, security certification test, security documentation, as well as investigations, software research, hardware introduction and release, emerging technology research inspections and periodic audits.
• Assist in the implementation of the required government policy (i.e., EKMS 1, NISPOM, ICD 503), make recommendations on process tailoring, participate in and document process activities.
• Perform analyses to validate established security requirements and recommended additional security requirements and safeguards.
• Support the formal Security Test and Evaluation (ST&E) required by Navy/Marine Corps accrediting authority through pre-test preparations, participation in the tests, analysis of the results and preparation of required reports.
• Document the results of Certification and Accreditation (C&A) activities and technical or coordination activity, prepare the system security plans, and update the Plan of Actions and Milestones (POA&M).
• Periodically conduct a complete review of each system's audits and monitor corrective actions until all actions are closed.
• Effectively manage communications security (COMSEC) account, equipment and keying material with 100% accuracy for multiple internal and external organizations.
- Information Security Manager at United States Marine Corps
- Marine Security Guard (MSG) Watchstander/Russian Language Student at United States Marine Corps
14 years, 10 months at this Job
- Master of Science in Cyber Security - Information Assurance
- Bachelor of Science in Liberal Arts - Russian Language
- Associate of Applied Science in Liberal Arts in Visual Communication - Liberal Arts
Governance, Risk, and Compliance (GRC) Advisory: Performed in the capacity of a third party Information Security Manager for the Metropolitan Washington Airport Authority (MWAA). The Airport Authority is responsible for the management, operation, and capital improvement of two airports in the Washington metropolitan area, Reagan National (DCA) and Washington Dulles International (IAD) Airports. These airports provide domestic and international air service to over 45 million passengers for the mid- Atlantic region and also manages the Dulles Toll Road (DTR). http://www.mwaa.com Responsibilities included conducting a comprehensive cyber-security governance analysis and compliance assessment of all current Airport Authority's IT enterprise governance, digital security risk management, and compliance management policies and directives. This scope of work involved analysis resulting in recommendations for risk management policies and controls which will conform to the blended information security frameworks for developing, implementing, monitoring and improving IT governance and digital security risk management practices. The responsibilities also included high-level technical writing support for policies, procedures and strategic digital risk management plans consistent with the gap analysis and IT governance standards recommendation(s) based on frameworks that include COBIT (Control Objectives for Information and Related Technologies), NIST (National Institute of Standards and Technology for Information Security, PMBOK (Project Management Body of Knowledge for project management and ITIL (Information Technology Infrastructure Library for service delivery. The final delivery mandate included the production of a comprehensive governance and risk policy compendium regarding the overall analysis, recommendations with new/updated policies and IT risk management standards upon which respective policies were derived.
- Information Security Manager (Contractor) at Ex Nihilo Management, LLC
- Consultant at Kaiser Permanente
- Sr. Cyber Security Specialist at SyZyGyRiskSciences
- Cyber Security Solutions Architect (Consultant) at Intelligent Systems Services, LLC
11 months at this Job
- Masters of Science - Business Administration
- Bachelor of Science
- Bachelor of Arts - Psychology/Computer
- Associate of Arts
- Associate of Science A.S. - Technology Science
Represented the company's technical security interests to partners, including unclassified, secret
and classified echelon, to ensure the bi-directional flow of technical information and best practices in information security.
• Validated and verified system security requirements definitions and analyzed system security designs.
• Managed firewall, network monitoring and server monitoring both on- and off-site.
- Information Security Manager at US Army
- Network Administrator at US Army
- Information Security Analyst at US Army
- Information Technology Manager at US Army
1 month at this Job
- - Computer Science
- SEC + - Information Security (80 hrs)
- NET + - Network + (40 Hrs)
Manage a team of Information Security Assessors to ensure new product development meet the Enterprise Information Security standards. Corrdinate assessor availability and assign assessments based on subject matter expertise and knowledge. Identify process improvements and execute implementation with alignment across multiple organizations.
- Information Security Manager at American Express
- Information Security Manager at American Express
- Project Manager at American Express
- Lead Systems Analyst at American Express
3 years, 9 months at this Job
- Business - Business, Computer Information Systems
• Responsible for managing all aspects of newly created Information Security Program
• Provide guidance and counsel to the CTO and key members of the Executive Management team in defining objectives for information security
• Establish annual and long-range security and compliance goals, define security strategies, and create a roadmap for overall strategic guidance
• Mentor and manage all Information Security team members and implement professional development plans for all members of the team.
• Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
• Work with Internal Audit and outside consultants as appropriate on required security assessments and audits.
• Report quarterly to the Walker & Dunlop External Board and Audit committee
• Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
• Examine impacts of new technologies on Walker & Dunlop's overall information security. Establish processes to review implementation of new technologies to ensure security compliance.
• Establish repeatable process to examine and review the security programs for all new and existing third-party vendors
• Work closely with Training department to customize the annual Security Awareness training program and quarterly phishing test to best educate employees
• Manage all Security Technologies and Managed Service vendors such as Carbon Black, SecureWorks, MediaPro, Symantec, & Optiv
- Information Security Manager/Officer at Walker & Dunlop
- Sr. Information Security Policy Manager at Accenture
- Self Employed at Self Employed
- Senior Information Security Officer at RPS
1 year, 6 months at this Job
- BS - Management Information Systems
• Communicate with executive management to ensure support for the information security program. Manage and maintain the information security program.
• Oversee and conduct risk management activities (risk assessment, gap analysis, business impact analysis, etc.) to help the firm reach an acceptable level of risk.
