Candidate Information Title Information Security Project Management Target Location US-TX-Waxahachie	20,000+ Fresh Resumes Monthly     View Phone Numbers     Receive Resume E-mail Alerts     Post Jobs Free     Link your Free Jobs Page     ... and much more Register on Jobvertise Free
Search 2 million Resumes Keywords: City or Zip:	Related Resumes Information Security Project Manager Euless, TX Application Security Information Technology Mansfield, TX Cyber Security Information Technology Keller, TX Information Security Service Management Plano, TX Project Manager Management, Information Technology and Cybersecu Waxahachie, TX System Architect Information Security Irving, TX Security Clearance Project Management Dallas, TX

THIRD-PARTY RISK PROFESSIONALInformation Systems Security Professional with over 20 years of experience and expertise in computer system applications, project management, qualitative analysis testing, and information security systems. Proven record of evaluating system vulnerabilities, compiling actionable analyses, reporting threats, and recommending security improvements.CERTIFICATIONSITIL v3, Certified Third-Party Risk Professional (CTPRP), ISO 21434PROFESSIONAL EXPERIENCEHP Inc, Remote, Dec 2021 CurrentCyber Security Risk AssessorEvaluate potential vendors against contractual, regulatory, and security risksConducts vendor and application risk assessments, including risk ratings and related processes according to ISO 27000 auditsReviews technical network and application controls, risk measures, and thresholds for monitoring key risk cybersecurity controls such as (e.g. ISO 27001, National Institute of Standards and Technology (NIST) 800-171, 800-53.Build relationships with external customers, business development, and products to understand our roadmap and emerging risks and requirements.Build and manage third-party risk activities to identify and assess risks associated with existing and new vendor relationships by conducting thorough due diligence reviews.Multi-tasks and works both independently as well as part of an assessment teamPlan, execute, and document assessment activities following established processes and procedures.Perform deep inspection of specific technologies in targeted processes or firm-wide evaluation.Engage with cyber teams to gain a full understanding of cybersecurity and control the environmentUnderstood third-party risks as related to specific technology areas of expertiseWork with appropriate technology area(s) to identify potentially elevated risk concentrations globally and perform assessments of the corresponding inherent risks and mitigating controlsRecommends any adjustments required to meet the organizations policy, regulatory requirements, and industry best practicesIntegris, Remote, Sep 2019 - Dec 2021Third-Party Risk ManagerPlanned and conducted security policy compliance, risk assessment, exception evaluation, and processing for applications, infrastructure, data, and third-party vendor solutions.Monitored compliance with applicable security policies and standards and reported related risk issuesExecuted technical risk assessments, advises business and IT leaders on the risk of initiatives/toolsDefined and executed Third Party / Vendor Security Risk Assessment programsDeveloped and evaluated documentation and validation processes to ensure the organization meets Security assurance and privacy requirements.Assigned appropriate level of risk and drove compliance to Endpoint Security internal policies and external regulations.Managed and administered processes and tools that identify, document, and retain intellectual capital and information content.Conducted assessments on threats and vulnerabilities and determined deviations and levels of risk. Follows up assessments with questions, gap identification, and testing on assessed risk.Developed a framework to evaluate potential vendors against contractual, regulatory, and security risksDeveloped a team of IT Vendor Management Analysts capable of planning IT vendor contract renewals based on evolving needs and optimizing future contractual obligations to maximum ROI.Developed a vendor risk assessment framework, including risk ratings and related processesPerformed risk assessment of the impact of threats and vulnerabilities on the organizations technology portfolioOptimized and simplify the vendor due diligence process to ensure the business is utilizing vendors in a manner that reduces business and compliance riskManaged the vendor due diligence process, including coordinating with Corporate Security, Legal, and Purchased to assess vendor security controlsDeveloped and managed continuous monitoring of high-risk vendors for compliance with regulatory standards, contract provisions, and service-level agreementsDeveloped and maintained policies and standards that govern and support the program and a program dashboard with appropriate performance metrics and track program effectiveness in mitigating risk.Identified process improvement initiatives to support the Vendor Risk Management Program and related activitiesResearched/investigated emerging infrastructure security topics, threats, capabilities, and solution options to create/update policy and governance, technology strategies, solution architecture, and vulnerability assessments while remediating action plans to address control weaknesses are documents and approved by appropriate stakeholders.Applied industry-standard risk management technologies and knowledge across various capabilities (i.e., technical, application, data, and mobile) to determine the effectiveness of security infrastructure/systems/products and create action plans to remediate identified risks.Served as an intermediary to resolve disputed matters, negotiated, and end enact settlements.Recommended standards, policies, and procedures to correct deficiencies and document identified risks and problems.Supported sites in testing, documentation, and issue resolution associated with cybersecurity programsPerformed comprehensive threat/risk assessments and business impact analysis of the current system, data, application, and technology environments to determine possible internal and external threats to information assets and identify security measures required to counter such threatsParticipated in the development and implementation of the enterprise policies/procedures and supporting security standards to ensure compliance with corporate policies and relevant legislative and regulatory requirementsState Farm, Richardson, TX Apr 2015  Aug 2018Third-Party Security Risk ConsultantProvided external security consulting and advisory services to internal business and IT stakeholders and third-party vendors regarding information security requirements, security policy/standards, security