BRAND & KNOWLEDGE

Leadership and mentoring of others on systems security and project teams

Develop programs, plans, and processes with executive level management for the overall Cybersecurity Function

Incident Response Planning - documentation, exercises, and execution as well as After Action Reporting subsequent to critical security incidents

Advisory to U.S. Treasury partners on IT security risk and related responsibilities

Expertise in current areas of compliance such as Federal Information Security Management Act (FISMA), Plasticard Industry-Data Security Standards (PCI-DSS), Gramm-Leach-Bliley Act (GLBA), National Automated Clearing House Assoc (NACHA), FedRAMP, Sarbanes-Oxley Act (SOx), and FFIEC

Project management on high level initiatives for multi-billion-dollar corporations as well as government agencies (e.g., U.S. Department of Health & Human Services)

Established U.S. security clearance at Public Trust (HIGH) level EMPLOYMENT & EXPERIENCE

PartsSource, Inc

E-Commerce (PartsSource.com)

Cybersecurity Manager 03/2022 – 09/2023

• Design and architect the organization’s Cybersecurity Function including programs, plans, solutions, and mechanisms that drive the overall processes and sub-processes

• Develop the budgeting and roadmaps to deploy necessary solutions in a timely manner

• Oversee the portfolio and project plans to implement mechanisms and solutions in accordance with available budgeting of dollars, resources, and bandwidth

• Work with infrastructure leaders to ensure Layer2 Integrated Cybersecurity policy is enabled with Layer1 technology architecture components and services

• Enact Incident Response Plan subsequent to a full network breach and outage.

• Conduct response phases with users, data assets, network redesign, and security improvement based on Hot Wash exercises and After Action Review sessions.

• Team with organizational leaders to ensure embedded security is enacted with business solutions

• Publish and distribute the necessary communications, bulletins, transparency as well as Training & Awareness to the enterprise leading up to deployment of solutions and mechanisms that impact the user experience

• Negotiate commercial contracts with MSSPs and third party vendors for proper procurement of solutions and services

• Assist the Executive Leadership Team during and after both minor and critical incidents Federal Reserve Bank of Cleveland

Cleveland, OH

Security Compliance Lead 01/2021 – 01/2022

• Train and lead 2 direct reports on all responsibilities of the ISSO Office as well as operational duties for identity & access management, vulnerability management, and risk assessments for security related functions

• Lead initiatives for Third Party Cybersecurity Assurance and Cloud Security Tiger Team efforts among Federal Reserve System and local Bank colleagues

• Mentor the work of others conducting Business Impact Analysis, Continuity & Recovery Planning, and Security Incident Response Planning

• Oversee annual processes and responsibilities for System Security Plans and SA&A (Security Assessment & Authorization) associated with five different system boundaries

• Design and lead Cybersecurity Incident Response Exercises coordinated among multi-organizations - CLE-Fed, U.S. Treasury business and IT leaders, and third party support services. Sr Systems Security Analyst 01/2017 – 01/2021

• Develop and manage IT security relationships with the Dept of the U.S. Treasury and its Policy & Risk Mgmt Bureau

• Ensure FISMA and related Baseline Security Requirements for Treasury systems are implemented and maintained

• Oversee implementation of Cloud Security frameworks such as FedRAMP for Treasury systems, components, and microservices

• Coordinate annual activities for the Office of the ISSO in planning, documenting, and leading annual SCA

(Security Controls Assessment) and TAR (Technical Assessment Reporting) engagements

• Build and maintain System Security Plans for Treasury systems and related Office of the ISSO

• Report on the organization’s Resilience Program and Resilience Maturity Model for Treasury business lines and systems

• Conduct vulnerability management (scanning, technical testing) procedures for Treasury applications and report on noted vulnerabilities, mitigations, and necessary remediation plans

• Lead PCI (Plastic Card Industry) DSS (Data Security Standards) annual engagements and coordinate procedures performed by Qualified Security Assessors and Approved Scanning Vendors

• Create and maintain enterprise planning for business resumption, disaster recovery, incident response, and related reporting and communication

• Policy/SOP development - Data Classification & Handling; Social Engineering; 3rd Party Cybersecurity Assurance; Identity & Access management; Security Monitoring Sr IT Auditor 04/2012 – 12/2016

• Lead engagement teams for the local Reserve Bank as well as the FRS in areas of Information Security, Resilience, cycles of Program & Project Management, and independent FISMA control reviews

• Conduct risk assessments for functions operating locally and across the Federal Reserve System (FRS) including Information Security, Infrastructure, and Resilience

• Optimize audit programs to align with key and emerging risks identified through risk events and current operations.

