| Candidate Information | | Title | Information Security Incident Response | | Target Location | US-OH-Cleveland |
| | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateBRAND & KNOWLEDGELeadership and mentoring of others on systems security and project teamsDevelop programs, plans, and processes with executive level management for the overall Cybersecurity FunctionIncident Response Planning - documentation, exercises, and execution as well as After Action Reporting subsequent to critical security incidentsAdvisory to U.S. Treasury partners on IT security risk and related responsibilitiesExpertise in current areas of compliance such as Federal Information Security Management Act (FISMA), Plasticard Industry-Data Security Standards (PCI-DSS), Gramm-Leach-Bliley Act (GLBA), National Automated Clearing House Assoc (NACHA), FedRAMP, Sarbanes-Oxley Act (SOx), and FFIECProject management on high level initiatives for multi-billion-dollar corporations as well as government agencies (e.g., U.S. Department of Health & Human Services)Established U.S. security clearance at Public Trust (HIGH) level EMPLOYMENT & EXPERIENCEPartsSource, IncE-Commerce (PartsSource.com)Cybersecurity Manager 03/2022 09/2023 Design and architect the organizations Cybersecurity Function including programs, plans, solutions, and mechanisms that drive the overall processes and sub-processes Develop the budgeting and roadmaps to deploy necessary solutions in a timely manner Oversee the portfolio and project plans to implement mechanisms and solutions in accordance with available budgeting of dollars, resources, and bandwidth Work with infrastructure leaders to ensure Layer2 Integrated Cybersecurity policy is enabled with Layer1 technology architecture components and services Enact Incident Response Plan subsequent to a full network breach and outage. Conduct response phases with users, data assets, network redesign, and security improvement based on Hot Wash exercises and After Action Review sessions. Team with organizational leaders to ensure embedded security is enacted with business solutions Publish and distribute the necessary communications, bulletins, transparency as well as Training & Awareness to the enterprise leading up to deployment of solutions and mechanisms that impact the user experience Negotiate commercial contracts with MSSPs and third party vendors for proper procurement of solutions and services Assist the Executive Leadership Team during and after both minor and critical incidents Federal Reserve Bank of ClevelandCleveland, OHSecurity Compliance Lead 01/2021 01/2022 Train and lead 2 direct reports on all responsibilities of the ISSO Office as well as operational duties for identity & access management, vulnerability management, and risk assessments for security related functions Lead initiatives for Third Party Cybersecurity Assurance and Cloud Security Tiger Team efforts among Federal Reserve System and local Bank colleagues Mentor the work of others conducting Business Impact Analysis, Continuity & Recovery Planning, and Security Incident Response Planning Oversee annual processes and responsibilities for System Security Plans and SA&A (Security Assessment & Authorization) associated with five different system boundaries Design and lead Cybersecurity Incident Response Exercises coordinated among multi-organizations - CLE-Fed, U.S. Treasury business and IT leaders, and third party support services. Sr Systems Security Analyst 01/2017 01/2021 Develop and manage IT security relationships with the Dept of the U.S. Treasury and its Policy & Risk Mgmt Bureau Ensure FISMA and related Baseline Security Requirements for Treasury systems are implemented and maintained Oversee implementation of Cloud Security frameworks such as FedRAMP for Treasury systems, components, and microservices Coordinate annual activities for the Office of the ISSO in planning, documenting, and leading annual SCA(Security Controls Assessment) and TAR (Technical Assessment Reporting) engagements Build and maintain System Security Plans for Treasury systems and related Office of the ISSO Report on the organizations Resilience Program and Resilience Maturity Model for Treasury business lines and systems Conduct vulnerability management (scanning, technical testing) procedures for Treasury applications and report on noted vulnerabilities, mitigations, and necessary remediation plans Lead PCI (Plastic Card Industry) DSS (Data Security Standards) annual engagements and coordinate procedures performed by Qualified Security Assessors and Approved Scanning Vendors Create and maintain enterprise planning for business resumption, disaster recovery, incident response, and related reporting and communication Policy/SOP development - Data Classification & Handling; Social Engineering; 3rd Party Cybersecurity Assurance; Identity & Access management; Security Monitoring Sr IT Auditor 04/2012 12/2016 Lead engagement teams for the local Reserve Bank as well as the FRS in areas of Information Security, Resilience, cycles of Program & Project Management, and independent FISMA control reviews Conduct risk assessments for functions operating locally and across the Federal Reserve System (FRS) including Information Security, Infrastructure, and Resilience Optimize audit programs to align with key and emerging risks identified through risk events and current operations. Serve as the audit liaison for FRS committees developing partnership and advisory relationships Lead an FRS-wide competency center with the mission to educate auditors on the function and risks related to resilience and business continuityNew York Community BancorpCleveland, OH 11/2010 04/2012Senior Technology Auditor Lead operational, compliance and integrated audits for bank technologies and IT processes disaster recovery, application/network security, database administration, SOx, and GLBA Develop audit programs and procedural templates tailored to the organizations ERM-IT survey and optimized controls Create documentation presented to the Audit Committee