Security Officer Chief Information

Location:

Miami, FL

Posted:

May 07, 2023

Contact this candidate

Resume:

Page *

Agency: Talento

Candidate Manuel Lopez Jr

Proposed Position Sr. Manager, IT Security Compliance *****@********************.***

Cell: +1-202-***-****

Sr. Manager, IT Security Compliance - Manuel Lopez Jr Education

• Adjunct Professor (Cybersecurity/MIS Program), Bowie State University, Bowie MD, 9/09 - Present

• M.S. Master of Business Administration (MBA), Devry University, Arlington VA, 2/12

• M.S. Management Information Systems (MIS), Bowie State University, Bowie MD, 5/08

• B.A. Communications, Trinity International University, Miami, FL, 5/01 Certifications and Training

• Certified Chief Information Officer (CCIO), National Defense University (NDU) 05/16

• Project Management Professional (PMP) PMI # 430368, Villanova University

• Certified Information Security Manager (CISM), 1323577

• ITIL 2011 – Certification# 0232071501QG4F

• Certified Ethical Hacker (CEH) EC#949063

• Governance, Risk, and Compliance Conference, 2019 Summary of Relevant Experience

Mr. Lopez brings a wealth of expertise acquired in the areas of IT Security Compliance with SOX, PCI, NIST 800 publication series, GRC, Cybersecurity, Enterprise Risk Management, Vulnerability Assessments and Disaster Recovery. With over 20 years of life and work experiences with the U.S. Navy, Mr. Lopez maintains a deep understanding of the private sector financial institutions, and public sector Enterprise Software Engineering Framework and lifecycles. As a Senior Information Systems Security Officer, Mr. Lopez will use a centralized administrative approach to project management in leading and monitoring all team activities, task execution, quality control, application certification accreditation and Repository, and SOX, SOC 2, PCI DSS and NIST/FISMA Reporting. As a Certified Information Security Manager, Mr. Lopez is a member of ISACA practices. He is highly regarded senior subject matter expert with Governance, Risk, Compliance, Cybersecurity, Audit, Architecture Analysis, intrusion/vulnerability assessments expertise. With demonstrated excellent leadership, communication, and interpersonal skills, Mr. Lopez has managed teams of up to 70 personnel and multi-million-dollar budgets across both the private, federal, DoD and civil sectors. In the Navy, Mr. Lopez, managed the overall IT security program in support of Operation Enduring Freedom, Iraqi Freedom, Global War on Terrorism, Counter Terrorism, and Detainee Operations that included the analysis of security shortfalls and regularly presenting briefings and recommendations to senior leadership and auditors.

Page 2

Agency: Talento

Sr. Manager, IT Security Compliance - Manuel Lopez Jr Professional History

Principal – Chief Information Security Officer, Cyber Resilience Group (CRG), LLC Washington DC 2020 - Present

Pension Benefit Guaranty Corporation (PBGC), Office of the Chief Information Security Officer

(CISO) Washington, D.C., Sr. Cybersecurity Advisor/SME

• Provided C-SCRM awareness training to the Federal Government Procurement Department for Contracting Officers (Cos) and Contracting Officer Representatives (CORs).

• Authored and published EO 14028, NIST 800-161 Cybersecurity Supply Chain Risk Management (CSCRM), IS Contingency Plan, Strategy, Implementation plans and procedures.

• Team CRG worked with the Prime Contractor Softech, LLC development teams to address security issues and requirements proactively, working directly with the PBGC Office of Information Technology to upgrade systems by implementing and maintaining security controls.

• Determined security violations and inefficiencies by conducting periodic audits and work directly with the government COR and PBGC Security Operations Center within the agency.

• Developed RMF security assessment & authorization ATO documentation in support of Operations & Maintenance, and Continuous Diagnosis & Mitigation Phase of PBGC SDLC, aligning with FISMA/NIST & Enterprise Performance Life Cycle Framework.

• Provided training webinars and conference calls for PBGC clients needing assistance interpreting preliminary vulnerability assessment audit findings and/or to prepare for formal FISMA audits, annual risk assessments, and contingency planning exercises.

• Installed NetSparker cloud, WebInspect for software input data integrity.

