Risk Management Program Manager

William Douglas

Top Secret Clearance, SCI

**** **** ***** ** *******, VA 22030

**********@*****.*** · 703-***-**** (C)

Summary of Qualifications

Cybersecurity and IT professional with over 20 years of experience leading security operations, risk management, and compliance for Department of Defense (DoD) and federal agencies. Proven expertise in cybersecurity governance, incident response, Zero Trust architecture, SIEM management, and Risk Management Framework (RMF) - NIST 800-53. Adept at managing teams, securing enterprise networks, and ensuring compliance with FISMA, NIST, DISA, DoD, and CJCS regulations.

I seek a position where I can use my technical and communication skills to provide total customer satisfaction. I am a career Information Technology (IT) professional with demonstrated success in Program and Project Management, Implementation and Operational support of several multifaceted Department of Defense (DoD) enterprise complex IT programs. Demonstrated ability to analyze information technology needs, offer cost effective solutions, and management implementation efforts that meet program, resource, and time requirements. I have extensive experience with a broad range of hardware and operating systems, and the complete software life cycle for large and small systems. I’m consistently recognized for achievement and dedication in managing and motivating teams to surpass organizational objectives; always delivering high quality IT products and services on schedule and under budget. Demonstrated skills in staff supervision, written and verbal communications and delivering technical training and presentations; my dedication and professional demeanor will be assets to any business. I am a U.S. citizen by birth and currently hold a Top Secret security clearance.

Project Management/Planning: Experienced in strategic project planning and execution for high-tempo operations, inter-agency liaison, and advanced technology integration. Analyze and define operational requirements, architecture, and infrastructures. Perform needs analyses to define opportunities for new or improved business process solutions. Experience with varying SW development approaches including Agile and Waterfall. Certified Scrum Master, Certified PMP and ITIL Intermediate Certified.

Cybersecurity: Create and implement policies that ensure information systems reliability and accessibility, and prevent and defend against unauthorized access to systems, networks, and data. Conduct risk and vulnerability assessments of planned and installed information systems.

Customer Support: Demonstrated ability to identify, analyze, and solve problems with minimal guidance and to suggest feasible solutions. Composed technical documentation and end-user training on new systems. Manage accounts, network rights, and access to systems and equipment. Elevate the stature of various systems with the provision of service- and quality-driven customer performance standards.

TECHNICAL SKILLS & EXPERTISE

Cybersecurity Leadership & Compliance: FISMA, NIST 800-137, RMF, CMMC, CJCS directives

Zero Trust & Layer 7 Firewall Security: DISA guidelines, OMB M-22-09 compliance

Cyber Defense & Incident Response: SIEM management (Splunk, ACAS, ePO), 24/7 SOC monitoring

Cloud Security & Network Protection: AWS, Azure, Government Cloud environments

Continuous Monitoring & Risk Management: OMB M-21-31, POA&M tracking, RMF implementation

Cybersecurity Tools & Technologies: ePolicy Orchestrator (ePO), ACAS Security Center, SIEM, CMRS ESS

Identity & Access Management: IdM, Privileged Access Management, MFA, AD Group Policy

Team Leadership & Executive Reporting: Cybersecurity briefings, after-action reports, stakeholder engagement

Employment History

SYSTEM HIGH CORPORATION – CHANTILLY, VA JAN 2024 – PRESENT

Cyber Compliance and Governance Manager

Lead a cybersecurity team responsible for Zero Trust implementation, Layer 7 firewall security, and continuous monitoring and participated in regulatory compliance audits and assessments utilizing NIST and CMMC frameworks, demonstrating proficiency in cybersecurity standards and a proactive approach to network risk identification and mitigation planning.

Spearheaded the development and update of cybersecurity policies and procedures, contributing to the creation of cybersecurity awareness training materials, showcasing strong leadership in promoting cybersecurity best practices within the organization.

Expertly managed operations and maintenance of remote access and LAN/WAN software and hardware, including performing software upgrades, patch installations, hardware replacements, and troubleshooting, ensuring high network availability and security compliance according to DoD and industry best practices.

Actively participated in incident response teams, conducted vulnerability scanning and reporting, and developed notification plans for emerging cybersecurity threats, exemplifying a commitment to maintaining cutting-edge knowledge in cybersecurity vulnerabilities and threats.

