| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
Street Address U.S. CitizenPhone: PHONE NUMBER AVAILABLE Eligible for Security ClearanceEmail: EMAIL AVAILABLE M. Sc, Management ScienceGovernance, Risk and Compliance AnalystGovernance, Risk, and Compliance subject matter expert for large public/private-sector clients.Experienced leader and manager of matrixed work teams in complex operating environments.Innovative, Strategic Manager, Coordinator, and Research Analyst with extensive track record.Designs/delivers effective projects, solutions, and operational improvements for complex organizations.Select Work ExperiencesSenior Research Analyst 04/2016 - PresentSelf-Employed - Garrett Investigations, LLC, Montclair, NJProvide research and analytical solutions services in support of litigation and business research for law firms, insurance carriers and municipal governments, and perform opposition research for candidates for political office in New Jersey and New York State.Effectively locate/research - difficult-to-find relevant information. Utilize technology, investigative techniques, tradecraft, and root-cause analysis to drill-down and resolve clients issues. Work independently as a prime contractor or collaborate as a sub-contractor.Review and coordinate major research and intelligence reporting projects. Conduct inquiries for diverse civil and criminal research projects using personal interviews and online/proprietary databases, and exercise investigative due diligence in issues of conflicts of interest and in mergers and acquisitions.Employing research, and evaluation tools and methods to Generate and deliver detailed research and investigation reports with graphics up to 50+ pages.Governance, Risk & Compliance Analyst 10/2019 02/2020Randstad Technologies, New York, NY 3-month contractContracted to design the new Security Champion program from scratch for MetLifes Investments Information Technology (IT) Division. Collaborated with management and software developers, identified key needs and top priorities for both groups, used quantitative and qualitative methods to analyze select MetLife operations, and recommended the optimal approach (Secure DevOps) to include security from start to finish in MetLifes in-house software agile development lifecycle.Designed the new Security Champion position to lead application security efforts for agile software developers, including how-to engage with other MetLife team members.Delivered a closely documented program and training framework adopted by the client.Reviewed, analyzed, and evaluated various operational management plans, policies, directives, procedures, etc. to assess organizational impact.Drafted Secure Systems Development Life Cycle and Risk / Compliance Framework (Graphic)Designed presentation for technical leadership and developer audiences.Created visual aids illustrating new Security Champion program with documented roles and responsibilities to support researched data.Designed supportive workflow diagrams and illustrations to enhance presentation clarity.Designed and documented a detailed PowerPoint training plan for Secure Agile DevOps and Security Champion developer staff to cover first-year program operations month by month.Deputy Director 04/2010 02/2016Department of Citizen Services and Economic Development, Essex County, NJ 40 hours/weekDirected and managed daily operations for a department with 1.3K employees serving the third-most populous County in New Jersey (nearly 800K residents). Promoted and managed effective County-wide cross-functional relationships and initiatives among seven Department divisions. Performed resource planning, project/program governance and management functions. Oversaw vendor performance, supervised task execution, developed and implemented creative solutions to numerous complex administrative, technical, and organizational department challenges.Managed a matrixed workforce and proffered leadership to the seven division heads.Supported the Acting Director during incumbents absences.Project Manager: drove implementation of automated digital time-and-payroll tracking swipe equipment to improve Department employee accountability and transparency. Resolved software and operational issues, created policies/processes, managed initial user resistance, and launched the new system that was later expanded for the entire County workforce.Reviewed, analyzed, and evaluated operational governance plans, policies, directives, and systems created to assess organizational impacts. Applied analytical and evaluative methods to measure quality and efficiency to promote continued improvement to agency programs.Conducted research and data analysis to support business operations for the Department and the 7 divisions. Performed analysis of business objectives, documenting IT security requirements and identifying process improvement and business opportunities. Drafted policies for planned/existing business processes and recommended information security best practices. Ensured compliance with data privacy information safeguards according to the Code of Fair Information Practices and Principles, and Federal Guidelines.Information Security Risk Manager 03/2008 04/2010Horizon Blue Cross Blue Shield of New Jersey (BCBS), Newark, NJ 40 hours/weekManaged the first-ever IT Security, Risk, and Governance matrixed team for New Jerseys only licensed Blue Cross and Blue Shield health insurance provider, serving 3.2+ million people across the State. Reported to the Director of Information Security.Created IT Governance structure for the new unit. Engaged BCBS business units, established information security decision-making structures, and drafted policy guidance.Identified and reduced enterprise IT security risks and worked to mitigate cyber threats and vulnerabilities.Project Coordinator for an Information Security and Privacy Computer Awareness Program.Developed a structured and sustainable process to identify, document, and track the information security risks posed by outside vendors and the outsourcing of numerous internal business functions. Implemented, managed, and maintained enterprise security risk registers. Advisor to the risk exception process, monitoring risk mitigation throughout the risk treatment lifecycle.Senior Investigator, Office of Ethics and Compliance 12/2006 12/2007The University of Medicine and Dentistry of New Jersey, Newark, NJ 40 hours/weekSelected for this position by the Chief Compliance Officer (CCO). Exercised significant supervisory and management functions for the newly-formed Office of Ethics and Compliance (OEC). Hired and managed four compliance investigators and gave structure, direction, and mission objectives to the new organization. Reported to the University Vice President and the CCO.Drafted an enterprise compliance framework and formulated original business and compliance investigative strategies, documents, and reporting templates.Managed complex and sensitive inquiries regarding technology, governance, and regulatory compliance for the University.Instrumental in the development and design of the case work flow model and the organizational plan for effective case