• Assisted in transitioning Trusted Agent to RSA Archer in Devops for future implementation of the automated security assessment authorization system. Fiserv, Inc. Office of the Chief Information Security Officer, LATAM Region, Principal/Sr. SME

(2018 -2020)

Professional Cybersecurity leader and auditor. Certified CISM, passion for finance and banking IT, well versed in government contracting and internal IT Security support. Excels at creating high functioning team environments with customers, suppliers, and employees. An out of the box thinker able to translate technical information for non-technical customers or executives. Consistently able to bring tough projects in on time and on budget with maximum efficiency and effectiveness As a Sr. Cybersecurity Advisor/SME for the CISO at Fiserv lead the IT Security Compliance program for the Latin American and Caribbean Region. As Sr IT Security leader and liaison between auditors; completed over 10 comprehensive reviews for the organizations’ data security controls with executive teams, internal stakeholders, PCI auditors, audit firms (Deloitte/KPMG) providing IT Audit training with recommendations, direction and development for the LATAM region IT Audit and Cybersecurity Program.

• Scheduled and coordinated over 15 annual PCI Audits with LATAM Auditors for access to people and resources to perform reviews with (0) PCI DSS findings

• Assessed and remediated over 25 Point of Sale (POS) vulnerable applications after implementation with the Technical vulnerability management teams during PCI quarterly scans

• Completed over 10 comprehensive documentation reviews, technical evidence for the organizations’ data security controls with senior management teams, internal stakeholders, SOX Page 3

Agency: Talento

Sr. Manager, IT Security Compliance - Manuel Lopez Jr auditors, audit firms (KPMG) in scoping SOX environments and evaluating those environments against SOX

• SailPoint IAM System administration of LATAM Employee Lifecycle management of over 200 privilege user system engineers, developers, network engineers, and system administrators.

• SailPoint Compliance Management in the Fiserv LATAM Region (Brazil, Argentina, Panama, Colombia):

• Tracked, enforced, and certified access across the enterprise Department of Defense Threat Reduction Agency (DTRA) Authorizing Official Representative-

(Principal Security Consultant) Office of the Chief Information Officer (CIO) J6IOC

(2016 – 2018)

• Advises the Chief Information Officer (CIO) and Chief Information Security Officer (CISO) on

• comprehensive cyber security strategies and planning for the Department of Defense CIO getting to green (GTG) and Scorecard Program.

• Lead and manage independent verification and validation (IV&V) consultants on the DIACAP/RMF transition program.

• Develop performance metrics to measure the Department’s cyber risks, security requirements, identify quantifiable outputs, and establish goals that enable effective measurement for the Department’s Enterprise.

• Present to leadership and other government officials on cyber/information security and privacy matter pertaining to the Risk Management Framework (RMF) Lifecycle.

• Collaborates with Enterprise Security Operation Directors, Managers, and Supervisors to oversee the evaluation and implementation of tools and applications required to investigate anomalies and respond to and remediate incidents.

• Ensure the implementation of cyber security incident response projects and security solution implementations, such as Trusted Internet Connection (TIC), Vulnerability and Patch Management.

• Provides oversight in implementing comprehensive risk management strategies, ensuring alignment with the Department’s risk management policy, for continuous monitoring, security data analysis, and Federal Risk Authorization Management Program (Fed RAMP) cloud sponsorships.

• Provides guidance for business continuity and disaster recovery (BC/DR) initiatives, policies, and procedures to ensure continued operation of services across the Department. Department of the Navy – Navy Engineering Logistics Office (NELO) Deputy CISO, Information Systems and Technology (ISaT)

(2015 – 2016)

Managed a team of over 45 government and contractor professionals in a combination of direct and matrix reporting structures.

• Transitioned over 185 Information Systems to Defense Information Assurance & Certification Accreditation Program (DIACAP) to Risk Management Framework (RMF) in the eMASS DISA enterprise, six (6) months ahead of project schedule. Awarded Leadership Team Award and Letter of Commendation from the Secretary of Defense. Page 4

Agency: Talento

Sr. Manager, IT Security Compliance - Manuel Lopez Jr

• Ensured compliance to over 80 Classified Network (ClassNet) Systems in the Department of the Navy Domains.

• Advises the Chief Information Officer (CIO) and Chief Information Security Officer (CISO) on comprehensive cyber security strategies and planning for the Department of the Navy Special Access Programs (SAP).

• Oversees and execute managerial authority over federal and contract staff that executes the Department’s implementation of the National Institute of Standards and Technology (NIST) Risk Management Framework.

