Information Security Cyber
Resume:
Maryellen Ariel Evans
610-***-**** Email: ******@*************.***
SENIOR CYBERSECURITY RISK CONSULTANT
Profile
I am an accomplished data security, risk and compliance consultant with over 15 years of experience in developing and implementing security, risk and compliance programs spanning: Security roadmaps, Policies, Procedures, and tools, Compliance assessments including NIST CSF, SOX, HIPAA, ISO 27001 and PCI Audits, Risk management strategy and tactical tool implementations including ServiceNow, VRisk, RiskLens, Security Scorecard and others. Additionally, I have skills in project management and business development. My duties include designing security programs and proactively monitoring threats with detective controls. I have been responsible to oversee development of use cases for integration into our Security Incident and Event Management platform. I have developed, maintained, and tested security incident response plans. I perform threat assessments across the technology environment to identify high value targets and prioritize additional detective controls. I develop and maintain interconnections with peers in other regions for an efficient and optimized response to security events and incidents. I design Key Performance and Risk Indicators and contribute to the policies and programs for security management awareness program. • 5+ years of experience w/ audit, compliance or regulatory
Security areas of expertise:
Cyber Risk Management
SIEM
VMS
Cloud Security
DLP
Network Security
Mobile Security
Privacy
Security Software
HP ArcSight, Qualys, Tripwire, Sourcefire, Symantec DLP, Symantec Compliance Control Suite (CSS), RSA Archer, IBM QRadar, IBM AppScan, IBM SmartCloud, IBM MQSentry SOA Testing, Configuration and Penetration Testing, Network Security, Application Security, Forensics, SSH, SSL, Digital Certificates, Anti-virus tools (Symnatec, Norton, etc.)
Cyber Risk and Vendor Risk Management
ServiceNow, VRisk, RiskLens, Security Scorecard
Datawarehousing/Business Intellfience Experience
RDBMS: Sybase, DB2, Oracle, Teradata ETL: Informatica, Scheduler, Abinitio Reporting: Essbase. Business Objects, Microstrategy, OLAP, Data Marts/Warehouses & Business, AutoSys, Microsoft Power BI
Operating Systems
UNIX, Solaris IBM AIX, HP-UX, DOS, Windows 95/98/NT/2000/XP and Mainframe
PMO Software/Programs
Microsoft’s Team Foundation Server, HP PPM (formerly Mercury ITG), Weblogic Application Server, IBM WebSphere Studio Application Developer, Eclipse, DataPower, PowerShell, SQL
Project schedule development, management and tracking
Resource management and time tracking
Project financial management and tracking
Project risk management
Project issue management
Project communication / reporting management
Consistently execute according to the Delivery Methods centered on the PMI delivery model.
SUMMARY OF EXPERIENCE
1/00-Present
Evans Resource Group, New York, New York and Tel Aviv, Israel
Senior Cybersecurity Risk Manager for Enterprise Cyber Risk Management and Vendor Risk Initiatives. Expert in Cyber Risk, Privacy, Compliance and Security. Author of ‘Managing Cyber Risk’ and Program Chairperson of Pace University’s Seidenberg School of Computer Science and Information Systems Cybersecurity Certificate Program.
Clients include SFBCIC, Jefferies, PetSmart, Chewy, Verizon, AM Best, Ferrero, IBM, The Mac-Graw Hill Companies, BONY, Pfizer, Citizens Bank, Lockheed Martin, Microsoft, et al.
Created integrated cyber risk management programs for large organizations with a focus on cyber exposure quantification and cyber risk scoring using a digital asset methodology.
Cybersecurity, Risk, and Privacy Data Scientist.
Expert in first and third-party risk management.
Expert in regulation including PCI, CCPA, GDPR, HIPAA and others.
Expert in security control testing frameworks including NIST CSF, NIST 800-53, NIST 800-171, SOX, PCI, COBIT, ITIL, etc.
Expert in Risk Controls with hands-on experience
Expert in cybersecurity tool data integration.
Expert in cybersecurity policy and procedure creation.
Expert in cybersecurity tools including SIEM, VMS, ATP and DLP
Expert in board reporting and KPIs for cybersecurity, privacy and risk
Expert in cyber insurance limits and sublimit quantification.
