Information Security Project Manager
Resume:
Professional Experience
NuScale Power
Manager, Information Security
July 2019 to January 2024
Summary:
Passionate and curious Manager of Information Security with a demonstrated history of leading transformative initiatives within diverse organizations. Skilled in driving organizational change, implementing robust security measures, and ensuring compliance with industry standards. Adept at strategic planning, program development, and stakeholder management to enhance cybersecurity posture and mitigate risks effectively.
Professional Experience:
Manager, Information Security - NuScale Power July 2019 to January 2024
Spearheaded the reorganization of the Information Security Department, overseeing the transition from a 2-person ad hoc structure to a 7-member team across multiple geographic locations.
Managed organizational change during the implementation of cybersecurity initiatives including Third Party Risk, IT Compliance (Sarbanes Oxley, SOC2), and Enterprise Risk Management (COSO), as well as the adoption of NIST CSF.
Implemented a comprehensive suite of security tools including FortiMail, FortiAnalyzer, CrowdStrike EDR/XDR, Menlo Web Application Browser, SailPoint IAM, and Devolutions PAM.
Led the implementation of ITIL/ITSM as part of the Enterprise Risk Management strategy, driving efficiency and alignment with industry best practices.
Key Achievements:
Successfully reorganized the Information Security Department, establishing a risk-based Security Operations team and enhancing program awareness.
Implemented a robust security monitoring platform for Advanced Threat Protection and incident response capabilities, improving the organization's resilience against cyber threats.
Led the development and execution of the Third Party Risk program, ensuring compliance with regulatory requirements and mitigating supply chain risks effectively.
Collaborated with stakeholders to establish IT compliance for Sarbanes Oxley (SOX), implementing SailPoint IAM and Devolutions PAM applications.
Managed vendor relationships and established a vendor and third-party risk program to assess security posture and ensure adherence to engineering standards.
Independent Management Consultant - Governance Risk and Compliance April 2016 to July 2019
Key Achievements:
Conducted vulnerability assessments and compliance consulting for clients including Burns & McDonnell, Swinerton Builders (SOLV Solar), and Arizona Public Service, focusing on physical and logical security.
Managed the completion of the NERC CIP program for Swinerton Builders, ensuring compliance with regulatory requirements.
Coordinated efforts with InfoSec, engineering, and IT to upgrade cybersecurity compliance for Arizona Public Service, meeting NERC CIP V5 compliance deliverables.
Bridge Consulting Group - Principal Consultant March 2015 to April 2016
Key Achievements:
Conducted vulnerability assessments of critical areas of PG&E's operations network, providing recommendations for remediation and enhancing security resilience.
Collaborated with stakeholders to identify potential vulnerabilities and implemented remediation actions to strengthen security posture.
Robert Hakes Construction LLC
Manager
June 2014–February 2015
I leveraged my experience in the utility industry to help a peer launch his business in the construction industry.
Key Achievements
• Manager:
oManaged day-to-day projects for a tenant improvement construction company.
oOversaw project budgets, execution, ensuring task completion and following project requirements.
oScoped new opportunities with prospective clients, including drafting statements of work and proposals.
oStrengthened existing and developed new client relationships.
• Subcontractor Collaboration:
oCollaborated with subcontractors on bid estimating, fostering a strong working relationship.
oCoordinated project scheduling with subcontractors to ensure timely completion of tasks.
• Quality Assurance:
oImplemented quality assurance measures to uphold construction standards and ensure the delivery of high-quality projects.
• Customer Communication:
oInteracted with customers to manage expectations, providing regular updates on project details and status.
oEnsured effective communication channels to address customer concerns and maintain a positive relationship.
• Budget and Schedule Management:
oPlanned contingencies to facilitate the achievement of project budgets and schedules.
oI monitored and adjusted project plans as needed to ensure we met the objectives within the established constraints.
• Results: The Company is growing and doing very well. More importantly, we are still fast friends.
Acumen Engineered Solutions International Inc.
Associate Senior Project Manager
January 2014 – May 2014
I oversaw the preparation of documentation of NERC CIP Version 5 for Ontario Hydro.
Key Achievements
• Documentation Preparation:
oDeveloped comprehensive documentation for NERC CIP Version 5...
oCreated training materials for Plant and Transmission Managers for NERC CIP compliance.
• NERC CIP Version 5 RSAWs:
oPrepared Reliability Standard Audit Worksheets (RSAWs) related to NERC CIP Version 5.
oExecuted this task for a large electric utility operating in Eastern Canada, emphasizing compliance and reliability standards.
Medical Hiatus
Duration: February 2013 to December 2014
Bonneville Power Authority (BPA)
Associate Senior Project Manager
December 2012 – February 2013
I was sought out to consult on a SOC design utilizing my, security engineering expertise for a new Cyber Security Operations Center. Engagement included incident management procedural recommendations and Tool (SIEM) selection.
Key Achievements:
• Enterprise Security Systems Analysis:
oConducted high-level analysis of the Bonneville Power enterprise security systems.
