William J. Lawson, PMP, PCI-QSA, PCIP, CISSP, CEH, CHFI, CSSGB, ITILV3F, Linux+, Network+, Security+

***** **** ** *, ***********, FL 33470

Cell : 317-***-****

E-mail: acw57d@r.postjobfree.com

SUMMARY:

Multi-skilled professional with a diverse background in business, technology, cybersecurity, and management. Demonstrated track-record of leadership capabilities. Dedicated to customer service and the ability to keep poise and diplomacy in high-pressure situations. Able to ensure business continuity through rapid response procedures and processes. An equilateral leader with excellent communications skills. Able to deliver projects ahead of deadline and for building loyalty.

A resourceful and team oriented management lead with an accomplished career progression who personally enhanced professional value by continued education.

PCI Subject Matter Expert (SME)Expertise in client network delivery, deployment, data center build out, building engineering design, business process planning, business information planning, site survey, client network transition, SDLC, and customer relations/retention (Win and Unix environments)

Participated in development of 3 PMO’s and portfolio management procedures/methodologies (Waterfall, Agile, RUP, CMMI, ITIL, etc).

Built data centers from ground up and moved thousands of pieces of equipment, to include communication assets.

Disaster recovery expert with 20+ years of relevant experience in multi-site environment.

Authored Multiple IT DR response plan for the escalation and coordination of events for corporate and governmental environments.

Systematic approach to disaster recovery and business continuity planning. DR must be engineered into the enterprise. If you want a solid DR capability that you can depend on when you need it, call me. My background includes large infrastructure architecture, high-availability and cluster computing, automated recovery, rapid mission-critical deployments, mergers and acquisitions, data center build-out and relocation, production systems integration, and IT audits.

I have completed 700+ projects from small cookie cutter to the large and complex.

Published Author, named as the Foremost Expert on the Adaptation of Biometric Technologies to People with Disabilities. While serving as Chairman, INCITS Technical Committee V2-Security. (http://www.speechtechmag.com/Articles/Column/Voice-Value/Designing-Biometric-Devices-29984.aspx)

PROFESSIONAL STRENGTHS:

Risk Mitigation

Program Management

Project Management

Policy Compliance

Resource Allocations

RFP Development

Business Continuity

Business Analysis

Disaster Recovery

Strategic Planning

Solutions Documentation

Risk Evaluation

Change Control

Quality Assurance

Configuration Management

Program Development

Problem Solving

Team Leadership

ERP Implementation

SDLC Planning

Risk Management

RDMS Implementation

Budget Administration

Financial Analysis

Equipment Purchases

Vendor Negotiations

Incident Management

Enterprise Architecture

Router Switch HW

DC Rack/Cabling

Data Center Provisioning

Data Center Design

Data Center Build-out

InfoSec Engineering

C&A Analyze

CMMI

Payment Card Industry

ITIL Foundation

Security Assessments

CEH

CHFI

Facility Management

GRC

Document Management

Contract Negotiation

EDUCATION & CERTIFICATIONS:

M.S. Information Security Assurance, Western Governors University, Indianapolis, IN.

Bachelor of Business Administration (Specialization: Information Systems), Northcentral University, Prescott Valley, AZ.

Electronic Engineering Core Certificate, Southern Illinois University-Carbondale

Project Management Professional Certification (PMP), Project Management Institute

Certified Information System Security Professional, (CISSP), ISC2

Payment Card Industry, Qualified Security Assessor (PCI-QSA), PCI Security Standards Council

Payment Card Industry Professional (PCIP), PCI Security Standards Council

Certified Ethical Hacking (CEH v8) Certification, EC-Council

Certified Hacking Forensic Investigator (CHFI v8) Certification, EC-Council

Certified 6 Sigma Green Belt, (CSSGB)

ITIL Version 3 Foundation Certification, ITV3F, EXIN

Linux+, Network+, Security+ Certified, CompTIA

Primavera IT Project Office, Department of Veterans Affairs (PMO), Bay Pines, FL

Earned Value Management, Department of Veterans Affairs (PMO), Bay Pines, FL.

