Manages comprehensive technology audits in support of company internal audit services engagements. Executes all aspects of assigned audits, including planning, fieldwork and reporting. Ensures leadership at both ends of the audit are updated concerning status of the audit and identified issues or concerns. Coordinates corrective action assignments with responsible business units to ensure understanding of the issue(s) and requirements to complete. Works with audit service leadership on special projects as assigned.

Responsible for all client facing security management of managed security services being delivered to supported accounts. Maintains contracted cybersecurity services and serves as the liaison between the Security Operations Center (SOC) and the client. Provides status on service requests, project status, and leads applicable incident management, problem management and new business on-boarding/transformation. Briefed client on support metrics and provides briefs on operations status throughout the life of the account. Leads globally diverse service team to ensure offerings are in keeping with SLA requirements and manage operational impacts for any issues.

Provided scope analysis for the United Technology Corporation (UTC) deployed systems and applications to ensure compliance with DFARS 252.204-7012 and Cybersecurity Maturity Model Certification (CMMC) requirements, and review stakeholder assessments against the NIST 800-171. Provide subject matter leadership on direction applications and systems should take to be compliant at the hUTC headquarter level. Liaison with stakeholders and product owner to help clarify control requirements, understand proper steps to mitigated any potential control gaps and assist with artifact collection. Tested the RSA Archer Assessment and POA&M module to ensure it was in keeping with requirements for managing DFARS documenting and evidence keeping. Helped provide guidance on policy modification and development to ensure that current company policies meet NIST 800-171 controls where applicable. Conducted CMMC interviews with various network organizations to support initial hUTC CMMC preparation and support to the Business Units (BUs)

Managed Cyber Security requirements for multiple Government Health Management Systems (Gov. HMS) contracts. Reviews contract documentation (e.g., Statement of Work, Data Management Plan, Basic Order of Agreements) for Cyber Security and Information Assurance compliance requirements to ensure the team’s level of effort is documented and in accordance with funding requirements. Manages Contract Data Requirements Lists (CDRLs) to ensure supporting contract Cyber Security requirements and associated documents are updated and delivered in keeping with contract requirements. Conducts vulnerability assessments on Gov. HMS applications, properly documenting findings, while working with developers to properly manage findings and document mitigations within the Plans of Actions and Milestones POA&M). Maintains Gov. HMS application compliancy to include Risk Sorter, Access Control Policy, Access Validation and DFARS/NIST 800-171 compliance, ensuring proper data protection is maintained and documented in compliance with DoD and Boeing requirements.

Responsible for auditing Information Technology (IT) and business engagements (e.g. Sarbanes Oxley (SOx), Assurance, Advisory), conducting IT validation of risk assessment, execution of testing, analysis and evaluation of processes, risks and controls. Drafted supporting documentation to develop conclusions in support audit reporting to audit leadership and IT stakeholders. Provided recommendations for correcting deficiencies or improving operations. Familiarity with general IT Audit computing controls and industry standard security frameworks (e.g. NIST and COSO). As a junior auditor, maintained User Access Management (UAM) standard work documentation (Control Matrix, Process Flowcharts), as well as mentored other auditors on the standard process for UAM.

Responsible for more than 25 separate proprietary USAF sponsored networks in support of multiple U.S. Government Special Access Programs (SAP). Lead and mentored four junior ISSOs in the day to day network security administration for multiple systems to include weekly security auditing, configuration management, user account authorization and end user training, antivirus updates, and annual self inspections. Verified Information Systems Security settings and group policies are in line with approved configuration standards, incorporating concepts of Least Privilege, Separation of Duties and Discretionary Access Controls (DAC) using Microsoft Active Directory. Ensured the creation and revision of system related Certification and Accreditation documentation to include Systems Security Profile (SSP), Plans of Action and Milestones (POA&M), Memorandum of Agreement/Understanding (MOA/MOU), and Concept of Operations (CONOPS) in accordance with company requirements, DoD and Agency guidelines. Instrumental in the contractual negotiation, and transition from JAFAN 6/3 to NIST 800-53 based Risked Managed Framework (JSIG/RMF), culminating in the accreditation of Boeing’s first USAF sponsored F-15 JSIG system. Managed software requirements, ensuring thorough review of security-relevance and potential vulnerabilities, to gain approval for system use. Conducted Risk Managed Downloads and file transfers, ensuring all movement of program data maintains program confidentiality. Provided guidance and training of computer security related requirements and regulations via initial/annual IA training, as well as roles for both General and Privilege Users. Routinely involved the oversight of sub-contractor workforce, with respect to contract Statement of Work (SOW) and review of system documentation. Supported program Industrial/Personal Security requirements, such as Program briefings, clearance/access verification, SAPF facility alarm checks on an as needed basis.

Managed more than 50 network analysts in the tracking and response to enterprise wide cyber activity from indication through resolution, providing incident reports to DISA leadership and to USCYBERCOM Tier I CNDSP. Provided support to the CNDSP Tier 2 mission reporting directly to the DISA Command Center (DCC) with respect to Cyber Defense Task Orders, Communications Tasking Order (CTO), and NTOC incident reports that affect DISA CONUS customers. Conducted daily Network Assurance operations briefings to DISA leadership, covering significant activity, status updates for open incidents and system capabilities. Provided liaison support with other Department of Defense (DoD) components, federal and state agencies, and commercial vendors to protect the DISA enterprise and ensures that systems on the DISA enterprise are not adversely affecting other networks.

Provided technical support to all aspects of the DISA Global Network Operations Support Center (GNSC) - Network Defense function. Monitored the Department of Defense’s Global Information Grid (GIG) against network intrusions from both internal and external sources, corporate policy violations, network scanning/reconnaissance attempts, script injection attempts, and malicious logic infections. Assessed probable impacts and damages, identified damage control options, and assisted in developing a course of action and recommended recovery procedures. Worked with geographically separated customers to ensure timely and accurate incident reporting and ensured that corrective actions were implemented.

NNWCs Lead Customer Technical Representative (CTR)/Asset Manager and NMCI subject matter expert. Responsible for the management of the commands $5M Navy Marine Corp Intranet (NMCI) annual IT budget, and tracking of more than 650 computer resources. Supervised three military and one civilian technician in the daily operations of NMCI technical support for over 800 users in the configuration and use of various NMCI contracted services to include: Broadband Remote Access (BuRAS), Blackberry and Verizon Cellular Broadband services, site network infrastructure build-outs, account and shared file services., ensuring potential issues were in keeping with all Service Level Agreements. Planned and orchestrated the technical refresh of more than 400 unclassified and classified computer assets with zero downtime. This included the replacement of outdated computers, migration of all user data, and mapping of all new IT resources. Continually performed research and analysis on new NMCI information technology products and services in an effort to save money while allowing the command to operate more efficiently.