Security Officer Information Systems

Morgan Stanley (via Russell Tobin) April **** - Present

Risk Consultant

Support the US Banks Privacy Office team managing the privacy risk program to ensure compliance with Privacy Laws/Regulations.

Support Privacy Impact Assessment (“PIA”) process (responsible for conducting end-to-end PIAs across Bank applications and Bank vendors, leading/coordinating PIA conversations with stakeholders, and ensuring PIA cases and results/findings are correctly tracked).

Validate, document and report found privacy gaps or risk indicators and help product managers develop response plans, including escalating issues when necessary.

Establish and administer a process for receiving, documenting, tracking, investigating, and taking action on all complaints concerning the organization’s privacy policies and procedures in coordination and collaboration with other similar functions.

Raise awareness of privacy policies and procedures, particularly Privacy by Design program and Privacy Operating Model.

Design and develop the goals, policies and procedures of the organization’s privacy programs in accordance with appropriate laws and regulations.

Collaborate in creating the mechanism needed for managing and responding to data subject rights requests.

Perform other responsibilities as needed to assist the team.

Integrated Communication Solutions, Inc. May 2018 – April 2023

Senior Information Systems Security Officer

Analyze and update system security plan (SSP), risk assessment (RA), privacy impact assessment (PIA), system security test and evaluation (ST&E) and the plan of actions and milestones (POA&M)

Assist system owners and ISSO in preparing certification and accreditation package for company’s IT systems, making sure that management, operational and technical security controls adhere to security requirement authorized by NIST SP 800-53 R4

Designate systems and categorize its C.I.A using FIPS 199 and NIST SP 800-60

Conduct self-annual assessment (NIST SP 800-53A)

Perform vulnerability assessment to ensure that risks are assessed, evaluated and appropriate actions are taken to limit their impact on the information and information systems

Create standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages

Conduct IT controls risk assessments that included reviewing organizational policies, standards and procedures and provide advice on their adequacy, accuracy and compliance

Total Computer Solutions, Inc. March 2012 – April 2018

Junior Information Systems Security Officer

•Provided A&A support on major systems for an IT security and privacy contract.

•Identify security and privacy requirements for systems based on NIST SP 800-53 and the Risk Management Framework.

•Developed and reviewed System Security Plans and Security Assessment Reports

•Assessed assigned systems and recommend methods for protecting computer data and

applications under NIST guidelines

•Ensured necessary data protection and security controls have been implemented

•Developed cyber security policies, plans, processes and procedures to ensure compliance with IT laws, policy and best practices

•Kept current with Federal IT security and privacy requirements, OMB policy memoranda and NIST guidelines

•Reviewed and assessed external services associated with Agency Network. Coordinated with infrastructure and application development teams

•Refined process documentation on cloud/managed services, e.g., FIPS 199 security categorization, security reviews, risk assessment and mitigation and privacy threshold analyses

•Researched current systems and recorded status of controls

•Developed and implemented plans for continuous monitoring

PTA /PIA/ SORNS NIST 800 53 rev 5 privacy controls

Document System specific privacy controls within SSP

Sensitive PII

Contact this candidate