Information Security Project Management

Stephanie Evans

Denver Metropolitan Area

************@*******.*** 303-***-****

linkedin.com/in/sevans303

Summary

My mission is to help organizations prevent, prepare, protect, detect, respond, and recover from the most sophisticated cyber attacks. With more than 20 years of experience in business and IT leadership, I help clients build technology solutions to support their infrastructure and information security needs. I have a proven track record of success in strategy, tactical planning, execution, digital transformation, project management, and strategic revenue generation.

Experience

Technical Captain (Director of Ransomware & Recovery Solutions) Fenix24

Sep 2023 - May 2024 (9 months)

As a Technical Captain, I led the engineering team in client engagements, managed finances, defined and executed objectives, spearheaded post-incident disaster recovery, and established partnerships with cyber-insurance and incident response firms.

Led ransomware engineers in restoring client infrastructure and services. Fostered a positive culture via HRIS, performance management, information systems, assessments, systems design, and evaluation.

Implemented industry-leading standards and frameworks as best practices. Manage projects using traditional and agile approaches. Information Technology Executive (High Plains & Rocky Mtn. Region) Amazon

Sep 2022 - Oct 2023 (1 year 2 months)

Managed project designs, data center inspections, and product development; oversaw resource changes and Amazon

technology risk assessments; improved customer service through situational leadership and design- thinking solutions.

Managed IT systems and applications across 19 distribution centers in two regions. Evaluated business models for creating sustainable technologies at distribution centers. Promoted best practices in safety, QA, and OSHA, ensuring industrial hygiene and compliance standards.

Oversaw system and infrastructure lifecycle including software development Third Party Vulnerability Assessor

Apple

Jan 2022 - Sep 2022 (9 months)

Stephanie Evans - page 1

I managed third-party vendor assessments, ensured compliance with Apple's vendor contracts through testing and validation, and conducted quarterly system penetration tests as part of the integrated risk management framework.

Oversee IT systems security, carrying out audit & risk management task, lead engagements, design & implement digital transformation, and ensure IoT device compliance using data analysis. Executed GRC evaluations and pen-testing with various frameworks to boost secure services. Managed policy governance and supply chain to ensure comprehensive product security. Negotiated various agreements and review contracts using benchmarks, KPI's, trend analysis, and industry data to ensure proper coordination with stakeholders, business leaders, engineers, legal, program management, and supply chain.

Collaborate with suppliers on manufacturing processes, technology, and policies for mutual agreement. Deliver cost-effective projects enhancing ROI. Manage cross-functional projects to meet customer-set goals and objectives.

Assess critical suppliers' financial health, ensure compliance with federal regulations including export controls, and develop high-performing teams using leadership methodologies. Chief Information Officer

Viaero Wireless

May 2021 - Jan 2022 (9 months)

Oversee fiber network and telecommunications for 350k customers, led technical and customer relations teams, promoted team performance, drove business growth via tech strategies, managed sales cycles, and shared innovative technologies with smaller providers. Led the first global rip and replace of Huawei core infrastructure, mandated by the federal government, involving data center hardware updates, implementing cybersecurity technologies for customer safety, and regulatory compliance & assurance.

Managed network standards, including firewalls and fiber services, and implemented protective frameworks like MITRE, NIST, and FISMA. Assessed compliance with federal and state regulations for telecom providers.

Managed technical support for business operations and field services. Implement customer-focused service improvements and lead incident management while upholding service levels for customers and investors.

Chief Information Security Officer

Graebel Companies, Inc.

Nov 2020 - Jun 2021 (8 months)

Developed and maintained a comprehensive information security program, implementing consistent policies and procedures to strengthen security practices. Directed risk management objectives to minimize risk and ensure appropriate use of information, maintaining its integrity, confidentiality, and availability. Established data privacy office and compliance programs for global regulatory adherence. Managed development & engineering team

Led systems design and security governance programs via corporate change initiatives. Implemented BCP/DR plan.

Lead development, implementation, and monitoring of systems security solutions. Implement leadership committees to ensure top-down support of security and privacy measures, including data governance, policy management & review, and technology implementation support. Oversee security risk assessments, mitigation plans, and execution of a risk management strategy. Stephanie Evans - page 2

Assess and mitigate security risks, threats, and vulnerabilities using relevant tools, tactics, and procedures for identifying vulnerabilities, as well as, the identification/validation of information systems. Managing Principal

Divurgent

Feb 2021 - May 2021 (4 months)

Work with board members to design and build programs to support overall quality and safety standards in healthcare systems.

Work with Microsoft board of trustee members to implement Microsoft trusted security programs into healthcare standards of technology for clinical practice. Conduct roadshows and present at healthcare conferences global with respect to research and new studies/technologies specifically designed for consulting in healthcare organizations to regulatory requirements and standards of care.

Spearhead new cybersecurity practice for healthcare consulting firm. Increased annual revenues in first quarter earnings from $500k to $2.76 million with projected 230%YOY growth.

Executive, Cybersecurity Consulting Firm

Accenture

Jul 2017 - Oct 2020 (3 years 4 months)

Successfully implemented security technologies, governance, compliance, and risk management programs for both federal agencies and non-government organizations. Oversee global projects, handling deployment, configuration, and maintenance of diverse on-site and cloud-based security technologies.

