Information Technology Security

ERIN GREGORY

Bowling Green, KY *****

************@*****.***

+1-360-***-****

Professional Summary

Accomplished Senior Information Technology Professional with over 5 years of specialized experience in cross-functional communication, compliance, risk management, and audit planning. Adept at educating leadership teams, developing compliant policies, and implementing effective controls across a variety of organizations, as well as team leadership, cost reduction and increased efficiency. Authorized to work in the US for any employer

Work Experience

Sr. Information Security Consultant

NCC Group-Bowling Green, KY

November 2023 to August 2024

• Lead audits concurrently for various frameworks, including HIPAA, HITRUST, ISO 27001:2022, and NIST

• Develop custom audit plans and test controls for effectiveness and compliance.

• Audit preparation and policy development

• Train junior auditors on frameworks, cyber security risk frameworks, time management, and report writing

• Review firewall configurations, regulatory requirements, and best practices with new clients

• Project management, and forecasting hours required for appropriate team scheduling

• Frequent adaptation to new frameworks, such as CMS, NYCRR, and APEC CBPR.

• Educate CEOs and Leadership Teams regarding audit results and translating controls and their intent to increase understanding for easier cross-functional communication throughout the organization Sr Information Security Auditor

Kirkpatrick Price

January 2019 to November 2023

• Lead audits concurrently for various frameworks, including FedRAMP, SOC1, SOC2, ISO 27001, FISMA, NIST, HIPAA, HITRUST, and PCI DSS.

• Consistent top three placement for revenue generation

• Design compliant policies and identify deficiencies, offering remediation plans accordingly.

• Train new auditors on ethics, frameworks, and effective interview techniques.

• Review firewall configurations and instruct organizations on networking controls.

• Instruct regarding third-party/vendor management, including due diligence and contract monitoring.

• Evaluate HR controls, covering processes from hiring to termination.

• Work with multiple GRC Tools, MDMs, IDS/IPS tools and services.

• Educate CEOs and Leadership Teams on risk assessment, regulatory requirements, and best practices. Education

Bachelor of Science in Information Technology

Western Kentucky University

M.S. in Engineering and Technology Management

Western Kentucky University

Skills

• Identity & access management

• Network Security

• Firewall

• Proficient in ISO 27001, SOC2, SOC1, HIPAA, PCI and FISMA. Risk Management

Policy Development

Education/training for audit readiness & beginning auditors Networking

Application Development Security

Speaking and Educating on Compliance and IT Topics Leadership

Control Development and Mapping

• Vulnerability management

Links

https://www.linkedin.com/in/erin-gregory

Certifications and Licenses

ISO 27001 Lead Auditor

PCI QSA

Certified Technology Manager (CTM)

CCSFP (HITRUST)

CompTIA Project+

GSNA

CISSP

CompTIA Network+

CompTIA Security+

Contact this candidate