Jessie Querl, M.S.I.S., PMP, ITIL

Cyber security advisor specializing in supporting the DoD/Federal Government/State Health care/VA sectors with a focus on regulatory compliance, audit, governance, risk, and regulatory compliance specializing in providing consulting services, and project management utilizing a blend of industry best practices, security, and privacy to deliver optimal results.

***Secret Clearance***

ad40xl@r.postjobfree.com

202-***-**** (text or call)

SUMMARY OF QUALIFICATIONS

25 years of experience providing cybersecurity advisory services to the federal Defense Department and Intelligence Community clients, commercial, and Health care industries.

Expertise in project management, audit, risk assessment, vulnerability management, and policy development utilizing master-level communication skills managing customer relationships.

Leverages expertise with deep domain knowledge of common industry regulatory frameworks, assessment methodologies, guidance, and standards; FISMA, NIST RMF, NIST CSF, NIST SP 800-53, ISO 27001, ISO 27002, CMS MARS-E 2.2, IRS Pub 1075, HITRUST, HIPAA, GDPR, SOC-2, FISCAM, and NYDFS identifying root cause issues, and recommending risk-based remediations to improve an organization’s security posture.

Experienced with serving as a solutions leader bringing industry-leading thoughts and innovation for commercial cyber consulting organizations.

Experienced in leading enterprise consulting engagements with Fortune 500 and Global 500 clients and briefing executive-level client stakeholders, including CIO, CTO, or CISO.

Consulted in the big four consulting firms, Deloitte Cyber Advisory and Booz Allen Hamilton practices.

Highly experienced in leading, managing, including financial management, and providing career development mentoring.

M.S.I.S., Drexel University

US Air Force Intelligence Veteran

EXECUTIVE SUMMARY

Jessie has been in the Cyber Security space for over 25 years. She is experienced in leading geographically dispersed security initiatives. Her leadership experience spans policy development, extensive vulnerability management, audit, and developing and leading remediation strategies in alignment with established frameworks and industry best practices. She has provided cybersecurity advisory services to the Federal sector (DoD / Intel), Commercial, and Public Health Care industries.

As a result of her experience, Jessie excels at bringing the operational picture to light when an approach is being developed to new or current cyber security initiatives. She utilizes an integrated blend of experience, reverse-process analysis, the risk management framework, and the organization’s risk tolerance/priorities when managing an initiative or developing the plan in concert with the client.

During her consulting time, she worked for three of the big four consulting companies, providing her the opportunity to work with many different clients in various industries. This exposure showed from a cross-cutting perspective what did and didn’t work well in each industry, enabling Jessie to bring ever-evolving insights into how to accelerate the initial analysis, facilitate better requirements, and streamline efficiencies for project delivery in cyber security.

She has multi-faceted experience in all cyber domains as a result of working with audit findings; specifically, all aspects of a system security plan (SSP), such as business continuity, disaster recovery, business impact analysis, incident management, and overall program compliance.

Jessie has a Master of Science in Information Systems from Drexel University and is a United States Air Force Intelligence Non-Commissioned Officer veteran. She holds the PMP and ITIL certifications. Jessie leverages all her experience to bring to the table the most efficient, well-rounded solution sets to client’s cyber security challenges and goals enabling them to move forward securely.

PROFESSIONAL EXPRIENCE

ECS Technical Solutions January 2023 – April 2024

Senior Cyber Security Advisor, MD

Senior Cyber Security Advisor supporting the Department of Commerce (DOC) and the Census Bureau.

Provide regulatory, and industry best practice guidance while directly supporting the standardization and alignment of Census Bureau policies with the overarching policies of the Department of Commerce.

Provide continuous monitoring support to DOC directly supporting the government audition function.

Leverage relationships by working closely with the CISO of Census as a Trusted Advisor to provide insight and recommendations to streamline processes and minimize duplicative efforts across organizational directorates.

Global Solutions August 2019 – July 2022

Senior Cyber Security Advisor, MD

Senior Cyber Security Advisor for the Department of Commerce - Census Bureau.

Single-handedly identified a significant gap in the remediation of vulnerabilities here they were not being formally entered or tracked for resolution. Decennial systems resolved an unprecedented 500+ aged findings/leins in under six months. This initiative additionally further recognized a large cost savings to the client as it identified 30% of the current security controls being done under continuous monitoring as being eligible for inheritance, thus reducing the total number of security controls the Program need was required to address monthly.

