Engaged with technical personnel, management, and director-level management to define deliverables, requirements, scope of work, statement of work, and strategy of the engagement. Performed as an individual contributor, lead consultant, or project manager working with internal staff, as well controlling third-party resources. Conducted organizational information security program assessments based on the NIST Cybersecurity Framework, ISO/27001, ISO/27002, COBIT 5 and COBIT 5 for Information Security, and ITIL v3. Performed risk assessments using ISO/27005, ISO/31000, NIST SP800-30/53, and Custom/Hybrid Combinations. Assessed organizational risk management programs based on ISO/27001, ISO/27002, ISO/27005, ISO/31000, NIST SP800-37/39, and the NIST Risk Management Framework. Performed Risk Assessments and Risk Management for the internal corporate environments, as well as third-party servicers. Completed compliance requirements of logical and physical controls for Graham-Leach-Bliley Act (GLBA) Safeguards Rule, Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, Sarbanes-Oxley Act (SOX) Section 404, and the Statement on Standards for Attestation Engagements (SSAE) SOC2 Type 2 Audit Reports.  Analyzed and assessed security programs for data protection environments for the confidentiality, integrity, and availability of information assets, whether it be logical and/or physical. Assessed data classifications, data authorizations, and data access controls. Compared and related findings to generally accepted best practices, frameworks, and standards for compliance requirements and regulations. Reviewed and provided recommendations for improvements to information security policy sets, including the creation of privacy policies and privacy management programs. Dictated requirements for compliance to privacy laws and regulations.

Performed as an individual contributor, lead consultant, or project manager working with internal staff, as well interfacing with third-party resources engaged by the organization.● Conducted information security program assessments, and provided recommendations based on gap analyses results (ISO/27000 Family, COBIT, ITIL and Hybrid combinations).● Performed security risk assessments (Octave Allegro, NIST SP800-30/53, ISO/27005, and Hybrid combinations).● Completed compliance requirement engagements for logical and physical controls required by the Payment Card Industry - Data Security Standard (PCI-DSS), Graham-Leach-Bliley Act (GLBA) Safeguards Rule, Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, Sarbanes-Oxley Act (SOX) Section 404 controls, and the Statement on Standards for Attestation Engagements (SSAE) SOC2 Type 2 Audit Report.● Analyzed security programs for data protection environments for the confidentiality, integrity, and availability of information assets, whether it be logical and/or physical. Assessed data classifications, data authorizations, and data access controls. Produced gap analysis reports on findings to generally accepted best practices, frameworks, and standards. ● Reviewed, analyzed, and provided recommendations for improvements to information security policy sets, including the creation of privacy policies and privacy management programs. ● Provided matrices, which defined each individual state’s Personal Identity Information (PII) attributes, including each state’s breach reporting threshold. The matrices combined the shared PII attributes across all 50 states, producing one standard PII data element. Therefore, producing a map of out-of-scope states in order to reduce resources, and time, to meet or exceed each state’s required breach reporting compliance deadline.

Performed an assessment and “pre-audit” prior to an SSAE16 SOC2 Type 2 Audit Report engagement with a big four accounting firm. Completed the assessment and audit of logical and physical security controls. Produced the controls remediation report. Worked with the responsible Subject Matter Experts (SMEs) in order to implement the controls remediation.● Facilitated a Statement on Standards for Attestation Engagements (SSAE) SOC2 Type 2 Audit Report “pre-audit” program to evaluate and confirm the technical security and operational controls that are required to submit for approval of meeting the compliance requirements of an SSAE16 SOC2 Type 2 Audit Report. Therefore, saving time and cost for the current year versus prior year engagement.

Research for prospective customers. Market products and services to those prospective customers, and make initial contact. Engage the customer to discover their key requirements for present and future strategy. Create proposals that include the capabilities and features for IP-based video surveillance systems, physical access controls, network integration, HID, and alarm systems integration. Performed as the engagement project manager, including managing partners and suppliers. Notable projects:● A 116 unit residential complex IP-based video surveillance system with forty-two high definition cameras. Including the placement of cameras into elevators. Installed physical security barriers, and HID. Integrated physical security into the video surveillance system.● An automotive dealership with eleven distributed locations that required the implementation of sixty-six high-definition cameras with motion detection and alarm system integration.● An educational institution with six separate locations requiring forty-eight cameras with minimal operating capability in order to decrease the communications bandwidth utilization, and to reduce the storage requirements for streaming data.● Implemented and connected multiple customers to an outsourced IP-based video surveillance monitoring provider that is United States Department of Defense (DOD) certified.