Win NT Server Administration, Knowledge Alliance, Clearwater, FL

Cisco Engineering & Lab (3 Classes), Hillsborough Community College, Tampa, FL

Cisco Provisioning, Planning, Designing (3 Classes), AT&T School of Business and Technology

CCNA Program, Techskills, Indianapolis, IN

EXPERIENCE:

Robert Half Technologies (Contract to Protiviti)

Senior Information Security Project Manager and PCI QSA Nov 2015 to Present

Responsible for the on-time, on-budget delivery of large projects or programs.

Ensure high quality deliverable referenced in the project schedule, maintaining adherence to delivery best practices

IT Compliance & Risk Management Senior Analyst

PCI Subject Matter Expert (SME)

Liaise and coordinate in all areas (Technology, Finance, Legal, and Human Resources) to gather PCI compliance evidence.

Serve as the initial point of approval for acceptability of PCI evidence.

Responsible for the execution of compliance audits.

Responsible for review of procedures and corresponding evidence to determine whether or not internal controls are being properly applied.

Lead or execute compliance audits and risk assessments within established control areas.

Test and document more complex computer system records for information system integrity and transaction accuracy; reports discrepancies.

Prepare complex audit plans and assists with more complex plans.

Prepare formal written reports to communicate audit results to management, and makes recommendations as appropriate; defines compliance issues and identifies root causes for review by manager.

Provide technical guidance where appropriate to contract audit staff to ensure that audit objectives are met.

Manage and lead the projects from conception to delivery for the enterprise information security projects.

Evaluate existing Infrastructure Security technology road-maps and processes to enhance capabilities or address gaps.

Provide project management and engineering with actionable data and trending to understand and enhance IT and Security projects.

Knowledgeable of security technology, policies, processes and standards.

Protectively identify opportunities to improve business focus as it relates to IT and Security.

Assemble, evaluate, and implement performance and effectiveness metrics for IT and Security team members and projects.

Experis Information Security Center of Expertise

Senior Information Security Consultant Mar to Nov 2015

IT Compliance & Risk Management Senior Analyst

PCI Subject Matter Expert (SME)

Liaise and coordinate in all areas (Technology, Finance, Legal, and Human Resources) to gather PCI compliance evidence.

Serve as the initial point of approval for acceptability of PCI evidence.

Responsible for the execution of compliance audits.

Responsible for review of procedures and corresponding evidence to determine whether or not internal controls are being properly applied.

Lead or execute compliance audits and risk assessments within established control areas.

Test and document more complex computer system records for information system integrity and transaction accuracy; reports discrepancies.

Prepare complex audit plans or assists with more complex plans.

Prepare formal written reports to communicate audit results to management, and makes recommendations as appropriate; defines compliance issues and identifies root causes for review by manager.

Provide technical guidance where appropriate to contract audit staff to ensure that audit objectives are met.

Verizon Security Solutions

Senior Project Manager and Information Security PCI-QSA Oct 2011 to Feb 2015

Responsible for the on-time, on-budget delivery of large projects or programs.

Ensure high quality deliverable referenced in the project schedule, maintaining adherence to delivery best practices

Consistently represent self as the delivery leader

Responsible for overall success of the project and/or program including fulfillment of the client business and technical requirements and adherence to the approved project scope and budget.

Developed strong professional relationship with client stakeholder(s) consistently demonstrating knowledge of the client business/industry, knowledge of Verizon’s Professional Services offering.

Demonstrate clear and consistent ownership and accountability for the delivery of the project as represented in the Statement of Work, including, but not limited to:

- requirements development and scope management

- project schedule development, management and tracking

- resource management and time tracking

- project financial management and tracking

- project risk management

- project issue management

- project communication / reporting management

Knowledge of Payment Card Industry (PCI) standards and controls for Physical Security Assessment (PSA), Application Vulnerability Assessment (AVA), Social Engineering Assessment (SEA), Penetration Test, FW and IDS Configs.

Conducting Security Gap Assessments and PCI Audits.

Writing Reports of Compliance (ROCs).

