Management Office
Resume:
Mark N. Sibley, CBCP
Ashburn, VA 703-***-**** ac058u@r.postjobfree.com
Summary
Expertise
A Risk and Resilience Thought Leader and Evangelist who has the demonstrated ability over the last 15 years with developing and implementing a holistic and pragmatic approach to prepare organizations for disruptions and incidents. Has the proven skills to integrate often segregated roles and teams (i.e., emergency management, risk management, physical and information security, business continuity, disaster recovery, operations, communications, finance and legal) to meet the need, as one accountable team, of the current risk environment. Successfully managed the response to many incidents from severe weather, terrorism, technological incidents, and workplace violence for several organizations.
Incident/Crisis and Business Continuity Management
Executive Leadership Team Incident Command, Training, and Succession (for incident response)
Strategy Development and People Management
Training and Exercise Development and Facilitation
Incident Communications Systems and Capabilities
Resilience Program Development based on Industry Standards
BS-25999 and ISO 22301 Standards (expert); ITIL (knowledgeable)
Critical Internet, Co-Location, and Multi-Data Center Ops
Technological Disaster Recovery
Enterprise Risk Management; Physical and Travel Security
Governance, Risk, and Compliance (GRC)
Agile Methodology and Framework
Information and Cyber Security (knowledgeable)
Most Recent Accomplishments
Verisign, Inc.
As the Director of the Business Resilience Office, I have performed Business Resilience and Enterprise Risk Management using industry standard Business Impact Assessment and Risk Assessment methodologies.
Verisign is the third company in 15 years where I successfully developed an enterprise-wide business resilience program.
Implemented the Verisign Incident Management Framework (operations, strategy, and governance).
Using industry standard Business Impact and Risk Assessment methodologies
–Drove in concert with Internal Audit the development of the current Risk Management Framework for Verisign
–Coordinated with 20+ critical teams and management to identify the top 20 risk list for Verisign
–Identified 60+ risks total
–Mitigated successfully 90% of those risks to date; the other risks (minor) and residual risks are being tracked and monitored
Developed “Enterprise Games” exercise and training program; 0ver 50 exercises over 7 1/2 years; monthly internal / external communications tests; player cell controller for CyberStorm III – Verisign had 15 staff playing for 3 days.
Developed external exercises for Global Internet Root Operations and groups
–Using simulation based exercises, drill teams on documented response protocols and use scenario-based planning to uncover and document risks and gaps as well as to build muscle memory and adaptability
–Over 12 years of experience successfully coordinating and facilitating large and diverse or smaller, targeted groups and teams in exercises and actual incidents where lessons learned and risks were identified and tracked to closure.
–Developed and facilitated several “live fire” exercises (announced and unannounced) with executive team and CEO participation; Training and walk through sessions with the executive team and CEO for each exercise and scenario.
Managed the response for incidents affecting Verisign over the last 7 1/2 years.
Development and implementation of Incident Communications Plan with Communications, Legal, and Leadership.
Developed the Threat Management Team focusing on Workplace Violence, Insider Threat, Kidnap for Ransom, and Active Shooter. Developed Active Shooter and Kidnap for Ransom Response Plans.
Built and currently manage Verisign’s relationship with Department of Homeland Security, National Cybersecurity and Communications Integration Center (NCCIC) via the Communications ISAC.
Support business for proposals and contracts for customer due diligence regarding resilience posture for our products.
Two successful audits of Business Resilience Program against BS-25999 Standard and ISO 22301 Standard.
