Ajmer S. Mann

209-***-**** adwwls@r.postjobfree.com www.linkedin.com/in/AjmerSMann Tracy, CA 95377

PROFESSIONAL SYNOPSIS

ITIL, CISSP, and CISM certified cybersecurity and engineering professional with experience project management and program management, training and leading engineers and security professionals, system integration & test, compliance, SW Test, documentation, risk assessment, controls assessment, collaborating with external and internal stakeholders, developing and reporting metrics/KRIs/KPIs, and with root cause analysis and resolution. Managed multiple simultaneous projects and trained and led teams of security staff and engineers. I hold Bachelor of Science in Electrical and Electronic Engineering (BSEE) and Master of Business Administration (MBA) degrees. Technical and Management experience includes:

• 15 years of Electronics/Software Engineering experience, with SW QA, system integration & test, managing a Test Strategy Analysis project consisting of 220+ configuration items (CIs) and leading 30 engineers at a SEI CMMI certified center, which led to $30M follow-on international projects.

• 15 years security governance and compliance experience with excellent track record advising management, internal auditors, and program office on SOX compliance, and improving business processes and compliance initiatives at several fortune 500 companies (Centene, DuPont, WB, Align, SCE, Monsanto, Kaiser) and federal agencies (USDA, LLNL, US Army, US Air Force).

• Led multiple concurrent projects in engineering and cybersecurity in private and public sectors providing guidance and training to project managers and engineers.

• Advised and collaborated with cross-functional teams in performing SW QA and HW integration tests and collaborated with stakeholders at various levels, including test engineers, sales engineers, and management.

• Detail-oriented and analytical with effective verbal, written, presentation, and organizational skills. Well-versed in MS Outlook, Windows, Excel, Word, PowerPoint, Access, Visio, Wiki, Remedy, JIRA, eCATT, HPQC, MS DOS, SharePoint, TCL/TKL, Perl, Rapid7, ServiceNow, Workday, and other applications. WORK EXPERIENCE

ISSO / Security Lead – LLNL Jun ’22 – Jan '23

• Led the Organization Security team with five direct reports providing guidance on information system and application security to protect CUI, PII, PHI, etc per FISMA/FIPS/FedRAMP requirements.

• Defined roles and responsibilities for security team and developed monthly status report for management.

• Collaborated with other Organization Security Officers in process improvement, security policies updates and reviews, including cloud applications.

Security Risk Assessment Lead – Kaiser Permanente Jul ’20 – Dec '21

• Led the inherent risk assessment (IRA) of medical edge devices including security data gathering, maintenance of security documentation, and developing and presenting monthly status reports via Tableau dashboards.

• Collaborated with device vendors in data gathering and risk assessments and improved workflow processes.

• Automated the IRA process in Excel and later in the Access Database where IRA results fed into control profiles supporting the creation of hardening guideline documentation and developed dashboard in Tableau. Lead, Compliance Analyst – Centene corporation Jun ’17 – Jun '20

• Developed security risk metrics for executive management dashboard and managed risk mitigation efforts. Also performed gap analysis of Cloud System Security Plan (SSP) to uncover missing controls for the public cloud.

• Architected the design of Archer GRC controls compliance module from compliance and governance perspective and developed reporting metrics (KPIs/KRIs).

• Led annual renewal assessments for ISO27001 and NIST 800-171 for private and federal contracts collaborating with business owners and IT engineering teams.

• Researched cloud technology and reviewed security addendums, BAAs, SOC2 Reports, and SOW for cloud service provider, and provided insight to management on pros and cons of AWS cloud compliance requirements. Ajmer S. Mann

209-***-****

Page 2 of 3

Independent Consultant NAAM Consulting Services May ’14 – Jun ‘17 Compliance Analyst – Align Technology Jul ’15 – Jun ‘16

• Managed Compliance Project Plan for JDE to SAP upgrade project, including ECC, GRC, SRM, CRM, and legacy systems by assessing existing controls (gap analysis).

• Managed testing of SAP roles to ensure that no segregation of duties (SOD) violations exist in the roles and user access, provided guidance and knowledge to managers and their staff in completing the tests for timely Go-Live.

• Provided weekly status report KPIs/KRIs on existing and new controls to Senior Manager, Security & Compliance. Release Manager – Warner Brothers Oct ’14 – Jun ‘15

• Scheduled and chaired weekly Change Advisory Board (CAB) and Change Configuration Board (CCB) meetings advising business managers, change management, and change owners on 700+ monthly SAP / non-SAP changes.

• Reviewed and approved business changes, non-SAP within Remedy workflow, and SAP changes via SAP Solution Manager (ChaRM). Executed SQL queries for various change categories and updated Remedy (SQL) reports.

• Briefed management on status of changes released to Production for each Release Package. Security & Compliance, Senior Engineer – Monsanto May ’14 – Sep ‘14

• Aligned application security to business requirements ensuring compliance through Change Management review process and coached Business Analysts/security staff on requirements analysis, role design, and documentation.