Conduct cyber risk assessments and deliver executive briefings on cybersecurity posture.

Develop, implement, and maintain SIEM capabilities to improve cyber threat detection and response.

Oversee compliance with NIST 800-137, RMF, FISMA, and DISA mandates for enterprise security.

Manage cyber incident response operations, including 24/7 SOC monitoring, threat mitigation, and after-action reporting.

Department of Navy EIC – CARDEROCK DIV NS, West Bethesda, MD DEC 2020 – dec 2023

IT SPECIALIST (CUSTSPT)/NT/2210/05

Supports the maintenance and expansion of the DREN network infrastructure, including wired and wireless technologies, provides high level IT Project Management, Help Desk and Network level troubleshooting, account management, and project management.

Establishes IT/Cybersecurity processes, policies and procedures and establishing associate processes for accountability and developing standardized IT/Cybersecurity processes within the Washington Navy Yard and ensuring the processes are effective and efficient.

Coordinates all IT and Cybersecurity resources and ensures appropriate communication and implementation of IT/Cybersecurity requirements, issues, inventories, and guidance to Department management, system owners, and the workforce.

Site Information System Security Officer (ISSO); responsible for coordinating incident response for IT issues and spills including containment, mitigation, documentation, and remediation. I review and/or propose IT Security Exceptions as needed to meet mission.

Collaborates with the CIO, DCIO, and ISSMs, as well as Washington Navy Yard personnel and management to support their mission-related IT requirements.

Managed Cybersecurity and Accreditation Risk Management Framework (RMF) - NIST 800-53 activities for enterprise networks.

Implemented patching, vulnerability scanning, and cybersecurity database tracking for compliance.

Conducted security audits, compliance tracking, and cyber incident forensic analysis.

Department of Navy EIC – CARDEROCK DIV NS, West Bethesda, MD Sep 2019 – DeC 2020

IT SPECIALIST (INFOSEC)/NT/2210/05

Served as a Cybersecurity (CS) professional for the NAVSEA Enterprise by providing the Functional Authorizing Official (FAO) with risk assessments and expert advice regarding accreditation decisions and technical analysis for assessment of CS engineering efforts for NAVSEA Defense Business Systems (DBS), Research, Development, Test and Evaluation (RDT&E), and/or Platform IT (PIT) systems.

Served as the CS technical advisor to the NAVSEA Enterprise Information Technology Officer (EITO)/Chief Information Officer (CIO).

Analyzed the validation of NAVSEA IT systems to include procedures to confirm or establish by testing, evaluation, examination, investigation or competent evidence that an information system is assigned to the proper CS controls, that those controls are engineered and implemented correctly, and are effective for the respective applications.

Served as a Subject Matter Expert (SME) on Assess and Authorize (A&A) procedures concerning the Risk Management Framework (RMF) process and ensures that applicable CS control testing and evaluation is performed.

Coordinates with the NAVSEA Enterprise Program Executive Offices (PEO), regarding CS risk assessments, and plans, develops and coordinates enterprise-wide CS procedures/processes, and strategies.

Provided Risk Management Framework (RMF) - NIST 800-53 cybersecurity assessments for DoD networks.

Led the development of cybersecurity policy and compliance initiatives for DoD systems.

Analyzed network security architecture, access control, and encryption protocols.

Isobar – Hanscom Air Force Base, Boston Massachusetts Mar 2019 – Sep 2019

CCE and ITSM Program Manager

Manages ServiceNow application migration efforts for CCE and owning and driving the IT Service Management direction and vision for the Common Computing Environment. Conducts needs analysis to define opportunities for new or improved business process solutions.

Provides Project Management Subject Matter expertise to staff in the industry best practices of managing the IT scheduling, project pricing, and technical performance of initiatives from initiation to closure.

Leads, coaches and motivates Program team members on a proactive basis to determine internal requirements and resources needed to complete project and schedule plans. Worked with the Project Sponsor and stakeholders to complete a project charter outlining scope, goals, deliverable, required resources, budget and timelines.

Managed enterprise SIEM security implementation and network security compliance.

Developed cybersecurity executive briefings and reported findings to stakeholders

TWD & Associates – Naval Sea Systems Command (NAVSEA), Washington Navy Yard 2018-2019

Sr. Project Management SME/Assessment and Authorization/RMF Team Lead

Provides Project Management Subject Matter expertise to NAVSEA HQ OOI Government staff in the industry best practices of managing the IT scheduling, project pricing, and technical performance of OOI initiatives from initiation to closure. Leads, coaches and motivates project team members on a proactive basis to determine internal requirements and resources needed to complete project and schedule plans.

