Eric Sisson Email & Phone Number

Louisville, Kentucky, US

• IT Security & Compliance Specialist
• Works as a liaison between IT, the business units and Information Security team to ensure complete and effective implementation of security controls, standards, and supporting policies.
• Defines and executes the roadmap, control, and audit of internal IT Security functions.
• Manages IT Compliance issues through resolution with the appropriate subject matter experts.
• Works with IT subject matter experts to produce detailed documentation including, but not limited to: logical access, facilities management, network architecture with ACL controls, logical diagrams, etc.
• Identify and determine IT Security improvements and standards using CIS (Critical Infrastructure Security Controls) as a model.

Louisville, KY, US

• LOUISVILLE GAS & ELECTRIC, Louisville, KY 2014 – 2017IT Compliance AnalystLeader within company’s IT department compliance efforts in alignment with the Sarbanes-Oxley Act. Supported department representatives in.
• Engaged transaction, control owners and assessed operational efficiency, based on technical and organizational knowledge. Identified issues, assisted remediation efforts with IT transaction owners.
• Assisted in preparing verbal and written reports for management during and at the conclusion of the examination, discussing findings, recommending corrective action and suggesting improvements in operations. Improved.
• Provided technical oversight, ensuring adequate and appropriate documentation of department internal controls, minimizing risk.
• Performed periodic testing, provided internal and external auditors with requested evidentiary information and reports regarding the execution of IT department internal controls. Improved testing process by remediating.
• Effectively communicated with clients regarding adherence to policies, procedures and standards for the IT corporate environment. Provided a transparent environment.

• Ensured updates to IT Policy & Procedures document and IT Controls Poster are maintained, posted and available to their appropriate resources.
• Created a ticket based vetting & ratification process for all new and existing IT Controls & IT Policy and Procedures. Minimized bureaucracy & lengthy or unproductive conference calls, created a vehicle to ensure rapid.
• Provided Senior Level IT Management & Executives with security related metrics based upon fact - audit results.
• Manage IT Security personnel (Team) and continually support their initiatives, progress, direct efforts toward “big picture” Security initiatives while meeting business requirements.
• Collaborated w/Systems team to coordinate Vulnerability Mgmt scans. Conduct VM scans on all servers – Enterprise Wide using Nessus, IBM VMS external VM system. Provided reports, remediation of exceptions.
• Conducted formal risk assessments within CWH Business/ IT to determine the critical points of business exposure. – Logical Access, Ops, CM, Infrastructure Change Control, Network, Application, Network Intrusion.

Louisville, Kentucky, US

• Conducted internal ISO27K compliance standards audits against the current IT processes and provided the remediation of over 50 areas of deficiencies.
• Continually conducted IT risk assessments and risk analysis to help the organization develop security standards and controls as required by HIPPA.
• Initiated, facilitated, and promoted activities to foster information security awareness within the organization through an internal Share Point security website.
• Created PCI DSS project & remediation plans spreadsheet and related Key management controls.
• Monitored compliance within the organizations information security policies and procedures among employees, and other third parties and communicated problems to appropriate department managers, administrators and.
• Participated in resolving problems with user provisioning, security violations, incident response and disaster recovery planning.

US

• Accountable for auditing, compilation, and analysis of IT business procedures, controls and policies. Creation and implementation of new controls in accordance to ISO standards. Internal IT auditing, governance and.
• Planned, produced & executed Sarbanes Oxley audit plans and tracking documentation.
• Audited and documented Logical Access, Change Management, Infrastructure Change Control. Operational IT processes and controls for plant manufacturing software systems and network infrastructures.
• Created IT Control Narratives for 4 Divisional plants and Corporate Office.
• Validated & documented IT controls and processes for Price Waterhouse Cooper to review in preparation of external audit.
• Partnered with internal IT leaders and process owners during all audits and remediation efforts ensuring timely audit results.

• Performed on-site analysis, diagnosis, and resolution of desktop and server problems for end-users, recommend and implement corrective solutions, and support for remote users as needed
• Installed, configured, tested, maintained, monitored, and resolved workstations and related hardware and software issues.
• Administered and resolved issues with associated end-user workstation software products
• Provided all telecommunications support as needed.
• Provided training and support to end users and staff on computer operation and other issues as needed
• Constructed, installed, and tested customized configurations based on various platforms and operating systems

New Albany, IN, US

Associate'S Degree, Electronic Engineering

Liberal Arts

Cissp Boot Camp

Comptia Security Plus - Training Course