Brian K Email & Phone Number

Owings Mills, MD, US

Peabody, MA, US

• Prepare, maintain, and update security documentation, policies, processes, and controls including information Security Governance, and Security Risk Assessments
• Lead audit readiness activities for various frameworks across the entire company (NIST, CMMC 2.0, ISO27001)
• Coordinates, develops and evaluates security programs for an organization
• Recommends information assurance/security solutions to support customers' requirements
• Applies know-how to Government (TSA) and commercial common projects, systems, as well as to dedicated required specialized security features and procedures
• Partner with Technology and Risk stakeholders in maintaining data within the Company's GRC tooling or manually providing timely and effective guidance to departments on technology regulatory requirements

Boston, Massachusetts, US

• Leading the effort in the development, review, implementation and maintenance of policies, procedures, standards and guidelines in accordance with applicable regulations and company standards including NIST 800-53.
• Familiar with STRIDE and CVSS threat modeling standard
• Setting up meeting with engineers, analyst and business line for different projects in all aspects from development to commercial launch
• Leading the effort on security and compliance to bring my organization to a proper security posture
• Tasked with building a solid security posture from existing and new control requirements
• Provide needed Professional recommendations on tools, processes, standards and business needs.

Columbus, Ohio, US

• Responsible for analyzing all new vendor contracts and pointing out areas of improvement to management
• Verify that the vendor follows all regulatory, information requirement and applicable processes and standard
• Assess Vendor Risk Profile to determine CIA rating, conduct reassessment of Vendor and prepare VRA Report
• Act as remediation analyst to support work with vendors in remediating findings discovered during the onsite/virtual assessment
• Access both inheritance risk questionnaire, SIG questionnaire, SOC report, Pen Test, Vulnerability Scan report from SEIM tools, Cyber insurance to validate vendor appropriate implementation of information security.
• Communicate vendor information security issue to stakeholder, ensuring a clear understanding of associated risk and plan of action for remediating such risk

Bethesda, MD, US

• Created security documentation for incident response, audits, and log management to assist with workflow
• Scheduled and attended meetings with the IT team to gather documentation and evidence about their control environment in preparation for audits
• Performed risk assessments quarterly to make sure system weaknesses are well documented and mitigating processes are put in place
• Assist in the implementation, documentation and maintenance of policies, procedures, standards, and guidelines in accordance with applicable regulations including ISO 27001, PCI DSS, NIST 800-53 Framework Controls
• Performed system risk assessment to identify and implement appropriate security countermeasures
• Conducted research and maintained proficiency in computer networks, tools, techniques, countermeasures, and trends in computer network vulnerabilities and network security such as Tenable.io and CyberArk