Performed as the Director of Security to build an information security program from the ground up in a Greenfield environment in order to ensure the confidentiality, integrity, and availability of all company and customer assets.● Managed the capital and expense budget.●Managed the quarterly internal and external penetration testing for compliance with the Payment Card Industry - Data Security Standard (PCI-DSS) requirements.● Implemented a data security program to protect the confidentiality, integrity, and availability of internal company and customer information assets. Interfaced with customers to implement the customer’s security requirements.● Performed security risk assessments.● Authored the complete information security policy set.● Supervised the disaster recovery and business continuity planning design and activities.● Executed responses to customer’s information security Requests for Information (RFIs)● Evaluated and maintained service provider’s Service Level Agreements (SLAs).● Managed vendors, including vendor review and vendor contracts.● Monitored and managed staff, including conducting performance reviews, improvement plans, and encouragement.● Created a data breach task force, and an information security steering committee.● Deployed HP ArcSight SIEM to HQ Data Center, Managed Data Center, and Co-Location facility.

Senior IT project manager responsible for ensuring the on-time delivery and cost effective implementations for infrastructure and applications projects.● Managed projects of up to 32 employees, including the management of contractors, consultants, and vendors.● Defined and created project plans, project scope statements, statements of work, work breakdown structures, deliverables definition, division of labor, and milestones. Managed the execution of the projects.● Managed project risks, project budgets, project employees/resources, and delivered projects within their targeted budget and on-time delivery release objectives.● Engaged with project sponsors, stakeholders, and senior executives.● Consulted with the lines of business in order to define and understand their business and technology objectives and strategy.● Managed the budgets for assigned projects that ranged from $400,000 to $7,000,000.● Managed the on-time delivery of a $7,000,000 project to bring a new technology into the bank, the project was completed ahead of schedule by three weeks and under budget by $280,000.● Completed an enterprise-wide web proxy infrastructure upgrade to standardize platforms in order to support the integration of PNC Bank and National City Bank.● Implemented an enterprise-wide multimedia content delivery system to primarily support the CEO's internal company broadcast communications to all employees' desktops and laptops. The system was designed to support future corporate communications use.

Performed a focused and short-term audit of Rockwell's ITIL Program as it relates to Sarbanes-Oxley (SOX) Section 404 compliance, applicable to the change management system and the configuration management system platforms.● Assessed the security controls, business and technical work flows, approval flows, and documentation requirements for the ITIL configuration management and change management systems for assured compliance with Sarbanes-Oxley (SOX) Section 404.● Analyzed and identified Sarbanes-Oxley Act (SOX) Section 404 requirements for the processing occurring in the configuration management system and the change management system, including the identification of existing compliant, deficient, and non-existent security controls.● Produced findings reports and remediation recommendations for reporting on the analysis of found control deficiencies.

Consulted with clients to define deliverables, requirements, and schedules in order to develop the approach, scope of work, and the statement of work foe engagements. Work with, support, and consult with employees on engagement difficulties. Write post-engagement reports. Dedicate availability in order to complete client engagements within the agreed upon cost and time frame. Manage the business and client interfacing for internal and external penetration testing and vulnerability assessment engagements. Interpret, in non-technical language, the impact, results, and assessment of the post-engagement penetration testing reports with the client’s managers and directors. Perform security assessments. ● Performed compliance engagements for the Payment Card Industry - Data Security Standard (PCI-DSS), Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, and the Graham-Leach-Bliley Act (GLBA) Safeguards Rule. ● Defined control environments and delivered remediation recommendations reports, and roadmaps, to compliance.● Performed as the information security policy lead consultant responsible for the creation, modification, and updating of client's information security policy sets.● Acted as a virtual CISO, outsourced to clients, in order to manage the client’s information security programs.● Managed, as virtual CISO, directing client’s information security programs, policies, processes, practices, and procedures, including the management and monitoring of the client’s third-party provider’s contracts and SLAs.

Project manager for a $5B metals recycler with 29 locations throughout the United States and Canada. Responsibility included administering the project budget, exception management, and vendor management in addition to standard project management deliverables. Management duties included performing weekly project status reporting and the delivery of presentations to senior management, C-level executives, and the steering committee. The project was put on hold due to an acquisition, which resulted in the inclusion SOX compliance ● Managed the full migration of a vertical-market ERP system from HP/UX to Linux, which also included upgrading the currently installed ERP software version that was not supported by the vendor, and was three versions behind the vendor's currently released and supported version.● Ensured that the project management responsibilities were driven by adherence to the Project Management Institute (PMI) Project Management Body of Knowledge (PMBOK) standards.● Managed third-party vendors, consultants, and contractors.● Performed consulting on technical and operational security controls with the information security team, and the information systems audit team