management within the OEC and between the OEC and the Law Department.Built a top-performing, highly productive investigative unit that handled a growing number of compliance findings each month, while continuing to increase the monthly closure rate.Developed and sustained a positive working relationship with other agencies and conducted successful joint research efforts.Enterprise Information Security Officer (ISO) 09/2005 12/2006The University of Medicine and Dentistry of New Jersey, Newark, NJ 40 hours/weekCreated the enterprise IT security governance road map, the program, and the team, for The University of Medicine and Dentistry of New Jersey, a top 100 U.S. health sciences research university, with approximately 7K students in 100+ degree and certificate programs; 13K+ employees, including nearly 2,500 faculty members; and 200+ education and healthcare affiliates throughout New Jersey.Developed a highly effective Information Security and Awareness Program that directly addressed the Universitys IT information security challenges.Delivered a cohesive, structured, and effective information security strategic plan that became a multi-year roadmap for implementation of strategic and tactical security initiatives.Identified, tracked, monitored, and mitigated IT security risks across the University IT enterprise.Hired and managed team of three information security analysts and specialists.Initiated the Universitys first-ever enterprise-scaled information security capabilities.Significantly enhanced the Universitys information security posture to support growth profile.Drafted and initiated an Information Security Program Charter to promote IT Governance Program that provided authority and structure to the emerging information security organization.Initiated an information security policy review to help identify the disparate security policies-in-place across the enterprise of five campuses and eight individual schools.Drafted, deployed, and socialized new IT security policies within the University user community and integrated new policy information into the new-hire intake orientation process.Developed a structured riskbased information security program utilizing ISO 17799 / ISO 27001: 2005 frameworks that effectively supported the academic, clinical, and administrative use of information technologies at the University.Created an Information Security Oversight Committee for program review and policy/awareness implementation. Designed enterprise information security plans and drafted the policy framework.Selected and implemented the new University Intrusion Prevention System (Tipping Point) that delivered enhanced enterprise network security protection.Project Manager for the Information Security Awareness Program: designed and implemented the first-ever information awareness program for the University in line with industry best practices, including hands-on awareness training for users and IT specialists.Director, Information Security & Business Continuity Planning 09/2002 09/2005New Jersey State Office of Information Technology, Trenton, NJ 40 hours/weekDesigned and managed programs to enhance information security for the NJ Office of Information Technology (OIT) on behalf of executive branch state agencies under the Office of the Governor, including the Dept. of the Treasury, Dept. of Health, Dept. of Labor, Law & Public Safety, etc. Supervised a highly leveraged staff of four analysts.Developed/implemented Information Security and Awareness Program for executive state agencies.Managed network vulnerability risk assessments and supervised network penetration testing designed to discover state agency network vulnerabilities.Initiated a statewide computer Intrusion Detection System Project (IDS): a designed initiative utilizing a State Government/U.S. Army CERDEC partnership, and a Federal Cooperative Research and Development Agreement.Conducted an Executive Department review of Business Continuity Plans including a Three-Day Table-Top review/exercise.Information Security Policy Advisor 11/2001 09/2002AXA Financials and Equitable Life Assurance, Weehawken, NJ 35 hours/weekDeveloped a consistent, integrated, organization-wide system of information security policies for a new U.S.- based insurance company formed by the merger of a U.S. company and a French company. Drafted a consolidated set of cyber security policy documents consistent with best professional practices and guidelines.Information Security Analyst 02/1998 01/2000Public Service Electric and Gas Company (PSEG), Newark, NJ 40 hours/weekinformation security analyst hired for PSEGs newly formed information security unit: researched, evaluated, and recommended emergent security technologies, products, and tools to improve the enterprise security posture. Drafted information and physical security policies, reports, training and education materials, technical specifications, and design documentation.Identified theft of company-provided laptops as a leading information security threat as well as a major unplanned cost factor (replacement of stolen laptops) and a business risk (loss of proprietary information on the stolen laptops).Analyzed loss statistics and identified seasonal anomaliesInitiated an organization-wide Information Security and Privacy Computer Awareness Program focused on physical security issues and the prevention of laptop theft. Enlisted senior management support for an enterprise-wide initiative.Drafted and distributed a quarterly information security newsletter for the entire workforce. Distributed security tips brochures.Project Results: cut laptop theft by 45% over three months and by 65% over a nine-month period.EducationM.Sc., Management Science, New Jersey Institute of Technology, Newark, NJ, 1998, GPA: 3.8.BA, Political Science, Thomas Edison State University, Trenton, NJ, 1993.Additional InformationProject Management Professional (PMP) Attending, Project Management Institute, 2023-2024Security Management Certifications:Certified Third Party Risk Professional (CTPRP), 2016ISACA - Certified in the Governance of Enterprise IT (CGEIT), 2009 PresentISACA - Certified Information Security Manager (CISM), 2007 PresentISC2 - Information Systems Security Management Professional (ISSMP), 2005 PresentISC2 - Certified Information Systems Security Professional (CISSP), 2004 PresentISO 17799 / ISO 27001:2005 Information Security Management Implementation, 2006Information Security Assessment Methodology (NSA-IAM), National Security Agency, 2003COVID-19 Contact Tracing Certificate, Johns Hopkins University, 2020https://coursera.org/share/b582828ceb00ba393bc1e61c510dd1d4Select Training:IBM Consulting Methodology, IBM, 2000 and 2001 Belgium.Essex County NJ Police Academy Training and Investigators Training ProgramsSkills: Microsoft Office Suite; Visio; Lexis/ Nexis (to include graphics software, and others)Professional Affiliations:Member, ISC2, Information Security Consortium, 2005 Present.Member, ISACA, Information Systems Audit and Control Association, 2007 Present.Member, ISACA, NY-NJ Metropolitan Chapters, 2007 Present.Member, New Jersey Licensed Private Investigators Association (NJLPIA), 2013 Present. |
