• Develop and implement a robust governance framework that aligns with industry best practices and regulatory requirements including outlining and assessing the organization’s security functional areas through periodic reviews and maintaining documentation on IT security policies, standards, and procedures• Lead a risk management steering committee of information security engineers and analysts to identify and assess potential risks that could impact the organization’s operations, financials, or reputation, and develop risk management strategies and controls to mitigate identified risks• Develop and implement processes for reporting, investigating, and resolving security incidents including leading attack simulation and tabletop exercises to improve security incident response• Partner and participate with Internal Audit on information security audits, compliance checks and external assessment processes for internal/external auditors• Lead, coordinate, track, and respond to all information technology and security related audits and outcomes• Perform ongoing threat intelligence by monitoring and analyzing active as well as potential cyber security threats, gathering intelligence from sources to help the organization make better informed and more proactive security decisions• Maintain identity and access management standards, leading the efforts to conduct user access reviews of the organization’s critical systems and services to reduce permission creep• Interact with IT business stakeholders regarding matters of business continuity and disaster recovery planning and processes to ensure the availability and recovery of critical systems• Analyze supply chain and vendor information (vendor questionnaires, contacts, system organization control (SOC) reports, technical documentation) to validate completeness and determine if the vendor meets security requirements.

• Assessed and documented the organization’s compliance and risk posture as it related to information assets.• Provided highly skilled technical and information security expertise for development and implementation of the information security risk management program.• Provided leadership, project management experience, and expertise to ensure effective organization-wide security analysis, intrusion detection, standards and testing, risk assessment, awareness and education, and development of policies, standards and guidelines.• Reduced risk by analyzing supply chain and vendor contracts, questionnaire responses, technical documentation, and System and Organization Controls (SOC) reports.

• Coordinate and complete Information Security Program projects.• Recommend security improvements by assessing current situations, evaluating trends, and anticipating requirements.• Ensure that the business stays in compliance with regulatory guidance.• Coordinate audits and assessments of information systems, platforms, and operating procedures in accordance with established corporate standards.• Perform risk assessments and testing of data processing systems.• Conduct functionality and gap analyses to determine the extent to which key business areas and infrastructure complies with statutory and regulatory requirements.• Track remediation of assessment and audit findings including testing of mitigation.• Keep abreast of evolving technologies to ensure appropriate security controls are implemented and maintained as organization processes change.• Ensure that educational and communication programs are conducted to enhance the general security awareness, knowledge, experience and skill requirements.

Help client IT and business executives understand key security governance, risk and compliance issues, exposures and vulnerabilities using workshops, assessments, and strategy work. Define business drivers and the associated tactical and strategic roadmaps and plans that help the clients in achieving their business and security objectives.• Define and manage a framework for regulatory services (FDA/HIPAA/ITAR/PCI/State & Local Government) solution based on customer requirements (e.g., pharmaceutical, clinical trials, medical device, etc) and monitor/report compliance status.• Provide leadership, guidance, training and manage all regulatory compliance deliverables for commercial and internal customers.• Write and coordinate production of required security documentation. • Train employees on security and regulatory processes. • Support Internal Security Reviews and External Security Audits.

Provide security compliance oversight and assistance to INTEL & UNIX Server Administrators for multiple commercial & internal customers. Working directly with customers and management to perform risk and threat analysis, review and write security policy, and implement appropriate security solutions and controls.• Manage system hardening, system security checking and validation, and vulnerability scanning.• Perform internal audits/security reviews. Act as a focal point for external customer and government regulatory audits including SOC audits.• Windows server patching subject matter expert.• Manage the documentation of threats/risks.

Microsoft/Novell/Linux system administrator with expertise in security and incident management, global enterprise server and workstation environments with multiple regulatory controls, written and oral communication, and technical leadership.• Proficient in local & remote administration of Microsoft servers in a clustered high availability environment using Microsoft clustering, Citrix, and VMware.• Cross-discipline experience in leadership, project management, process architecture, problem/change management, client communication and negotiation.• Troubleshoot, maintain, and do disaster recovery in enterprise server environments.• Perform root cause analysis and creation of mitigation strategies for server issues.• Install, troubleshoot, and maintain toolsets on servers

Human intelligence focused linguist working in the areas of interrogation and counterintelligence