Nashville VA Regional Office 477 Michigan Avenue 110 9th Avenue South Detroit Michigan 48226 Nashville Tennessee In September 2007, I sought and was accepted into a career internship program to become an Information Security Officer or ISO for the Department of Veteran's Affairs. Training to become an ISO has included classroom, on the job training, and online training modules. I have received VA Cyber Security Practitioner (CSP) credentials upon completion of the Office of Cyber Security or OCS sponsored CSP professionalization training program. This program includes completion of CSP online training modules, as well as a minimum of six months experience as an Alternate Information Security Officer or AISO. I have also completed follow on CSP training that includes more specialized training to acquire the skills necessary to be an effective facility ISO at a Department of Veteran's Affairs facility. In October 2009 I received certification of completion of the 2 year Information Protection and Risk Management, Intern Information Security Officer program and have independently worked as a Field Security ISO stationed at the Nashville, Tennessee VA Regional Office. As a facility ISO at the Nashville VA Regional Office I have performed the duties of an ISO, and have supported the Information system owner in the information security role, and with the on-going Authorization and Accreditation (A&A) efforts to certify the information systems at this facility in accordance with federal mandates. My duties as Information Security Officer have included the overall management and oversight of the VA information security program at the facility level including, but not limited to the responsibility for the development and implementation of a security program that anticipates, identifies, evaluates, mitigates, and minimizes risk associated with information system vulnerabilities to ensure security of information systems and information that may be in use, stored or transmitted against unauthorized or inappropriate access or release. As an ISO in support of the A&A effort I have gained experience, and knowledge as it pertains to the research, input into, and authoring of local policy for many of the technical, and non- technical controls, and station procedures that have been put into place during these efforts as well as conducting risk assessment, security control review and update of documentation as needed. As an ISO I have gained much experience in the building of strong working relationships with facility management, Regional Office staff, National Call Center Staff, Chief Information Officer, IT Administrators, and the facility Privacy Officer. In August 2011 I sought and was awarded Certified Authorization Professional credentials from ISC2 I am also a Local Registering Authority or LRA for setting up, and managing of PKI or Public Key Infrastructure email encryption. Sincerely,
- Information Security Officer at Detroit VA Regional Office
- at Department of Veteran's Affairs
- at Department of Veteran's Affairs
1 year, 1 month at this Job
- - nursing and technical duties
INFORMATION SECURITY OFFICER Certified Information Systems Security Professional with over 20 years of progressive experience across a broad range of IT and security functions for diverse industry segments at Global organizations. Proven leader with the ability to combine vision, creativity, and strong business acumen with well-developed project management experience to support multi-team security initiatives that maintain confidentiality, integrity, and availability HONDA AIRCRAFT COMPANY, GREENSBORO, NC Dec 2015 to Present
Information Security Officer
Lead cyber security executive for Honda's Aircraft division. Report to HondaJet's Chief Technology Officer, a direct report to the CEO.
• Develop, implement, and monitor a strategic, comprehensive company-wide information security and IT risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the company.
• Facilitate information security governance through implementation of a hierarchical governance program, including the formation of an information security steering committee.
• Develop, publish and maintain up-to-date security policies, standards and guidelines; and oversee training and dissemination of security policies and practices.
• Craft, implement and communicate a process for Supply Chain Risk Management to ensure the security of Intellectual Property shared with vendors.
• Create and manage information security awareness training programs for all employees, contractors and approved system users.
• Build a framework for roles and responsibilities with regards to information ownership, classification, accountability, and protection.
• Develop and enhance an information security management framework based on one of the currently accepted standards. Used ISO 27001 as the template with additional risk management recommendations from NIST. Developed Incident Response Program.
• Ensure that security programs are compliant relevant laws, regulations and policies to minimize or eliminate risk and audit findings. Ensured compliance to PCI-DSS and GDPR requirements.
• Work with HondaJet Executive team (C-Suite) to respond to and address risks and audit findings; define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings
• Recruit, hire, train, and manage information security professional engineers, analysts, and administrators to perform the day-to-day activities of the Information Security Department.
• Developed Cloud Computing Strategy for development of new technologies and processes. Developed Cloud Security Strategy and processes.
• Tools utilized include Cisco, Checkpoint, F5, Digital Guardian DLP, LogRhythm SIEM, WebSense, CyberArk Privileged Access Management, Tennable.io vulnerability management, Cherwell IT Service Management, Proofpoint, Airwatch and Symantec Managed Services (SOC).
- INFORMATION SECURITY OFFICER at HONDA AIRCRAFT COMPANY
- Senior Manager, Information Security at REYNOLDS AMERICAN INC
- Director, Security and Compliance at SILKROAD TECHNOLOGY
- Process Manager at REPUBLIC MORTGAGE INSURANCE COMPANY
3 years, 3 months at this Job
- - Project Management
- Bachelor of Science in Business Administration and Economics - Education
- Certified Information Systems Security Professional
Information Security Officer for SCI networks developed and deployed a PKI database for 500 sailors enabling a successful Windows Operating System migration and zero incidents.
