Cyber Security Risk Management, IT Project and Program Management

IT professional with 21+ years of experience in cyber risk management, IT project/program management, IT operations management and consulting. Proven track record in global companies to deliver and manage Governance, Risk and Compliance (GRC), cyber security and IT service management projects and programs. Strategic thinker and action-oriented leader bringing vision, structure and simplicity to implement solutions across parallel initiatives. Highly regarded stakeholder engagement skills coupled with my natural curiosity ensure that I understand true value drivers. I am passionate about delivering results by creating and coaching motivated, high-performing teams, building trust and managing the needs of diverse stakeholders in complex, global organizations.

Areas of Expertise

Governance, Risk and Compliance (GRC)

Cybersecurity Risk Management

Factors in Information Risk (FAIR) Cyber Risk Analysis

IT Project and Program Management

Insourcing, Outsourcing and IT Vendor Management

IT Service Management/ITIL Processes

Data and Application Integration Architecture

IT Operations Management

Professional Experience and Significant Achievements

CYBER RISK PROGRAM MANAGER

June 2019-Present

DXC TECHNOLOGY

McLean, VA USA

Created a governance, risk and compliance strategy and implementing an enterprise-wide cyber risk and controls management program (based on NIST, enabled by ServiceNow) to transition from an internal security certification process to holistic cyber security risk management, including risk assessments, risk and issue management, leading the restructuring of DXC to industry security controls, as linked to standard security architectures and DXC enterprise services

Implementing FAIR-based quantitative cyber risk analysis as input to security investment decisions in line with cyber risk appetite.

Based on DXC’s business strategy and security needs, create and maintain cyber risk roadmap to operationalize risk management

Implementing Third Party Risk Management Program (TPRM), with DXC Supply Chain and business stakeholders, to ensure vendor cyber risks are identified and managed

INTEGRATION PROJECT AND PORTFOLIO MANAGER

Feb 2017-Mar 2019

SHELL

Rome, Italy

Performed market assessments, developed business cases and gave recommendations to IT executives for security technology investment decisions. Recommendations resulted in projects to implement GRC and security strategies. Streamlined GRC processes and technology for wider adoption, enabling Shell’s vast IT landscape to operate securely and meet data privacy regulations.

Led vendor performance assessment and proposal to transition Shell’s cybersecurity data analytics platform (Splunk) delivery model from outsourced to in-house. Recommendations based on cost; quality; resource availability; hiring strategy and security monitoring strategy. Advised on project approach, plan, governance and resourcing strategy.

Drawing on deep understanding of GRC strategy and stakeholders, managed project team to successfully deliver multiple system integrations for GRC landscape, despite process, data and technology complexity.

Managed global teams performing RSA Archer upgrades/data center migrations and ongoing system change investments. Established formal platform governance and implemented improvements in product backlog management; Agile delivery and staff development, resulting in a high quality, mature IT delivery engine to meet business needs

As a subject matter expert in Shell’s cyber security and GRC contracts and costs, led teams negotiating service delivery, SaaS, software licensing and development contracts to secure optimal terms, delivering business needs at the lowest possible cost.

Managed end to end outsourcing process to transition IT operations and development to vendors (contract definition/negotiation; knowledge transfer and service management implementation). Negotiated 33% in cost reductions.

Managed global phishing awareness campaigns. Targeted phishes based on vulnerabilities to reduce insecure employee behaviors.

LEAD OPERATIONS LANDSCAPE MANAGER (OLM)

Nov 2013-Jan 2017

SHELL

Arlington, VA USA and Rome, Italy

Led global team of 6 staff and $17M budget managing offshore vendors operating Shell’s cybersecurity and GRC systems. Implemented 30% cost reduction in operational budget over 2 years

Applied IT service management (ITIL) to security application portfolio with unstructured ways of working to transform IT operations to be efficient, sustainable and cost-effective

Led multiple service delivery and software licensing contract negotiations resulting in significant cost reductions (30-40%) on multiyear/multimillion USD contracts while delivering reliable and mature IT support processes to end users.

While working one full-time role, took another full time Supportability and Transition Manager job during a colleague’s 6 month leave. Managed team responsible for integrating support requirements into projects before closeout. Overcame resistance by ensuring my team applied requirements in a consistent yet flexible manner. Advised enterprise working group on integrating supportability into DevOps and Agile delivery methodologies.

PROJECT MANAGER (contractor)

Mar 2009-June 2013

SHELL

The Hague, Netherlands

Lead $2M USD project implementing IT security controls for application support processes to address security risks and comply with Sarbanes-Oxley ISO/COBIT control frameworks. Directed work of 30+ global stakeholders implementing application support processes and controls, including continuous process improvements

Managed implementation of database security monitoring tools for Shell’s business critical IT landscape

Managed enterprise implementations of HP Service Manager and ITIL service management processes, increasing standardization and efficiency among internal and outsourced IT support teams

Developed and implemented internal communications program targeting 200+ IT and business stakeholders using variety of media to introduce and embed changes during transition from internal to outsourced/offshore ITIL service management model.

COMMUNITY LIAISON OFFICER

June 2006-July 2007

US DEPARTMENT OF STATE

US Embassy Helsinki Finland

Developed and implemented streamlined communications strategy for US Embassy Helsinki community by re-deigning the intranet site, newsletter and identifying community constituencies to provide information about quality of life, family issues and other practical considerations for US Government employees moving to Helsinki

Attended country team meetings to brief US ambassador and Chief of Mission on embassy community issues and plan/facilitate visits from US government officials (held Top Secret clearance)

SENIOR PROJECT MANAGER and BUSINESS ANALYST

Jan 2001-June 2005

SPRINT NEXTEL

Reston, VA USA

Documented business requirements and re-designed processes for implementing US regulations for Wireless Local Number Portability (WLNP) in operational support systems. Subject matter expertise and leadership resulted in expanded role leading user acceptance testing, support organization training and process implementation.

Managed project to streamline wireless handset service and repair operations by identifying business requirements and managing user acceptance testing for workflow improvements to recycling handset inventory for service and repair.

Managed implementation of communications campaigns on Nextel’s intranet portal and content management systems.

STANDARDS MANAGER

Aug 1999-Dec 2000

XEROX CORPORATION

Washington, DC USA

Liaised with industry trade associations, standards development organizations to advise Xerox business groups and senior management on regulatory issues impacting Xerox’s product development strategy, including data privacy and usability standards

Initiated and implemented knowledge management for Xerox’s standards department, including the implementation of an intranet site, a content management system, and a companywide experts’ database for regulatory and standards issues.

SENIOR CONSULTANT

Aug 1997-Aug 1999

BOOZ ALLEN HAMILTON

McLean, VA USA

Managed project teams writing reports advising US government clients on radio spectrum management, auctions, regulation and strategies for increasing interoperability among US public safety wireless communication systems.

Developed consensus on telecommunications public policy issues among diverse US government agencies representing the Public Safety Wireless Network program; wrote comments behalf of clients filed with the US Federal Communications Commission in response to public rule makings about proposed wireless telecommunications regulations (held Secret clearance).

COMMUNICATIONS MANAGER

June 1996-July 1997

WIRELESS COMMUNICATIONS ASSOCIATION

Washington, DC USA

Wrote and presented briefings to educate US congressional staff and business executives on fixed broadband wireless technology and regulatory issues. Created and launched industry directory, including writing, data collection, design, marketing and financial management.

EDUCATION AND CERTIFICATIONS

Project Management Professional (PMP) Certification

February 2012

M.A. Telecommunications, George Washington University

May 2002

B.A Political Science and French, West Virginia University

May 1993

Contact this candidate