Ray Boudreaux Email and Phone Number

Duties:Manage SOC2 Compliance Roadmap: Oversee SOC2 Type I and II compliance, ensuring alignment with standards.Validate Evidence: Ensure compliance with FedRamp, CMMC, IL5, and SSDA by validating evidence according to regulatory standards.Establish Security Policies: Develop and enforce policies for Acceptable Use, Business Continuity/Disaster Recovery (BC/DR), Encryption, Data Protection, Incident Response (IR), and Information Security (Info Sec).Assign and Monitor Controls: Designate control owners and closely monitor control status for ongoing compliance with standards. SOC2 Audits: Strategically prepare for SOC2 audits, ensuring documentation, processes and evidence are validated against the framework controls.Risk Assessment Program: Oversee and guide the Risk Assessment Program, ensuring stakeholder assessments are completed and providing domain-specific guidance.Risk Committee: Lead the Risk Committee, working with Senior Leadership to identify and mitigate risks per the company’s Risk Assessment.Formulate Strategies: Collaborate with management to develop strategies, enhance controls, mitigate risks, and implement corrective actions.Conduct Test Procedures: Perform testing on critical tech functions, cloud infrastructure, cybersecurity measures, risk management, applications, and third-party management.Communicate Issues and Risks: Provide actionable recommendations on identified issues and risks to all management levels.Follow Up on Audit Actions: Track and ensure management completes audit actions within agreed timescales.Evaluate Policies and Procedures: Assess and maintain internal controls surrounding information systems to ensure operational effectiveness.Create Business Impact Analysis: Develop analysis to identify critical processes, assess impact, and allocate resources for business disruptions.Conduct Customer Security Assessments: Perform assessments to enhance customer confidence in the organization's security posture.

Duties:Oversaw the security posture for essential Coast Guard systems throughout their entire lifecycle.Conducted continuous monitoring through scheduled audits, controls testing, and audit reviews; escalated issues as needed.Administered the implementation of IT security controls and security authorization documents to ensure compliance with mandated policies.Provided technical recommendations for Risk Assessments and Vulnerability Assessments conducted on the systems.Analyzed IT activities to ensure appropriate security measures are in place and enforced.Ensured confidentiality, integrity, and availability of systems, networks, and data through effective security programs, policies, and procedures.Rigorously applied information security and assurance policies in the delivery of all IT services.Participated in defining IT security requirements and advised on implementing security policies and procedures.Integrated information systems security with other security disciplines to achieve security certification or accreditation.Recommended new or revised security measures based on accreditation review results.Contributed to drafting information systems security documentation, including security plans, risk assessments, and business continuity plans.Analyzed, planned, designed, implemented, documented, assessed, and managed the enterprise framework to align IT strategy with organizational goals.