• Identifies critical success factors (CSFs), monitor risks, and ensure regular and effective communication with internal/external stakeholders to ensure effective and compliant management.

• Present to leadership and other government officials on cyber/information security and privacy matters.

• Provides guidance for business continuity and disaster recovery (BC/DR) initiatives, policies, and procedures to ensure continued operation of services across the Department. Principal Security Engineer- Office of the Chief Technology Officer (CTO) Department of State, Diplomatic Security Bureau; Arlington, VA

(2013 – 2015)

• Manage a team of up to 35 security professionals in a combination of direct and matrix reporting structure

• Monitor and ensure goals and contractual commitments are met including scope and financial management

• Advise team on key/significant security matters

• Resolve/monitor customer escalations

• Establish and manage customer relationships

• Securing MS .NET Frameworks and ASP.NET application Framework.

• Worked with developers in testing migrating and implementing Software:

• Ensure compliance with DS CTO policy and standards/regulations

(FISMA/NIST/CIS/FAM/FAH) on providing gap analysis on current security policies which include asset classification, security controls, incident management, vulnerability management plans

• Build implementation plans and interact with DS CTO on security governance related issues.

• Approve the planning and scheduling of assigned security projects; oversees the design development, and production of information security control policy and governance Program Manager/Sr. Information System Security Engineer (ISSE)– U.S. Navy, Military Sealift Command (MSC) Headquarters; Washington, DC

(2011 – 2013)

Led a major client engagement with the MSC Information Technology office of the CIO. Developed a roadmap to centralize DIACAP C&A processes. Conducted business impact analyses, performed risk Page 5

Agency: Talento

Sr. Manager, IT Security Compliance - Manuel Lopez Jr assessments, and pinpointed critical infrastructure issues. Identified widespread problems with decentralization and noncompliance. Developed and proposed effective solutions.

• Conduct DIACAP Level of Effort (LOE) management with an emphasis in:

• Information Assurance (IA)

• Certification & Accreditation (C&A)

• NIST SP 800-37; NIST 800-53;

• Perform Independent Verification & Validation (IV&V), system vulnerability analysis & security assessments throughout DIACAP SDLC (Activity 1 thru 5) with tools that include:

• Nessus; e-Eye Retina net scanner; DISA Gold Disk/SRR scripts/STIGS checklist; Tripwire;

• Determine the sensitivity of the application and the information it processes;

• Register systems and software within the DoD Information Technology Repository – Department of the Navy (DITPR-DON), DON Application and Database Management System (DADMS), enterprise Mission Assurance Support Service (eMASS);

• Providing guidance to the application system owner and developers in implementing appropriate security controls;

• Conducting OS and application-based audits;

• Ensured security deficiencies were identified, security/certification testing has been mitigated, corrected, or a risk acceptance has been obtained by Official Designated Approval Authority

(ODAA) or Authorized Official (AO)

• Prepared Interim or Final Authorization to Operate (IATO/ATO)

• Developed Plan of Action & Milestones (POA&M) to document the security vulnerabilities that were mitigated at the acquisition or operational and maintenance levels of the SDLC. Principal Consultant/Program Manager – Keane, Inc., Mclean, Virginia 06/10 - 06/11 Technical leadership of international IT services firm staffing more than 12,500 in the worldwide application services industry.

Led a major client engagement with the FBI Information Technology office of the CIO. Developed a roadmap to centralize business continuity and resilience processes. Conducted business impact analyses, performed risk assessments, and pinpointed critical infrastructure issues. Identified widespread problems with decentralization and noncompliance. Developed and proposed effective solutions.

• Defined the charter for the FBI’s first IT Enterprise Governance Executive Board on IT Contingency Operation Planning (COOP) and Business Continuity.

• Integral in the SunGard Continuity Management Solutions Network achieving certification and accreditation.

• Served as Technical Lead throughout the process.

• Rescued the Authority to Operate (ATO) milestone to deliver successfully within 8 months, when under previous management the project had stalled for 3 years.

• Introduced centralized communications processes through all departments and divisions of the FBI. Streamlined IT project management, direction, and delivery by establishing technical working groups.

Page 6

Agency: Talento

Sr. Manager, IT Security Compliance - Manuel Lopez Jr

• Simplified training processes and new process adoption by creating Standard Operating Procedures (SOPs).

