Working to develop procedure and program to provide quantitative aggregate risk profiles for 2nd Line of Defense Risk Management.Working across organizations and lines of defense to gather, enhance, and analyze metrics and key risk indicators.Performing Review and Challenge to teams establishing procedures and remediating technology and cyber security findings.Working across organizations to enhance risk management practices and to address regulatory concerns.

Built a 10-person Risk Assessment and Analytics team within the Technology Risk Management Organization to develop a number of new processes and risk models for gathering technology risk data, generating risk assessments and creating reports for senior leaders within technology and within business departments. Led the development of automated risk assessment processes using analysis of past risk events to "profile" high-risk technologies. Worked directly with senior leaders to detail and explain technology risks within their organization.Created a collaborative work environment for a team of geographically dispersed, diverse individuals from a variety of professional backgrounds.

Provided direct cyber-security coordination and advisement to Enterprise Shared Services line of business Chief Information Officer, technology leadership, and performance delivery teams using knowledge of line of business portfolio, projects, and cyber-security controls and techniques to provide security consultations to determine potential security implications of business and technology projects and initiatives.Coordinated cyber-security interests in business and technology projects and initiatives including exceptions to policy, vendor selection and assessment, vulnerability assessments and penetration tests, and security architecture review and provided line of business leadership with explanation and interpretation of decisions and findings from Technology Risk Management, Vulnerability Assessment and Penetration Testing, Enterprise Third Party Management, Security Engineering and Architecture, and various other risk and security teams.

Performed application security and risk assessments including development procedures, security architectural impact, access control methodology, encryption, web access, cloud storage, mobile device access, Service -oriented Architecture, wireless networks, and VPN solutions. Performed security consultations with financial institution clients to determine security implications of technology projects.Developed risk acceptance and mitigation documentation for presentation to data owners and senior management and coordinated risk mitigation and acceptance strategies with business and technology stakeholders through recommendations of industry best practices and controls found in control frameworks such as OWASP.Worked to redesign and implement process for tracking and coordinating exceptions to industry best practice, bank policy and procedure, and existing doctrine. Reported and presentation of overall Line of Business Risk through direct ongoing Business relationships. Tracked, monitored, and reported assessment findings and remediation activities through Archer eGRC, Microsoft Office, Sharepoint, and other standard tools.

Ensured Department of Defense classified information systems enclave met compliance with all cyber security and Information Assurance (IA) controls per the DISA Information Assurance Certification and Accreditation Process (DIACAP), Federal Information Security Management Act of 2002 (FISMA) and DISA Security Technical Implementation Guidelines (STIGs). Developed and maintained accreditation packages, standard operating procedures, and Disaster Recovery/Continuity of Operations plans including impact analysis and recovery procedures and exercises using Enterprise Mission Assurance Support Services (eMASS), Sharepoint, and Microsoft Office.Developed enclave incident response plans and held a leadership role on the security incident response team. Performed vulnerability assessments, analysis and penetration testing using various tools including Nessus, Retina, NetScout, Nmap and Wireshark.Managed configurations and maintenance of Microsoft Active Directory, Cisco ASA Firewalls, IDS, and IPS systems, Cross Domain Solutions and Juniper Routing/Switching systems and managed the configurations and access control for system developers and development systems including Microsoft Visual SourceSafe.Coordinated security efforts with system and network engineers, configuration management team, physical security manager, agency management and government customers. Managed and mentored information assurance intern to provide training and guidance in cyber-security and information security principles.

Responsible for daily operations, logging, monitoring and archiving, and basic troubleshooting on Microsoft Server 2003 and Active Directory, UNIX server equipment and Sun Solaris workstations, and Cisco and Juniper network security devices. Fulfilled the role of security administrator for proprietary guard/cross domain solution equipment to fulfill information access control filtering of confidential information.Performed vulnerability assessments through the use of eEye Retina Vulnerability Scanning tool DISA STIGs and Gold Disk procedures to ensure DIACAP compliance was met.Coordinated local incident response procedures with military response personnel and alternate site personnel.Responsible for analysis and troubleshooting of the signal flow of ground leased-line circuits and ground communications systems between geographically separated facilities. Performed periodic loading, handling, and destruction of hardcopy and electronic cryptographic material used in satellite control and monitoring and telecommunications devices. Coordinated command and control functions and network operations between geographically distant locations including failovers, redundancy testing, and parallel testing of operational procedures and software.Coordinated satellite control operations, information technology projects and troubleshooting efforts between various government contractors, Government employees, and military personnel.

Responsible for the daily operations, maintenance and troubleshooting of satellite communications and control equipment including multiplexer, modems, amplifiers, and upconverters.Performed electronic diagnostics using spectrum analyzers, oscilloscopes, and voltmeters. Ensured compliance with various DISA, NSA, DoD, and Department of the Army information security controls for highly classified US Army satellite communications and controls systems and telecommunications systems. Responsible for the storage and operations of cryptographic material including key loading and destruction, accountability, and issuance. Developed, implemented, and managed organizational physical security programs including identity management, access and entry control, and monitoring and surveillance systems. Responsible for oversight and implementation of network outage troubleshooting and recovery including the replacement of operational equipment and rerouting of traffic to redundant equipment or redundant control sites.Prepared and presented training on operations security, communications security, and a variety of technical Satellite Communications topics.Prepared and presented program overview and status presentations for senior military leadership to ensure organizational visibility and support from senior level command structure. Managed and supervised the daily operations of a technical operations center and operations staff.Graduated from the United States Army Warrior Leader’s Course.