Cyber Security Information
Resume:
Kingsley O’Kuesa, CTPRP
ad5enn@r.postjobfree.com
Experience Summary
Passionate hands-on and result-oriented Information Security & IT Controls Executive with expertise in enterprise-wide information security governance, global risk assessment, policy, NIST cyber security, Azure cloud security, CASB solutions implementation, mobile, application security, strategy, architecture, wireless security, monitoring and data correlations, incident response forensic data collection operations, and Change/CAB management.
Implemented an organized process and structured technique for handling cyber security breach class incident response program within the organization. Drove a global, regular and cyber security intelligence management initiatives function with executive, business and functional leaders, Enterprise Risk Management, HPAA/HITECH, HITRUST certifications, SOC, ISO, SOX, PCI and FedRAMP regulatory compliance mandates.
Proactively implemented a global comprehensive, Intelligence-driven endpoint visibility to detect, analyze and inspect cyber security exploits as part of a cyber security risk landscape to combat advanced persistent threats that bypass traditional signature-based tools such as antivirus software, next-generation firewalls, DLP program, and complemented by a strong global Security Awareness Program, ITIL, TOGAF, SSO, and x.509 certificates.
Implemented a SOC, a data security, network security, advanced threat prevention, incident forensics and remote access VPN for complete endpoint protection & TFA. Correlated actionable security events from various sources.
Implemented an OWASP benchmark of secure SDLC, Security into DevSecOps pipeline using Veracode & SonaCloud, and associated security vulnerability controls, and adopted architecture security testing team charged with responsibility for constant penetration testing of our defenses for continuous safe and secure data globally.
Demonstrated the vision and leadership necessary to manage risk to the organization to ensure business alignment, effective governance, overall mission, service delivery, privacy, CCPA, integrity and confidentiality.
Delivered executive level metrics, KPI, dashboards, risk analysis and mitigation, acceptable reports and serve as the point person to senior management. Implemented IAM, CaaS platform, GDPR, and password self-reset tool.
PROFESSIONAL EXPERIENCE
Caresyntax Corporation, Mequon, Wisconsin 04/2021 – 01/31/2024
Global Director of Information Security
Globally hands-on implemented Information Technology Security Program, incident response, cyber security program, HIPAA/HITECH, CCPA, and GDPR. Fully and hands-on own the global security program, directing, planning and roadmap definition. Works on joint responsibility with other teams for project execution. Hands-on implemented a roburst NIST 800-53 Cybersecurity and Common Security Frameworks including COSO for SOX. Owned the Business Continuity tasks and annual tests.
Tasked with and manages hands-on accountability for defining, selecting, implementing, innovating with, and driving the best outcomes from our security solutions within the global technology stack.
Hands-on completed the 2022 SOC 2 five criterial, ISO 27001 & HSD certification audits.
Leads tactical improvements by designing and building short- and long-term enterprise security Roadmap, implemented Cyber security strategies and tools, plans and standards to ensure services meet current and future requirements. Fully responsible for participating in the planning and managing of budgets, project prioritization, strategy, execution, policies, procedures, and guiding practices for the organization.
Continuously stays abreast of emerging and changing security standards, regulations, and requirements.
Hands-on developed and enhanced the global information security management needs and implemented the NIST Common Security Framework. Provides security technical expertise to Infrastructure team to execute a broad range of tasks, including the day-to-day administration/support of information security tools and devices, maturation of technology stack.
Continuously demonstrates and understands corporate security needs and interacts with related disciplines and shareholders through committees to assist with overall business technology planning and ensure the consistent application of policies and standards across all technology projects, systems and services.
Hands-on assesses the organization’s security measures, including IAM programs, using firewalls to adopt IDS/IPS, cyber-cautious anti-virus software; email phishing controls, strong password requirement as part of authentication, to identify any weak points that might make information systems vulnerable to attack.
Performs security risk assessments and simulates attacks to test the efficiency and effectiveness of implemented security measures.
Proactively prioritize security coverage and policy development to ensure that strategically important data, such as commercial information or personal data, receives the highest levels of protection.
Facilitates information systems security management education and training in regulatory and industry standards including implementation of a Security Awareness Program for all employees to explain security risks and demonstrate best practices for risk mitigation.
Analyzes reports generated by the monitoring implemented systems to identify trends that might lead to future risk as part of the SaaS platform, and overall Quality Assurance program.
Owned and managed security incidents, and conducts complex investigations and completed root cause analysis; prepared written findings, recommendations and followed up on patterns and trends.
Coordinates information security incident response and reporting for events or exploited vulnerabilities including unauthorized system or network access, denial of service, inappropriate data access, data corruption, and/or collection of private or confidential information.
