Sr. Cybersecurity Professional
Resume:
BRIAN E. GIBBS
Epping, NH 603-***-**** *******@*****.***
Cyber Security Professional
Summary
Energetic Cybersecurity professional with a passion for protecting information assets and ensuring their availability to customers based on a need to know. Skilled in analyzing complex security issues and implementing effective solutions, I strive to stay ahead of emerging threats and continuously improve security protocols. My extensive experience in both technical and leadership roles enables me to bridge the gap between business objectives and cybersecurity requirements.
Core Skills
Risk-Based IT Auditing • Cybersecurity Incident Investigation • Vendor Risk Assessment Cybersecurity Control Improvement • Streamlined Processes • GRC Tools • Mitigated Risk • Led Effective Audits • Effective Communicator • United States Army Veteran • MBA in Information Assurance • Nist 800-53 v4 • Threat Assessments • Strategic Risk Assessments • Internal Risk Assessments • Cyber Threat Intelligence • Communications • Relationship Management
WORK EXPERIENCE
Liberty Mutual; Portsmouth, NH Mar 2019 – Oct 2024
Principal Cybersecurity Specialist
● Took charge of incident handling on a 24x7 basis while coordinating global response team efforts for Third-Party Security-related investigations.
● Strengthened cybersecurity and minimized risk by leveraging knowledge of information security, regulations, ISO 27001 standards, risk assessments, network security protocols, operating systems (Windows, Linux), and database management systems.
● Evaluated risk and determined the effectiveness of controls for Third Parties performing services on behalf of the firm, successfully safeguarding financial assets and systems.
● Executed approved Risk Assessment process (Onsite/Offsite) in accordance with established policies and standards under general direction, with a high degree of independence.
● I identified the impact of findings to issue recommendations and presented clear explanations of the issues with the Business Sponsor and Third Party based on the ISO 27001 framework.
● Appraised adequacy of corrective action taken to address reported Risk Assessment Findings.
● Provided technical and subject matter expertise (SME) supporting tools used for documenting and communicating identified risks during the risk assessment process.
● Leveraged knowledge of Windows, Linux, and Database Management systems when performing audits of third parties entrusted with our data.
Senior Cybersecurity Specialist Aug 2014 - March 2019
● Conducted comprehensive Risk Assessments for Third Parties using Shared Assessments methodology to ensure compliance with Information Security Best Practices and ISO 27001.
● Coordinated global incident response team efforts for investigations related to Third Party Security incidents, successfully identifying, containing, and remediating security threats.
● In partnership with others, we created a Third Party Risk Management program based on the Shared Assessments Information Gathering (SIG) Framework. This framework is used extensively throughout the Financial Services area and is also mapped to other frameworks such as ISO 27001, NIST 800-53, and others.
● Implemented a new complex but efficient system to automate the audit/assessment process enabling the team to increase productivity while also increasing the visibility of our efforts to
● decrease the risk to the organization because of Third Parties fixing identified gaps in their Security Program.
● Conducted Audits/Assessments of organizations associated with third-party services by determining control effectiveness while safeguarding assets against compliance violations.
● Prepared detailed written reports for Business Sponsors and Third Parties at the conclusion of each Third-Party Audit/Assessment, ensuring clarity and actionable insights.
● Provided technical expertise supporting tools used for documenting identified risks during the assessment process, reinforcing communication channels between stakeholders.
● Appraised corrective actions taken in response to reported Risk Assessment Findings as necessary to ensure continuous improvement within third-party engagements.
Fidelity Investments; Merrimack, NH Jan 2014 - Aug 2014
Principal Information Security Analyst, Third-Party Risk Management
● Conducted comprehensive Risk Assessments on external vendors to ensure compliance with Information Security Best Practices and ISO 27001 for domestic and international operations.
● Identified critical findings impacting vendor performance, delivering clear recommendations while effectively communicating issues to Business Sponsors and Third Parties.
● Prepared comprehensive reports summarizing key insights from Third Party Risk Assessments for stakeholders, enhancing transparency and accountability in risk management.
● Executed the approved Risk Assessment process independently and efficiently, adhering strictly to established policies and standards during both onsite and offsite evaluations.
● Evaluated third-party risks to assess control effectiveness in asset compliance.
State Street Bank & Trust; Boston, MA Dec 2011 - Jan 2014
Assistant VP, Internal Audit
● Conducted comprehensive audits at State Street Corporation, supporting the sound oversight of $25.74 trillion in assets under custody and $2.15 trillion in AUM.
● Defined audit scope and objectives, establishing timelines and budgets that led to the successful development of multiple audit programs, improving operational efficiency.
● Served as a subject matter expert on emerging auditing techniques, contributing innovative strategies that enhanced the effectiveness of internal audits throughout the organization.
● Reviewed configurations, records, reports, and procedures for accuracy; identified discrepancies that led to actionable recommendations improving overall compliance efforts.
● Prepared concise written reports summarizing findings from audits conducted on complex systems development projects, delivering insights directly to operations management.
Federal Reserve Bank; Boston, MA Jan 2009 - Dec 2011
Senior IT Auditor
● Maintained advanced knowledge of liaison areas by analyzing data to assess regulations.
● Evaluated the overall effectiveness of controls within the Bank's automation environment, based on FISMA thereby enhancing risk management and compliance across critical financial operations.
● Developed and implemented innovative auditing programs while revising existing ones, producing concise documentation that effectively captured key findings and conclusions.
● Identified critical audit exceptions, meticulously assessing their impact while delivering compelling and actionable recommendations to senior management for effective resolution.
EDUCATION
Capitol College, Laurel, MD
Master of Business Administration, Information Assurance
Master of Science, Network Security
Thomas College, Waterville, ME
Bachelor of Science, Computer Information Systems
TECHNOLOGIES
ISO 27001 • PCI DSS • Checkpoint • Cisco Pix • Juniper Networks Netscreen • Nokia Security • Health Monitoring System • Checkpoint Provider-1 2000 • Checkpoint 4.x • Checkpoint NG FP3 • Checkpoint VPN • Firewall auditing tool • Internet Content Filtering • JIRA • ServiceNow • Aravo • RSAM • Splunk • SecurityScorecard • Archer • Windows • Linux
Certifications
Certified Information Security Auditor
Certified Information Security Systems Professional
Certified Information Privacy Professional /US
Certified Third Party Risk Professional
GIAC Certified Incident Handler
GIAC Certified Forensic examiner
Continuing Education
Certified Information Security Manager (in process)
PCI Professional (in process)
Artificial Intelligence Security and Auditing (researching)
Contact this candidate