including risk assessments, risk universe and control optimization, and final audit reports with issue statements Responsible for documentation reviews over workpapers, audit memorandums and reports while overseeing the work of staff and contractor personnel Advise management on control weaknesses, process gaps, risk impact, process improvements, and best practices Present issues, observations, and recommendations to the chief auditor and executive management Mentor internal audit staff personnel in areas of the organizations methodology, audit programs and ERM Ernst & Young, LLPAkron/Cleveland, Ohio 06/2006 10/2010Senior 3/Manager Advisory & Assurance Services Assist the U.S. Office of Inspector General in the review and assessment for the Federal Information System Management Act (FISMA) at the Department of Health & Human Services. These reviews focus on information security program, tools and practices Oversee multiple staff, Internal Audit personnel, and external consultants involved with project/engagement initiative Regularly and effectively communicate results and status to executive leadership Lead Vendor Information Security Reviews (VISR) for financial institutions focused on information security controls and compliance Train, mentor and counsel internal staff while executing project workplans for various engagement types SEC/integrated auditing, SAS 70 auditing, SOx 404 advisory/management assessments, and business process improvements aligned with IT solutionsStaff/Senior Advisory & Assurance Services Conduct IT audit engagements supporting financial controls (integrated auditing) as well as application and supporting systems security reviews Assist manufacturing client transfer accounting responsibilities from plant location to company headquarters by documenting all Oracle worksteps for applicable functions A/R, A/P, Banking, Vendor Maintenance, and Customer Maintenance Lead day-to-day activities in the deployment of a clients software solution improving corporate account reconciliations and journal entry processes. This also required our team to validate the organizational structure within the software to the original Oracle instance. Validate data file loads transferring from Oracle to the software Assess management controls throughout all Oracle accounting processes (Order to Cash, Procure to Pay, PPE, Payroll, Financial Statement Close) for both manual and automated controls/configurations within Oracle (3-way match, fixed asset depreciation, sub-ledgers posting to general ledger, and data exchange between applicable system interfaces legacy to Oracle) Review implementation procedures [project/resource management, data integrity (mapping/validation), security configurations) for ERP conversions to verify that management followed appropriate SDLC controls Collaborate with client senior management on projects and engagements communicating their status on workplan and milestone achievements Assist energy client with SAP implementation. Responsibilities included documentation of worksteps for various functional areas (Order to Cash, Inventory Management, Cash Management and others); draft business process flowcharts; identify risk and controls for SOx purposes; identify IT security function/role owners through discussions with senior management; map IT security role owners to roles within all submodules of the new instance The University of AkronAkron, OHGraduate Assistant 01/2005 05/2006 Construct new Access database objects and controls for university Admissions and Advising processes Supervise homework and teaching computer labs consisting of 220 computers and laptops Install updated image software on computers and service packs on servers Troubleshoot technical problems with computers and lab equipment Assist university students with utilizing software programs, setting up VPNs, and troubleshooting technical issues The Goodyear Tire & Rubber Co.Akron, OHShared Services Analyst 05/2000 03/2004Wholesale Accounting/Billing Operations Coordinate intercompany billing and reconciliations involving international plants using SAP to post entries, track activity and reconcile accounts Analyze billing processes flowing between legacy and SAP, troubleshoot errors, and implement correct flow of downstream accounting improvement of process controls Assist in IT/accounting project designed to build an automated billing process involving multiple systems (legacy, Lotus Notes, and SAP) validating data such as billing codes and parameters for accurate invoicing Train and mentor new staff in IT applications (SAP, legacy, IBM mainframe) and procedures (Order to Cash, Procure to Pay, and G/L maintenance)Retail Accounting/Credit Support Troubleshoot banking and accounting issues with nationwide retail store managers and district managers Improve collections and payroll-deduct processes at both corporate and retail store tiers EDUCATIONMS Accounting-Information Systems, University of Akron, Akron, OH (AACSB) August 2006 Post-Baccalaureate Student, Baldwin-Wallace College, Berea, OH February 2002 August 2002 BA Education, Crown College, Knoxville, TN May 1997 PROFESSIONALAFFILIATIONSISACA NEOhio ChapterPresident (2020 2023)Vice-President / Director (2007 Present)InfraGARDISACA-UA Student GroupFounding Student PresidentProfessional Advisor to Sponsoring Professor & Student President CERTIFICATIONSCertified Information Systems Auditor (CISA)Certified in Risk and Information Security Controls (CRISC) Candidacy: Certified Cloud Security Professional (CCSP) TECHNOLOGIES Vulnerability assessment, Penetration testing, Endpoint agents, Network span, and Monitoring tools :: EDR/XDR, HIDS/NIDS, Tenable.io, AlienVault, ExtraHop, Darktrace, SentinelOne, LogRythm, Cortex, BurpSUITE, NMap, Nessus, HBGary, SNORT, NITRO, Bugzilla, QualysGuard, and CounterACT Edge Languages :: C#, SQL, ACL, VB, Python Security reviews and assessments :: Operating Systems (Windows, Citrix, Linux, Tru64, Z/OS); Databases (Oracle, DB2, SQL Server, VSAM/QSAM, Sybase); and, Applications (various) |
