Post Job Free
Sign in

Information Security Technology

Location:
Pearland, TX
Posted:
July 06, 2024

Contact this candidate

Resume:

Reginald Todd Mitchell, EMBA, CISSP, CISM, CRISC, CISA

Pearland, Texas 77584 713-***-**** **********@*******.*** 1

Information Security Leader

An accomplished Information Security Professional with a robust background in Information Technology Management, Project Engineering, Project Management, and Cybersecurity. I am known for adeptly uniting technology with business objectives to innovate and propel secure concepts to market fruition. Proficiently led and mentored diverse cross- functional teams across multiple facilities, optimizing productivity and fostering growth. I am skilled in collaborating with critical business units—finance, human resources, marketing, manufacturing, operations, and risk management— in a global, multicultural landscape—I am an acclaimed exceptional communicator and presenter prowess. PROFESSIONAL EXPERIENCE:

Director of Security & Information Technology, de facto CISO Nauticus Robotics – 2023 - Present Adeptly oversaw strict adherence to established security/cybersecurity protocols, ensuring alignment between targeted Operational Technology (OT), technological architectures and critical domains like application, data, security, and infrastructure. Orchestrated the secure and efficient operation of data systems managing Critical Risk Data

(CRD/HRD) and Controlled Unclassified Information (CUI) while providing oversight on infrastructure security and guiding application development secure development techniques. Developed and fortified robust Cybersecurity and information security policies to safeguard Nauticus Robotics. Continuously drove the evolution of future-proof secure designs by contributing valuable insights to architecture transition plans, enabling seamless progression toward envisioned future states.

• Lead SOC1/SOC2/SOX compliance initiatives, orchestrating regular audits and comprehensive assessments to ensure strict adherence to regulatory requirements, thereby enhancing compliance ratings and mitigating legal risks.

• Establish the NIST-800-171 framework comprising 110 controls, elevating the Supplier Performance Risk System

(SPRS) score from -34 to a comprehensive achievement of 110, ensuring full compliance and robust security standards for Nauticus Robotics, which is a start-up company.

• Managed security operations, guiding the development and execution of strategies for Cloud Security

(FedRAMP/GCC/CMMC), modern technology stacks security (Dockers/Kubernetes), network security, adept in employing threat detection platforms including CrowdStrike and product security.

• Establish key performance indicators (KPIs) and metrics for cybersecurity effectiveness, facilitating data- driven decisions and presenting regular reports to the C-suite, enabling informed strategies and resource allocation.

• Oversee the development and execution of robust Cybersecurity training programs, cultivating a security- conscious culture across departments, enhancing awareness, and reducing human error-related vulnerabilities.

• Leads cross-functional teams in evaluating, selecting, integrating, and managing advanced security solutions and MSSPs, thereby enhancing Governance, Risk, and Compliance (GRC) measures. This results in optimized operations, increased network resilience, and reduced overall security expenditure.

• Collaborate with C-suite to align cybersecurity initiatives with business objectives, presenting insights on emerging threats and recommending proactive measures to ensure continuous improvement and alignment with organizational goals.

• Implemented a Security Incident and Evident Management solutions to enhance cyber threat detection, incident response, and overall information security posture.

• Specializing in Third-Party Risk Management (TPRM), including successfully implementing comprehensive TPRM frameworks at Nauticus Robotics, demonstrating expertise in assessing, mitigating, and managing vendor and partner ecosystems risks.

• Devise and execute Disaster Recovery (DR) plans and procedures for primary and secondary Data Centers, integrating hot/hot sites to safeguard mission-critical applications, infrastructures, and networks. Attain a Reginald Todd Mitchell, EMBA, CISSP, CISM, CRISC, CISA Pearland, Texas 77584 713-***-**** **********@*******.*** 2

distinguished Platinum DR system availability, ensuring optimal resilience and readiness for unforeseen disruptions.

• Collaborated closely with OT teams at Nauticus Robotics to design and implement specialized security controls and best practices tailored to OT environments, mitigating unique cybersecurity risks.