Knowledge of Identify and Access Management technologies

Extensive team management experience

Hosted and facilitated meetings attended by client executives, stakeholders and Verizon executives.

Strong communication skills to accurately represent and convey information both in verbal and written form

Ability to multi-task and be aware of several simultaneous work streams.

Ability to manage competing and conflicting priorities.

In-depth understanding of project management processes and principles, including experience in deliverable associated with these practices

Managed remote and leveraged resources across multiple business and technical silos

Worked autonomously and as part of a self-directed work team

Worked nights and weekends when necessary

Managed multiple projects simultaneously.

Indiana University Health, Revenue Cycle Services, System Design & Transition

Project/Engagement/Configuration Manager Jan 2011 to Sep 2011

Responsible for overseeing projects to ensure success.

Execution of standard processes/procedures to ensure the team delivers with preeminent quality and compliance in a timely manner.

In alignment with stated customer objectives related to time, cost, scope and quality for all of the projects.

Provide the overarching project management infrastructure across a program of projects.

Oversees and/or coordinates the collection, compilation, and analysis of project activity data.

Develop/Assist with the development and implementation of policies and procedures consistent with those of the organization to ensure efficient operation of the program/project.

Provide technical and professional coordination and leadership in the execution of day-to-day program/project activities, as appropriate to objectives and area of expertise.

Awareness and knowledge of healthcare systems (Cerner EMR, Encoder, Cloverleaf, SMS, Cirius, HIPAA 5010, ICD-10, CAC, Physician/Facility On-Boarding, CDM, GE Centricy, Sharepoint, Configuration Management, Meaningful Use, and many others).

Coaches and mentors project managers to improve the probability of success for projects within the portfolio/program.

Liaisons with other departments to share key lessons and best practices.

Facilitate meetings and workshops for projects, such as scope workshops, risk conversations and lessons learned.

Influence sponsors and leaders on the value of project management practices.

Assists in the resource planning to secure necessary funds to establish necessary resources as required for the project/program.

Assist in business planning forecasting, capacity planning, financial planning and prioritization.

Remove roadblocks to expedite deliverable.

Awareness and knowledge of healthcare, legal, or quality requirements impacting the business area, and ensures project plan tasks align with quality requirements.

Knowledgeable of IT Infrastructure Library (ITIL).

Facilitate identification and support or roles and responsibilities.

Indian Health Services (E-management)

Program Manager/Sr. Security Engineer-C&A Analyst Oct 2010 to Jan 2011

Experience at tasks related to FISMA and NIST Certification and Accreditation (C&A) guidance to assess policy development for compliance in meeting regulations and mandates.

Determined enterprise information assurance and security standards.

Developed and implemented information assurance/security standards and procedures.

Recommended information assurance/security solutions to support customers' requirements.

Established and satisfied information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands.

Performed analysis, design, and development of security features for system architectures.

Analyzed and defined security requirements for computer systems which may include mainframes, workstations, and personal computers.

Performed vulnerability/risk analysis of computer systems and applications during all phases of the system development life cycle.

Lead enterprise wide efforts to develop and define strategy for integrating security functions into the customer engagement model and contributes to enterprise security strategy.

Performed control and vulnerability assessments to identify weaknesses and assess the effectiveness of existing controls, and recommended remedial action.

Participated in project reviews, incident debriefs and evaluation (such as audit) reviews to understand the issues and gaps, factor into continuous improvement and alter/enhance the education and communication plans.

Played an advisory role in application development or acquisition projects, to assess security requirements and controls and ensure that security controls are implemented as planned.

Collaborated on critical IT projects to ensure that security issues are addressed throughout the project life cycle.

Communicated with business unit SVP's, VP's, and Directors/GMs on defining their business priorities and security risk tolerances.

Lead the development of security architecture and security policies, principles and standards.

Developed security processes, procedures, and supporting service-level agreements (SLAs) to ensure that security controls are managed and maintained.

Developed and validated baseline security configurations for operating systems, applications, networking and telecommunications equipment.

Worked with business units to address information security challenges that need to be addressed, designed and/or considered in future plans.