Provided senior-level cybersecurity advisory services and strategy for Department of Census Decennial systems to maintain information security compliance with continuous monitoring and remediation of identified vulnerabilities leveraging an extensive background of managing enterprise-level remediation efforts for the 2020 Census.

Ensured the optimal operational security posture for key Decennial systems to support the 2020 Census through the tracking of POA&Ms, and proactive tailoring of inherited controls which resulted in an enhanced security posture.

Responsible for providing continuous monitoring and vulnerability remediation support of one of the largest geodetic data systems, resulting in the secure maintenance of geographic data integral to Census efforts.

Individual Organizations (1099), USA March 2019 – July 2019

Lead Auditor and Cyber Security Advisor

Developed an enterprise strategy roadmap and detailed componentized projects to move the organization to maturity and increase regulatory compliance with the New York Department of Financial Services (NYDFS) (23 NYCRR 500) ISO 27001:2013.

Provided SOC-2, General Data Protection Regulation (GDPR), and ISO 27001:2013 assessment and audit expertise for INTL FCStone (StoneX).

Comtech September 2018 – March 2019

Senior Cyber Security Manager, Washington D.C.

Senior Manager for Federal Employee Program Operations Center (FEPOC) BlueCross BlueShield.

Interfaced with internal, and external stakeholders, and the Director’s office for all points regarding the Security Information Event Management (SIEM), projects to include scope, progress, and plan development of the 1+ million-dollar initiative.

Provided leadership and direction for the remediation of organizational technical debt, to complete the modernization of FEPOC’s infrastructure and services to develop software releases. The releases support 35 healthcare insurance providers across the United States.

Worked with key stakeholders in a highly matrixed organization to develop resource-sharing relationships that enable agile project execution among competing priorities.

Deloitte (and supported Clients), CA, D.C., DE, IL, KY, MD, VA) February 2013 – February 2018

Cyber Security Manager September 2017 – February 2018

Specialist Master Cyber Security Framework, MD

Program Manager for Cyber Risk Services, (CRS) for National Institute of Standards and Technology (NIST).

Managed the program team which implemented the technical and operational efforts required to operationalize an RSA Archer / Tableau solution for NIST Headquarters to manage activities associated with the Assessment and Authorization (A&A) activities of the RMF.

oIdentified the problem and solution to data not being tabulated correctly in the GRC system and gained increased client trust as a result and the NIST program being used as proof of concepts/best practices in RFI/RFP response.

Directly led the successful effort to win 1.5 million in follow-on privacy work to build out the A&A solution.

Interacted daily with the client, who was also the COR (Contract Responsible Officer) for iterative feedback regarding project status, risks, and mitigation strategies of cyber services for NIST.

Managed and approved program-related budgetary responsibilities including the hiring of staff, burn rate, project budget, and areas for improvement.

Threat Intelligence Project Manager, Washington D.C. May 2016 – February 2017

Project Manager for the United States Postal Service (USPS) Threat Intelligence organization.

Provided SME advisory services to USPS, leveraging threat intelligence tenants from prior experience of being a USAF Intelligence military analyst.

Provided input for the recommended structure and framework for the implementation of a threat intelligence unit at USPS. Duties include responsibilities for the Operational, Tactical, and Strategic procedures and shared workflows, documenting interrelated dependencies.

Managed and assisted in the lifecycle of creating, reviewing for compliance, and the delivery of evidence to remediate identified vulnerabilities in the USPS environment.

Cyber security Specialist Advisor, Chicago, IL January 2016 – May 2016

Lead Cyber security for an enterprise strategy roadmap assessment.

Lead a team of consultants and interacted with the CISO for a cradle-to-grave assessment of Takeda’s, a pharmaceutical firm) cyber security enterprise roadmap assessment which resulted in a deliverable detailing a five and seven-year plan prioritized by risk to the client.

Oversaw key stakeholder interactions to ensure the proper gathering of assessment inputs detailing the current security posture/state and provide senior management presence given the visibility of the initiative for the client.

Directly interfaced with the CISO and client cybersecurity staff daily to plan, coordinate, and have the findings of penetration tests reviewed and provided to the CISO for remediation.

