SHIRLEY BARNES

484-***-**** adrj08@r.postjobfree.com

US CITIZEN

SENIOR INFORMATION TECHNOLOGY STRATEGIST, OPERATIONS LEADER & PROGRAM SPONSOR

Designing Cybersecurity strategies to fuel business roadmaps

PROFESSIONAL EXPERIENCE

Senior Vice President of Information Technology (SVP IT)

Hall of Fame Village Powered by Johnson Controls May 2021 – Present

Provide thought leadership and advises executive committees on IT strategies and risks.

Partner with key internal and external stakeholders to ensure business processes are in alignment with key business objectives

Build policies, processes, and procedures to accommodate defense in depth strategies

Cut security risk assessment process by 50% by implementing company-wide Governance, Risk and Compliance GRC) strategy with GRC solution to automate testing critical IT controls and due diligence for Vendor Assessment

Solution ERP system that works with internal legacy software to decreased employee-hours per week by automating small but frequently performed tasks.

Onboard and develop IT staff to support the IT Security profile for the company to protect the digital footprint for bad actors gaining a foothold and attacking company assets

Develop Cybersecurity Roadmap to advance the security posture of the organization and comply with various regulatory mandates and risk frameworks

Develop Security Awareness Program to assess, train and test absorption rate of cybersecurity education to empower staff to prevent noncompliant computing behaviors

Lead IT strategy and deliverables for development of fantasy/gaming business unit

Oversee Managed Services for Network Operations Center (NOC) and Security Operations Center (SOC) to ensure consistent agreed upon Service Level Agreements (SLAs) are maintained

Security Engineer/Architect March 2020 – Jan 2021

Aqua America – Oxford Consulting - Remote

Assessed IT/OT SCADA environments for Risk and Vulnerabilities to reduce risk to an acceptable level

Performed Threat Analysis from various Intel feeds such as (Qualys, Carbon Black, CrowdStrike, Recorded Future, Cofense and other threat hunting solutions)

Performed vulnerability scans to assess IT/OT environment for vulnerability and provide mitigation strategies provide SIEM oversight

Performed onsite risk assessment of Water/Wastewater Plant locations throughout US and developed remediation strategies to protect the integrity of public drinking water for various Pennsylvania cities

Solutioned Archer GRC Platform to support security processes for Risk, Issues, Vulnerabilities, and 3rd Party

Configured Phishing Campaigns to support Security Awareness Program

Senior Principal Managing Consultant Risk Compliance and Assurance June 2019 – March 2020

Wipro – Remote

Provided thought leadership and advised executive leadership on risks tolerance protocols.

Directed and designed and/or implement IT security solutions (ServiceNow, BigID and RSA Archer) in an enterprise to protect eCommerce transactions

Prepared Readiness Assessment for California Consumers Privacy Act. (CCPA) to ensure that eCommerce websites are compliant

Design and implement strategy for adherence to CCPA, Data Privacy and GDPR

Performed Risk Assessments related to Cyber Security Posture of Enterprises to test and validate the risk tolerance levels of retail processes

Risk Assessments and Gap Analysis of Networks, Cloud, Data Center infrastructure w.r.t standard frameworks like ISO27K1, PCI DSS, NIST frameworks.

Executed Compliance Reviews for GLBA, FINRA, SEC, SOX, HIPAA, ISO 27K1 and industry specific regulations such as FFIEC for Financial Institutions

Lead initiatives for (Re)Architecting and (Re)Engineering of Controls to enhance the Security Posture of the enterprise

Senior Security Engineer Consultant February 2019- June 2019

Avantor Radnor, PA

Assessed Avantor SIEM and SOC implementation to identify process improvement to address current gaps, risks, and regulatory requirements such as (ITAR, SOX, PCI, etc.)

Developed roadmap for threat detection, response and recovery and visibility by leveraging Orchestration and Automation and Managed Detection and Response (MDR) services to provide visibility

Directed the development of Readiness Assessment for Cloud Migration

Managed and implement the incident response, breach prevention and digital forensics

Evaluated breach and incident response processes by threat actor profiling like threat intelligence, threat emulation

Oversaw Vulnerability Management strategy to deploy new VM tool.

