| Candidate Information | | Title | Chief Information Security Officer | | Target Location | US-VA-Lorton | | Phone | Available with paid plan |
| | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidatemosiosrh@cox.net LinkedIn: LINKEDIN LINK AVAILABLE PHONE NUMBER AVAILABLE1RALPH MOSIOS, CISSP, PMP, CEHUS Citizen SCI Top Secret Clearance (active) Lorton, VA A versatile leader with over 30 years of experience in cybersecurity, compliance, enterprise risk management, contingency planning & disaster recovery, continuity of operations planning, IT, and program management. Responsible for the development and implementation of the entire cybersecurity program to include: conducting security assessments for on-premise, cloud-based architectures, and mobile devices; managing a vulnerability management to ensure that systems are properly maintained; developing and managing a cybersecurity training and awareness program.Security Programs Compliance TechnologyEnterprise Security NIST-CSF, NIST 800-53, ISO27001 On prem, hybrid, cloud native Product, Application Security PCI-DSS SaaS, PaaS, IaaS Identity & Access Management AWS, AzureData Privacy, Data Loss Prevention CCPA Mac OS, Linux, Windows Business Continuity SIEM, SOAR, CASB, EDR, DLP, IAM Board Reporting Sarbanes-Oxley (SOX)Certifications: ISC2 CISSP EC-Council CEH PMI PMP FEDERAL HOUSING FINANCE AGENCYChief Information Security Officer (CISO) Feb 2011 - Present Leads a team of 17 responsible for the enterprise cybersecurity program including major initiatives such as identity, credential, and access management and zero trust architectures. Converted a security program from its infancy to a multi-functional holistic risk management program by building consensus with business units to ensure the confidentiality, integrity, and availability of the organizations technology assets and information. Implemented a security assessment & authorization program with 100% of systems authorized before entering operational status which includes third party vendors assessments. Oversee a comprehensive security monitoring program with next generation systems to detect and eradicate malicious activity, including implementing incident response policies and procedures. Established a threat-based intelligence capability by incorporating indicators of compromise and threat feeds into security tools to actively block, aggregate data and monitor the network for suspicious activity, thereby reducing analyst workload and reducing incident response time. Implemented a next generation end-point solution which utilizes a series of technology such as machine learning, inspection and analysis, and policy-based execution restriction to increase coverage against malware while reducing the attack surface. This capability replaces traditional antiquated anti-virus technology. Developed a bank examiner security training program that provides direct, hands on experience using security tools and devices. Implemented a project to assess the convergence of operational risk and resilience management using the CERT Resilience Management Model (RMM) to improve the mission assurance of high-value services. Created and continue to implement an information security awareness program, consistently achieving over 99% compliance. Successfully interfaced with internal and external auditors and did not receive any audit findings for six consecutive major audits. Partnered with Chief Privacy Officer to establish an enterprise-wide incident response program to stress test resiliency, including internal and external communication, designed to support crisis management planning in the event of a cybersecurity or privacy event. Planned, budgeted, and implemented a multi-million dollar security budget. EMAIL AVAILABLE LinkedIn: LINKEDIN LINK AVAILABLE PHONE NUMBER AVAILABLE 2U.S. SECURITIES AND EXCHANGE COMMISSIONActing CISO/Chief Privacy Officer/Senior Compliance Manager Dec 2004 - Feb 2011 Implemented a comprehensive security program using a risk-based framework. Successfully implemented a certification and accreditation program with over 96% of systems accredited before entering operational status. Implemented and managed the contingency planning & disaster recovery strategy and corresponding training, testing, and exercise program. Implemented a security awareness program for over five thousand employees (at headquarters and 11 regional offices), achieving over 99% compliance. Planned, budgeted, and implemented the Commissions security and privacy budget. Directed and managed compliance activities for headquarters and eleven regional offices across the U.S. Oversaw the Commissions Privacy Program. Developed corrective action plans and interfaced with the Commissions Inspector General and external regulatory auditors.IBM BUSINESS CONSULTING SERVICES (FORMERLY PRICEWATEROUSECOOPERS) Managing Consultant Nov 2000 Dec 2004BOOZ ALLEN HAMILTONInformation Technology Manager Jul 1998 - Nov 2000 NAVAL AIR SYSTEMS COMMAND AND OFFICE OF THE SECRETARY OF DEFENSE Application Development Program Manager / Study Director October 1991 - July 1998 EDUCATION: George Washington School of Engineering and Applied Science - Masters in Engineering Management Embry-Riddle Aeronautical University - Bachelor of Science, Aeronautical Engineering |
