Post Job Free
Sign in

Security Risk Scrum Master

Location:
Hurst, TX, 76054
Posted:
October 02, 2024

Contact this candidate

Resume:

J. David Vincent

*** ********** *****, *****, ***** 76054 M: 817-***-****,

*****@*****.*** Page 1 of 3

SUMMARY

David is an IT Audit, Risk, and Compliance professional with over 25 years of experience working with Big Four audit and global consulting firms. He has led the planning and delivery of hundreds of IT & Security Risk Assessment and Remediation projects across all risk domains (e.g., network, application, IT general controls, database, third-party, cloud, remote access, identify & access mgt, vulnerability management, incident management, etc.) to help organizations proactively identify and resolve vulnerabilities, and verify the effectiveness of internal controls intended to safeguard systems and data while complying with regulations and standards. He has also led the implementation of numerous IT & Security GRC technology solutions and control frameworks for standards and regulations such as ICFR, SOX, SOC 1 & 2, GDPR, BSA/AML, HIPAA, PCI-DSS, ISO 27000 series, NIST series, COBIT, COSO, etc. EDUCATION

• Liberty University (2018): Master of Science in Cybersecurity (GPA 4.0).

• Liberty University (2010): Master of Science in Accounting (GPA 3.6).

• Louisiana State University (1997): Bachelor of Science in Information System & Decision Science with a concentration in Internal Audit (GPA 3.0).

• U. S. Navy (1990): 18-month Advanced Electronics & Mainframe System School (NEC-1129). CERTIFICATIONS

• Certified in Risk and Information Systems Controls

• Certified Data Privacy Solution Engineer

• Certified Cloud Professional

• Governance Risk & Compliance Professional

• Certified MetricStream GRC

• Organizational Change Management Professional

• Certified Data Science Professional

• Certified Spark Analytics Professional

• PwC Certified Digital Transformation Professional

• Certified Agile Scrum Master

• Certified Master Project Manager

WORK EXPERIENCE

● City of Arlington, Texas: April 2024 to Present

Role: IT Governance, Risk & Compliance (GRC) Manager. Key Accomplishments:

o Established the City’s first IT GRC Center of Excellence to support all 27 departments. o Led the development of the first and second lines of defense in IT Risk and Compliance Management using the six functions of NIST CSF v2.0 (Govern, Identify, Protect, Detect, Respond, & Recover) and the corresponding controls in NIST 800.53 Rev 5.

o Established and performed onboarding and quarterly Third-Party Risk & Compliance Assessment & Remediation services.

o Established the City-wide risk library, risk register, and risk dashboards. o Established and led the quarterly IT Risk and Control Assessment and Remediation processes. o Led the development and implementation of all City-wide IT policies, standards, and procedures. o Gradually implemented a common control framework across the City, replacing manual, reactive, or ineffective controls with automated and preventative controls to achieve greater efficiency and cost savings.

J. David Vincent

336 Charleston Place, Hurst, Texas 76054 M: 817-***-**** *****@*****.*** Page 2 of 3

● GRC Defender LLC: October 2019 to April 2024

Role: Managing Director - North America GRC Practice Leader. Key Accomplishments

o Managed the day-to-day operations of the GRC practice: hiring, training, sales, delivery, etc. o Led numerous IT & Security Risk & Compliance Assessment & Remediation services to ensure effective controls across all technology layers.

o Led the design and implementation of numerous IT & Security Risk & Compliance frameworks and standards: SOX, SOC 1 & 2, GDPR, PCI-DSS, HIPAA, NIST CSF, NIST 800.53, ISO 27000 series, COBIT, COSO, etc.

o Led the implementation of various IT GRC technology solutions: Risk & Compliance Management, Policy Management, Third-Party Risk Management, Incident Management, Identity & Access Management, Vulnerability & Threat Management, GDPR Compliance, SOC 1 & 2 Compliance, SOX Compliance, Audit Management, etc.