Defines operational requirements pertaining to the governance and tracking of IT Services and equipment. Conducted needs analyses to define opportunities for new or improved business process solutions. Worked with the Project Sponsor and stakeholders to complete a project charter outlining scope, goals, deliverable, required resources, budget and timelines.

Conducts requirements analysis and Project Reviews of each Directorate to effectively manage project scope, solidify requirements, govern customer expectations, and mitigate any risk factors while also ensuring any changes to scope are documented and approved.

Collaborates/Liaison with Government Technical Services Manager with the management of the A&A team responsible for all aspects of the systems assessment and authorization using the Risk Management Framework (RMF) process.

Creates project management plans for systems undergoing the accreditation process by applying knowledge of Cybersecurity and privacy analysis and consulting throughout the security assessment and compliance life cycle process. Analyzes the documentation, validation, and accreditation processes necessary to ensure systems meet security and privacy requirements.

DXC Technology – National Reconnaissance Organization (NRO), Chantilly, VA 2017-2018

Integrated Operations Lead

Intimately familiar with PMI, ITIL and Agile frameworks and displays experience by managing day to day operations of a staff of more than 50 personnel. Supports the Government in performing operational duties in accordance with Government established SOPs, NOIs, and policies.

Coordinates and manages organization that provides 24X365 incident management and monitoring for all infrastructure and services under COMM responsibility by detecting, monitoring, and managing correction of fault, performance, utilization errors, events, incidents, and problems.

Ensures continuous development, tracking and communication of requirements with stakeholders and across the Integrated Operations team.

Manages organization that supports the Government, other MSPs and O&M contractors performing in-depth configuration management, performance management, problem management, and root cause analysis for incidents and problems. Also responsible for investigation and analysis to provide a resolution and/or workaround to restore normal services.

TWD & Associates – Naval Sea Systems Command (NAVSEA), Washington Navy Yard 2013-2017

Deputy Program Manager

Develops performance metrics to establish critical risk and security requirements, identify quantifiable outputs, and establish goals that enable effective success measurement. Collaborates with the Deputy Chief Information Officer (DCIO), HQ Information Assurance Manager (IAM), and Security Services Project Manager to oversee the evaluation and implementation of tools and applications required to investigate anomalies, respond to, and remediate incidents. Ensures the implementation of cybersecurity incident response projects and security solution implementations, such as information assurance vulnerability alert (IAVA) and Patch Management by managing the team that designs and ensures the incorporation of protection, detection, reaction, and recovery capabilities and mechanisms at the local computer environment, enclave boundary, network and infrastructure, and supporting infrastructure.

Briefs leadership and other officials on NAVSEA HQ information security and privacy matters and issues; oversees the provisioning of appropriate assistance with computer forensics investigations and/or business continuity support to other Departments and Agencies where appropriate. Provides guidance for business continuity and disaster recovery (BCDR) initiatives of the Naval Sea Systems Command (NAVSEA) Headquarters (HQ) Information Technology (IT) Operations Deputy Chief Information Officer (DCIO to include creation of policies and procedures to ensure continued operation of services.

Provides oversight to the implementation of comprehensive risk management strategies aligned with Naval Sea Systems Command (NAVSEA) Headquarters (HQ) Information Technology (IT) Operations risk posture, inclusive of specific programs to include continuous monitoring and security data analysis. A second-level supervisor with a full range of supervisory authorities, personally or using subordinate supervisors and team leads to direct, coordinate, or oversee work. Responsible for managing a variety of technical projects with a focus on (but not limited to) Technology/Infrastructure and Database upgrade initiatives and Monthly Product Releases.

Supports the development of a Technical Requirements Plan to outline the activities and processes associated with managing, tracking and updating program requirements. Facilitate discussions with technical and non-technical audiences to identify functional and technical requirements effectively identifying and mitigating risks to the program

General Dynamics Information Technology – Defense Advanced Research Agency (DARPA) 2011-2013

Information Technology (IT) Project Manager

Responsible for the coordination, implementation and development of IT security projects, policies and procedures focusing on substantial resources, long-range impact. Performed management functions such as planning, scheduling, organizing, and tracking process, ensuring the feasibility of the project.