• Request for Information (RFI) Preparation:
oPrepared RFI for a Cyber Security Operations and Analysis Center (CSOC).
oThe RFIs covered two areas: Managed Security Service and Monitoring as a Service.
• Alternate Solutions Submission:
oSubmitted alternate solutions to stakeholders for building, staffing, and provisioning the CSOC.
• Governance Plan Development:
oDeveloped a governance plan for the CSOC.
• Expertise Recognition:
oAcknowledged for the ability to bring a solid understanding of utility system operations.
oRecognized for a strong grounding in technology (OT/IT) and cybersecurity.
• Valuable Contribution:
oMy ability to combine knowledge of utility operations, technology, and cybersecurity was considered invaluable to the project.
• Results:
The construction of the Cyber Security Operations Center incorporated all recommendations.
Black & Veatch
Management Consulting - senior (Manager) Consultant
September 2009 – August 2013
As a Senior Consultant at Black & Veatch, I focused on cybersecurity, compliance, and risk management within the electric power and water industries. My responsibilities included performing information security advisement and risk assessments based upon industry-accepted standards. My major client was the Tennessee Valley Authority (TVA).
Key Achievements:
• Served as the Program Manager for TVA’s NERC CIP/NIST 800-53 Compliance Assessment:
oIn this role, I oversaw and managed the compliance assessment process for the TVA concerning NERC Critical Infrastructure Protection (CIP) standards and NIST 800-53.
• Prepared NIST 800-53 based controls for Vulnerability Assessment (VA)
oSelected controls from NIST 800-53 family that best meet the needs for TVA to ensure compliance with FISMA standards, for vulnerability assessments. This project helped TVA strengthen its existing compliance and cybersecurity infrastructure.
• Led analysis of the cybersecurity program of TVA’s fossil fleet (28 plants):
oI led the team responsible for assessing and improving the cybersecurity program for TVA's fossil fleet, which comprises 28 plants. This involved a comprehensive understanding of cybersecurity measures and strategies.
• Worked onsite for the following 6 clients:
oSalt River Project – Tempe, Arizona
Responsibilities: Led assessment of all water and power generation facilities.
• Results: Worked with Salt River to mitigate the security gaps found in their systems.
oCentral Maine Power – Augusta, Maine
Responsibilities: Worked on the NERC CIP compliance project.
•Results: I was reassigned before completion of project. Black & Vetch was awarded additional contracts after I left.
oCity Public Services – San Antonio, Texas
•Responsibilities: Led the NERC CIP compliance project for all CPS Generation facilities.
•Results: CPS passed their compliance audit with complements from the audit team on the thoroughness and organization of the auditable documents.
oCity of Austin Water – Austin, Texas
•Responsibilities: Led the security assessment for all public water facilities production and delivery for City of Austin.
•Results: Austin worked with Black and Vetch to mitigate the gaps found in their facilities.
oAlliance Energy – Madison, Wisconsin
Responsibilities: Conducted a gap analysis of Alliance NERC CIP compliance program
•Results: Worked with Alliance Energy to mitigate gaps in compliance program.
oTennessee Valley Authority (TVA) Chattanooga, Tennessee
oWorking with the TVA controls group I conducted a gap analysis of all security controls (NIST 800 – 53) required by FISMA for the 39 “thermal” plants in the TVA fleet.
•Results:
Provided a detailed report of the gaps in compliance and the mitigation steps needed to bring their department into compliance.
Electric Reliability Council of Texas (ERCOT)
Senior Project Manager - Energy Management System (EMS) - Metered Data Management
October 2007 – June 2008
I was recruited by (ERCOT) to manage the collection of all metered data for the ERCOT Nodal Project for entry into the Energy Management System (EMS) for Metered Data Management.
Key Achievements:
• Telemetry Information Implementation for Nodal Implementation:
oCollected, organized, and implemented all telemetry information for ERCOT on the nodal implementation for the Energy Management System (EMS) and State Estimator (ES) projects. This suggests that you played a crucial role in managing and implementing telemetry data, which is essential for the proper functioning of EMS and ES systems.
• Participation in ERCOT’s EMS and ES Working Groups:
oServed as a team member to ERCOT’s EMS and ES working groups, which consisted of generation and transmission utilities overseen by ERCOT. My active involvement as a part of these working groups was successful because of my collaborative efforts to enhance the efficiency of energy management and state estimation processes.
• Weekly Reporting of Nodal Metering Priorities:
oEstablished and maintained a system for weekly reporting of all nodal metering priorities to Texas Generation and Transmission companies.
• Improvements in Project Risk Identification:
oImproved the system for identification of project risks. My approaches to risk management helped to in ensure the success of complex projects.
• Institution of Escalation Procedure for Nodal Participants:
oInstituted an escalation procedure for ERCOT Nodal participants for all metering issues. My involvement broke down barriers and established effective communication channels for addressing issues promptly.
• Database Design and Implementation:
oLed the design and implementation of a database for cataloging all metered points within ERCOT's client base, involving over 160,000 points of data.
