Security Officer Chief Information

SPENCER BIAH

Senior Cybersecurity professional

adwyj0@r.postjobfree.com - 301-***-****

Objective: To obtain a challenging role as a Chief Information Security Officer (CISO) that allows me to leverage my expertise in cybersecurity, risk management, and compliance to protect the organization's assets and mitigate risks.

Summary of skillsets

Results oriented Chief Information Security Officer (CISO) with over 17 years of experience who has led diverse teams of specialized experts in the development and implementation of security initiatives including Security policies development and implementation, Identity and Access Management, DevSecOps, AWS Cloud Security, Governance Risk Compliance, NIST 800 Series, Incident Response, Business Continuity, ISO 27000, FISMA, Information System Continuous Monitoring (ISCM) and Ongoing Assessment (OA), FedRAMP, Cloud Security, Disaster Recovery, PCI DSS, GDPR, CMMC. A Department of Defense

(DOD) 8140/8570.1 Information Assurance Manager/Level III professional with the requisite Education, Expertise, and Certifications. Retired Military Officer CERTIFICATIONS / LICENSES

• CMMC Certified Practitioner (CCP)

• CMMC Provisional Assessor

• CISSP (Expiration date: August 2024)

• CCISO (Expiration date: December 2023)

• CISM (Expiration date: November 2023)

• AWS Certified Cloud Developer

• AWS Certified Solutions Architect

• CompTIA Security+ (Expiration date December 2019)

• Lean Six Sigma (Green

Belt)

EDUCATION

• Master of Science in Information Assurance/Cybersecurity - Norwich University, Northfield, VT

• Master of Business Administration -Touro University, New York, NY

• Bachelor of Business Administration – St. Edwards University, Austin, TX

• Chief Information Security Officer certificate - National Defense University, FT Myers, VA

• US Army Command Staff and General College - Organizational Leadership, FT Gordon, GA

• Information Systems Manager Course, US Army School of Information Technology, FT Gordon, GA

WORK EXPERIENCE

Chief Information Security Officer (CISO), The Daggers Group Program Executive Office Intelligence Electronics Warfare Sensors (PEOIEWS), Fort Belvoir, Virginia

February 15, 2020 to April 23, 2023

• Led the development and implementation of a comprehensive security program that reduced cybersecurity risks by 50%; Directly responsible for developing, implementing, and monitoring strategic, comprehensive, enterprise information security and IT risk management programs.

• Developed and maintained relationships with key stakeholders, including executive leadership, board members, vendors, and customers; Collaborated with different teams acting as the conduit between the project managers and development teams to identify potential security risks and recommend remediation measures.

• Successfully conducted frequent risk assessments and developed risk management strategies that improved the organization's security posture including addressing inherent risks within the Supply Chain Risk Management (SCRM) process.

• Defined a cybersecurity strategy and operating model aligned with the organization’s business objectives including building, developing, and tracking information security and compliance program metrics.

Senior Information Security Manager Missing Link Security Office of the Controller for Currency (OCC), Washington, DC April 22, 2018 to January 10, 2020

• Led the development and implementation of security policies, procedures, and controls that improved the organization's security posture; Established processes and procedures for receiving, documenting, investigating, and responding to complaints and/or allegations of violations of privacy policies and procedures.

• Developed necessary security artifacts to strengthen the organization’s cybersecurity program to include policy documents, risk mitigation measures to meet federal regulatory compliance.

• Developed threat models and associated security architectures/requirements, and design appropriate mitigations; periodically lead security audits of existing software/services

(with self/with security partners) and design/implement corrective actions.

• Developed and validated artifacts for FedRAMP ATO packages including System Security Plan, Information System Contingency Plan, Security Assessment Report to support Cloud based systems including IaaS, PaaS, and SaaS

Chief Information Assurance Architect, PVM LLC

US Army - Belvoir, VA - January 2017 to 1 February 2018

• Developed and implemented the following measures to build the organization’s cybersecurity program to include Information Security Continuous Monitoring

(automation), Vulnerability Remediation Process, Secure Software/System Development Lifecycle (S

3

DLC), and Continuous risk awareness briefing.

• Defined and delivered a cybersecurity culture and awareness program for employees and partners building high performing cybersecurity team; Directly responsible for developing, implementing, and monitoring strategic, comprehensive, enterprise information security and IT risk management programs.

• Worked with the various stakeholders to implement security controls in accordance with Federal security regulations, standards, and processes including NIST 800-53, and FedRAMP security requirements.

• Established a proactive incident response process to identify forensics methodology for determining breaches, remediation, and follow up IR process to avoid future occurrence. Chief Information Security Officer

Ris Group - Stafford, VA - January 2016 to January 2017

• Instrumental in architecting security solutions including identity and access management, advanced threat detection, privileged account management, and web Single Sign On

(SSO) solutions to meet framework standards.

• Directly responsible for developing, implementing, and monitoring strategic, comprehensive, enterprise information security and IT risk management programs.

• Developed and guided the implementation of IaaS and SaaS cloud-based security solutions to meet the supported agencies’ stated cybersecurity goals.

• Managed a team responsible for managing security incidents and breaches, conducting security audits, and ensuring compliance with industry regulations. Chief

Cybersecurity Department, OPS Group, US Army, Fort Irwin, CA - December 2011 to September 2015

• Implemented the necessary measures to ensure the organization successfully passed several DoD Federal Information Security Management Act (FISMA) and Critical Cyber Readiness Inspections (CCRI)

• Planned, managed, and executed periodic vulnerability assessments on organization’s networks, information systems, and facilities utilizing federal regulations and best business practices.

• Prepared the organization for external assessments to meet compliance requirements, helped to define acceptable risks for senior management.

• Developed metrics for evaluating the effectiveness and success of the security and privacy frameworks to ensure they meet the needs of all internal and external stakeholders. Enterprise Service Manager, Regional Command-North Afghanistan North Atlantic Treaty Organization (NATO) Networks, Afghanistan - January 2011 to December 2011

• Implemented security controls for different US and North Atlantic Treaty Organization

(NATO) networks; supported and maintained six (6) Help Desks that supported over 1,000 customers.

• Led 5-person incident response team providing resolutions for Cyber Incident Response and Spillage for over 1,000 military, DoD civilians, and contractors.

• Provided support and recommendations for the organizations transition from DIACAP to RMF by updating policies, procedures, and processes to execute RMF, Guided System Owners through the C&A process.

• Developed organization-wide security testing, intrusion detection/prevention, and countermeasures, to support network security assessments and audits. Information System Security Officer

44th Signal Battalion, US Army - Schweinfurt, Germany - April 2008 to January 2011

• Supported a 600-person organization providing Information Technology (IT) and secure cyber security support to over 10,000 US personnel in the European theater.

• Managed the organization's Information Assurance Vulnerability Management (IAVM) process to ensure IAVAs were quickly remediated to meet Defense Intelligence Security Agency (DISA) standards.

• Utilized the DIACAP processes to achieve systems certification and accreditation; devised the company's security plan including controlling access to facilities, sensitive information, and equipment.

MILITARY SERVICE

• Twenty years (active-duty service)

• Last military Rank: US Army Major

• Highest Commendations: Bronze Star (2)

Authorized to work in the US for any employer.

Contact this candidate