DREXEL A. PETERSON JR

Plymouth, MA *****; Mobile - 617-***-****; ad4l0i@r.postjobfree.com

CAREER EXPERIENCE:

OVER THIRTY YEARS IT AND CYBERSECURITY EXPERIENCE ENABLING THE SECOND LINE OF SECURITY DEFENSE FOR GOVERNANCE, RISK MANAGEMENT, COMPLIANCE, AND RESILIENCY

Governance Risk and Compliance (GRC) assessment, reporting, and remediation

IT cybersecurity control and risk assessment, audit, and remediation utilizing multiple enabling tools in NIST 800-53, CSF, CMMC & RMF and ISO and other frameworks

Information security process management and execution: Vendor Risk Management Disaster Recovery and Business Continuity Incident Management Change Management

Project and Program Management Vulnerability Management & Remediation PTC 10/2017 – 05/2023

IT Risk and Security Principal, IT Compliance and Resilience group in Boston, MA Internal PTC GRC security risk and compliance reviews for PTC data, product, and development units

• Initiated and managed the IT GRC program at PTC as the second line of security defense

• Completed and reported on over 4 years of quarterly and annual assessments based on control and risk frameworks from NIST CSF and NIST 800-53, FISMA, ISO and CIS using AuditBoard

• Introduced risk management maturity analyses with NIST CSF and RMF, Stride-LM, and Att&ck

• Expanded the use of the AuditBoard assessment and audit tool beyond GRC into the allied areas of Corporate Compliance, Privacy (GDPR), Finance, Cloud FedRAMP, and Internal Audit External responses for compliance audits

• Managed two years of CMMC preparation, the pre-assessment to meet the new CMMC requirements, all this after 3 years managing PTC’s DFARS/ITAR (CUI) solutions

• Responded to and executed external regulatory and multiple major customer or partner- required reviews based in ISO 27001/2, TISAX (based on ISO), and CyberGRX Vendor Risk Management, supply chain security and assessment

• Formulated the PTC Vendor Risk Management process and integrated vendor management tool, OneTrust, into the ServiceNow-based sourcing & procurement process

• Carried out over 600 third-party assessments for IT Security during 5 years in the VRM process Disaster Recovery and Incident Management

• Wrote PTC Corporate and IT Disaster Recovery Policies and Top-Level IT Plan

• Overhauled and restructured the Corporate IT Incident Response Policy integrating multiple incident response plans from business and customer support units with disaster recovery Change Management

• Managed for four years the Change Advisory Board and the IT Change Management process in ServiceNow

IT Policies and Procedures Management

• Owned Information Security Policy and integrated it with over 30 subsidiary policies and procedures over five years

EDUCATION: Harvard University, B.A., M.A., Ph.D. (Anthropology) METLIFE 10/1999 – 11/2013

IT Compliance Analyst, MetLife Boston

IT Risk and Security, Vulnerability and Threat Management and Cyber Security, starting 2009

• Managed external and internal PCI vulnerability scans with threat analysis and identification and remediation of over 22,000 detected vulnerabilities to meet PCI DSS compliance requirements

• Created the Archer-based policies and procedures to meet PCI DSS compliance requirements Project Manager, Major Programs, MetLife Technology Services, Boston, from 1999 to 2009

MetLife Technology Services, Major Program Manager

• Project manager for major programs and projects for IT across all MetLife lines of business

• Evaluated systems and protocols and data to enforce least privilege and segregation of duties involving Internet access or excessive internal access

• Project manager for major initiatives for multiple lines of business and for Technology Services CVS HEALTH 01/2017-09/2017

Controls Assessment and Monitoring Consultant, contracted by Randstad Technologies at CVS corporate headquarters in Woonsocket, RI

Created Corrective Action Plans in Archer with monitoring to ensure that over 100,000 Windows workstations and servers securely met CVS Security Policy Standards and provided repeating reviews of application, operating, and database systems and their support status for over 20,000 systems UNFI 05/2014 – 12/2016

IT Security, Internal Auditor and Disaster Recovery Program Manager, United Natural Foods at corporate headquarters in Providence, RI

Performed and reported on over 20 internal security audits including privileged access management, database security controls, vendor access to the UNFI network, and SOX procedures

• Investigated and corrected document and data retention of customer-provided information to meet PCI and PII (privacy) compliance and standards

• Created and managed security checklists for third-party vendors and for cloud hosting

• Updated & configured systems for Point-of-Sale PCI DSS compliance for grocery market subsidiary

For two years managed the Disaster Recovery Program for UNFI by overseeing two successful full annual cycles of DR Tests for UNFI and subsidiaries including over 30 detailed infrastructure, application, and data recovery sub-plans

• Updated all Business Impact Analyses (BIAs) for all business units

• Integrated plans and tests for newly acquired subsidiaries and distribution centers HEALTHEDGE 12/2013 – 03/2014

Resiliency Contract Consultant, wrote Crisis Communication and Business Continuity Plans for the HealthEdge Burlington, MA, corporate headquarters and for their Powell, OH, data center facility NETWORKING AND DEVICE ADMIN; BUSINESS CONTINUITY 1995 - 1999 Multiple contract assignments including Massachusetts RMV; BankBoston; Chase Bank – DR setup; New England Financial; Sun Life of Canada – DR & Y2K setup; and others in Boston covering areas including workstation setup, endpoint protection, networking U S Army Corps of Engineers, Memphis District 1991 – 1995

• Civilian employee, Sr Systems Engineer, Task Leader, Con-Ops Division

Contact this candidate