• Results:
Completed the collection and entry of all relevant data into the Energy Management System (EMS) and Metered Data Management system (MDMS), contributing to ERCOT’s successful Zonal to Nodal conversion.
Theorem Group –Software
April 2007 – October 2007
Co-Founder - Director Program Development
Developed and marketed a methodology and software tool based on ITIL for energy regulatory compliance targeting the electric utility industry. Regulatory standards included N.E.R.C. (North American Electrical Reliability Corporation) NIST (National Institute of Standards and Technology) and FISTMA (Federal Information Security Management Act). Responsible for analysis of existing processes, root-cause analysis and new process designs. Compared and evaluated existing and new technology and methodology solutions.
Key Achievements:
Consulted on governance, risk and compliance (GRC) strategies:
oTaught companies to focus and strengthen their existing GRC program.
oService offerings included but not limited to: defining security and compliance requirements, training, system testing, process, and procedure documentation.
oDeveloped change and configuration management programs.
oRisk Management and Work Flow (Business Process) best practices.
oFollowed Software Development Life Cycle in development of content management programs.
• Results:
The application was designed using an open source application which was not an easy sell to the utility industry. The knowledge gained and the exposer to other companies set the course for many of the opportunities that I have been privileged to have opened to me,
Western Electric Coordination Council (WECC)
Project Manager for Reliability of the Western Grid
December 2006 - April 2007
My role was pivotal in managing and improving the reliability of the entire Western Grid.
This position involved a comprehensive set of responsibilities, ranging from data model design to the consolidation of reliability centers and active participation in working groups.
Key Achievements:
• Design, Build Out, and Implementation of West Wide System Data Model:
oManaged, coordinated, and acted as the liaison between western utility companies in 9 states and 2 Canadian Provinces, vendors, and WECC to produce the West Wide System data model. This involved creating a comprehensive data model plan for enhancing the efficiency and reliability of the Western Grid Reliability Centers.
• Reliability Center Initiative:
oManaged the reliability center initiative, involving the relocation and consolidation of three existing reliability centers into two new locations. This type of initiative requires careful planning and execution to ensure a smooth transition while maintaining or improving the reliability of the grid.
• Leadership in WECC Working Groups:
oConducted or participated in WECC working groups focused on security, reporting, reliability, and compliance. I had an active role in collaborative efforts aimed at addressing reliability challenges and ensuring compliance with industry standards.
• Results:
Marked enhancement aimed at securing the reliability and efficiency of the Western Grid, which supplies power to the western United States and Canada.
PacifiCorp
Senior Project Manager Security
April 2004 – December 2006 · Portland, Oregon
I Managed security for over 1.6 million customers across multiple facilities. The role involved overseeing the implementation of security measures across corporate facilities, leading the development of best security practices, and collaborating with stakeholders to ensure the security of company information and critical assets.
Key Achievements:
• Development of Best Security Practices:
oLed the development and implementation of processes and procedures to establish best security practices.
• Collaboration across Divisions:
oCollaborated with stakeholders to ensure the security of company information, Critical Assets (CAs), and Critical Cyber Assets (CCAs).
• Training on NERC CIP Standards:
oProvided training on NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Protection) standards for PacifiCorp's management and executive teams. This suggests a focus on compliance and regulatory standards related to the energy sector.
• Security Awareness Program:
oDeveloped a security awareness program aimed at educating employees about security protocols and ensuring a heightened level of vigilance across the organization.
• Results:
Developed and implementing a security program, collaborating with various divisions, ensuring compliance with NERC CIP standards, and establishing a security awareness program.
Education
• Bachelors of Arts Degree History/Pre-law Brigham Young University- 1988
Volunteer Experience
• Boy Scouts of America Charter Official assistant Explorer leader–Camas, WA
• Boy Scouts of America Charter official assistant Scout Master–Camas, WA
• Little League girls' softball head coach–Camas, WA
• Girls recreational soccer league head coach–Camas, WA
Frameworks
• ISO 27001/2 • NIST 800-37 Risk Management • MITRE ATT&CK
• 800-161 Supply Chain • NIST SP 800-30 Risk Assessment • 800-171 CUI
• SEC Rule 10 - Breach Reporting • NIST CSF • NIST 800-61r2
Hard Skills
• Strategic Leadership • Regulatory Compliance • Security Architecture
• Project Management • Program Development • Program Governance
• Program Management • Data Analysis • IT Governance
• Program Planning • Incident Investigation • Strategic Planning
• Incident Response • Issue Resolution & Management • Risk Management
• Policy Development • Process & Procedure Development • Vendor Management
Soft Skills
• Customer Service • Relationship Building • Organization
• Team Management • Collaboration • Negotiation
• Mentoring • Communication • Presentation
Intangible Skills
• Continuous Improvement • Problem Solving • Quality Assurance
• Flexible Interpersonal Style • Goal Oriented • Work Independently
• Forward Thinking • Formal & Informal Networking • Consensus Building
Contact this candidate