● Well-rounded Radio Supervisor innovated 12 military Standard operating procedures for six junior sailors on Afloat and Ashore operations certifying their deployment readiness.
● Instructed 650 sailors on the importance of Cyber Security best practices, Social Engineering, and PII leading to the first Red Team attack exercises with the success rate of 100%.
- Information Security Officer at USS Truxtun DDG
- Boundary Protection Engineer at TEKsystems
- Information systems Technician at Fleet Area Control Surveillance Facility
2 years, 11 months at this Job
- System Administrator - Network Vulnerabilites
Washington, DC Currently serving as both Operation Manager and Information Security Officer (ISO)
- Operation Manager and Information Security Officer (ISO) at Department of Employment Services (DOES), DC Government
- Information Security Officer at Department of Employment Services (DOES), DC Government
- Operations Manager at Department of Employment Services (DOES), DC Government
- iPhone / iPad Developer at UIKit, Twitter integration, iAd, and MessgaeUI
4 years, 11 months at this Job
- None - Computer Science
- None - Programming and Business
• Assist the Chief Information Security Officer (CISO) in maintaining an effective enterprise-wide corporate information security program across the subsidiary and affiliate business units, as well as through all Merger and Acquisition (M&A) events and GRC, Threat management, Access Management, Data loss prevention, communication (phishing) disciplines.
• Ensure the protection and privacy of information assets within the context of the CIS strategy and compliance to all corporate policies and standards, as well as governing frameworks and standards, such as NIST, ISO27001, COBIT, GLBA and others
• Develop metrics and dashboard to bring transparency to drive action by LoB, digital, retail and commercial banking
• Key lead on mergers and fin-tech investments efforts. Worked on MRBA for access-management and matured the programs of threat management and access-management by 50 folds. Responsible for a cultural change to shift security to the left.
• Attract, coach/develop, retain, and motivate a world-class security leadership team. Make personnel recommendations/decisions regarding employment, career development, performance evaluations, salary changes, promotions, transfers, and terminations within policy and guidelines
- Business Information Security Officer at BB&T
- Associate Director at Goldman Sachs & Blackstone-Ipreo, Raleigh
- Principle Security Engineer, AT &T, Durham at Being Tier
- Lead Network Security Engineer at Verizon Inc
9 months at this Job
- Masters of Computer Science - Computer Science
• Led the John Deere Financial (JDF) segment of the Deere Global Information Security program. Also served as the Information Security Officer for John Deere Financial f.s.b., the Thrift portion of JDF.
• Responsible for the vision, strategy and operational effectiveness of the program, and for developing, securing the funding for, recruiting and executing the maturation necessary for the program to effectively secure JDF. Ultimately responsible for an approximately $ 3.5 million (US) annual budget, and a team of 17.
• Led and matured an Information Risk Management, Compliance and Controls Assurance function that partnered with and facilitated all IT and Information Security related Internal Audit, External Audit and regulatory examinations (e.g. Office of the Comptroller of the Currency, Federal Reserve Bank) for JDF. Owned JDF Information Security policies, which were based on NIST 800:53 and CSF guidelines. Restructured and matured Information Security risk assessments, registration, escalation, prioritization and mitigation assurance, and aligned reporting with JDF and enterprise partner risk functions, leveraging NIST, ISO 27K, COBIT, and other frameworks as necessary. Chaired an Information Security Advisory Council (ISAC), a cross-divisional team tasked with surfacing and assessing risks and with cascading key security practices across the company. Also championed Information Security in Data Governance and in IT steering Committees. Spearheaded an overhaul of SOX 302 and 404 compliance activities to enhance management comfort and assurance of the efficacy of key controls.
• Implemented and matured Security Incident monitoring, response, and business engagement practices for JDF, aligned with both JDF corporate and Deere enterprise incident response programs. Established data loss monitoring dashboards fed by the enterprise SIEM using Splunk. Also incorporated a data security function that spearheaded the strengthening of privileged access and service account controls. Actively supported the assurance of GDPR compliance for our business activities in Europe.
• Established and matured a Security Architecture and Engineering function for JDF, aligned with JDF and enterprise security architecture programs. This included the establishment of cloud adoption acceptance criteria to comply with Commission de Surveillance du Secteur Financier (CSSF) requirements for our business activities in Europe, including a mapping of our NIST based Cybersecurity controls to ENISA based equivalents, and in support of the enterprise cloud adoption strategy. This also included leading the JDF portion of the successful adoption of OWASP-based secure programming practices for and the transition of vulnerability scanning practices to Veracode to satisfy regulatory requirements and in support of business objectives.
• Governed the Information Security Program portfolio of projects, the prioritization of discretionary and non- discretionary security investments, and the allocation of IT resources for IT compliance and for Information Security Initiatives.
