Lead the evaluation of compliance risks and processes in complex information system environments to ensure appropriate controls exist, efficiency and accuracy with processes exist, and information system procedures comply with corporate policies and standards. Lead the client audit engagement process by identifying requirements, coordinating schedules, communicating deliverables, tracking progress and delivering successful results. Manage the third party risk assessment process to ensure that Client acquires and/or maintains required certifications (e.g., ISO27001/2, SOC 1 & 2, HITRUST, GDPR, NIST, HIPAA, FISMA, etc.).

Key player in the CMMC Cyber Security Assessment Program addressing DoD concerns along our supply chain for the DIB (Defense Industrial Base). Conduct ongoing risk analysis in tandem with compliance and security. Identify strengths and weaknesses in the security program related to privacy, security, business resiliency, and compliance frameworks. Document and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation. Analyze findings, and document, recommend and report program gaps to security leadership. Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance. Apply GRC expertise across key lines of business, including products, practices, and procedures. Define qualitative and quantitative metrics to assess the security program’s success and provide regular reports to security and business leadership. Work in tandem with security, audit, and risk management leadership to perform ongoing security program assessments to meet annual strategic technology and directives. Attend and fully engage in change and project management meetings. Act as liaison with business area stakeholders to maintain and implement controls for compliance and privacy laws.

Key player in the development of the new CMMC Cyber Security Assessment Program. Provide audit/risk consultation for Sawdey Clients to include the evaluation of in-place security controls (physical and technical), processes, plans, and documentation. Meet with clients to gather data/intel (via Teams, and on-site). Evaluate in place controls vs. CMMC, NIST, and other government standards. Provide documentations to include a pre-assessment evaluation, system security plan, and executive report making recommendations to secure their business. Provide input for the improvement of the CCMC program.

Develop, implement and monitor a comprehensive enterprise information security and IT risk management program. Develop and implement policies and procedures to protect OP&F from security risks including but not limited to IT systems, business operations and processes. Design and lead in the development of a written security program that addresses risk analysis, operation specific hazards, and security threats. Identify protection goals, objectives, and metrics for the security program. Provide appropriate training to staff on security and privacy requirements, policies, and processes. Work with Core services BTS team to examine access to information to ensure that persons having access to confidential information are authorized, limited to necessary information, and access is modified or terminated as appropriate. Responsible for independent, real-time reporting of IT internal control and weaknesses. Create, review and monitor the implementation of disaster recovery and business continuity plans. Develop, communicate and ensure compliance with organizational IT security policies and standards. Provide strategic and tactical security guidance for all IT projects including the evaluation and recommendation of technical controls. Work with outside consultants as appropriate for independent security audits and keeps BTS director informed of status of audits and remedial measures. Developed policies for, document, and lead BTS team through successful external OP&F controls and User Access Audit.

Work closely with infrastructure architecture / engineering / operations, application development, IT risk, compliance, and business teams to assign access profiles to colleagues within Huntington Bank. Work with business and technology teams to ensure monitoring and auditing of access to critical systems and infrastructure such as Active Directory, NetIQ Identity Manager, and RACF. Process access requests for various technology systems (Windows Servers, Unix, MS SQL, Oracle, RACF, and others) and find opportunities for process automation. Assist IT teams in developing and maintaining appropriate procedural documentation which meets relevant compliance standards in regard to access and identity management. Engage with audit teams and provide documentation and evidence of access control principles and profiles. Assess separation of duties following a role based access controls (RBAC) methodology and documentation of access control matrices. Participate in discussions to further review and refine existing RBAC structures. Determine and propose recommendations for access management controls to further enhance security. Assure adherence to required standards, procedures, guidelines, and processes. Provide reporting to risk management and business units on a routine basis for approval of access to systems.

Maintains operational stability and security of system security technologies and monitor and resolve support tickets associated with maintained technologies. Provide Tier II support for security apps and end users relating to security technologies. Document processes and procedures for existing and new technologies. Responsible for the build and deployment of Mandiant Intelligent Response to supported Windows systems for forensic analysis collection of potentially compromised systems. Responsible for Sourcefire Intrusion Detection systems, rules and analysis. Responsible for Arbor Networks systems support, maintenance and DDOS monitoring. Current Subject Matter Expert for Charter. Responsible for Netwitness packet capturing technologies and maintenance. Responsible for the design, deployment and configuration of FireEye appliances to track and stop cyber threats and data breaches. Appliances included HX, NX, PX, EX, IA, and the Console Management System (CMS). Responsible for all Gigamon switches associated with the Network Operations team. Duties include installation, configuration, maintenance and troubleshooting of systems. Systems in production GigaVUE TA10’s and GigaVUE HB1’s. Maintain Windows Images, patch updates, ancillary software support/updates to all TWC sites worldwide. Push out system builds to include OS and secondary applications utilizing Altiris and Symantec ITMS console. Provided ownership and admin services for Windows based Disaster Recovery solutions utilizing Vision Solutions Double Take software. To include tools ownership, design and testing, update and upgrades, accessibility and security administration, user education, support and standards documentation. Provide Tier II and III support services to the team. Provide VMWare administrative services to include build and configuration with an emphasis on operational needs. Provide systems administration and on-call support as required to all supported servers.

Support 2003 AD infrastructure for The Hearst Service Center and Hearst Argyle Television along with all Windows servers nationwide. Duties include participating in the plan, design and implementation of all internal systems upgrades. Other activities include installing, configuring, documenting and maintaining physical and virtual server Windows environments, server Application software and/or hardware, including troubleshooting and maintaining the day-to-day operations of servers. Recent projects include:•System design for upgrade of Hearst Corporation messaging environment from Lotus Notes to Exchange 2008.•Upgrading Corporate Netbackup environment from Netbackup 5.1 to 6.5 utilizing vaulting technology.•The upgrade and migration of high profile WideOrbit Application utilized by Hearst Argyle TV to IBM Blade Center environment booting from a network SAN.•Key member in the planning and execution of disaster recovery exercises for The Hearst Corporation 5 years running

Duties included managing a four man Network Operations team and senior technical resource for all Client/Server support activities. Team responsibilities included supporting all networking, server, and workstation support for DAU Midwest, the planning, design and implementation of all internal systems upgrades along with providing technical input for new classes in development as well as existing classes. The DAU Network Ops team provided support for over 100 faculty and staff members and was responsible for all classroom setups (Desktops, Laptops, Video Cabinets, etc.). The main undertaking for DAU Midwest included:•Managing and participating in DAU move from Wright Patterson Air force Base in Dayton, Ohio to Kettering Ohio.•Changing domains from AFIT to DAU-ADS•Re-imaging and ghosting of a wide range of Dell hardware (servers, Desktops, Laptops).•Setup and configuration of Domain Controllers, Active Directory, Exchange 2003, and Backups utilizing Symantec Backup Exec.

Duties included the planning, design and implementation of all internal system upgrades, the management of all networking, server, and desktop support for the Development Center, along with providing technical input for new proposals and existing projects. Supported 200+ developers on our client/server platform along with maintaining over 300 servers and 900 GB’s of data daily. Additional duties included managing all development center backups, managing the technical support help desk and conducting full system implementations at client sites. •Migration from Windows NT 4.0 to a Windows 2000 Active Directory environment.•Participated in the upgrade of a 10 Mb LAN infrastructure to a 1 GB LAN.•Responsible for planning, purchasing, installation, configuration and documentation of all enterprise backups using Veritas Backup Exec 8.6.•Researched and developed backup strategy for the State of Nebraska using Veritas Backup Exec to include backing up Exchange and SQL 2000 databases.