Cyber Security Line Supervisor
Resume:
SHIRLEY BARNES
484-***-**** *********@*****.***
US CITIZEN
SENIOR INFORMATION TECHNOLOGY STRATEGIST, OPERATIONS LEADER & PROGRAM SPONSOR
Designing Cybersecurity strategies to fuel business roadmaps
PROFESSIONAL EXPERIENCE
Senior Vice President of Information Technology (SVP IT)
Hall of Fame Village Powered by Johnson Controls May 2021 – Present
Provide thought leadership and advises executive committees on IT strategies and risks.
Partner with key internal and external stakeholders to ensure business processes are in alignment with key business objectives
Build policies, processes, and procedures to accommodate defense in depth strategies
Cut security risk assessment process by 50% by implementing company-wide Governance, Risk and Compliance GRC) strategy with GRC solution to automate testing critical IT controls and due diligence for Vendor Assessment
Solution ERP system that works with internal legacy software to decreased employee-hours per week by automating small but frequently performed tasks.
Onboard and develop IT staff to support the IT Security profile for the company to protect the digital footprint for bad actors gaining a foothold and attacking company assets
Develop Cybersecurity Roadmap to advance the security posture of the organization and comply with various regulatory mandates and risk frameworks
Develop Security Awareness Program to assess, train and test absorption rate of cybersecurity education to empower staff to prevent noncompliant computing behaviors
Lead IT strategy and deliverables for development of fantasy/gaming business unit
Oversee Managed Services for Network Operations Center (NOC) and Security Operations Center (SOC) to ensure consistent agreed upon Service Level Agreements (SLAs) are maintained
Security Engineer/Architect March 2020 – Jan 2021
Aqua America – Oxford Consulting - Remote
Assessed IT/OT SCADA environments for Risk and Vulnerabilities to reduce risk to an acceptable level
Performed Threat Analysis from various Intel feeds such as (Qualys, Carbon Black, CrowdStrike, Recorded Future, Cofense and other threat hunting solutions)
Performed vulnerability scans to assess IT/OT environment for vulnerability and provide mitigation strategies provide SIEM oversight
Performed onsite risk assessment of Water/Wastewater Plant locations throughout US and developed remediation strategies to protect the integrity of public drinking water for various Pennsylvania cities
Solutioned Archer GRC Platform to support security processes for Risk, Issues, Vulnerabilities, and 3rd Party
Configured Phishing Campaigns to support Security Awareness Program
Senior Principal Managing Consultant Risk Compliance and Assurance June 2019 – March 2020
Wipro – Remote
Provided thought leadership and advised executive leadership on risks tolerance protocols.
Directed and designed and/or implement IT security solutions (ServiceNow, BigID and RSA Archer) in an enterprise to protect eCommerce transactions
Prepared Readiness Assessment for California Consumers Privacy Act. (CCPA) to ensure that eCommerce websites are compliant
Design and implement strategy for adherence to CCPA, Data Privacy and GDPR
Performed Risk Assessments related to Cyber Security Posture of Enterprises to test and validate the risk tolerance levels of retail processes
Risk Assessments and Gap Analysis of Networks, Cloud, Data Center infrastructure w.r.t standard frameworks like ISO27K1, PCI DSS, NIST frameworks.
Executed Compliance Reviews for GLBA, FINRA, SEC, SOX, HIPAA, ISO 27K1 and industry specific regulations such as FFIEC for Financial Institutions
Lead initiatives for (Re)Architecting and (Re)Engineering of Controls to enhance the Security Posture of the enterprise
Senior Security Engineer Consultant February 2019- June 2019
Avantor Radnor, PA
Assessed Avantor SIEM and SOC implementation to identify process improvement to address current gaps, risks, and regulatory requirements such as (ITAR, SOX, PCI, etc.)
Developed roadmap for threat detection, response and recovery and visibility by leveraging Orchestration and Automation and Managed Detection and Response (MDR) services to provide visibility
Directed the development of Readiness Assessment for Cloud Migration
Managed and implement the incident response, breach prevention and digital forensics
Evaluated breach and incident response processes by threat actor profiling like threat intelligence, threat emulation
Oversaw Vulnerability Management strategy to deploy new VM tool.