Enterprise Identity and Access Management Project Manager, DE September 2015 – February 2016

Project Manager for the Delaware Eligibility Mondernizaiton (DEM) for the Delaware Health and Human Services (DHSS) EIAM security initiatives.

Managed the project plan and related activities for the major Release 3.0, which deployed the full suite of applications that completed the modernization of the Application for Social Services Internet Screening Tool (ASSIST) platform providing an integrated single sign-on capability for people to request State aid.

Insured deliverables were correctly developed and provided to the project management office for review before submission to the client which ensured contractual compliance and meeting of SLAs.

Managed the development of the system security plan (SSP) to update the SSP from Centers for Medicare, and Medicaid Services (CMS) Minimum Acceptable Risk Standards for Exchanges (MARS-E) 1.0 requirements to 2.0 requirements.

Lead auditor for HIPAA and NIST CSF audits for the states of Delaware and Kentucky, which resulted in detailed audit reports that provided information to conduct an enterprise security gap-analysis and provided a risk based remediation plan to meet regulatory compliance requirements.

Specialist Master Cyber Security, CA April 2014 – August 2015

Provided specialized NIST SP 800-53 domain knowledge to develop information security policies and procedures for Meggitt, an aero defense manufacturing company.

Worked closely with the Chief Information Security Officer (CISO) and senior team to identify requirements for the necessary documentation to comply with the governing guidance. Meggitt is required to operate under the International Traffic in Arms Regulations (ITAR), Defense Federal Acquisition Regulation (DFAR).

Managed the team to develop policies, procedures, and executive-level briefings to socialize the CISO’s effort to develop a more mature corporate information security posture.

Federal Information Systems Control Audit Manual (FISCAM) Auditor, VA February 2013 – October 2014

Provided FISCAM leadership and assessment expertise in support of the Defense Intelligence Agency (DIA) for a future Inspector General (IG) FISCAM audit.

Leveraged current assessment work products into an aggregated master format to facilitate the provisioning of quantifiable metrics in a timely fashion.

Recommended gains in efficiency recognized through incorporating findings at the aggregated level to be recorded and reported in the Plan and Action Milestone (POA&M) as milestones.

Morgan Franklin and Inforistec (1099 contractor), VA June 2012 – October 2012

HIPAA Security and Privacy Auditor

Morgan Franklin

Provided HIPAA assessment expertise to evaluate Booz Allen’s Cyber Computing Center (CCC) compliance with current HIPAA requirements and NIST SP 800-53v4 Appendix J. Evaluation for compliance consisted of interviews with SMEs, and artifact review to validate conformance with control and policy requirements. The final deliverable clearly articulated the HIPAA Privacy portion of the assessment and the necessary actions, ranked by business impact, for Booz Allen to mitigate and meet compliance requirements.

Inforistec

Worked with development and pilot teams to develop and implement Health IT Security and Privacy SaaS-based compliance and decision support applications.

Provided questions and answers, and guidance to efforts to design and implement a simplified, end-to-end system to manage HIPAA HITECH security and privacy compliance assessments and remediation efforts.

Created consulting toolkits to ease assessment/analysis engagements and facilitate technology implementations around current healthcare market challenges; Meaningful Use, HIPAA Security Rule, EMR, and EHR adoption and implementation, and Business Continuity Planning.

General Dynamics Information Technology (GDIT), VA October 2010 – June 2012

Governance, Risk, and Compliance Manager supporting New Campus East (NCE) National Geospatial Agency (NGA).

Provided SME guidance and recommendations to NGA on the implementation and successful execution of security practices and strategic initiatives to support NGA’s mission.

Analyzed and identified security strategies and recommended the best approach and practices.

oLead Cyber advisor on the strategy from inception to execution of transitioning from CNSS 1253 to ICD 503 which is based on NIST SP 800-53.

oDeveloped and provided ICD 503/ NIST 800 – 53 training to engineering for necessary knowledge in DevOp requirement definition.

Identified the Subcontractor was not compliant with IT security staff having the appropriate security certification per DoD 8570.M and SLA requirements. Directly ensured through the identification of necessary training for personnel contractual compliance and SLA bonuses.

Provided leadership, management, and supervisory IA skills as identified in DoD 8570.M – to include assurance of rigorous application of IA policies, principles, and practices in the delivery of information technology (IT) and IA services.

Identified the IT security program implications of new technologies or technology upgrades. Conducted IA cost benefit, economic, and risk analysis in the IT acquisitions decision-making process. Interpreted security requirements relative to the capabilities of new information technologies.

