Walt J. Michlanski

San Diego, CA *****

Professional Overview

Experienced Security Professional with a background in Cybersecurity, Business Continuity, Disaster Recovery, Governance, Risk Management, Compliance, and IT Audit looking for a challenging and rewarding Senior Analyst / Manager position where my innovative, solutions-driven leadership, communication, and critical thinking skills will facilitate securing a companies’ data and risk tolerance. Professional Experience

Fairfield Residential 04/2018 – 06/2023

IS Cybersecurity Senior Analyst

Hired to build the foundation and facilitate the growth of Fairfield’s cyber security program.

Implemented Monthly Vulnerability Management Assessments (VA) along with yearly PEN testing and managed remediation.

Developed and managed Incident Response (IR), Business Continuity Plan (BCP), and Root Cause Analysis

(RCA), Business Impact Analysis (BIA), and ran the yearly tabletop Ransomware exercise with senior management and legal.

Facilitated third party security support assessments to reduce mange/reduce our risks.

Facilitated the involvement of key stakeholders for the management strategy, tools, and services for testing regulatory and compliance including SOC1/SOC2, CPRA, CIS 18, and NIST 800-53.

Developed and managed the information security policies and procedures (SOP).

Managed and development tasks, including conducting risk assessments; evaluating security management options; developing procedures and protocols, including designating and training of primary and backup recovery teams and comprehensive communications plans and tools.

Managed quarterly meetings with departmental management in facilitating security process with best practices for the management of assets, process for optimal protection and dashboards.

Conducted continuing security audits of access rights, security controls to validate and improve IT General Controls (ITGC).

Implemented and managed our MSSP team for our SOC, EDR Crowdstrike, SIEM Sumo Logic, AI data analytic SecLytics/Veza, DLP for host-based security platforms to support our SLA.

Managed our Proofpoint and M365 to secure the email environment.

Develops Cybersecurity Awareness yearly training with HR/Training.

Executed monthly phishing Proofpoint/SANS campaigns training program for results driven remediation to reduce click rates from over 25% to 5-8%.

Managed successful audits of IT general controls and security with PwC and Deloitte.

Managed security budget, quarterly presentations, and dashboards for communication with the senior leadership team.

CareFusion/Becton Dickinson (BD) 10/2009 – 04/2018 IT Compliance Consultant 03/2015 – 04/2018

Responsible for regulatory compliance including Sarbanes Oxley (SOX 404) framework, testing ITGC, remediation, audits with KPMG, E&Y, PWC and internal audit for SOX and ISO27001 certifications.

Work closely with Information Security to detect and analyze risk assessments and compliance vulnerabilities.

Managed GRC products from ServiceNow and SAP to monitor provisioning, file access and risk evaluations on changes.

IT Risk Management Consultant 10/2013 – 03/2015

Manager left and acquired the responsibility for risk management strategy support and testing for regulatory and compliance including Sarbanes-Oxley (SOX), HIPAA, ISO27001, SOC2, COBIT and COSO frameworks and EU Safe Harbor.

Implemented customer-focus approach by adding value in delivering an internal IT audit learning assessment with processes for the IT audit program to support the IT audits.

Facilitated development and training of new associates in IT Compliance

Took leading role in promoting a culture of information security throughout BD to ensure the risks, protections, and controls to effectively ensure the Confidentiality, Integrity, and Availability of data. IT Risk Management Consultant 10/2009 – 10/2013

CareFusion separated from Cardinal Health and went public in September 2009. I was hired to help facilitate and co-manage the IT Risk Management, Governance, and Compliance (GRC).

Implemented customer-focus approach by adding value in delivering an internal IT audit learning assessment with processes and procedures for the IT audit program to support the IT audits.

Responsible for internal and external Sarbanes Oxley (SOX 404) framework, testing ITGC, remediation, audits with KPMG, E&Y, PWC and internal audit.

Established and assisted with the implementation of an IT pandemic, Business Continuity Plan (BCP) and Disaster Recovery (DR) plans.

Developed a new suite of company IT security policies using industry ITIL, SANS and NIST.

Managed GRC products from ServiceNow and SAP to monitor provisioning, file access and risk evaluations on changes.

Implemented new program controls and execution with Altiris and Service Now for Incident Management (IM), Change Management (CM), Root Cause Analysis (RCA), Daily Service Reviews (DSR).

Created processes on projects for data privacy and data classification of data.

Lead IT Risk Management department development with assessments and audits of logs, processes, and procedures.

Monitor and report IT control effectiveness to key stakeholders.

Managed CAPA’s (Corrective and Preventive Action) between the business and IT.

Managed third party vendors and metrics using ArcSight, Qualys and SCCM. The Hartford 03/2008 – 10/2009

IT Consultant / Project Manager

Managed the implementation of the GRC/IT security program including IT policies, SOX ITGC, and IT audit/assessment learning program for IT with Altiris.

Managed Phase 2 for country wide server consolidation with savings of over 2M a year.

Managed Remote Worker/Telephony Architecture Replacement in reducing 5 call center switches to 2 and utilizing IP Softphone skill-based calls with Echopass software resulted in ~300 homeworkers and reduce building occupancy by 50% with a savings of 500K a year.

Managed new data center relocation from existing facility in San Diego, CA to Santee, CA. Technical

M365, ServiceNow, ITIL, OKTA MFA, OpenPages GRC, Remedy, SharePoint, Palo Alto Prisma, Fire Eye, Cisco, eSentire MDR/Recon, Proofpoint, Netskope, AI, Tenable, Security Scorecard, Crowdstrike, Veza, AWS/Azure Cloud, SCCM, ArcSight, Qualys, VoIP, VPN, SNMP, TCP/IP, Unix, Linux, TQM, Alcatel, Archer, Agile, McAfee, Norton, Patching, Routers/Switches, PGP, Backup, Scanning, Assessments, RCA, CM, DSR, DRS, SANS, NIST, ISO, PCI, SAP, ERP, GDPR, ITGC, SOX, SOC, BCP, EU, HIPAA, COSO, COBIT, CPRA Education / Certifications / Training

BS, Business Information Systems

MA, Leadership – Azusa Pacific University

ITIL v3 Certification

CISM Certification – ISACA (08/2023)

CISA Certification – ISACA (Training)

ISACA: Pursuing certifications. Additional training in NIST/CIS, Cybersecurity, and Risk management

Training/Coursework: Leadership Training, Project Management, SDLC, CISSP Boot Camp, RSA, Black Hat, DefCon, Gartner Security/ Risk, SANS management and security courses.

ISACA and ISSA memberships.

Contact this candidate