Stayed current and work with the business units to understand the impacts of pending legislation, rule making and/or major technology changes.

Developed a security threat index with measurement tools and factor into the strategic plan overall continuous improvement. Continuously monitor the vulnerability index and work with specific areas to develop actions/plans to remediate areas

Ensured security reviews, penetration tests, security implementation services, policy and procedure development and input to the security architecture design are sufficient to enable appropriate intelligence gathering and monitoring functions.

Support internal/external audits and remediation of findings.

Identified the findings and associated mitigation and ensure they are implemented in a timely fashion. Take these findings and incorporate into long term remediation/prevention efforts

Sallie Mae, Inc. InfoSec Project Manager (FISMA C&A PMO Project, PinPoint Contractor) May 2009 to Oct 2009

Information Security Project Manager with critical skills in transforming security practices, operations and management. For the purpose of ensuring that system’s security controls meet all applicable requirements. To achieve the goal of acquiring Interim Authority to Operate (IATO) and Full Authority to Operate (FATO).

Experience at tasks related to FISMA and NIST Certification and Accreditation (C&A) guidance to assess policy development for compliance in meeting regulations and mandates.

Experience in the following FISMA C&A processes: System Security Authorization Agreement (SSAA) development, Concept of Operations (CONOPS) development, System Rules of Behavior development, Security Test and Evaluation (ST&E) from both a documentation (i.e., Security Requirements Traceability Matrix (SRTM) and overall risk assessment plan construction) and a technical (vulnerability scanning and analysis) standpoint, Incident Response planning, SDLC planning, Transition planning, Contingency, Disaster Recovery, and Continuity of Operations (CP/DRP/COOP) planning, Plan of Action and Milestones (POA&M) development and execution and Privacy Impact Assessments.

Develop business continuity/disaster recovery plan

Interact with all departments to acquire deliverables. While ensuring that change control, configuration management, quality assurance policies are adhered to.

Conducting and managing policy reviews, establishes gap analyses, and ensure documents are complete and compliant with current security and privacy regulations. While, ensuring that the Program Management Office is kept informed of project status, requirements, plans, and schedule via MS Project 2007.

Xerox Global Services Project Manager (AT&T Print 360 project, PinPoint Contractor) Jun 2008 to Nov 2008

Developed detailed plans using PMI standards

Developed schedules with project tracking and oversight (what to do and how to get it done) including managing time, cost, deliverable risk, customer expectations and relationships, 3rd party suppliers.

Responsible for client satisfaction w/deliverable

Provided leadership on moderate sized projects under supervision

Effectively organized and prioritized the teams work

Project Decomposition of complex projects into components

Exercised control of the cost and schedule elements of a project

Efficiently organized multiple project segments and assignments

Health Care Excel, Inc. (PinPoint Contractor)

Director, Facilities and Information Technology Jan 2008 to Jun 2008

Managed the build out and consolidation of 2 Datacenters. Corporate Data Center (Indianapolis, IN) and remote Data Center (Louisville, KY). Corporate Data Center (DC) encompassed facilities (construction, power, HVAC, PDUs, racks, PBX, wiring, proximity system, etc.). Implemented power management system, intrusion protection, enterprise vault, remote access, 21 TB storage array, and new routers/switches to accommodate transition to VOIP. Designed to allow for fully redundant power/HVAC and data recover in the event of a disaster. With configuration can establish a new office anywhere in the world within 24-48 hours.

Quickly established new remote offices to support contract bids. Negotiated the lease, build, vendors, and infrastructure to support Wireless VOIP/Network. Primary vendor was Core.

Data Center Knowledge - Server/Router Switch HW, Rack/Cabling, Provisioning Process, Design, Power, and HVAC.

Responsible for ensuring security of data center, databases, CDN, and migration of data and networks.

Responsible for facilities and information technology operations, to include direction for property control, equipment, office technology, equipment maintenance, and general office administration practices. Supervises the Facilities and Technology management staff for all HCE locations to ensure availability of the system to users, and completes reports to reflect customer service satisfaction and security compliance.