• Orchestrate incident response plans and crisis management protocols, swiftly containing and mitigating security breaches to minimize impact and preserve data integrity.

• Implement risk management frameworks, conducting thorough risk assessments and recommending proactive measures to mitigate potential vulnerabilities based on NIST, COBIT, ISO/IEC 27001/2, and ITIL. Senior Management of Compliance/Security Discover/PULSE – 2017 – 2023

• Developed processes and procedures to support SOC1/SOC2/SOX and PCI compliance initiatives.

• Managed and facilitated the annual BCP/DR testing, Incident Management, and PCI and SOC1/SOC2/SOX Audits.

• Provided extended team training and awareness on cybersecurity and information security compliance-related concerns.

• Created and managed the reporting of the capacity/performance (KPIs, KRIs, KGIs) for Crown Jewel applications.

• Created monthly reports that shared the vision/mission for IT teams, which included capacity for demand management of the technology staff.

• Supported the definition and documentation of the organization’s Enterprise Security Architecture standards, target state architectures, and best practices that guided and influenced security architecture decisions across all security domains at the enterprise level.

• Reduced cost, scope, and time associated with yearly PCI compliance assessments by developing repeatable compliance processes.

• Acted as the security liaison for internal and external calls, answering security and compliance questions.

• Supported the Sales and Customer Success teams on RFPs, security questionnaires, assessments, and contract terms.

• Created and managed an automation strategy for PULSE’s applications, websites, and processes.

• Facilitated the maintenance of enterprise-level technology architecture/artifacts across the organization by maintaining security artifacts with architecture repositories.

• Led initiatives to ensure compliance with global privacy laws, including GDPR and PCI standards, safeguarding customer data and maintaining trust.

• Partnered with Legal /Compliance on compliance and security policy matters.

• Secured enterprise-level architecture solutions for large-scope, high-impact organizational initiatives, typically within a security domain (e.g., application, IAM, infrastructure - Cloud and On-Premises).

• Led and produced agenda and meeting documentation for the Corporate Information Security Steering Committee (CISSC).

• Performed vendor audits in conjunction with members of the Vendor Compliance Committee, including participating as an active group member.

• Assisted in preparing financial forecasts and budgets for security operations (e.g., tools, contract, and audit costs).

• Directed disaster recovery activities and business continuity plans in the event of a declared emergency or disaster that interrupts standard information systems or business operations.

• Maintained current knowledge of industry and regulatory trends and developments, keeping up with industry demands and the demands of the target markets.

• Implemented and maintained security policies, standards, and guidelines, including disaster recovery, business continuity, risk management, and incident response.

• Developed strategic risk guidance for development and operations, including evaluation and recommendation of technical controls.

• Monitored cybersecurity threats and directed teams to develop appropriate response and mitigation strategies. Reginald Todd Mitchell, EMBA, CISSP, CISM, CRISC, CISA Pearland, Texas 77584 713-***-**** **********@*******.*** 3

• Provided input into security awareness programs, helping educate the workforce on appropriate security risk, mitigation strategies, and compliance requirements.

• Deep knowledge of OWASP Top 10, CWE/SANS Top 25, WASC, Cloud Security Alliance (CSA), NIST Cybersecurity Framework (CSF), CIS Critical Security Controls, Penetration execution standard (PTES), Real Intelligence Threat Analytics (RITA)

Director of Information Cybersecurity/Technology First Data Corp (FDC) - 2014 - 2017 Used my extensive experience in leadership combined with ITIL, Security policies, and other proven IT industry principles, successfully managed five IT teams with 5 IT managers as direct reports, and depending on demand, managed a range of 60 to 80 employees reporting to those IT managers, whose teams were geographically (Domestic and International) distributed. Those teams were responsible for the development, quality assurance, implementation, maintenance/support, and the market launching of innovative and revenue-generating small to large global projects and solutions.

• Managed the remediation of approximately 1000 security vulnerabilities for 10+ application systems, infrastructures, and network protocols, which included moving from SHA-1 to SHA-256 and replacing RC4, TLS1.0/1.1 to TLS1.2.