• Serve as the audit liaison for FRS committees developing partnership and advisory relationships

• Lead an FRS-wide competency center with the mission to educate auditors on the function and risks related to resilience and business continuity

New York Community Bancorp

Cleveland, OH 11/2010 – 04/2012

Senior Technology Auditor

• Lead operational, compliance and integrated audits for bank technologies and IT processes – disaster recovery, application/network security, database administration, SOx, and GLBA

• Develop audit programs and procedural templates tailored to the organization’s ERM-IT survey and optimized controls

• Create documentation presented to the Audit Committee including risk assessments, risk universe and control optimization, and final audit reports with issue statements

• Responsible for documentation reviews over workpapers, audit memorandums and reports while overseeing the work of staff and contractor personnel

• Advise management on control weaknesses, process gaps, risk impact, process improvements, and best practices

• Present issues, observations, and recommendations to the chief auditor and executive management

• Mentor internal audit staff personnel in areas of the organization’s methodology, audit programs and ERM Ernst & Young, LLP

Akron/Cleveland, Ohio 06/2006 – 10/2010

Senior 3/Manager – Advisory & Assurance Services

• Assist the U.S. Office of Inspector General in the review and assessment for the Federal Information System

• Management Act (FISMA) at the Department of Health & Human Services. These reviews focus on information security program, tools and practices

• Oversee multiple staff, Internal Audit personnel, and external consultants involved with project/engagement initiative

• Regularly and effectively communicate results and status to executive leadership

• Lead Vendor Information Security Reviews (VISR) for financial institutions focused on information security controls

• and compliance

• Train, mentor and counsel internal staff while executing project workplans for various engagement types – SEC/integrated auditing, SAS 70 auditing, SOx 404 advisory/management assessments, and business process improvements aligned with IT solutions

Staff/Senior – Advisory & Assurance Services

• Conduct IT audit engagements supporting financial controls (integrated auditing) as well as application and supporting systems security reviews

• Assist manufacturing client transfer accounting responsibilities from plant location to company headquarters by documenting all Oracle worksteps for applicable functions – A/R, A/P, Banking, Vendor Maintenance, and Customer Maintenance

• Lead day-to-day activities in the deployment of a client’s software solution improving corporate account reconciliations and journal entry processes. This also required our team to validate the organizational structure within the software to the original Oracle instance. Validate data file loads transferring from Oracle to the software

• Assess management controls throughout all Oracle accounting processes (Order to Cash, Procure to Pay, PPE, Payroll, Financial Statement Close) for both manual and automated controls/configurations within Oracle (3-way match, fixed asset depreciation, sub-ledgers posting to general ledger, and data exchange between applicable system interfaces – legacy to Oracle)

• Review implementation procedures [project/resource management, data integrity (mapping/validation), security configurations) for ERP conversions to verify that management followed appropriate SDLC controls

• Collaborate with client senior management on projects and engagements communicating their status on workplan and milestone achievements

• Assist energy client with SAP implementation. Responsibilities included documentation of worksteps for various functional areas (Order to Cash, Inventory Management, Cash Management and others); draft business process flowcharts; identify risk and controls for SOx purposes; identify IT security function/role owners through discussions with senior management; map IT security role owners to roles within all submodules of the new instance The University of Akron

Akron, OH

Graduate Assistant 01/2005 – 05/2006

• Construct new Access database objects and controls for university Admissions and Advising processes

• Supervise homework and teaching computer labs consisting of 220 computers and laptops

• Install updated image software on computers and service packs on servers

• Troubleshoot technical problems with computers and lab equipment

• Assist university students with utilizing software programs, setting up VPNs, and troubleshooting technical issues The Goodyear Tire & Rubber Co.

Akron, OH

Shared Services Analyst 05/2000 – 03/2004

Wholesale Accounting/Billing Operations

• Coordinate intercompany billing and reconciliations involving international plants using SAP to post entries, track activity and reconcile accounts

• Analyze billing processes flowing between legacy and SAP, troubleshoot errors, and implement correct flow of downstream accounting improvement of process controls

• Assist in IT/accounting project designed to build an automated billing process involving multiple systems (legacy, Lotus Notes, and SAP) validating data such as billing codes and parameters for accurate invoicing

• Train and mentor new staff in IT applications (SAP, legacy, IBM mainframe) and procedures (Order to Cash, Procure to Pay, and G/L maintenance)

Retail Accounting/Credit Support

• Troubleshoot banking and accounting issues with nationwide retail store managers and district managers

• Improve collections and payroll-deduct processes at both corporate and retail store tiers EDUCATION

MS Accounting-Information Systems, University of Akron, Akron, OH (AACSB) August 2006 Post-Baccalaureate Student, Baldwin-Wallace College, Berea, OH February 2002 – August 2002 BA Education, Crown College, Knoxville, TN May 1997 PROFESSIONAL

AFFILIATIONS

ISACA – NEOhio Chapter

President (2020 – 2023)

Vice-President / Director (2007 – Present)

InfraGARD

ISACA-UA Student Group

Founding Student President

Professional Advisor to Sponsoring Professor & Student President CERTIFICATIONS

Certified Information Systems Auditor (CISA)

Certified in Risk and Information Security Controls (CRISC) Candidacy: Certified Cloud Security Professional (CCSP) TECHNOLOGIES

• Vulnerability assessment, Penetration testing, Endpoint agents, Network span, and Monitoring tools :: EDR/XDR, HIDS/NIDS, Tenable.io, AlienVault, ExtraHop, Darktrace, SentinelOne, LogRythm, Cortex, BurpSUITE, NMap, Nessus, HBGary, SNORT, NITRO, Bugzilla, QualysGuard, and CounterACT Edge

• Languages :: C#, SQL, ACL, VB, Python

• Security reviews and assessments :: Operating Systems (Windows, Citrix, Linux, Tru64, Z/OS); Databases (Oracle, DB2, SQL Server, VSAM/QSAM, Sybase); and, Applications (various)

Contact this candidate