Responsible for the design and oversight of corporation’s technology infrastructure design, implementation, and telecommunications systems, management of DBMS (SQL) and administrator; promotes efficiency and compatibility among systems. Conducts ongoing analysis and provides detail to the Senior Director, Corporate Services documenting any concerns with the current technology. Recommend and implement action plans to minimize risk.

Conceptualized and managed the migration of the organization’s DBMS from Oracle 8i to Oracle 9i.

Collaborates with department staff to develop and manage an educational curriculum to support a technically proficient workforce who will achieve objectives. And ensure that all departments adhere to configuration management and quality assurance policies

Mentor problem identification, and resolution. Assures problems are communicated through the Help Desk, tracked through resolution, communicated to the customer, and meet established timeliness targets.

Reviews Facilities and Information Technology budget ($1.2M Annually) reports and follows up with management as appropriate. Assists in the establishment of long-range strategic objectives, programs, and practices. Outcomes of these strategic goals must be updated each quarter.

Responsible for identifying sites or site modifications for operations. Directs office site floor layout. Manages all on-site construction projects and completes all assignments.

Establish a disaster recovery location where employees may work off-site and access critical back-up systems, records and supplies (Hot Site, Warm Site, or Cold Site).

Coordinates the review of security procedures and recommends modifications to current security measures. As part of the security plan, oversees building and employee safety as it relates to terrorism through environmental reviews of offices, reviewing articles related to terrorism in the work place, and status of national terror level. Coordinates the reporting of incidents with building security or local law enforcement agencies and keeps documentation related to each incident. Seeks preventive action for improvement to procedures. Schedules review of office and employee security at FM staff meetings. Submits an annual review to the CEO.

Development of timely and accurate written documentation that meet ISO and ITIL Standards. Oversees bi-annual property inventory.

Evaluates the need and recommends the appropriate time for upgrades to equipment (hardware and software).

Conducts staff meetings at least monthly, manages operations documents, and serves as a budget manager.

Performs all other duties as assigned, including technical support to the Web Master and other IT technical positions.

Company is running MS Exchange, Citrix Metaframe and SQL RDMS Server. There are multiple WAN locations and they are using Cisco and running approximately 100 servers (physical and virtual).

Societe Internationale De Telecommunications Aeronautiques (SITA), Chicago, IL (Primus Software Corp. Contractor)

Senior Lead Technical Program/Project Manager Jul 2007 to Dec 2007

Define and develop the statements of work and work packages necessary to build the solution that will meet expected service levels.

Ensure that each element of the project is professionally defined and initiated, including: WBS, resource requirements, task accomplishments, project deliverables, critical path areas and project dependencies.

Maintain open communications with the project team, management and customer by providing continuous feedback on the status of the project.

Ensure the project team maintains a consistent delivery attitude to exceed the agreed Business Case and customer’s business goals, and ensure that consistent customer satisfaction throughout the project is maintained.

Responsible for planning, implementation, security of the clients network infrastructure (e.g. CUTE, servers, printer, baggage sorters, Cisco router, switches, and firewalls), via third party suppliers, and internal SITA business units.

Development of timely and accurate written documentation in accordance with ITIL Standards.

Conduct refresh of IOS and client applications.

Deploy and test client’s terminal server environment to ensure CUTE access.

Conduct migration of the client’s network at time that would not interfere with flight operations.

Escalate unresolved issues under your remit, when appropriate or required.

Assess project management and implementation costs and manage the SITA deliverable within the constraints agreed.

Telephony: User provisioning (privilege management), Identity management, VPN PKI (trust modeling), and VOIP (Voice-over-IP/Digital PBX systems).

National Government Services (Contract 1099) Senior Technical Project Manager Mar 2007 to May 2007

IVR integration across 3 companies, software consolidations, and conduct Internet and Intranet development. NGS IT organization is CMMI level 3 certified, so standardized processes were followed and quality checked along the way. Cross functional collaboration across all 3 companies in order to get things done. We are preparing for ITIL certification.

Provided leadership in consolidating database technologies across various operational platforms and DBMS.

