Responsible for implementing, designing, and managing the overall Enterprise strategies and procedures for the information security function. Develops and implements disaster recovery programs in accordance with organizational information security standards, developing security policies and procedures, evaluating information risk, and promoting information security awareness within the organization. - Provides strategic leadership and oversight in Information Security matters for the entire organization.- Responsible for the execution of the Information Security strategy roadmap.- Works closely with Corporate’s Internal Audit department when conducting the annual cyber security audits. Creates the security controls testing matrix for the auditors.- Works closely with RPM Corporate Legal/Compliance team on cyber security legal matters - Develops/reviews and enforces policies and procedures within the Information Security department. - Established IT security standards for network infrastructure, applications, servers, data, desktop/laptops/tablets, and mobile devices- Creates and maintains the Disaster Recovery and Business Continuity Planning Programs, to include a Disaster Recovery manual and Business Continuity Planning manual and annual tabletop exercises- Created an Incident Response Program to include an IS Incident Management Response Plan and Playbooks- Created a Risk Management Program to include annual risk assessments to evaluate compliance with security measures. - Created a Business Impact Analysis template for an annual review of RPM’s critical systems.- Created a Data Governance program that applies security measures to guard against unauthorized access and data loss to digital information.- Created a Security Education Awareness program

Responsible for the cyber security of CMSD's information technology resources, digital assets, user identity and data privacy. Provides strategic leadership in the development and execution of a comprehensive strategy for Cyber Security and IT Risk Management programs and architecture. Implements security measures to maintain compliance with federal, state, and local cyber security regulations and legislation specifically HIPAA and FERPA, as well as industry frameworks, such as NIST, ISO 27001/27002 and COBIT. Identifies current threats, mitigates vulnerabilities, and anticipates future cybersecurity challenges. Utilizes new technologies to increase the security of the District’s existing and emerging IT infrastructure, systems and information. - Established the NIST Cyber Security Framework for the District and IT Security Standards- Works with and consults with executive/senior leaders on potential information breaches- Responsible for development, management and compliance of an enterprise-wide cyber security awareness program - Develops policies, procedures, communications and training for cyber security and IT risk management programs- Maintains up-to-date knowledge and understanding of technology trends, security threats, infrastructure vulnerabilities, and business dependencies - Develops threat models and security risk assessments and recommend mitigations and countermeasures to address risks, vulnerabilities and threats- Tracks and remediates security audit findings and security vulnerabilities detected from scans- Responsible for security monitoring and alerting, identity and access management, internet content management and privileged account management- Partners with key stakeholders to develop, document and test plans for emergency response and to ensure appropriate staff awareness- Established a formal IT forensics program, Risk Management program, Disaster Recovery program and Incident response program

Protects Health System Information and Infrastructure from internal and external threats for Sisters of Charity Health System. - Ensures compliance with statutory and regulatory requirements specifically, HIPAA regarding information access, security and privacy. - Works in collaboration with the CTO, Technical Security Analyst, Network Administrators, and vendors to safeguard the Health System’s Information Technology assets and Intellectual Property- Manages, implements, and enforces information security objectives as mandated by HIPAA- Created the Cyber Security Program for the Health System- Adopted the NIST Cyber Security Framework for the Health System- Conducts annual Business Impact Analysis on critical applications - Created and maintains the Disaster Recovery and Business Continuity Programs, to include a Disaster Recovery manual and Business Continuity Planning manual- Created an Incident Response Program to include an IS Incident Management Response Plan and Playbooks- Conducts an annual Cyber Security Table Top Exercise annually - Created the Cyber Security Education Program and conducts all annual training- Works with the Health Systems Legal Department to maintain proper legal compliance within cyber security - Develops policies and procedures - Works with outside consultants as appropriate for independent information security audits- Works with internal and external auditors on security related responses and audits.- Conducts an annual security assessment consistent with HIPAA and Meaningful Use requirements. - Works with the Technical Security Analyst to address any security issues with the Health Systems infrastructure - Works with IT Leadership to prioritize information security initiatives - Project Manager for a HIPAA Compliant, secured text messaging platform- Member of the Emergency Response Preparedness Committee for St. Vincent Charity Medical Center

Provides set-up, implementation, support, maintenance and guidance of ISs in accordance with applicable NASA and DOD security regulations and manuals. Appointed by the NASA John H. Glenn Research Center (GRC) Director as an Information System Certifying Authority. Provides support and consultation on security enhancements in accordance with applicable NASA and DOD regulations:- Appointed Security Control Assessor for entire program under the Risked Managed Framework (RMF) process to ensure compliance with security standards and policy- Created and maintains an Information Assurance Standard Operating Procedure (IA SOP) manual- Performs risk assessments on systems and creates a Plan of Action and Milestone (POA&M) and Security Assessment Report (SAR) for known risks- Creates and maintains System Security Plans for all active systems- Ensures systems are operated, maintained, and disposed of in accordance with internal security policies and practices outlined in the security plan. - Created and implemented a backup and restoration process along with a disaster recovery plan - Ensures configuration management for security-relevant IS software, hardware, and firmware is maintained and documented. - Ensures that system recovery processes are monitored to guarantee that security features and procedures are properly restored. - Developed and maintains a formal Information Systems Security Program. - Maintains the incident response plan and ensures the response handling is implemented from start to finish- Developed and implemented an information security education, training, and awareness program. - Systems Security Compliance Inspector at all NASA facilities and contractor sites. - Administers Anti-virus and Security Patches to all systems- Performs Security Test and Evaluations on software. Prepares reports and gives recommendations for use of the software on the network and Stand Alone Systems