Cyber Risk Assessment, Senior Risk Engineer, Cyber Awareness
Resume:
John Edward Nordbeck, MS, MBA, MSF, CISSP, CISA
Northville, Michigan 48167-2714
Cell: 248-***-****
*********@*******.***
Professional Qualifications Summary
An experienced Information Security/Risk Management Specialist with strong critical problem resolution skills supported by a solid financial and business background in analysis & Enterprise Security Governance Development
Skilled in physical and logical security of facilities, digital information devices and data loss prevention
Experienced with designing computer & network security architectures for enterprise security
Designed access/identity access management (IAM) controls for comprehensive system security
Proficient with project management, process improvement, business continuity-disaster recovery planning/testing & implementation
Perform audits of information security systems for legal-regulatory compliance standards/frameworks including; COBIT, COSO, NIST 800 series, ISO 27000series, HIPAA, FISMA, GLBA, & SOX’s, NERC Critical Infrastructure Protection (CIP).
Financial Analysis for cost savings in purchasing, engineering, contract, vendor management & cost controls
Created written policies & procedures for organizational compliance including; operations security, wireless networks/mobile device security (BYOD), Personal Identifiable (PII), data classification, change management & intellectual property protection
Facilitated specialized response teams for coordinated incident response to physical & logical security breaches, accidents/incidents/disasters
Trained and qualified in cyber-crime detection/prevention, digital identity-financial-intellectual property theft and computer forensics incident response investigation
Experienced in computer automation deployment, digital document conversion, testing, upgrading, installation, training and deployment for business units
Installed, repaired and expanded Telecommunications, Computer Networking and Wireless Network Systems including hardware/software routers, Virtual Private Networks, firewalls and print servers
WIPS (Worldwide Integrated Purchasing System), WERS (Worldwide Engineering Release System), CRID (Cost Reduction Idea Database), Remedy trouble ticketing system, Sharepoint, Microsoft Excel (vlookup, hlookup, pivot tables)
Professional Experience:
Western Electricity Coordinating Council (WECC) Dec 2022-June 2024
Senior Risk Engineer
Analyze the inherent and performance risks to the reliability and security of the bulk power system (BPS).
Develop risk-based compliance monitoring plans for 400+ registered entities.
Assess cybersecurity risk based on entity characteristics, past noncompliance, audit reviews, internal controls, and threats to the BPS.
Serve as a subject matter expert to other WECC departments and registered entities.
Deliver presentations at workshops, webinars, and conferences about applying Critical Infrastructure Protection (CIP) standards to BPS Assets.
Quantify cybersecurity and physical security risk, risk tolerance, and overall program effectiveness in advancing grid reliability.
Assess cybersecurity and physical security risks and controls within a registered entity used for scoping compliance monitoring activities.
Identify and analyze emerging CIP-related risks that may negatively impact the BPS, in conjunction with event analysis and compliance assessments.
Develop operational concerns and control objectives related to the registered entity’s internal control practices.
Review, assess, and develop process improvements and documentation within the risk assessment program.
Participate in other assigned activities to benefit WECC.
DTE Energy May 2017 – March 2022
Senior IT Auditor
Possible Non-Compliance (PNC) Team Lead, working with SMEs addressing potential compliance issues with NERC Critical Infrastructure Protection (CIP) regulatory requirements.
Work with teams to develop remediation plans and mitigating controls to reduce risk for the Bulk Electric System (BES).
Interface with all levels of senior management in gaining consensus and approval of remediation plans.
Respond to outside auditors’, Reliability First, inquiries about issues dealing with PNC issues and compliance requests.
Perform spot checks and control testing for senior management, using Qualys, Tripwire, Service Now, RSA Archer, CATSWeb, Maximo, and other tools.
Responsible for metrics tracking and running weekly huddle for PNC process.
Tek Systems for ECS Federal for Environmental Protection Agency Jan 2017 – May 2017
IT Security/Change Control Board Administrator
Responsible for coordination of Change Control Requests, Running the Change Control Board Weekly Meetings.
Create performance reports for Upper Management for Tracking of “Wins”, better coordination, cost savings, etc.
Constantly monitor software/hardware compliance and vulnerabilities using Nessus.
Implementing Solar Winds for Change Control and Analysis of Network Performance, Asset tracking.
Ensures processes are documented, process is being followed, participates in IT Audits (local and global basis).
