Cyber Security Risk Management

Larry Lee Janeshek

**** ********** ***** ******, ** 34114 703-***-**** ad5yuh@r.postjobfree.com

Experienced professional with more than 30 years of security and IT experience. Developed and maintained enterprise-wide strategies and programs to ensure the protection of information, assets and technologies. Responsible for maintaining security compliance and IT standards, as well as auditing for a global enterprise network.

Accomplishments

Leadership

Developed an enterprise security strategy utilizing the NIST 800 series risk management and cybersecurity framework.

Developed cyber security metrics and scorecards to illustrate the IT risk posture.

Strategy and Planning

Established ASG cybersecurity security policies, procedures, and guidelines.

Coordinated with business units to calculate and reduce strategic risk for IT projects.

Project Management

Direct contract cyber security teams supporting multiple federal government customers.

Reduced ASG’s cyber risk by 30 % by implementing Microsoft Defender vulnerability management.

Compliance

Successfully directed the effort to renew ASG’s ISO 27001, 27002 and CMMI certifications.

Professional Experience

A Square Group: March 2022 – Present

Position: Chief Information Security Officer

Responsible for directing and overseeing the security operations program across the enterprise, managing security staff and support a cyber security services staff act as expert resources for US government agencies.

Manage a comprehensive cyber security portfolio for the Department of Health and Human Services. Provide cyber security services for the Medicar.gov and HealthCare.gov website.

Established meaningful enterprise security metrics by implementing an advanced IT audit policy configuration which reducing the number of events by 12 percent.

Experience driving forward compliance and certification programs such as ISO, HIPPA, NIST, GDPR, CMMC and other related compliance frameworks.

Collaborate with ASG executive leadership to ensure security program aligns with the overall company mission and business objectives.

Implemented a cyber intelligence program to support a cyber operations center.

Created a cyber security awareness and training program for all employees and contractors.

Resolve Tech Solutions: May 2021– February 2022

Position: Governance, Risk and Compliance Engineering Manager

Manage the complete lifecycle of user-oriented Identity and Access Management (IAM) services including strategy, organizational design, process re-engineering and technology implementation.

Facilitate information gathering, requirements analysis and design activities that support actionable IAM roadmaps, strategies and functional requirements for Okta IAM solution implementation of AWS and Azure cloud environments.

Coordinate SOX1/SOX2, FISMA and NIST compliance audits.

Direct the initiation of cybersecurity assessments, recommend corrective measures and provide oversight of corrective actions.

Leidos: October 2018 – May 2021

Position: Information Systems Security Manager (ISSM)`

Lead a team of information assurance engineers on an Agile software development project. Responsible for the security and information assurance of custom coded and COTS applications and databases. Responsible for activities associated with delivery of Cybersecurity technical control implementation, configuration, and architectural solutions associated with customer-defined systems/software projects.

Develop, maintain and manage Security Authorization and Assessment packages that include System Security Plans (SSP), Contingency Plans (CP), POA&Ms, and other relevant security documentation for existing and new systems.

Collaborate with the DevSecOps team to develop a security as code culture to ensure best practices and a continuous delivery pipeline. Utilize an agile framework process to continuously improve software and ensure fast, safe delivery of code.

Implement cybersecurity policy, standards and periodic reviews to meet the evolving compliance requirements (FISMA, NIST 800-53 and 800-171). Align standards, frameworks and security with overall business and technology strategy. Identify and communicate current and emerging security threats.

Conduct analysis on proposed enterprise deployments and advise senior leadership on implementation alternatives. Champion best security practices utilizing CIS and NIST 800-37 Risk Management Framework.

Conduct trade studies to determine improvements to cyber security system capabilities (architecture, hardware, software, automated deployments, training).

Ensure that disaster recovery plans and procedures for business-critical services satisfy client security standards and support recovery following occurrence for a security event.

Perspecta: September 2017 – September 2018

Position: Chief Information Security Officer

Responsible for the corporate information security. Accountable for the program management, budget and implementation of all security tools and services. Established the IT security organization, policies and procedures for Perspecta prior to IPO.

Managed a cyber security team responsible for an incident response, forensics, vulnerability assessment and security architecture. Developed a NIST based risk management framework for selecting the appropriate security controls for the network.

Established a corporate long-term cyber security strategy for the merger of three separate companies into what is now Perspecta. Presented the cyber security strategy, decision briefs and trade-offs to the senior leadership team and the Board of Directors.

Conducted a security assessment review of the Vencore corporate network for the pending merger of Vencore, DXC Public Sector and KeyPoint. Developed an enterprise security strategy that implements the NIST SP 800-53, 800-171 and Federal Information Processing Standard (FIPS) cybersecurity framework for 14,000 users. Implemented POA&Ms to mitigate compliance risk.

Established a weekly corporate cyber security awareness program for all employees. Created cyber security training program based on the level of user access and developed training documentation for DFARS compliance process.

Developed a corporate risk management framework to reduce risks in business processes, enhance information security, and comply with NIST, PCI and DFARS regulatory requirements.

Conducted a security assessment review of the Vencore corporate network prior to the merger of Vencore, DXC Public Sector and KeyPoint. Developed an enterprise information security framework that ensures data integrity, confidentiality and availability of information as well as creating controls on how data is processed by the organization.

GCI: December 2014 – September 2017

Position: Lead Cyber Security Engineer

ManTech: May 2013 – December 2014

Position: Chief Cyber Security Engineer/(SME)

TASC: April 2008 – May 2013

Position: Cyber Security Architect

Northrop Grumman: December 2004 – April 2008

Position: Computer Systems Security Analyst/Incident Handler

General Dynamics/Veridian Information Solutions: June 2001 – December 2004

Position: Software Engineer/Data Analyst

U.S. Secret Service: July 1989 – June 2001

Position: Police Officer

Education

MS Certificate in Program Management; Villanova University

MS Computer, Information and Network Security; DePaul University

BS Computer Networking; Strayer University

Professional Certifications

CISSP, ISSAP, PMP, ITIL vs3, CMMI

DOD TS/SCI clearance

Contact this candidate