Analyzed and respond to security threats when reported by the MSSP.

Developed response strategies within documented SLA to configuration, maintenance, incident management, and other requests

Senior Cybersecurity, Policy, Risk, Governance and Compliance Consultant October 2017 – February 2019

W.R. Berkley (Randstad Consulting) Wilmington, DE

Solutioned Cybersecurity framework (NIST, ISO27001, COBIT, ISO, SOX, AICPA, etc.) to identify, map and improve existing policies, standards, and IT control and/or develop new governance related processes to fill identified gaps.

Identified and incorporated User Behavior Analytics (UBA) to facilitate predictive analytics strategies to secure IT assets.

Engaged various operational and shared services departments with composing associated procedures in order to comply with IT Security and Risk framework to complete 23 NYCRR Part 500 Attestation and comply with General Data Privacy Regulation (GDPR).

Assessed Enterprise Risk according to FAIR methodology and oversee remediation strategies to reduce Risk down to an acceptable level.

Developed strategy roadmap to implement RSA Archer GRC Suite 6.x to provide management oversight, business compliance and risk metrics to ensure a positive security and risk posture.

Directed, designed, and managed development of Third-Party Risk and Vendor Management strategies

Architected Design for Vulnerability Mitigation in support of the SIEM processes (I.e. Splunk, QRadar SIEM, Rapid7, Etc.).

Designed workflow for continuous policy reviews and approvals within an internal policy management system for Executive Leadership.

Assurance Cybersecurity Senior Manager - Cyber Governance, Risk and Compliance August 2015 to June 2017

LOCKHEED MARTIN

Recruited as Senior Manager of Risk Management and Governance via Risk Management Framework (RMF) for Corporate Information Security, Enablement with oversight for the following enterprise-wide cyber security services:

Defined and implemented Enterprise-wide Cyber Security Governance, Risk and Compliance (CGRC) Strategy

Owned Cyber Governance Risk and Compliance Tool Definition and Strategy (RSAM) GRC Suite implementing Policy, Risk, Vulnerability and Exception Management modules

Oversaw Security Education and Awareness Enterprise Operations to include International Business Area Governance Regulatory Compliance Focus (e.g., U-CTI DFARS, ITAR, SOX, etc.) Business Resiliency

Lead the rollout of additional RSAM Enterprise GRC modules various regulatory frameworks and standards such as (NIST 800-53/171, RMF, ISO27001, etc).

Owned and drove integrated risk approach and the CIS GRC strategy and roadmap

Identified and articulated the enterprise cyber security risk posture and the facilitation and articulation of the CIS strategy, including the definition of cyber security indicators/metrics.

Developed and tested Business Continuity, Disaster Recovery and Destructive Resiliency Plans to ensure critical systems are recoverable.

Recruited and managed technical professionals

Current Security Clearance – Secret

Top Secret (In Progress)

EDUCATION

Master of Science

Colorado Technical University

Concentration: Managed Information System Security

Bachelor of Arts

Eastern University

Concentration: Organizational Behavior

CERTIFICATIONS

FAIR Risk Models - RiskLens

Qualys Vulnerability Management Certified Specialist

LogRhythm SIEM Certified Specialist

KPMG/ISACA CISM BOOTCAMP – CERTIFICAITON IN PROGRESS

CISSP BOOTCAMP

ITIL Foundations Version 3

Security Certification and Accreditation

Information System Security Management Certification

Information System Security

SAP – Auditing and Securing SAP’s Enterprise Services Architecture

Sarbanes-Oxley Compliance

Masters - Project Management

HP ALM (Application Life Cycle Management) (formerly HP Quality Center) Automated Testing Tools

Systems Administrator I

Database Administrator I, II

Empowering Your Staff

Conflict Resolution

Coaching Skills

First Line Supervisor Training

Certified Paralegal

Tax Preparer

Contact this candidate