Managed actionable threat intelligence, detection technology development, risk assessments, compliance audits, and cybersecurity consulting.

Created threat detection strategies using various technologies, collaborated with researchers to improve testing services, and developed simpler tools, processes, and procedures. Contributed to innovative security control services that support the client's goals and objectives, special consideration given to sectors such as energy, government, finance, manufacturing, entertainment, healthcare, and resources due to regulatory requirements, and the systems design & analysis required to support client engagements.

Global Director of Information Security Governance Pearson

May 2017 - Jun 2018 (1 year 2 months)

Directed the creation, execution, and maintenance of a comprehensive cyber risk governance program. Responsibilities included enterprise-wide risk and threat assessment, designing and enforcing cyber risk controls, monitoring cyber threats, and implementing security training. Managed and resolved cyber-risk issues using COBIT, NIST, ISO 27001, and PCI-DSS frameworks. Oversaw BCP-DR program while developing IT risk and cybersecurity programs. Created metrics platform for risk visibility and reporting.

Maintained cyber risk governance frameworks across the enterprise, assessing business risks, implementing controls, and monitoring/reporting on cyber threats. Led global IT security planning and execution, implementing cyber resiliency with MITRE tools, data analytics, threat intel, and risk assessment. Utilized analytical skills for problem-solving in IT trends, Stephanie Evans - page 3

system processes, and security risks. Developed a global security awareness program managing strategic risk control.

Information Technology Executive

Code Blue Cyber

Feb 2009 - Jul 2017 (8 years 6 months)

Managed global risk using IT compliance standards. Expert in GRC/Privacy Program Management, DPIA Joint Ventures. Security Education Awareness Programs, and Staff Augmentation. Proficient in Project Management, Business Enablement, and Security Solution Mobilization and Operations.

Implement industry-leading practices concerning information security programs. Directed advisory and consulting engagements focusing on human capital, HRIS, CMMC, CMMI, risk, compliance, and healthcare regulations including HIPAA and HITECH. Led strategic software development project using GRC Allgress and Archer platforms. Sr. IT Audit Manager

DaVita Kidney Care

Apr 2015 - Jun 2016 (1 year 3 months)

Performed security analysis for healthcare controls, reviewed system designs, conducted monthly IT and business control reviews to manage risk, and asses global IT security controls domestically and internationally.

Led and managed risk-based, project-specific audits adhering to best practices in IT security, compliance, and internal procedures. Applied ITSM methodologies and agile deployment for asset protection and ensured secure procedure compliance through GRC functions and enterprise standard designs.

Established and assessed Internal IT Audit and compliance function as per company audit committee guidance.

Ensured IT audit team's duty separation through strong accountability, integrity, and ethics program. Senior Information Technology Audit Manager

JBS USA

Jan 2015 - Apr 2015 (4 months)

Designed IT audit function for North America.

Implemented SAP audit and compliance procedures, resulting in a 89% increase in compliance in first quarter.

Led IT audit and compliance reviews, utilizing risk based audit tools and processes. Decreased IT related systems fraud and misuse by 69% in first quarter. Compliance Manager

MarkWest Energy Partners, L.P.

Oct 2014 - Apr 2015 (7 months)

Planned and implemented a comprehensive compliance program for the organization, optimizing compliance through technology services.

Designed enterprise policy management system to meet industry standards and regulations. Managed planning, design, implementation, and maintenance of a compliance program for system-wide adherence to conduct codes and legal regulations.

Stephanie Evans - page 4

Managed planning and execution of IT audit and compliance department integration, as a business partnership with financial systems audit & risk management. Oversaw privacy, security programs, and an enterprise-wide information security management program. Collaborated with internal and external resources for audits. Directed IT service management and delivery for oil & gas/energy projects. Incident, Problem and Change Management

Nelnet

Mar 2012 - Jan 2015 (2 years 11 months)

Oversee IT disruptions, restoring services as per SLAs. Execute incident, problem, and change management for efficient service

delivery.

Led ITSM & network engineering teams providing service restoration and critical incident management. Investigate issues through proper incident command. This includes auditing information systems/ applications and hardware infrastructure.

Ensure delivery of IT systems that are fit for purpose, and meet customer expectations. Investigate incidents, problems, and changes to systems to ensure change advisory board approval was received and documented. Determine root cause through investigation and completion of RCA. Report findings to executive team and board members to determine if further action is needed. Education

Colorado Christian University

Bachelor's degree, Organizational Management, Minor in Project Management 2012 - Present

Cybersecurity, Organizational Management, Project-Management -PMI Accredited Eastern Washington University

Master of Business Administration - MBA, Health/Health Care Administration/ Management

May 2024 - Mar 2025

Licenses & Certifications

ITIL Foundations Certification (V3) - AXELOS Global Best Practice GR750153753SE

Certified Security Professional (CSP) - Mile2

449300

IT Audit & Controls

Skills

Stephanie Evans - page 5

Organizational Consulting • Administration • ISO 27001 • Info Sec • Go-to-Market Strategy • Director level • Digital Strategy • Professional Services • Analytical Skills • Large Events Stephanie Evans - page 6

Contact this candidate