Risk Management Business Continuity

Joseph Rostam ********@*****.*** 415-***-****

Business Continuity & Risk Management Powerhouse

10+ Years of Proven Expertise 5+ Years Leading the Charge

With experience in business continuity and disaster recovery, I have dedicated over a decade to strengthening organizations against disruption, including more than five years of guiding senior-level strategy. I excel in high-pressure situations, enhancing resilience, reducing downtime, and ensuring compliance with regulatory standards. Executives rely on my ability to provide clear direction, and teams depend on me to achieve results.

Core Skills

Security Tools & Technologies: SIEM (SPLUNK, ServiceNow), AWS Cloud Solutions

Standards & Frameworks: ISO 27001, ISO 27005, ISO 27701, NIST 800-39, GDPR, HIPAA, FIPPs, OECD, CPRA, RMF, ATO, FedRAMP

Regulatory Compliance & Privacy: GRC, Privacy & PII Protocols, Software & Hardware Lifecycle Management

Security Engineering & Risk Assessment: Risk Management, Vulnerability Testing, Patching, Security Testing

Medical Device Security: FDA, CE, HIPAA Compliance, Secure Coding Practices Administration

Incident Response & Security Controls: Security Reviews, Incident Management, Secure Communication Protocols, Standards Knowledge (IEC 62304, ISO 14971)

Collaborative Skills: Cross-functional Team Collaboration, Stakeholder Engagement, Effective Communication

Key Strengths

Business Continuity & Disaster Recovery: Architecting enterprise-wide continuity and recovery strategies to ensure resilience in the face of disruption.

Risk Management: Identifying and mitigating threats through data-driven assessments and comprehensive risk management strategies.

Cybersecurity & IT Resilience: Expertise in cybersecurity and IT disaster recovery, ensuring systems remain secure and recoverable.

Incident Response: Leading cross-functional teams in effective incident response, minimizing downtime and business impact.

Regulatory Compliance: Expertise in ISO, NIST, and other frameworks, ensuring full industry compliance.

Strategic Communication: Delivering clear, concise, and impactful communications that build trust with executives and stakeholders.

Change Management: Driving organizational change, optimizing processes, and enhancing team performance under pressure.

Negotiation: Successfully managing relationships and negotiations to protect business interests and bottom lines.

Professional Experience

Senior BCM Program Engagement & Digital Technology Raytheon Collins, San Jose, CA

06/2024 – Present

Direct and manage cybersecurity initiatives for cloud services, ensuring the protection of digital assets and compliance with security protocols and best practices.

Supervise the ongoing development, implementation, and optimization of secure, scalable cloud services that align with organizational objectives.

Ensure compliance with laws, regulations, and standards (e.g., GDPR, CCPA) in cloud services and digital asset management.

Protect, manage, and optimize digital assets in the cloud, tracking, valuing, and mitigating risks.

Plan and execute cloud technology programs aligned with business goals and legal, security, and regulatory requirements.

Communicate clearly with stakeholders on cloud services, security, legal matters, and asset management.

Identify, assess, and address risks related to cloud technologies proactively.

Foster collaboration and continuous improvement within cross-functional teams for cloud services and digital technology programs.

Developed BC/DR strategies ensuring 100% compliance and zero failure tolerance.

Led and trained a 30-member software engineering team, increasing security readiness by 40%.

Reduced vulnerabilities by 95% through data-driven risk assessments.

Collaborated with C-suite to safeguard revenue and reputation with continuity plans.

Cut system recovery times by 99% through developer collaboration, minimizing disruptions.

Staff Cybersecurity Analyst BC Risk Manager Lockheed Martin, Space Systems – Sunnyvale, CA

09/2022 – 03/2024

Led the development and enforcement of information security policies across 10+ enterprise stakeholder units, ensuring 100% compliance and protecting critical data assets.

Conducted risk assessments, security reviews, and implemented security controls to ensure business compliance with regulatory standards.

Led incident response efforts and designed infrastructure to safeguard networks and systems.

Collaborated with cross-functional teams to drive enterprise-wide security enhancements.

Maintained risk registries, documented procedures, and provided reports on cybersecurity improvements to ensure compliance with both internal policies and external regulations.

Developed continuity programs integrating cybersecurity and IT recovery.

Coordinated crisis response efficiently to minimize interruptions.

Implemented risk-tracking tools revealing weaknesses and facilitating quick fixes.

Provided detailed reports to ensure sustained profitability.

Conducted business impact analysis forming the foundation of recovery strategies.

Information System Security Analyst Northrop Grumman – Redondo Beach, CA

06/2019 – 09/2022

Spearheaded cloud migration efforts to enhance accessibility, security, and scalability of business systems.

Managed system improvements and optimized parameters for functionality, addressing end-user concerns and delivering permanent solutions.

Developed policies linking business results to eliminate confusion and drive goal achievement.

Played a key role in building and implementing privacy programs in compliance with industry standards.

Director of Cyber Security Technology Viterbis Engineering – San Carlos, CA

09/2014 – 09/2019

Led the creation of device-hardening protocols and managed relationships with third-party intrusion detection system providers working with the Palantir Software team.

Worked closely with PCI compliance partners to ensure secure transactions and data handling.

Coordinated and planned cybersecurity initiatives, meeting schedules and achieving security goals.

Cyber Security Intelligence Official [VETREAN] U.S. Army – Dublin, CA

06/2010 – 09/2014

Engineered, maintained, and repaired security systems, ensuring the protection of sensitive classified data.

Utilizing computer forensic tools & optimized security measures to protect classified information.

Monitored and updated virus protection systems to mitigate emerging threats.

Why I’m Your Standout Choice

Executive Level Communication: I’ve provided board-level insights that drive strategic decisions.

Compliance & Regulatory Framework Expertise: Mastery of ISO, NIST, and beyond—I don’t just meet standards, I redefine them.

Team Builder: Forged cross-functional squads that deliver in the clutch, every time.

Proven Ability to Deliver Under Pressure: Expert in managing multiple priorities while consistently meeting critical deadlines.

Education

B.S. in Cyber Security Engineering

American Public University System Charles Town, WV

Graduated: November 2017

Dean's List, GPA: 4.0 (2013-2017)

Certifications

AWS Cloud Solution Architect

Certified Information Security Manager (CISM)

CompTIA Security+

Contact this candidate