Combining three disaster recovery plans into one cohesive whole.

Standardized recovery plans and set a review cycle.

AT&T Worldwide PMO (TekSystems Contractor) Senior Project Manager Sep 2006 to Dec 2006

Managed for the County of San Diego those projects related to networking and telecommunications.

Conducted site visits to access requirements and collaborated with construction engineers/PM.

Utilized Remedy for ticket management and CR Web for Change Management.

Worked with management to oversee implementation of disaster recovery preemptive measures.

Conducted site assistance visits identifying critical assets, system inter-dependencies, cyber vulnerabilities.

Many of the additional duties are inline with those while serving with AT&T from 1999 to 2004. (See Prior AT&T Position)

BHIE/FHIE PMO, Department of Veterans Affairs (Lockheed Martin Contractor)

Information Systems Analyst/Business Management Analyst/Interagency Network Architect Dec 2004 to Jun 2006

The primary role is to serve as a representative for the BHIE/FHIE Inter-agency Program Management Office and as support staff to BHIE/FHIE projects.

Network Architect of the DoD/VA medical framework of the future. Utilized existing Unix/Oracle Database with release and platform upgrades.

In addition served as liaison between DoD and VHA Project Managers for BHIE/FHIE projects. Extensive experience with SDLC, release management, integrated security architecture, including threat risk and cost benefit research, design analysis to minimize server and network exposure, VPN setup, and the evaluation, acquisition, and deployment of COTS/Proprietary applications servers and security hardware (firewalls, switches, intrusion detection systems, NetScrn, NIPRnet and VPN clients and servers) in Unix/Oracle environment.

Applying Earned Value Management principles to:

Relates time-phased budgets to specific contract tasks and/or statements of work (SOW)

Objectively measure work progress

Properly relates cost, schedule, and technical accomplishment

Allowed for informed decision making and corrective action

Provide estimation of future costs

Supplied managers at all levels with status information

Responsible for advising team members concerning all aspects of project planning, ADA & 508 compliance, usage statistics, policy interpretations, OMB preparation, general research, and Primavera matters.

Provided database services and technologies across various operation platforms and RDBMS.

Handled initiatives and submitted proposals to implement business process contingency plans.

Managed the efforts of infrastructure, server, and applications recovery plans.

Developed and wrote IT DR Policy and Standards documents.

Created, reviewed, and conducted Delta Analysis of HL7 data and project plans to include updates of the following appendices: Scope Management Plan, Time Management Plan, Cost Management Plan, Quality Management Plan, Human Resource Management Plan, Communications Management Plan, Risk Management Plan, Procurement Management Plan, Contingency Management/Response Plan, Configuration Management Plan, and IT Security Re-certification and Accreditation Plan.

AT&T Global Network Services Technical Project Manager/Disco Team Lead Oct 1999 to Dec 2004

As Team Lead I supervised six data network project managers and reviewed the engineering review process.

Managed the conversion/migration of multiple network/circuits both domestic and international.

Charged with conducting site surveys, and coordinating install/test schedules with clients and cross-functioning teams. In accordance with ISO Standards.

During the process all routers and equipment were upgraded or installed to reflect new configurations.

Responsible for coordinating a feasible install/test dates with the customer and cross-functioning teams.

All tasks were accomplished with little or no impact to customers.

Created Dashboard and Scorecard for DR.

Designed and wrote IT DR Policy and Standards documents

Maintain current and multiple contact information (e.g., home and cell phone numbers, personal e-mail addresses) for Employees, Key customers, vendors, suppliers, business partners, Insurance companies, accessible electronically for fast access

Access to multiple and reliable methods of communicating with your employees, Emergency toll-free hotline, Website, Cell phones, Satellite phones, PDAs, Two-way radios, E-mail, etc.

Oversaw the conversion/migration of multiple networks/circuits both domestic and international. Set operational goals, design network configurations, plan future network expansion, and provide senior technical advice and troubleshooting. Extensive experience as a senior/final technical escalation point.

Experience with LAN/WAN network architecture

Contact this candidate