architecture, threat modeling, and ongoing maintenance of the information security risk management program, including policies, procedures, technical systems, compliance, and risk assessment activity.Analyzed and assessed vulnerabilities in the infrastructure (software, hardware, networks), investigated available tools and countermeasures to mitigate the detected vulnerabilities, and recommended solutions and best practices.Managed risks throughout Archer implementing the third-party life cycle.Evaluated programs, projects, and processes and validated system security settings and configurations to determine that they adhere to industry standards and best practices.Assisted with the remediation of local security issues and acted as a point of contact for State Farms security risk management activities.Contributed as a team lead to all other risks, security, and privacy initiatives and services as appropriate.Enforced IT processes to ensure compliance with Sarbanes Oxley (SOX) and Payment Card Industry  Data Security Standards (PCI DSS) regulations.Assisted with implementing RSA Archer and the eventual migration from the incident management system.Supported Archer applications to accommodate business requirements and/or design changes.Troubleshooted data feed integration, stakeholder notifications, and reporting requirements.Provided extensive knowledge of RSA Archer.Trained Archer users on how to use the tool as appropriate. Support SGRC/Archer A&A users to understand and navigate the process and terminology.Managed SGRC/Archer user accounts. Perform bulk user upload and single-user account creation. Provide SGRC/Archer users with technical support.Assessed third-party vendors on their security posture and privacy maturity development and supported vendor risk management and formalized risk analysis engagements.Led or assisted investigations into information security incidents, assist in root cause analysis and corrective/preventative actions, and recommended mitigation techniques.Assisted with evaluating the security controls and practices across the company; identified, analyzed, and mitigated risks as appropriate.Designed, Implemented, and Maintained Security Infrastructure and systems that integrate capabilities and technologies to address identified risks and enable strategic and tactical IT solutions that will allow the business to use OWASP/ITIL principles.Guided Information Security Consultants, Information Security specialists, and IT Architects in developing end-to-end security solutions that leverage the infrastructure, products, and capabilities within the area of focus.Hewlett-Packard Company, Plano, TX Feb 2010  Dec 2014Cyber Security Risk AssessorWorked with the Program Manager and business stakeholders to maintain accurate asset inventories.Maintained and enhanced threat models applied to identified assets.Assessed third-party vendors on their security posture and privacy maturity development, supported vendor risk management, and formalized risk analysis engagements.Documented the Statement of Applicability of ISO controls.Conducted risk assessments to support initial ISO27001 certification of assets and annual maintenance risk assessments.Maintained the Risk Register for all assets utilizing the Archer GRC solution.Supported ISO 27001 internal and external audits.Conducted other assessments as required.Contributed to and drove the maturation of Risk Management practices.Lockheed Martin, Houston, TX Sept 2005  Jan 2010Cyber Intel Analyst StfObserved and interviewed department staff members to understand information and process support needs relevant to the business requirements for software development projects.Coordinated resources during deployment/standup/assessment incident response efforts, driving incidents to timely and complete resolution.Employed advanced forensic tools and techniques for attack reconstruction, including dead system analysis and volatile data collection and analysis.Utilized understanding of attack signatures, tactics, techniques, and procedures associated with advanced threats.Advised clients on leveraging GRC technology to support their risk and compliance programsDemonstrated deep knowledge and experience of running a GRC Program on ArcherIdentified and documented business requirements as per the Statement of WorkDeveloped functional and process design and prototyping  functional and technicalDesigned the Archer technical implementation plan, which the developers will assist in executing.Interfaced with external entities, including law enforcement organizations, intelligence community organizations, and other government agencies such as the Department of Defense.U.S. AIR FORCE, Lompoc, CA Apr 2003  Aug 2005Information Security ManagementDeveloped computer information resources for data security and control, strategic computing, and disaster recovery.Managed the Information Systems Security Officer (ISSO) program for the 30SW Safety Office.Analyzed complex business or technical problems and translated analysis into viable solution recommendations.Ensured information assurance by stabling and maintaining the Certification and Accreditation (C&A) within the 30SW Safety Office.Ensured security assessments were completed and results documented and validated the Security Assessment Report (SAR) for the Authorization boundary.Formulated documents, implemented, executed, monitored, recommending improvements, and enforced Security and Configuration procedures.Created System Security Plan updates, Self-Assessments, Independent Risk Assessments, Certification and Accreditation (C&A), Disaster Recovery testing, Contingency & Continuity planning, security scans, quarterly patch assessments, and the coordination of system access paperwork.Provided RMF Support utilizing the Steps 0 - 3, 5 & 6Reviewed active Plan of Action and Milestones (POA&M) with identified weaknesses for each Authorization boundary assessed based on findings and recommendations from the SAR.Assisted with Government compliance inspections.EDUCATIONCapella University, Minneapolis, MN (Currently Pursuing)Doctorate of Information Technology in Information Assurance and CybersecurityUniversity of Dallas, Irving, TXMaster of Business Administration in CybersecurityUniversity of Houston  Clear Lake, Houston, TXBachelor of Science in Computer Information SystemsTECHNICAL SKILLSMicrosoft Office Suite (Word, Excel, PowerPoint, Visio, Outlook), Microsoft SQL, Microsoft Server Administration (Windows 2008, 2003), Windows 7, XP, HP ServiceNow, Remedy, SharePoint, Amazon Web Service (AWS), and Archer GRC. Knowledge of PCI DSS 3.2, HIPAA, Sarbanes-Oxley (SOX) 404, ISO/IEC 27000 family of standards, NIST 800-53, NIST cybersecurity framework, protocols, such as SSL/TLS, CIFS, HTTP/S, DHCP, SMTP, LDAP/S, NFS, SNMP, and DNS.