- Associate Director, Information Security Officer at John Deere Financial
- Vice President, Chief Information Security Officer at Athene USA
- IT Manager - Audit and Compliance Services at West Bend Mutual Insurance
- Consultant at National Computer Services
1 year, 11 months at this Job
- Master of Business Administration - Business Administration
- Bachelor of Arts - Program of Liberal Studies and Philosophy
Relationship Cultivation Program Development IT Strategy Development Business Analysis Resource Development North Carolina Department of Revenue January 2019-present Deputy Chief Information Security Officer Leads information Risk and Cybersecurity organization under the direction of the CISO. Operating in a key advisory role for both IT and business functions. Articulation of Information Security risks to senior stakeholders, committees, and boards including proposed initiatives designed to mitigate risks. Acting as a key participant and influencer with all Information Security relevant committees, forums, and groups. Assisting with budget management, planning and requirements submission. Oversight and governance of Information Security initiatives. Liaising with Legal, Compliance and Data Privacy functions to ensure that all relevant legislative and regulatory requirements are acknowledged and adhered to. Management of the Information Security Team, policies, and incident response.
- Deputy Chief Information Security Officer at Technology Development
- Associate Director, Cybersecurity at North Carolina Department of Revenue
- Information Security Manager at North Carolina Department of Revenue
- Regional Manager, COO Lead Regulatory, Risk, and Controls at Deutsche Bank
2 months at this Job
- Bachelor of Science in Biological Sciences - Biological Sciences
Owns accountability for global information security policies and procedures
● Guides company's privacy practices as key member of the company's global Privacy Committee ○ Charged with protecting employee and customer privacy consistent with regulations such as GDPR
● Owns accountability for all internal and external IT investigations
● Addresses Board of Directors regularly to communicate company risks, opportunities, and to return feedback into the company program
● Deployed security technology and processes to monitor and defend company cloud tenants and data to support "cloud first" strategy
● Developed strategy to secure the migration of the company's legacy data center to a hosted data center during Arconic's creation - a company "split" (separation) from Alcoa Inc.
● Formalized information security awareness program ○ Organized regular training / communication / attack simulations sent to employees around the world ○ Addressed global audiences in business unit town halls about the value of information security
● Developed enhanced protection program of company process control environments
● Lead mapping and gap analysis of existing security framework, ISO 27001, to newer NIST 800-53 standard to better align with our customer base and governmental regulation requirements
● Serves as company HIPAA security officer
- Chief Information Security Officer at Arconic
- Manager, Global Security Risk and Architecture at Alcoa
- Adjunct Faculty at Software Engineering Institute/Carnegie Mellon University
- Forensics Specialist Engineer at Software Engineering Institute/Carnegie Mellon University
2 years, 1 month at this Job
- Master's - Information Security and Technology Management
- Bachelor's - Computer Science and Information Systems
• April 2016 - Present Director, Information Technology/Chief Information Security Officer Works directly with physicians, administration and staff to maximize efficient and effective use of our information systems related to patient care, user satisfaction, clinical productivity, and quality outcomes. Responsible for all clinical and business operations systems including Mosaic, EMA and OncoEMR EMRs, Unlimited Systems g4 Practice Management and integrated access for physicians to Cerner and Epic EMR systems for area hospitals. Responsible for HIPAA/HITECH compliance and serves as Chief Information Security Officer. OCSRI is the largest physician owned, full service, community based cancer center in Eastern Oklahoma. With 24 full-time oncologists providing Medical, Gynecological, and Radiation oncology, and MD Anderson certification,
- Director, Information Technology/Chief Information Security Officer at OKLAHOMA CANCER SPECIALISTS AND RESEARCH INSTITUTE
- Chief Information Officer/Chief Information Security Officer at NIAGARA FRONTIER TRANSPORTATION AUTHORITY
- President/Chief Information Officer/Chief Information Security Officer at CRIF LENDING SOLUTIONS
- Executive Partner / Executive Programs at GARTNER, INC
2 years, 11 months at this Job
- Master of Science in Systems Management - Executive Management Leadership Development Program
- Bachelor of Science in Mathematics - Mathematics
Phone Number: (503) 230-5200 Chief Information Security Officer and team lead for the BPA Office of Cyber Security.
• Created highly effective cyber security program while maintaining costs reductions
• Implemented 24 X 7 Cyber Security Operations Center with proven measurable effectiveness.
• Created, deployed and managed team of penetration testers and red team cells to conduct offensive research on electric grid operations technology and corporate administrations.
• Created and implemented program and managed team to analyze cyber intelligence, detect, track and isolate advanced persistent threats.
• Created and implemented program and team to track vulnerabilities to mitigation and to report
• Created and oversaw the implementation of internal phishing program.
- Chief Information Security Officer at Bonneville Power Administration
- Lead Information Security Officer at Bonneville Power Administration
- Information Security Officer at Bonneville Power Administration
- Cyber Security Box Administrator at Tek Systems
6 years, 4 months at this Job
- Bachelor's Degree