Lori Crooks, Cissp, Cisa, Cism Email and Phone Number

• Led comprehensive FedRAMP documentation initiatives, including the development of System Security Plans and associated compliance frameworks. Conducted in-depth client walkthroughs to identify and remediate potential compliance gaps prior to 3PAO assessments.• Established strategic partnerships with leading AICPA firms to facilitate the successful completion of SOC Type 1 and Type 2 audits, ensuring client compliance with industry standards.• Developed and scaled a high-performing core team specializing in technical documentation, security gap analysis, risk assessments, and audit preparation for SOC and NIST frameworks.• Architected and implemented a comprehensive Governance, Risk, and Compliance Program aligned with NIST 800-53 and 800-171 standards for Department of Defense contractors.• Spearheaded the development and implementation of enterprise-wide Information Security Policies and procedural frameworks to ensure regulatory compliance and risk mitigation.• Directed organization-wide DFARS/NIST 800-171 compliance assessments across multiple sites and operational hubs, ensuring consistent security posture.• Orchestrated collaboration between Project Management Office and Infrastructure & Operations teams to streamline audit evidence collection and develop actionable Plans of Actions and Milestones (POA&Ms).• Led systematic evaluation of control evidence against NIST 800-171 requirements, ensuring comprehensive compliance coverage.• Designed and implemented standardized System Security Plan (SSP) Template for NIST 800-171, establishing scalable documentation framework for future implementations.• Successfully guided DoD contractor through initial SSP development and implementation, establishing foundation for ongoing compliance.• Conducted comprehensive annual risk assessments for DoD contractors, identifying and prioritizing security improvements to maintain compliance status.

• Conducted Gap and Risk Assessments against security standards such as NIST 800-53, HIPAA, CIS 18 for compliance.• Provided vCISO services to a Transit Company, ensuring robust cybersecurity measures were in place.• Successfully implemented a GRC tool for the Security Team at a client, enhancing efficiency and security measures.• Developed necessary policies and procedures to strengthen the client's security posture and meet compliance requirements

* Managed teams to conduct security and assurance assessments, including but not limited to PCI, FISMA, FedRAMP, Penetration Tests, HIPAA, ISO 27001, SOC1 and SOC2. * Created and conducted encryption, FISMA and PCI training programs for the entire company * Developed internal policies and procedures to guide personnel in conducting assessments* Project managed the audit and assessment process which included scheduling personnel and travel based on the budgets, sending information request lists, overseeing testing and providing reports to the client in a timely manner. Total client revenue for 2015 was over $2 million* Center of Excellence lead for PCI, FISMA and FedRAMP* Developed internal templates for the FISMA Security Assessment Plan, testing lead sheets and Security Assessment Report* Performed Quality Assessment reviews on all reports prior to delivery to clients* Mentored a team of individuals throughout the year * Provided individual training to team members throughout the year to improve their audit and assessment technical skills* Conducted interviews of potential candidates to assist in the growth of the company

♦ Perform SOX testing as an internal auditor♦ Complete SSAE16 Type 1 and 2 audits♦ Work with company to perform GAP analysis♦ Document the company's control framework♦ Write policies and procedures to align with control framework♦ Respond to customer questionnaires for company

♦ Performed gap analysis between current policies and ISO27001♦ Assisted with the exception process by approving or denying requests♦ Worked with the team on PCI presentation for upper management♦ Re-wrote information security policies and procedures to include all the relevant requirements