Responsible for the activities of IT Operations including data administration, security, change management, Information Assurance, and telecommunications. This involves leading change management and risk management efforts, identifying appropriate resources needed and developing schedules to ensure timely completion of projects.

Maintains a close working relationship with Program Manager, other Project Managers, and engineering, technical and support staff. Supervises the administration, security, and continuous operation of Enterprise computer systems and infrastructure. Collaborate with management teams to deliver assigned projects by developing competition timeline, assessing potential bottlenecks in each project process. Establishes goals and milestones as per the estimated output generated by the project.

Maintains and updates the Requirements Traceability Matrix to support development and testing efforts. Collaborate with teams across the customer organization to improve processes, results, and effectiveness of requirements plans and processes.

Ensures development of quality deliverables within established schedules and reports progress, status and associated data/metrics associated with requirements.

General Dynamics Information Technology – Royal Saudi Airforce (RSAF), Saudi Arabia 2010-2011

Senior Systems Engineer

Provides configuration, data, engineering data management, and deficiency reporting requirements for new or revised statements of work, requests for proposals acquisition management plans, and other program documentation responsible for assuring reporting requirements are covered in all assigned program contracts.

Responsible for the evaluation of Engineering Change Proposals, Requests for Deviation, Contract Change Proposals and Advance Change/Study Notices for adequacy, completeness, and compliance with directives.

Responsible for the coordination, implementation and development of IT security projects, policies and procedures focusing on specifications, Interface Control Documents, Acceptance Test Procedures and engineering drawing for long-range impact to projects.

General Dynamics Information Technology – Camp Lemonier, Djibouti, Africa 2007-2010

Senior Network Engineer (GSE-13), CENTRIXS Combined Joint Task Force, Horn of Africa

Operate and administer the Combined Enterprise Regional Information Exchange System (CENTRIXS) wide area network (WAN) ensuring optimal levels of connectivity, operability, and security are maintained.

Configure and control switches and routers on Global Coalition Task Force (GCTF) Horn of Africa (HOA) Area of Responsibility (AOR).

Troubleshoot and resolve network issues by traveling to remote sites to maintain functionality and support seamless and ongoing operations.

Lead efforts to coordinate and support CENTRIX’s expansions to U.S. Embassies and various U.S. government sites throughout the Horn of Africa area of responsibility.

Plan and connect five country’s U.S. Embassies to CENTRIX completing project on time and within budget.

DasNet Corp., Riyadh, Saudi Arabia 2007

Network Engineer

Administered all network functions, including DNS, Active Directory, DHCP, GPOs, and Exchange 2003.

Maintained optimal levels of network security by deploying a Symantec Antivirus Servers.

Protected client email infrastructure using Symantec Antivirus Enterprise Edition with Exchange Server 2003 to prevent virus outbreaks via email exchanges.

Managed and implemented projects based on Windows Server Update Services and Terminal Access Control Access-Control System.

Maintained TCP/IP, UDP, internet, and intranet routing, switching, and bridging functions in LAN, WAN, and VPN environments.

ITT, Al Nasiriyah, Iraq 2006-2007

Network Administrator (GSE-13), Systems Division

Analyzed, assessed, and identified network performance problems maintaining operability.

Developed and maintained a disaster recovery plan to minimize system, data, and operations risk and loss.

Built effective working relationships with clients to provide technical support and guidance as warranted.

Installed, configured, and maintained the network; designed and built networks to maintain internal and external web presence.

Administered network designs and provided comprehensive support for server systems and related software.

Coordinate with the security office to ensure AIS users have required security clearances, authorizations and need-to-know before given a network/e-mail account.

Maintained and held full accountability for 300+ switches and 15 routers at Camp Lemonier in Djibouti while verifying configuration standardizations and capability of secure remote administration for all devices.

DasNet Corp., Riyadh, Saudi Arabia 2005-2006

Help Desk Administrator

Provided application, system, and network support by receiving, troubleshooting, and resolving issues in a timely manner; created work orders for shop tracking logs ad local service requests for designated units.

Compiled and generated daily reports using the work order database in conjunction with the Information Assurance and Security Officer.

Maintained, created, and removed NIPRNET user account and mailboxes on Active Directory.

Led customer satisfaction efforts by maintaining network computers and printers to ensure proper functionality.