• Managed change requirements for system and user accounts, ensuring compliance to segregation of duties

(SOD) requirements and to least privilege principle. IT Security Engineer / Program Manager – USDA Dec ’12 – Apr ‘14

• Aligned SAP Security for multi-billion-dollar funds management Operations Support (FMMI project) to business requirements and ensuring APIs development is secure.

• Created, reviewed, and updated Operations and Maintenance Guide, Statement of Work, Security Policies and Procedures, and Functional and Technical documents. SAP Security Lead Consultant – US Army Medical IT Center Apr ’11 – Nov ‘12

• Led the team, collaborating with IT staff and business managers to remediate/mitigate audit findings, resulting in a successful Authority to Operate (ATO).

SAP Security / Management Consultant – Accenture (GFEBS, SCE, FMMI) Feb ’09 – Mar ‘11

• Planned and chaired meetings with Marketing, Sales, Service, Documentation, Security, and Process teams for CRM go-live, and created project plan for defining and mapping security roles to 2500+ users.

• Managed Engineering Change Requests (ECRs), collaborating with BPO to translate business requirements into technical specifications, and with Testing and QA to approve and deploy changes to Production.

• Managed user authentication and authorization (IAM) using SSO for over 10,000 business users ensuring SOD, collaborating with business managers and role owners. Operations Manager – JH Tax & Financial Services Feb ‘05 – Jan ‘09

• Supervised 15+ full-time and part-time employees to meet business needs and provide superb customer service.

• Managed business planning, marketing, training, SW updates and hiring, and worked with corporate office to ensure compliance. Managed IT systems, security, user administration, and operational procurement. SAP Security Consultant – DuPont Aug ’02 – Jan ‘05

• As technical consultant performed SAP Security tasks supporting merger of two large SAP ERP Systems.

• Investigated and remediated or mitigated identified Sarbanes-Oxley (SOX) information security issues.

• Acted as liaison for IT department with Internal and External Auditors during the annual audits. Senior System Engineer – Ishoni Networks / StarNet Technologies Oct ’98 – July ‘02

• Planned and managed software and hardware testing of Analog, ISDN, and ADSL devices, including VOIP telephone and web-based user interface.

• Designed, configured, and managed Test and Integration Labs, and installed and configured test applications and installed and managed bug tracking system and provided training to Testing team members.

• Developed and led a team of 10 test engineers assigning and ensuring timely completion of SW and HW testing tasks, managing each project utilizing Agile/Scrum methodology.

• Gathered and analyzed system functionality and performance data, and briefed senior management.

• Executed Ethernet, TCP/IP, ATM, GUI, USB, VoDSL, VOIP, Routing and Bridging protocol tests on multiple devices.

• Provided technical guidance and training to junior test engineers, and trained sales engineering team. Ajmer S. Mann

209-***-****

Page 3 of 3

LCSS IPT Lead – McClellan AFP F-22 Fighter SPO Aug ’93 – Sep ‘98

• Led Life-Cycle Software Support (LCSS) Integrated Product Team (IPT), chairing and facilitating meetings with management, program managers and external defense contractors to plan support for F-22 Raptor fighter.

• Scheduled and chaired meetings, inviting program managers from various fighter systems (F-14, F-15, F-16, F18) to provide lessons learned in supporting their planes.

• The F-22 Life-Cycle Software Support (LCSS) planning Integrated Product Team (IPT) was awarded the best of The Best of the Best Team award for our air logistics center (ALC) and went on to compete at the national level.

• Wrote the “F-22 System Software Lifecycle Support Plan” with $100M annual budget. Project Manager / Software Engineer – McClellan AFB Jun ’85 – Jul ‘93

• Managed Test Strategy Analysis (TSA) design project for 220 configuration items with 30 support engineers assigning tasks, tracking schedule and status reporting.

• Led the development of test software and hardware (test interface) with 99% fault detection for a MICAP to repair mother boards for the F-111 Fighter and completed it within half the allotted time of two weeks.

• Served as project manager for the $30M multi-year international project, gathering status information from the engineers, briefed management periodically, and provided monthly status report to the Program Manager.

• Performed requirements gathering and analysis, preliminary and detailed software designs, design reviews, coding, testing, software walk-through, user acceptance testing (UAT), I.V.&V., and documentation. EDUCATION & CERTIFICATIONS

California State University, Sacramento, ISC2, ISO, & ISACA B.S. in Electrical & Electronic Engineering (B.S.E.E.) Master of Business Administration (MBA)

M.S. in Electrical & Electronic Engineering (M.S.E.E.) coursework complete (3.85 GPA) Certified in Risk & Information Systems Control (CRISC) course. Certifications

Security+ CompTIA Security+ (2010)

ITIL v3F Information Technology Infrastructure Library v3 Foundation (2011) CISSP Certified Information Systems Security Professional (2012) CISM Certified information Security Management (2012) CISA Certified Information Security Auditor (2017) EU GDPR-P EU General Data Protection Regulation-Practitioner (2019) CDPSE Certified Data Privacy Solutions Engineer (2020) CRISC Certified in Risk and Information System Controls (in progress, 2023)

Contact this candidate