Evaluated tools and oversaw the implementation of solutions to fulfill requirements of Risk Management Framework’s (RMF) monitor and control requirements under the provisions of ICD 503. Monitored and evaluated the effectiveness of IA security procedures and safeguards.

Implemented proactive remediation activities during the design phase of the SDLC to recognize an appreciation in efficiency of 30% in the C&A process resulting in more ATO/s receiving three-year operating approvals and a decrease of Plan of Action and Milestones requiring lien resolution by 40%.

CACI, Washington D.C. August 2009 – October 2010

Deputy Program Manager for the Naval Criminal Investigative Service Information Technology Support Service (NCIS) Contract.

Managed a program of assessment governed by DIACAP/8570 that uncovered several compliance issues in the program. Worked with Security Services to build remediation plans and C&A assessment protocols to bring the program back under FISMA compliance. Managed, through oversight, the SIPRNET and NIPRNET programs and the C&A program for submission of a three-year ATO.

Managed the contract for the Program Manager at the technical level.

Managed communications interfacing with government representatives, and each subcontracting team.

Reviewed strategic plans, marketing plans, subcontracting proposals, and deliverables determining contract costs while ensuring conformity with contract terms and conditions.

Coordinated project planning and business unit productivity providing continuous oversight for the program including NIPRNET/SIPRNET/JWICS enterprise remediation.

Approved invoices and tracked “burn rate,” ODC, contract modifications, and business relationships.

Prepared monthly financial reports for the COO and coordinated cost issues with the COR.

Reviewed, assessed, and formulated plans of action to increase and enhance the overall effectiveness of ITSS provided.

Wrote proposals in support of Projects, task orders, and project deliverables.

oResponsible for planning, analyzing, developing, implementing, maintaining, and enhancing information systems security programs, policies, procedures, and tools to ensure the confidentiality, integrity, and availability of systems, networks, and data.

oKnowledge of, and skill in applying, IT security principles and methods to develop, implement, and coordinate activities designed to ensure, protect, and restore IT systems and services. Ability to plan and coordinate the delivery of an IT security awareness training program for end users at all levels in the agency.

oMastery knowledge of, and skill in applying advanced IT principles, concepts, methods, standards, and practices sufficient to develop and interpret policies, procedures, and strategies governing the planning and delivery of services throughout the Directorate.

Pinnacle Technical Resource, Inc. (W-2 Contractor), VA April 2009 – August 2009

Senior Advisor Cyber security AT&T Consulting, Inc. (Calisma) supporting TNet Program (Department of the Treasury).

Supported the TNet Security Services Department as an IA process analyst and technical writer in the initial program Authority to Operate (ATO). The focus of this activity was to underwrite a FIPS-199 “HIGH” security program for the Department of Treasury in its implementation of a new General Support System (GSS) comprised of 39 subsystems.

oIdentified issues and gathered functional/technical requirements during interviews while facilitating discussion with subject matter experts applicable to the initiative for implementing a FIPS-199 “HIGH” system using NIST best practices.

Unisys Federal Systems Security Services, VA July 2005 – April 2009

Senior Cyber Security Analyst

PM assigned the task of defining the Security Certification and Accreditation Process for Unisys Security Services.

Responsible for developing the first documented Patch Management Process document for TSA.

Developed the governing protocol as the program PM for designing, defining, implementing, and managing the Change Management Process complete with documentation. This effort resulted in a comprehensive guide for submitting requests to the Change Management Process for IT infrastructure changes under the TSA ITMS contract.

Program Manager responsible for the successful tracking, reporting, and remediation of over 1500 POA&Ms). This required outreach efforts to groups and teams outside of Security to properly identify any outstanding issues or questions.

Managed the successful reporting and documentation of remediate findings, helping the customer to maintain an unprecedented A+ FISMA score, outscoring all other DHS components.

EDUCATION & CERTIFICATION

M.S., Information Systems and Technology, Drexel University March 2014

B.A.S., Computer Information Systems, Mount Olive College, NC May 2004

A.A.S., Communications Applications Technology, Community College of the Air Force August 2003

Certifications and Awards

ITIL Foundation V3 October 2010

Project Manager Professional (PMP) May 2007

Military Leadership and Development School August 2003

Contact this candidate