Analyzed and respond to security threats when reported by the MSSP.
Developed response strategies within documented SLA to configuration, maintenance, incident management, and other requests
Senior Cybersecurity, Policy, Risk, Governance and Compliance Consultant October 2017 – February 2019
W.R. Berkley (Randstad Consulting) Wilmington, DE
Solutioned Cybersecurity framework (NIST, ISO27001, COBIT, ISO, SOX, AICPA, etc.) to identify, map and improve existing policies, standards, and IT control and/or develop new governance related processes to fill identified gaps.
Identified and incorporated User Behavior Analytics (UBA) to facilitate predictive analytics strategies to secure IT assets.
Engaged various operational and shared services departments with composing associated procedures in order to comply with IT Security and Risk framework to complete 23 NYCRR Part 500 Attestation and comply with General Data Privacy Regulation (GDPR).
Assessed Enterprise Risk according to FAIR methodology and oversee remediation strategies to reduce Risk down to an acceptable level.
Developed strategy roadmap to implement RSA Archer GRC Suite 6.x to provide management oversight, business compliance and risk metrics to ensure a positive security and risk posture.
Directed, designed, and managed development of Third-Party Risk and Vendor Management strategies
Architected Design for Vulnerability Mitigation in support of the SIEM processes (I.e. Splunk, QRadar SIEM, Rapid7, Etc.).
Designed workflow for continuous policy reviews and approvals within an internal policy management system for Executive Leadership.
Assurance Cybersecurity Senior Manager - Cyber Governance, Risk and Compliance August 2015 to June 2017
LOCKHEED MARTIN
Recruited as Senior Manager of Risk Management and Governance via Risk Management Framework (RMF) for Corporate Information Security, Enablement with oversight for the following enterprise-wide cyber security services:
Defined and implemented Enterprise-wide Cyber Security Governance, Risk and Compliance (CGRC) Strategy
Owned Cyber Governance Risk and Compliance Tool Definition and Strategy (RSAM) GRC Suite implementing Policy, Risk, Vulnerability and Exception Management modules
Oversaw Security Education and Awareness Enterprise Operations to include International Business Area Governance Regulatory Compliance Focus (e.g., U-CTI DFARS, ITAR, SOX, etc.) Business Resiliency
Lead the rollout of additional RSAM Enterprise GRC modules various regulatory frameworks and standards such as (NIST 800-53/171, RMF, ISO27001, etc).
Owned and drove integrated risk approach and the CIS GRC strategy and roadmap
Identified and articulated the enterprise cyber security risk posture and the facilitation and articulation of the CIS strategy, including the definition of cyber security indicators/metrics.
Developed and tested Business Continuity, Disaster Recovery and Destructive Resiliency Plans to ensure critical systems are recoverable.
Recruited and managed technical professionals
Current Security Clearance – Secret
Top Secret (In Progress)
EDUCATION
Master of Science
Colorado Technical University
Concentration: Managed Information System Security
Bachelor of Arts
Eastern University
Concentration: Organizational Behavior
CERTIFICATIONS
FAIR Risk Models - RiskLens
Qualys Vulnerability Management Certified Specialist
LogRhythm SIEM Certified Specialist
KPMG/ISACA CISM BOOTCAMP – CERTIFICAITON IN PROGRESS
CISSP BOOTCAMP
ITIL Foundations Version 3
Security Certification and Accreditation
Information System Security Management Certification
Information System Security
SAP – Auditing and Securing SAP’s Enterprise Services Architecture
Sarbanes-Oxley Compliance
Masters - Project Management
HP ALM (Application Life Cycle Management) (formerly HP Quality Center) Automated Testing Tools
Systems Administrator I
Database Administrator I, II
Empowering Your Staff
Conflict Resolution
Coaching Skills
First Line Supervisor Training
Certified Paralegal
Tax Preparer
Contact this candidate