Developed 72 Policies and Procedures, and tasked with completion of the security portions of all RFPs.
Interactive Health, Inc., Schaumburg, Illinois 01/2017 – 06/2020
Director, Information Security & Security Officer.
Strategically implemented Information Technology Security Program, breach class incident response, cyber security programs, HIPAA/HITECH, HITRUST certifications & a Security Operation Center, CCPA, GDPR & FedRAMP compliance, and an integrated risk management. Implemented logical and physical security.
Driving compliance with Corporate Information Security controls company-wide, PCI, SOC 1 and SOC 2.
Successfully positioned as a trusted advisor sought out by senior business line management for advice and guidance on security issues and hands-on implemented Cyber Security program based on NIST 800-53.
Developed and maintains a strong understanding of the business processes and technologies used in the business line, and the information security controls that must be applied to all processes and technologies. Implemented MS Azure cloud security for O/S, CaaS and applications, CASB solutions & COBIT 2019.
Responsible for monitoring of mandated Regulatory compliance, projects and manages information security compliance assessment, remediation of identified business control failures, and merger and acquisitions.
Created and participates in processes to ensure that potential security risks associated with new and existing business processes and IT applications are identified and addressed. Implemented TOGAF & ITIL.
Proactively lead business units to evaluate and mitigate risks associated with third party vendors, as part of a broader third-party risk program. Provides Project plans, strategy vision and metrics on Risk Assessment.
Acting as a knowledge bridge between the business line and Corporate Information Security during monthly reviews of information security controls. Hands-on responsible for Security Budgeting, and vulnerabilities.
Developed and maintains among all levels of business line staff a high level of awareness about security issues and control objectives. Monitors and reports on KPIs/KRIs including security incidents and access.
Developed and implemented a comprehensive, cyber security breach class incident response program within the organization to detect and respond in a timely manner. Implemented SSO & x.509 certificates.
Wrote 137 company policies and procedures in accordance with HITRUST framework and regulations.
Led the completion of TPRM SOC 2 Type II, and ISO 27001 certifications annually.
MultiPlan, Naperville, Illinois 11/2010 – 12/2016
Director, Information Security & Chief Information Security Officer (CISO)
Spearheaded the implementation and management of Information Security and Compliance program space at this major healthcare company with several locations for the management of protected health information (PHI), and personally identifiable information (PII) in compliance with HPAA governance. Implemented a 4-year IT Security Roadmap based on COSO, Common Security Framework, NIST 800-53 frameworks, ISO, and GIS.
Hands-on managed all security projects including TCP/IP, OSI model network.
Managed and led a security team of 21 individuals. Additionally has 3 other directors with dotted line reports that has a total team’s quantity of 61 individuals. Hands-on implemented vulnerabilities management, HITRUST certification program, and Security Budgeting. Implemented an enterprise Container as a Service platform.
Strategically implemented regular, cyber and cloud security programs, NIST3rd Party Review program, DLP tool, and a security operation center as part of our cyber intelligence strategy to monitor and follow up on all external facing IP address events into our internal network using Managed Services from a 3rd party at a saving of $8 million/year. Participates in mergers, acquisitions and integration projects. Implemented SSO x.509 certificates.
Drove the implementation of SEC Regulatory and Financial compliance program including cyber security.
Proactively implemented an IBM XGS series intrusion detection and prevention technology on all external facing IP addresses to monitor and correlated hacker events, incident response program, and minimized company’s liabilities. Created Project plans using tools, and proactively worked with heads of departments.
Implemented a centralized corporate nationwide logical and physical security strategy comprised of User IDs, IAM tool, employee security badge, security cameras, access to data, and regulatory compliance requirements. Consolidation saved the organization over $5 million annually. Managed all security projects.
Served as the strategic IT controls point person, CALEA plans, and managed IT Internal controls and corporate Statement on Standards for Attestation Engagements (SSAE 16 & 18) - formerly SAS 70, SOC2. The reports of the last four years’ reviews contain zero observations. This process reduced onsite client audits by 98% in the past five years resulting in annual cost savings of over $6 million.
Strategically headed the creation of a Risk Management function and TOGAF & ITIL. Worked with Process Owners to create new IT Internal Control Risk Control Matrix for SOX; and conducted Third Party Reviews.
Led the creation of new HIPAA/GDPR compliance policies and set the stage on how to comply with the new HITECH regulatory requirements, and other regulations. Saved the organization over $4 million. Reviewed the TCP/IP, OSI model network. Implemented COBIT 5 and created Processes, sub-processes, and policies.