• Used multiple proven application development methodologies (Agile, Scrum, and Waterfall) to institute tactical web applications, software, database design (Oracle, DB2, MySQL), and infrastructure solutions for existing and new business opportunities.

• Created and staffed a team to support testing automation, e.g., cucumber, to support DevOps for the application that supported Apple Pay.

• Managed the design, development, and implementation of numerous innovative eCommerce web applications and software projects using UCD/UDD frameworks, resulting in an accumulative annualized Return on Investment

(ROI) totaling over $50M.

• Enhanced performance, usability, and security of web applications and software that provided real-time data exchange between First Data distributed database and customers' infrastructures using both UI/UD.

• Supported the development of an application and its infrastructure that, at peak, can process over 3000 transactions per second (TPS) and processed over 15 billion transactions in 2016.

• Oversaw numerous IT Control Audits for ADA/WCAG, PCI/PII, and SOX compliance by ensuring First Data web applications, software, and hardware/infrastructure met and stayed current for each compliance guideline.

• Worked with several third-party/vendors to migrate several proprietary eCommerce solutions to SaaS, IaaS, and PaaS.

• Managed and supported hardware and software operation for First Data eCommerce systems at multiple Data Centers, providing 24/7 service; these systems were responsible for nearly $300 million in annual revenue.

• Developed, implemented, and monitored service level agreements (SLA) with staff and merchants, ensuring compliance and quick resolution of specific issues. Achieved 99.998% system availability and 99% customer satisfaction.

• Was responsible for providing technical and contractual advice and expertise for potential and current merchants.

• Improved the forecasting and management of the cost planning and risk control for small to large-scale web applications, software, and technical solutions and successfully communicated those plans to senior management.

• Focused interactions with the executives and third-party and vendor teams to create and define requirements to translate business ideas into strategic solutions for small to large-scale custom cost-effective eCommerce products.

• Oversaw migrating multiple data centers from Canada to the US for eCommerce. TECHNOLOGY SKILLS:

Reginald Todd Mitchell, EMBA, CISSP, CISM, CRISC, CISA Pearland, Texas 77584 713-***-**** **********@*******.*** 4

Programming Languages: Java, JavaScript, C/C++/C#, HTML5, Perl, PL/SQL, Pro*C, Python, Ruby (on Rails), Unix Shell, Visual Basic, PHP, XML

Frameworks: ASP, .NET

Application Servers: API, IBM, MS IIS, Apache/Tomcat, JBoss, JDBC, OAS, ODBC, WebLogic, WebSphere, Tuxedo

Automation: RPA, Blue Prism, Epic, Cucumber; Karate Cloud Computing: IAAS, PAAS, SAAS, AWS, Pivotal Cloud Foundry, Dockers/OpenShift/Kubernetes Database Tools: DB2, Hadoop, MySQL, Oracle, SQL Server, Microsoft Access, TOAD Development Methodology: Agile SAFE/Scaled, Scrum, SDLC, Spiral, BDD, TDD, Waterfall, DevOps, DevSecOps, CMMI

Internet Technologies: JSP, JavaScript, J2EE, HTML, Operating Systems: AIX, Linux, Unix, RedHat, Solaris, Ubuntu, Windows Software Architecture SOA, REST, Cloud computing

Security BCP, BIA, DRP, GDPR, SCP, Ethical Hacking, Red/Blue team exercise Other Tools: Clarity, Jira, Kanban, PVCS, Rally, Subversion, Tableau EDUCATION:

Executive Master of Business Administration (EMBA) - University of Houston Bachelor of Science, Computer Engineering Technology - University of Houston; Cum Laude CERTIFICATIONS:

Certified Information System Security Professional (CISSP) Certified Information System Manager (CISM)

Certified in Risk and Information System Control (CRISC) Certified Information System Auditor (CISA)

Currently pursuing certification in CCSP

MILITARY:

United States Marine Corps, Jacksonville, North Carolina; Honorable Discharge PROFESSIONAL HIGHLIGHT:

Creator and author of 2 Patents for new innovative payment processing solutions.



Contact this candidate