Professional Experience
Director, Business Resilience Office – Verisign, Inc., Reston, VA (2009 – 2017)
Responsible for the Business Resilience Program (incident management and communications, business continuity, technological disaster recovery coordination, tests and exercises, incident-focused and redundant communications capabilities)
Planning and Preparedness:
–Continuity Services – Business Impact and Risk Assessments for Corporate, Business, and Critical Operations teams
–Incident Management – Formalized and facilitate the Corporate Incident Response Team (IRT) of over 30 key staff; Incident Response Team of 12 staff; Root Zone Response Team (internal/external) of 20 people
–Developed the Incident Response Team (IRT) Operations Plan and Incident Communications Plan
–Coordinated closely with Physical Security the Workplace Violence, Evacuation and Shelter-in-Place, and Emergency Response Team (medical) and Tornado Warning programs and protocols
–Primary administrator of Verisign’s emergency alert system for mass notification and operational incidents
–Satellite and GETS/WPS redundant communications capabilities for use during incident response
–Incident management and coordination support for Operations and the Network Operations Center (NOC)
Primary Lead for Incident Management and Coordination:
–H1N1 outbreak and Ebola response
–2010 and 2011 winter storms
–Several power outage incidents and severe storm response
–Mid-Atlantic Earthquake and Hurricane Irene responses
–Hurricane Sandy
–“Operation Global Blackout” coordination and response – March 2012
–Internal employee issues via the Threat Management Team
–Heartbleed, ShellShock, Poodle, GHOST vulnerability responses
–Internet Infrastructure Incidents
Program Manager – Business Resilience Office – Northrop Grumman, McLean, VA (2008 – 2009)
Responsible for developing and implementing the sector’s business resilience program (business continuity, emergency response, crisis management, and incident communications systems and capabilities)
Planning and Preparedness:
–Developed a 3-5 year plan and roadmap to streamline current capabilities and plans
–Developed the business case and strategy to implement a corporate-wide, risk-based Enterprise Resilience Office
–Lead effort to ensure that the Sector passed our internal audit for ER, CM, and BCP in December, 2008. We received a passing audit score with internal audit recognizing the program for best practices
–Provide subject matter expertise to the emergency response and crisis management teams
–Liaison with IT Disaster Recovery, Enterprise Risk, and Business Continuity
Lead effort to standardize decision support system capabilities within all five NG Sectors Incident Management and Coordination:
–H1N1 outbreak
–Tornado response in 2008
–Multiple severe power outage responses and Hurricane Gustav and Ike responses
Manager – Business Assurance Office – Booz Allen Hamilton, McLean, VA (2001 – 2008)
The firm’s Business Assurance Office’s scope is the life/safety/security of all Booz Allen staff world-wide, protection of assets based on emerging and current threats and risks, ensuring resilient business operations, and protection of the firm’s image and reputation. The BAO is the central facilitation and coordination point (on-call 24x7) for response to any incident world-wide that impacts our staff, assets, operations, or image/reputation. In this capacity, I accomplished the following:
Planning and Preparedness:
–Supported the development of the Firm’s Risk-based decision matrix for new and existing business and locations
–Implementation of the firm’s business continuity / recovery capability risk strategy for all corporate functions
–Incident management planning for all staff, offices, and operations in the mid-Atlantic region specifically
–Incident management planning for all staff and offices world-wide
–Due diligence and implementation of an alert notification system and business continuity management system for the firm
–Supported the concept, development and implementation of the firm’s decision support architecture
–Firm’s Emergency Operation Center implementation and operations
–Developed and coordinated the firm’s annual corporate functional exercises (50 staff)
Incident management:
–Led the firm’s response to the California Wildfires
–Supported our Beirut office through two evacuations due to regional conflict
–Involved in the response to several health related incidents impacting staff (e.g., Staph infection-MRSA, TB)
–Supported all firm response activities during the 2004/2005 Hurricane seasons, including Katrina, Rita, and Ivan, which severely impacted our Gulf Coast offices, and the loss of our New Orleans office for several months
–Supported the firm’s response to the London/Madrid bombings
–Supported and accounted for several staff caught in the earthquake and tsunami in Indonesia
–Led the response for several missing staff incidents
–Led the response for a severe workplace violence incident (multiple assaults on staff at HQ)
–Led and/or supported the firm’s response to most minor incidents impacting our offices/staff (e.g., power failure, severe weather, local civil disruptions during political conventions or IMF/World Bank meetings, etc.).
Education
Certifications/Clearances
Bachelor of Science – History
Radford University, Radford, Virginia
Certified Business Continuity Professional (CBCP) from DRII – Certification number: 4323 (Active – 2001-2017)
Associate of Applied Science – Administration of Justice,
Northern Virginia Community College, Annandale, Virginia
DoD Top Secret/SCI (Held for 20 years, not active currently, not needed at Verisign - Clearable)
Contact this candidate