● PriceWaterhouseCoopers (PwC): January 2018 to October 2019 Role: Managing Director - North America GRC Practice Leader. Key Accomplishments:

o Member of the four-person National GRC practice leadership team within the Digital Strategy & Transformation Advisory Services practice and one of two National Cybersecurity GRC practice leads. o Managed hiring, training, sales, delivery, and more for a practice of 75+ GRC professionals in North America.

o Led the delivery of numerous GRC Digital Strategy & Transformation, IT Risk Assessment & Remediation, and GRC Technology Solution Implementations to help organizations improve their capabilities to proactively identify and resolve risks, threats, and vulnerabilities, and safeguard their systems and data while maintaining compliance with relevant standards and regulations in a cost-effective manner.

o Helped numerous organizations save an average of 30% on their annual Audit, Risk, & Compliance program costs through the implementation of automated control assessments, continuous risk and control monitoring, and the establishment of common control frameworks.

• Sicuro Advisors LLC: June 2016 to December 2018

Role: Founding Member/Managing Director - North America GRC Practice Leader. Key Accomplishments:

o Led the planning and delivery of numerous IT & Security Risk Assessment & Remediation services and GRC Technology Solution Implementation services to help organizations improve their capability to proactively identify and resolve vulnerabilities, safeguard their systems and data, and maintain compliance with relevant standards and regulations in a cost-effective manner. o Provided numerous IT audit support services across all layers of technology. o Led multiple ERP Security & Control Assessment & Remediation services for SAP, Oracle, PeopleSoft, and JD Edwards.

o Helped numerous organizations save an average of 30% on their annual Audit, Risk, & Compliance program costs through the implementation of automated control assessments, continuous risk and control monitoring, and the establishment of common control frameworks.

● IBM: September 2008 to June 2016

Role: GRC Executive: January 2015 to June 2016.

Role: Associate Partner – North America GRC Center of Excellence Practice Leader Key Accomplishments:

o Led the hiring, training, and management of all GRC professionals in North America. o Led the sales and delivery of numerous IT & Security Risk Assessment & Remediation services and GRC Technology Solution Implementations to help organizations improve their capability to proactively identify and resolve vulnerabilities, safeguard their systems and data, and maintain compliance with relevant standards and regulations in a cost-effective manner. o Led ERP Security, Risk & Compliance services during all IBM implementations of SAP and Oracle. o Helped numerous organizations save an average of 30% on their annual Audit, Risk, & Compliance program costs through the implementation of automated control assessments, continuous risk and control monitoring, and the establishment of common control frameworks.

J. David Vincent

336 Charleston Place, Hurst, Texas 76054 M: 817-***-**** *****@*****.*** Page 3 of 3

● Sequoia Advisors LLC: March 2005 – September 2008 Role: Managing Director - GRC Practice North America. Key Accomplishments:

o Led the planning and delivery of numerous IT & Security Risk Assessment & Remediation services for all inherent risks across technology layers (e.g., application, database, network, cloud, etc.). o Implemented various control frameworks based on the customer’s relevant leading practice standards and regulations (e.g., HIPAA, SOX, ISO, NIST, COSO, COBIT, etc.). o Led the design and configuration of automated control assessments, continuous risk and control monitoring, and the establishment of common control frameworks to improve efficiency and significantly lower audit, risk, and compliance costs.

● KPMG LLP: December 1998 – March 2005

Role: Senior Manager - Information Risk Management Practice: June 2001 – March 2005. Role: Manager

– Information Risk Management Practice: Dec 1998 – June 2001. Key Accomplishments:

o Led the planning and delivery of numerous IT & Security Audits annually, covering all technology layers for public, private, and commercial organizations, in support of annual Financial Statement and SOX compliance audits.

o Led numerous IT ERP Security & Controls Assessments & Remediation services for SAP, Oracle, PeopleSoft, and JD Edwards, including the associated networks and databases. o Led the design and configuration of automated control assessments, continuous risk and control monitoring, and the establishment of common control frameworks to improve efficiency and significantly lower audit, risk, and compliance costs.

● Arthur Andersen LLP: December 1997 – December 1998 Role: Senior Consultant - Technology Risk Management practice delivering IT Audit & Advisory Services.

● Louisiana State University: August 1994 – December 1997 Role: Network Security & Support services for the LSU campus while completing my degree.

● U.S. Navy (Active Duty): May 1989 - May 1993

Role: Mainframe System Technician (NEC 1129) onboard the USS Lake Champlain CG-57. Served during operations Desert Shield and Desert Storm.



Contact this candidate