Corporately responsible for the management 3rd party interface, special audits; KPI & monitored dashboard.
Walgreens Corporation, Deerfield, IL 5/2007 – 12/2010
IT Audit Manager
Galvanized the management of the IT audit function in the corporate Internal Audit department comprised of the development of annual internal IT audit SOX plans and budget, and Third-party Review program. Managed IT Audit function globally. Adopted ITIL, and managed all security projects.
Supervised Identity Access Management solution implementation corporate-wide.
Instrumental in the implementation of HITRUST, IT Risk governance globally, Incident Response program and built all the Risk Control Matrix for SOX. Performed SSAE 16, SOC2, and Third-party Reviews.
Executed creation of COSO – SEC and COBIT risk control matrix comprised of Control Environment, Risk Assessment, Control Objectives, Information & Communication, and Monitoring Components; and conducted related training. Strategically implemented and adopted Identity Access Management tool.
Performed DEA, PCI, GLBA, NERC CIP, HIPAA and key regulatory compliance reviews annually.
Performed and led the performance of several contract reviews and BPO internal control audits and recovered over $3.6 million in improper billings.
Headed the testing of key SOX IT key controls for three years and supervised a staff of 21 employees in a pooled resource system and saved the company over $8.5 million per year.
Drove the implementation of SEC Regulatory and Financial compliance program including cyber security. And prepared CALEA plans. Monitored the TCP/IP, OSI model network.
Rockwell Automation, Milwaukee, WI 12/2006 – 5/2007
(An $18 billion manufacturing and Automation Company).
IT Audit Consulting Manager
Developed the audit plans for the department and supervised IT Audit function. Managed all security projects.
This engagement saved the company over $900,000 per year.
Federal Home Loan Bank of Chicago, Chicago, IL 3/1996 – 2/2006
Vice President of Information Technology
Brought on board as a technology security risk management consultant SME and converted to full-time.
Managed all aspects of IT security risks in compliance with Regulators and FFIEC requirements, IT Audits, and drove the implementation of SEC Regulatory, FFIEC Handbook and Financial compliance program including cyber security. Reviewed the TCP/IP, OSI model network.
Education and Certifications:
MBA in Finance (currently pursuing) l Illinois State University, Normal, IL.
BA, Computer Science & Business (Accounting) l New Mexico Highlands University, Las Vegas, NM
Certified Third Party Risk Professional (CTPRP), Certified HITRUST CSF Practitioner (CCSFP)
CISM – Certification examination scheduled for July 2023
Technical Skills
MS Azure, LAN & WAN, ADS, TFA, AWS, Keycloak
MS 7 – Present, Office 365, CASB Solutions, AWS
Linux, LDAP, Guardian, DLP, SAML II SSO, ADFS
. Net, QRadar SIEM, TCP/IP, IPSec, CrowdStrike
JAVA, OWASP, AWS; Veracode for DevSecOps
Oracle & MS SQL Server, DLP, WAF, KnowBe4
Remedy, HEAT. JIRA & ServiceNow, DarkTrace
OWASP, ForeScout solution, TCP/IP, OSI model
NIST, COSO, COBIT, CSF Frameworks, MITRE, NIST
Avatier, Aveksa, Curion IAM Tools’ LastPass
FISMA, FedRAMP, TOGAF, COBIT 5, COBIT 2019
RAPID 7 Pen test, Tenable IO, Incapsula, HyperV
Symantec Tools, Avast AV, Forcepoint, Sunflake
Waterfall, Agile SDLC, PaaS, SaaS, IaaS, CaaS, IoT
Sophos AV, AES Encryption, Malware Byte AV
Tyco Camera monitoring for Physical security
SecureDoc, Bitlocker, FileVault, Intune, Brainshark
Middleware & VMware, Sonarcloud
Password Manager, GDPR, CCPA, FFIEC
Cisco Firewalls & IOS, Cisco Anywhere Connect
IBM & Cisco IPS/IDS, Cisco Meraki Firewall
Tyco Key card and Physical Security
MS Office and Outlook; MS MDM
MS Project Tool, Archer, RSA Soft Token
Teams, SharePoint, Citrix ShareFile, Evolve
Teams, Zoom, GoTo Messaging Systems
Dell SecureWork SOC, ISO, 9.2 HITRUST/CSF
Net Suite Financial, PCI DSS, Zimbra
Cisco Anywhere, VPN, Cisco Webex
Websense, Dell Kace, CIP-013
Thycotic secret server, Password State
Imperva solutions, Onelogin, LastPass
NetScaler Gateway VPN, DMZ, Firewalls
Cisco IPS/IDS, Splunk Enterprise
Contact this candidate