• Advise and make recommendations regarding appropriate personnel, physical and technical security controls.
• Managing the information security incident management program to ensure the prevention, detection, containment and correction of security breaches.
• Participate in resolving problems with security violations.
• Manage a firm wide information security education and awareness campaign. Coordinate the communication of the information security awareness campaign to all employees of the firm. Create and deliver presentations for attorneys to earn Ethics CLE credits.
• Coordinate with vendors, auditors, executive management and user departments to enhance information security.
• Compile and document client, regulatory, and internal security requirements. Perform gap analysis to verify the firms compliance.
• Implement controls to steer the firm towards ISO27001 compliance.
• Develop and maintain information security policy for the firm.
• Chair of the Data Security Steering Committee.
- Information Security Manager at Marks, O'Neil, O'Brien, Doherty, & Kelly
- Information Systems Specialist at Marks, O'Neil, O'Brien, Doherty, & Kelly
- IT Coordinator at Klehr, Harrison, Harvey
- Systems Engineer at Docutech
1 year at this Job
Directs global incident response and fraud investigations for the organization, including strategic corrective action. ♦ Designs security risk assessment strategy, process, tracking and executive reporting metrics focused on compliance remediation. ♦ Manages information security resources for ISO, PCI, HIPAA and business processing outsourcing compliance. ♦ Manages compliance audits and remediation for client contracts. ♦ Manages Identity and Access management transformation.
- Information Security Manager at Sutherland Global Services
- Security Coordinator - Senior Security Compliance Analyst at
- IT Security Technical Analyst at BG Group
- Director of IT at University of Houston
2 years, 6 months at this Job
- Bachelor of Music - Composition
• Manage IBM Proventia Intrusion Detection/Prevention Systems, Cisco ASA Firewalls, VPN, RSA, Cisco Anyconnect, and other access control systems.
• Ensure newly identified software designs or acquisition software are adhering to Compliance requirements.
• Use Bluecoat proxy to grant or restrict internet access to users based on company policy.
• Assists in the implementation of Guardium infrastructure, policies, rules enforcements as a part of the Enterprise Data Protection Initiative.
• Administer security patches to Guardium through a SSH putty sessions.
• Deploy and configure ISTAP monitors in I-series environment.
• Configure Guardium policy via policy builder.
• Participate in Guardium user groups and LUG to give updates on the tool.
• React to data anomalies and alerts that meet thresholds set for the DAM.
• Troubleshoot Guardium PMRs with IBM support team.
• Work closely with security partners to develop and manage incident response plans, emergency response plan, disaster recovery plan, penetration tests, Splunk SEIM analysis, and physical security controls.
• Work with support in a 24x7 environment on-call rotation.
• Build training modules, deploy security awareness to employees, and report on the results to Director.
• Maintaining PCI / SOX Compliance and conduct yearly audit with QSA.
• Monitors security systems, including Cisco ASA firewall, Bluecoat proxy, IDS/IPS, AV, and other systems that generate security data for anomalies or indicators of intrusion.
• Work with IBM SOC to address outages on security platforms and bring systems back up with accuracy.
• Conducts internal and external penetration test and active threat scans
• Follows up on noncompliant items discovered during scans.
• Incident Response Planning
• Creating, testing and implementing network disaster recovery plans
• Performing risk assessments and testing of data processing systems
• Recommending security enhancements and purchases
• Identifies and conducts Compliance pre-assessments, identifies findings, mitigating controls, and presents assessment reports to management and key stakeholders
• Training staff on network and information security procedures
• Act as 'subject matter expert' (SME) to other internal customers and departments in Compliance
• Establishes and maintains system controls by developing framework for controls and levels of access; recommending improvements that meet PCI / SOX Compliance Requirements.
• Ensures authorized access by investigating improper access, revoking access, reporting violations, monitoring information requests by new programming, recommending improvements.
• Establishes computer and terminal physical security by developing standards, policies, and procedures.
• Translates security and compliance requirements into workable policy and procedures for IT and Business areas
• Safeguards files by performing regular backups, developing procedures for source code management and disaster preparedness, recommending improvements.
• Develops security awareness by providing orientation, educational programs, and on-going communication.
• Updates job knowledge by participating in educational opportunities, reading professional publications, maintaining personal networks, participating in professional organizations.
- Information Security Manager at Haverty's
- NOC Platform Services Specialist / Systems Administrator at Hewlett Packard
- Training Technician / Computer Operator III at Army Training Help Desk
- Desktop Support Specialist at Bank of America
3 years, 4 months at this Job
- BS degree - IT\Networking and Security Management
Lead, motivate and train staff, manage security operations activities and manage the Incident Response practice. Determine security requirements by evaluating business strategies and requirements; research information security standards; conduct system security reviews, vulnerability analysis and perform risk assessments. - Define, manage and lead the Incident Response practice - Develop risk assessment process of 3rd party security controls - Deploy & govern a global vulnerability management program - Responsible for network perimeter security solutions (Check Point firewalls, IPS, Sandboxing, Anti-Virus, etc ) - Establish global enterprise SIEM and manage SOC activities - Manage engineers and analysts
- Information Security Manager at Hallmark Cards
- Senior IT Security Specialist at Kimberly-Clark
- IT Security Engineer at Zimmer, Inc
- Consultant of computer technology at Bristol-Myers Squibb
4 years, 7 months at this Job
- Bachelor's - Cyber security