Identifies other areas for improvement by consolidation into this team to further increase customer satisfaction.
Interface with (CERT) Computer Emergency Response Team as needed to analyze and respond to CERT alerts and mitigate risks.
Tek Systems for Ford Motor Company June 2015 – August 2016
IT Auditor/Security Controls Practitioner
Consulting on Application and Infrastructure Control Framework (i.e. ACR/ICR, SCRP evidence, etc.)
Provide guidance on appropriateness of compensating controls
Consulting on Security Control Process to the application teams and application owners
Facilitating communications with Operations and General Audit Office (GAO) to confirm controls information
Facilitating communications with Suppliers in identifying and documenting IT controls
Assist with the identification of Operations-Identified Comments and associated risk
Provide metrics and status to management regarding compliance with information security requirements
Perform audits of information security systems for legal-regulatory compliance standards/frameworks including; COBIT, COSO, NIST 800 series, ISO 2700 series, HIPAA, FISMA, GLBA, & SOX’s
Provide support for Supplier On Site Assessments
Computech Corporation for Toyota Motor Corporation December 2014 – May 2015
Business Analyst - JKK Project Analyst
Ji-Kotei-Kanketsu (JKK) - each employee fulfills his or her duty at each process with a sense of built in quality with ownership so that no defect goes onto the following process.
Works with project manager/users to analyze design, implement, support business applications and systems.
Develops detailed functional systems, program specifications to develop/execute test cases, use cases and documentation.
Fosters Information Technology projects related to enhancing Automotive Research and Design systems.
Collaborate with project leads, business and technical stakeholders to achieve and provide deliverables throughout the project timeline including business and technical requirements, high-level and detailed design documentation, process development and communication, and vendor/third-party coordination.
Youngsoft for Volkswagon Group of America April 2014 – December 2014
Project Coordinator Compliance
Management of a fleet of 500+ printers, enhance security and reduce waste
Responsible for coordination of projects, financial and IT analysis of lease schedules, and printers returns
Prioritization of client service tasks and projects, handle escalations from customers, and outsourced vendors
Ensures processes are documented, process is being followed, participates in IT Audits (local and global basis)
Identifies other areas for improvement by consolidation into this team to further increase customer satisfaction
Implement print management optimization cost effectively
Create performance reports for Upper Management for Cost Savings and Tracking
Constantly monitor software/hardware compliance and vulnerabilities using Qualysis
Interface with (CERT) Computer Emergency Response Team as needed to analyze and respond to CERT alerts and mitigate risks
Modis for Hewlett Packard working for Ford Motor Company April 2012 – April 2014
Executive Site Support
Responsible for the management of a fleet of 350+ printers on two networks, including Ford Credit Corporation and Ford World Headquarters locations.
Troubleshoot, diagnose & resolve any printer hardware/software/firmware issues.
Manage and improve relations and ensure the satisfaction of all levels of Ford Executives and senior management.
On-site Monitoring/Inventory Management of onsite supplies for the entire operations fleet
United States Coast Guard August 2011 to September 2011
Internship August 2010 to September 2010
As a direct report to the Detroit Port Captain, tasks included administering/planning the Captains day with VIP's and 37 crew members. Daily routines to assist in the file maintenance of sensitive information to port activity, incident response and security
Successfully facilitate all required communication, planning and coordination of all stake holders having a vested interest in the strategic safety of the port of Detroit. The 75 member organization including; public, private, international, and governmental agencies participating in the Port Partner Cruise on the Detroit River.
Initiate, schedule and coordinate meetings to manage strategic waterway occurrences ranging from non-ideal to crisis situations at a moment’s notice.
Facilitate and assist in the smooth transition of the new Captain of the Port, making key introductions with law enforcement, maritime port authorities and key decisions makers for the safety of the Port of Detroit.
Effectively manage, coordinate, and schedule the consolidation of presentation material for speakers at the Port Partner Cruise event. The success of this is event is now the benchmarked model for future port presentations around the country.
Innovision Technologies for Ford Motor Company January 2008 to July 2008
Commodity Business Planning Financial Analyst
Created a series of special reports for tracking cost reduction ideas from the VAVE process comparing goals for the annual analysis of $500 million dollars of purchases of assets.
Critically track, analyze multiyear budgets for four purchasing teams; Electrical, Multimedia, HVAC Power Supply, and Driver Information.