ITT Industries, Riyadh, Saudi Arabia 2004-2005

Administrative Assistant, Systems Division

Performed a wide-range of administrative support functions for the TAC-SWA, Saudi Arabia Project Manager in support of a U.S. Army Signal Brigade.

Facilitated and maintained ongoing communications between project management and Saudi Arabian government offices, local suppliers, and customer offices to enhance daily business operations.

Streamlined operations by implementing programs and standards for the efficient management of project databases; payroll, time, and attendance records for 45 technicians; TDY and training documentation; personnel security administrations; and local U.S. Army and DoD reporting.

Administered a $15,000 project fund; tracked and classified ITT and Army-chargeable items complying with contract standards; routed, documented, and classified funding and purchase requests.

Worked with local military and business representatives to resolve paperwork and procedural issues.

Coordinated Saudi Arabian employment and exit visa documentation for U.S. employees.

Help Desk Administrator, Systems Division (2003-2004)

Received, troubleshot, and created work orders for appropriate shop, tracking logs, and local service requests.

Generated daily status reports detailing application, network, and security problems.

Created and deleted NIPRNET user accounts and mailboxes in Exchange Server and resolved network, computer, and printer issues to ensure client satisfaction.

Vinnell Arabia 1998-2003

Principal Trainer Gunnery and Tactics, Riyadh, Saudi Arabia

Advised, assisted, and evaluated unit’s use of the Advanced Gunnery Training System, Export Computer Generated Forces, and Armor Exercise Generator System databases.

Troubleshot, repaired, and replaced inoperable components of gunnery and tactical simulator equipment.

Trained and assisted rifle platoon leaders to conduct critical task and collective training; conducted after active reviews post training exercises executed on desert databases of the Export Computer Generated Forces.

United States Army 1984-1998

Platoon Sergeant, Master Gunner, and New Equipment Trainer, Various Domestic and International Sites

Made recommendations and advised the Commander on matters relating to personnel assignments, use, promotion, training, operations, and logistics.

Maintained 100% operational readiness for worldwide deployment by ensuring integrity of data and statistics.

Education

COLORADO TECHNICAL UNIVERSITY,

Master of Business Administration (MBA) (2011)

Concentration: Technology Management

COLORADO TECHNICAL UNIVERSITY,

Bachelor of Science in Business Administration (2009)

Concentration: Information Technology

Kaplan University,

Associate of Applied Science in Computer Information Systems (2006)

Professional Development / Certifications / Affiliations

CYBER-AB CMMC Registered Practitioner (RP) (2024)

GIAC Security Leadership Essentials for Managers (GSLC) (2022)

Agile DoD Team Member (2021)

Certified Project Management Professional (PMP) (2005)

Certified Scrum Master (CSM) (2017)

Certified IT Infrastructure Library (ITIL) v3 Foundation (2015)

ITIL Service Lifecycle Expert (2021)

oITIL Service Strategy (ITIL Intermediate Practitioner Certified) (2017)

oITIL Service Design (ITIL Intermediate Practitioner Certified) (2017)

oITIL Service Transition (ITIL Intermediate Practitioner Certified) (2020)

oITIL Service Operation (ITIL Intermediate Practitioner Trained) (2020)

oITIL Continual Service Improvement (ITIL Intermediate Practitioner Trained) (In Progress)

PMT 355 Program Management Office Course, PART A (2019)

NAVSEA Contracting Officer Representative Training (2020)

NAVSEA Supervisor's Role in Human Resource Management (2020)

Certified Lean Six Sigma Green Belt (2017)

Certified Information Security Manager (CISM) (2019)

Cisco Certified Security Professional - CCSP (2008)

Cisco Firewall Specialist (2008)

Cisco IOS Security Specialist (2008)

Cisco Information Security Specialist (2008)

CompTIA Network+ (2008)

Secure Computing Sidewinder 7 Firewall (2008)

GIAC Information Security Fundamentals – GISF (2007)

Information Assurance Security Officer – IASO (2006)

Cisco Certified Network Administrator – CCNA (2005)

Microsoft Certified Systems Engineer – MCSE (2005)

Certified Wireless Network Administrator – CWSP and CWNA (2005)

Certified Ethical Hacker – CEH (2005)

ISO 9001:2000 Internal Auditor Certification (2005)

Contact this candidate