Performed targeted cyber risk assessments across the digital asset infrastructure to quantify cyber exposures and identify hidden exposures
Measured the cyber risk scores of digital assets likelihood and impact
Measured the effectiveness of cybersecurity controls
Developed and designed dashboards and reports for the CISO, DPO, CRO and board.
Made recommendations for risk reduction
Developed rules and created custom rules, produced and managed cyber risk and privacy reports, and reconciled risk reduction work.
Oversaw Compliance risk assessments and regulatory changes for group limited medical, stop loss, and life and disability businesses. Developed practical approaches to compliance risks and coaching leadership on prioritization of risks. Provided automated technology solutions for compliance.
Led a comprehensive analysis of security architecture, standards compliance, and the processes / methods used by a state government agency (ISO9002 and HIPAA) resulting in effective corrective measures that minimized disruption.
Conducted several PCI-DSS Level 1 and 2 assessments and designed an on-going PCI program resulting in decreased cost and assured compliance for a large retail company.
Performed vulnerability testing, application security, database security, and penetration testing for multiple clients. Developed comprehensive approach and led effort to identify the location of credit card numbers and other sensitive data in more than 5 Terabytes of storage in workstations, servers and databases. This information was used by a local government agency and a catalog / retail client to verify / assure compliance to multiple standards. Executed application penetration tests against a wide variety of technologies for a large pharmaceutical company.
SIEM Development: Currently finishing Solution Development Using IBM QRadar functions for large global retailer including managing risks, enforcing and demonstrating compliance, and automating business processes for SAP ecommerce initiative. Includes sensitive transactional processing for the corporate compliance group globally.
Vulnerability Management: Designed, built and implemented workflows for Archer for vulnerability analysis and management.
Economic Recovery: Directed the information security portion of major system implementations linking enterprises nationwide into shared networks. Devised enterprise security strategies safeguarding information assets and ensuring compliance with regulatory mandates.
Government Sector: Assisted in the development and launch of secure, recoverable and fault-tolerant systems for data access and identity management for dozens of state and federal government agencies.
Financial Sector: Led business-critical information security initiatives for large financial institutions involving encryption of customer data to ensure compliance with change in federal laws.
Fortune 500 Sector: Modernized outdated information security awareness programs for several F500 corporations, and led companywide training on crucial new infosec policies, procedures and technologies.
Infrastructure: Led comprehensive security infrastructure upgrades (e.g., firewall/VPN upgrades, intrusion detection, token-based authentication and remote management) for various midsize and large companies.
SAP GRC: security workflows for SAP GRC for several key clients. Ability to install all components and build rule sets.
Advised project and program managers on technical architecture designs and solutions for meeting business requirements of the project and resource management while mitigating risks in accordance with the firm's strategic direction, compliance policies (PCI, GLB, SOX), and industry best practice for data security
Access Control Management
Identity Management
Configuration Testing
Penetration Testing
Forensics
Entitlement Projects
Provide Data Security Services to IBM Clients Globally
Patented SOA Tool for Security Testing
Sought after expert in cyber risk management
Research and Development Efforts
5 years cyber risk research with the Fortune 1000 and cyber insurance industry
Designed and developed cyber risk algorithms
Cyber Risk Data Scientist
Education:
M.B.A. in Finance from New York University
B.S. in Nuclear Technology from S.U.N.Y at Buffalo
Books:
Managing Cyber Risk: ISBN-13: 978-0367177737: Bit.ly/ArielEvans
Papers:
Proactive vs. Reactive: Securing the Critical Data Transport in the Cloud, University of WA Volodymyr Lysenko, Barabara Endicott-Popovsky, Maryellen Ariel Evans October 2013
Patents:
U.S. Serial No. 16/585,202 entitled DIGITAL ASSET BASED CYBER RISK ALGORITHMIC ENGINE, INTEGRATED CYBER RISK METHODOLOGY AND AUTOMATED CYBER RISK MANAGEMENT SYSTEM.
Awards:
2001 Computer World e-commerce security award
Other:
Member of Cloud Security Alliance, International Association of Privacy Professionals, IASCA
Contact this candidate