EDWARD WILLIAM PILLING, CISA # *******

*C Medway Rd. PMB 223, Milford, MA. 01757 508-***-**** adprk7@r.postjobfree.com

Summary:

An accomplished, results-oriented professional with extensive experience in creating and managing information technology, security, compliance, assurance, and risk management programs, forming professional relationships with business unit leaders, customers. Provided information security guidance and structural, architectural support Evaluated network and security technologies including LANs/WANs/VPNs/PKIs and CAs. Possesses a proven track record of consistently establishing cost-saving initiatives and displays a firm grasp of all aspects of ITIL asset management and protection, including physical security, IT audit, SOX, and PCI compliance. Adept at utilizing broad-based skills to enable secure collaboration among varying facets, creating more operationally efficient, safe, and synergistic organizations.

Technical Tools:

Compliance: HIPAA, HITRUST, HITECH, SOX-404, SSAE-16, PCI, GLBA, Cobit

Operating Systems: Windows Server 2003/08, Sparc Unix, Ubuntu, Macintosh

Cloud: Amazon Web Services, Microsoft Azure, Google, Kubernetes

Vulnerability / Penetration: Tenable / Nessus, Qualys, Nmap, Metasploit, Burp Suite

Internet Security: Palo Alto, Checkpoint, RSA SecurID, TACAS+/RADIUS

Network Monitoring: Solar winds, Blue coat, Net Scout, LogRhythm

Anti-Virus: McAfee Active VirusScan, Symantec, Trend Micro, Kaspersky, Bit Defender

Databases / Ticket systems: Oracle, Microsoft SQL, Archer, Retek, Heat

Education:

Mastering AWS Security Tetranoodle 2018

AWS IAM: The Cloud Engineer's Security Handbook Tetranoodle 2018

Understanding Sarbanes-Oxley (SOX) Section 404 Udemy Academy 2018

SAP Cyber Security Udemy Academy 2018

SAP GRC Access Control 10 Connector Configuration Udemy Academy 2018

Ahold Delhaize USA, Inc. Feb 2020 – Aug 2021

Consulting Business Security Advisor (Apex)

Formally assess information security risks related to business projects, determine the potential impact of those risks, and conduct follow-up, throughout the project lifecycle, on any necessary remediation efforts. Ensure that IT solutions and business processes comply with companies policy, company controls and applicable legal and regulatory requirements while also ensuring that business objectives are met.

Develop a specialized knowledge of and key relationships with the local brand, ensuring that security is imbedded in each brand and that their security needs are being met. Collaborate with other team members to identify opportunities for implementing common security solutions or leveraging existing solutions.

Conduct initial and ongoing formal assessments of information security risks related to vendors, determine the potential impact of those risks, and conduct follow-up on any necessary remediation efforts.

Actively expand consulting and assessment capabilities through training courses, mentoring, and daily interaction with internal customers

NRH Websites Consulting Group, Fort Worth, TX Feb 2010 – Feb 2020

Sr. Security Consultant (Telecommute)

As part of the incident response team was in charge of preparing for and reacting to any type of organizational emergency. This could range from simple password resets to malware infections

Determine operational weaknesses within the existing security infrastructure and present execution plans to overcoming those concerns in a timely fashion while still making the most cost-efficient use of resources

Develop content for the LogRhythm platform around current trending security events to provide real-time data analysis

Converted data into business actionable insights by predicting and modeling future outcomes.

Utilized Excel (graph and pivot data) toolsets for data intelligence and analysis. This would be presented to users to give them a firm understanding of possible trends

Managed creative projects with strategic planning activities while managing outside vendors (capacity planning, process improvement, maintenance, upgrade and end-of-life planning)

Security

Evaluated entire systems for vulnerabilities from any conceivable cyber-attack and implemented industry security frameworks and regulatory requirements including but not limited to GLBA, SOX-404, MA Privacy Law 201 CRM 17.00, and FISMA Standards.

Contracted as a disinterested third party to review an H.A. Checkpoint firewall. Documented gap analysis and recommendations which included a complete change control to be instituted (sanitized document available)

Utilized Tenable/ Nessus to identify vulnerabilities on the network and used said information to create a living spreadsheet of risks and solutions of reported vulnerabilities.

Deployed Nmap to reveal any open ports. Imported said data into Metasploit to exploit vulnerabilities to access into the network.

Documentation

Authored white papers similar to those available from Gartner. The content of the white paper provided useful information for business stakeholders and executives seeking to understand an issue; decipher a problem, or make an informed decision.

I examined the client’s current standards, policies, and procedures. Conducted interviews with key personnel and either verified the documentation was up to date or, if not, then updated said documents.

Created a straw man proposal dealing with the corporate-wide use of data masking/data loss prevention. Chaired an open discussion group of current efforts and highlighted where coverage was lacking.

Audit

Managed engagements to scope, facilitate, and perform procedures to prepare clients for external audits and compliance

Risk Analysis / Compliance

Performed enterprise risk management/assessments on new vendors utilizing SIG and SSAE-16 reports (SOC1 & SOC2). Developed and reviewed system in the determination of quantitative or qualitative estimate of possible threats.

Experience using Governance Risk & Compliance framework (NIST SP 800-37) and experience working with eGRC platform tools (Archer) to evaluate and qualify risk and compliance. Established processes in the design phase of system-wide – IT projects to identify areas of potential danger. Participated in key or significant projects across a technology that has a high inherent risk profile to assist in establishing risk controls to mitigate the residual risk to an acceptable level

Demonstrated sharp legal acumen in reviewing, evaluating, and investigating the network as in was it in compliance with HIPAA/HITrust (sanitized document available)

Subcontracted to: John Hancock, Citizens Bank, State Street Bank, and IKA Systems

Contact this candidate