Associate/Project Manager – Booz Allen Hamilton, Mclean, Virginia 06/06 – 06/09 Spearheaded research and development of contingency planning procedures, including business impact analysis, risk assessment, and gap analysis. Planned key projects and allocated them to appropriate project managers, including controlling all aspects of costs, scheduling, and performance. Ensured program scope aligned with strategic business objectives, adjusting as needed. Provided training and mentorship to a team of software engineers tasked with developing a service-oriented architecture for the IC database repository and IC catalog database. Coordinated development and implementation of contingency plans, disaster recovery and preparedness, emergency response training, audit findings, requirements analysis, security, and outreach programs. Consulted with Federal departments and agencies on project and program management. Administered contract finances.

• Developed and revised existing security policies, processes, and procedures; utilizing NIST's

"Risk Management Framework" (SP 800-37) and "Recommended Security Controls for Federal Information Systems" (SP 800-53).

• Interacted with product designers and developers to analyze security features of products, identify security improvements or enhancement capabilities, and recommend modifications.

• Conducted technical risk assessments of applications, and analyzing and mitigating system vulnerabilities

• Evaluated web-based applications, databases such as Oracle 10 and 11g, SQL Servers, Drupal, and COTS systems for security vulnerabilities and implementing realistic mitigating strategies

• Prepared systems security accreditation paperwork for systems audited against FISMA standards. Program Manager/ Sr. Information Systems Security Officer (SISO), United States Navy Washington, DC 08/98 – 06/06

IT Project Manager/Information Systems Security Manager (2003-2006) Oversaw review and integration of security controls spanning technical, operations, and management functions across 150 classified and unclassified networks. Established area-wide security procedures. Delivered critical recommendations to key personnel and stakeholders on IT, INFOSEC, and information assurance. Identified and reported on security shortfalls. Proposed strategic solutions. Maintained the OARDEC network. Allocated and managed a $2 million annual IT budget. Supervised 75 cross- functional personnel.

• Provided fundamental security support for counter-terrorism activities, detainee operations, and Operation Enduring Freedom.

• Acted as Regional Site Representative for the Navy and Marine Corps Intranet (NMCI). DISA Lead Implementation Coordinator (2001-2003)

NAVCOMTELSTA SICILY; Catania, Sicily; Italy

Managed installation and upgrades of circuits and fiber-optic lines for the Non-Secure Internet Protocol Router Network (NIPRNET) and the Secure Internet Protocol Router Network (SIPRNET), which served Page 7

Agency: Talento

Sr. Manager, IT Security Compliance - Manuel Lopez Jr over 3,500 users throughout Italy and other locations. Coordinated the activities of 40 technical personnel distributed throughout Europe. Managed more than 250 telecommunications service orders. Administered a $40 million annual budget. Documented circuit records, configuration management materials, and technical drawings. Maintained vendor relationships and negotiated contracts. Liaised with government and civilian personnel.

Special Access Program Manager / Information System Security Manager- Special Technical Operations (STO), US Southern Command Headquarters (1998-2001), Miami, FL

• Briefed senior-level personnel on programs relating to Plan Colombia and Counter-Drug Operations in SOUTHCOM.

• Collected and synthesized relevant HUMINT (human intelligence) and SIGINT (signal intelligence) information.

• Managed information security on closed networks for approximately 70 personnel in multiple agencies such as the CIA, NSA, and State Department. Relevant Cybersecurity Tools Experience & Technical Proficiencies Cyber Kill Chain Methodology – Reconnaissance, Weaponization Delivery, Exploitation Command& Control (C2), Actions on Objectives

Defense-in-Depth – Barracuda, Palo Alto Network, NextGen Firewalls, FireEye, CarbonBlack, Cisco Sourcefire IDS/IPS, HBSS+HIPS, CMRS, ACAS, Solera, ArcSight, SPLUNK Authorization & Accreditation (A&A) – DOJ CSAM, DHS Trusted Agent, Tripwire, XACTA, Rapid 7, SPLUNK FISMA, NSAT, RSA Archer

Best Practice Frameworks – PCI DSS, SOX, SOC2, COSO, CMMI, ITIL, Cloud FedRAMP (AWS, Azure, Google), HHS EPLC, NIST 800 SP 800 Series, FITARA, DevSecOps. All FISMA, EO 14028, NIST Mandates on Data In transit/At-rest encryption; Zero Trust Architecture

(ZTA); Multi-Factor Authentication (MFA); Cybersecurity Supply Chain Risk Management (C-SCRM)

Contact this candidate