Acquired and verified all cost information for the global supply base enhancing total captured cost savings of over $50 Million projected in the budgeted year throughout the supplier base of Ford Motor Company.
Birger Capital Management, Southfield Michigan July 2002 to December 2007
Webmaster/Investment Analyst
Utilizing my financial and marketing skill sets I created prospecting and client servicing materials, used for servicing existing clients and 10 to 30 attendees in small group 401(k) presentations.
Critically track, analyze and critique various investments in terms of style, style drift, past performance, volatility and probability of continued success going forward.
Financial team liaison in analyzing investment performance returns and risk measures to determine the validity of the investment performance data
Facilitate, critically analyze and critiqued performance attribution analysis of 20 institutional money managers using Vestek Analytical software and database on a quarterly basis.
Financial Team Liaison to identify, track and analyze over 75 institutional money manager evaluations.
Advising on retirement plan rollover planning, IRA, Annuities, roll into new employers 401(k) plan
Recordkeeping, disclosure requirements, fiduciary disclosures
Financial team liaison for facilitating, identifying and analyzing over 75 institutional money manager s in due diligence conference calls.
Salomon Smith Barney, Southfield Michigan Oct 1992 – June 2001
Consulting Group Analyst
Critically tracked, analyzed and critiqued monthly and quarterly account reporting for over one half a billion dollars in assets.
Financial team liaison for facilitating, presenting investment performance to institutional and high net worth clients in quarterly meetings.
Facilitate, critically analyze and critique performance asset allocation analysis, investment manager searches and performance measurement for institutional and High Net Worth clients.
Financial team liaison to facilitate, present, and answer client inquiries and questions involving plan sponsors and high net worth clients.
Critically track, analyze, and critique various investments in terms of style, style drift, past performance, volatility and probability of continued success going forward.
Utilizing my financial and marketing skill sets I create prospecting and client servicing materials, used for servicing existing clients and 10 to 40 attendees in small group 401(k) presentations.
Critically track, analyze and critique attribution analysis using Vestek Analytics software and database.
Financial team liaison to facilitate, identify and analyze over 100 institutional money managers in manager evaluation conference calls.
Financial team liaison to identify, track and analyze over 100 institutional money managers in due diligence conference calls.
Critical track, analyze and critique investment performance data to determine its validity
NASD Series 7, Series 63, Life and Health Insurance (all licenses expired)
Salomon Smith Barney, Southfield Michigan
Financial Consultant
Utilizing my financial and marketing skill sets I solicited new business growing a book of 60 clients with $2,000,000 in assets.
Facilitate proposals, critically analyze and critique investment advice to High Net Worth clients, including estate planning needs.
Created prospecting materials for soliciting new business from High Net Worth individuals, Endowments, Foundations, and small business owners
Advising on retirement plan rollover planning, IRA, Annuities, roll into new employers 401(k) plan
Recordkeeping, disclosure requirements, fiduciary disclosures
Seminar leader for 401(k) plans with small groups, used for servicing existing clients and new prospects with 10 to 50 attendees.
Education:
Master of Science, Information Assurance, Eastern Michigan University, Ypsilanti, Michigan
Masters of Science Information Assurance, GPA 3.84
IT Auditing, Disaster Recovery, Business Continuity Planning, Penetration Testing, Confidentiality – Integrity – Availability (CIA), Physical Security, Network Security, Vulnerability Risk and Analysis
Dual Degree MBA, MSF, The University of Michigan – Dearborn, Dearborn, Michigan GPA 3.49
Masters of Business Administration with concentration: Management Information Systems, Master of Science in Finance
BA, Michigan State University, East Lansing, Michigan
Major: Finance, Concentration: Accounting
Additional Professional Development and Training
Washtenaw Community College, Ann Arbor, Michigan GPA 3.7
Pursuing additional Technology related course work to enhance my technology skills and certifications
Related classes: PC Networking, Windows 2K8 Administration, Windows 2K8 Infrastructure,
Windows 7/8/10 administration, Security +, Cisco, Penetration Testing, Project Management, Microsoft Office Product Suite, Microsoft Operating Systems (Win 7,8,10), Networking (TCP/IP, Ethernet), Active Directory, Apple Products (IPAD/Iphone)
Department of Homeland Security
Critical Infrastructure Cyber Protection & Awareness Division, First Response to Terrorist Bombings
Contact this candidate