Cyber Security Engineer, Senior IT Audit Manager, Compliance Engineer

SHARON DEFENDERFER

**** ***** **** ****, *********, TN 37931 • Tel: 865-***-**** • ***.****@*****.***

SUMMARY OF QUALIFICATIONS

Over 18 years of Information Technology (IT) experience including Cyber and Information

Security, IT Program Oversight, Process Engineering, IT Quality and Contractor Assurance,

Change Control, Issue, and Risk Management, Tool Development, HTML and SharePoint Website

Administration, IT Program Data Analytics, and CMMi Maturity Level 5, PMBOK, ITIL, and

SCRUM methodologies.

WORK HISTORY

Cyber Security Analyst Oak Ridge, TN

Y-12 National Security Complex Mar 2011 to Present

Responsible for Contractor Assurance Oversight including assessments of deployed security controls,

issue management, risk identification and mitigation, continuous monitoring, metrics collection, trending,

and reporting, SharePoint 2010 administration, and Y-12 Cyber Security website maintenance.

• Conducts Management Assessments and Surveillances of each aspect of the Y-12 Cyber Security

Program to verify security controls in the Y-12 environment are consistently implemented and

compliant with Y-12, DOE, and NNSA requirements.

• Authors Cyber Security Assessment and Surveillance Reports that provide the Y-12 Information

Security Site Manager (ISSM) and NNSA Oversight with visibility into the health of the Y-12

Cyber Security Program.

• Oversees the Cyber Security Issue Management Program ensuring corrective actions are tracked

to closure.

• Participates in Issue Remediation including Casual Analysis, Cost Benefit Analysis, Extent of

Condition Reviews, and Corrective Action Plan development.

• Authors, reviews and revises Y-12 Information System Security Plans ensuring compliance with

Federal requirements including NIST 800-53, OMB A-130, FIPS 140-2 and NAP 14.1D.

• Developed and maintains Vulnerability Management and Remediation tracking databases.

• Collects and reports Cyber Security metrics to Senior Y-12 and DOE/NNSA management.

• Responds to Federal Data Calls and Audits via Cyber Security Metrics data collection and

analysis, Documentation Repository Management, and formal correspondence/delivery.

• Tracks system Patch Status and works with Y-12 System Owners to ensure that Software Patch

Releases have been successfully installed on Y-12 Information Systems.

• Designed, Implemented, and Administers Y-12 Cyber Security SharePoint Site including Access

Management, Version Control, Workflow Development, and File Structure Maintenance.

• Deployed and Administers the Y-12 Cyber Security Website ensuring Federal and Internal

Stakeholders have access to the most recent Y-12 Cyber Security guidance and direction.

• Y-12 Safety Management Co-Lead responsible for communicating and implementing Y-12 safety

initiatives to Cyber personnel.

• Currently pursuing CISSP® - Certified Information Systems Security Professional certification.

• Active Department of Energy (DOE) “Q” Clearance through March 2016.

1

SHARON DEFENDERFER

3548 Adams Gate Road, Knoxville, TN 37931 • Tel: 865-***-**** • ***.****@*****.***

Program IT Risk and Issue, QA, Metrics Manager Salt Lake City, Utah

Veterans Health Administration (VA) for SAIC Oct 2008 to Mar 2011

Responsible for the Risk and Issue Management Program for the VA Healthcare Data Repositories

Program and 4 associated projects. Led continuous process improvement initiatives. Conducted process

and product audits. Authored program policies, procedures, and tools.

• Facilitated/coordinated the VA Healthcare Data Repositories Risk and Issue Management Boards.

• Monitored risk management program ensuring on-going risks were continually re-evaluated,

prioritized accordingly, and effectively mitigated.

• Standardized quality assurance, risk and issue management, and metrics tools, policies,

procedures, guidance, and templates.

• Collaborated with project management and staff to develop effective mitigation strategies.

• Collected, analyzed, and reported program and project metrics.

• Conducted Quality Assurance process and product audits to evaluate compliance with Section

508, HIPPA and FISMA laws and regulations.

• Directed process improvement initiatives including root cause and lessons learned sessions.

• Tracked program issues and remediation actions to closure.

Enterprise IT Program Risk and Change Manager Groton, CT

Pfizer Pharmaceutical Company for SAIC Nov 2006 to Oct 2008

Directed team of Change Management Specialists responsible for ensuring software and process changes

were analyzed and effectively managed for a portfolio of Pfizer software valued at $600M. Authored

PMBOK® compliant processes that were subsequently adopted enterprise-wide.

• Coordinated/facilitated Enterprise Change Control Board (CCB) ensuring product and process

changes were analyzed for impacts and tracked to completion.

• Consulted with Pfizer Senior Management to institutionalize best practice issue and change

management processes.

• Trained and managed a team of 4 Change Management Specialists in day-to-day activities.

• Ensured that each change request presented to the CCB was documented thoroughly including

sufficient description detail, estimated cost and effort, and analysis of impact to other

systems/software.

• Collected, analyzed, trended, and presented actionable performance measurement data.

IT Program QA and Metrics Manager Atlanta, GA

Centers for Disease Control (CDC) for SAIC Sep 2003 to Oct 2006

Authored and implemented CMMi Maturity Level 3 performance surveillance and quality assurance

programs for two multi-million dollar CDC web-based software projects: BioSense, National Electronic

Disease Surveillance System, and National Healthcare Safety Network software development.

• Facilitated/coordinated CDC CCB, technical reviews, and lessons learned sessions.

• Collected and analyzed data for program management reports.

• Conducted Quality Assurance process and product audits to evaluate compliance with Section

508, HIPPA and FISMA requirements.

• Produced value-added QA reports and tracked deficiencies to closure.

2

SHARON DEFENDERFER

3548 Adams Gate Road, Knoxville, TN 37931 • Tel: 865-***-**** • ***.****@*****.***

• Chosen to participate in CMMi ARC-B Appraisal to evaluate process maturity level.

IT Program Metrics Manager Princeton, New Jersey

Bristol Myers Squibb for SAIC Feb 2000 to Sep 2003

Managed a team of 2 IT metrics specialists responsible for tracking over 800 data elements. Developed

and implemented one of the first software development metrics programs in the United States to be

successfully appraised at CMMi Maturity Level 5.

• Facilitated/coordinated Service Level Agreement reviews between SAIC and the client.

• Developed and maintained Excel and Remedy metrics collection and reporting tools.

• Analyzed impacts of proposed changes to tools and processes for consequences to trending

capabilities.

• Collaborated with the client to define a metrics strategy that “told a story” and produced

actionable results.

• Maintained the historical database to protect data integrity so that basis of estimate data and

proposed actions to optimize processes were based upon sound data.

• Awarded Most Valuable Player for technical skills, customer service, positive attitude, and

contributions made to the program.

• Made frequent contributions to the quality of the SAIC Organizational process assets by sharing

lessons learned and process improvement suggestions.

• Prepared for, and participated in, an external SEI CMMi Maturity Level appraisal enabling

SAIC to grow business and promote the organization as successfully appraised at the highest

maturity level, CMMI ML 5, or “Optimized”.

EDUCATION

3

SHARON DEFENDERFER

3548 Adams Gate Road, Knoxville, TN 37931 • Tel: 865-***-**** • ***.****@*****.***

University of Tennessee Knoxville, TN

B.S. Education 1995

4

Contact this candidate