Security Officer System
Resume:
LEIGH RIESE
CISSP, CISA, PMP, AIGP, AI RMF, CGRC
RISK MANAGEMENT I.T AUDITOR SECURITY ENGINEER
******@******.***
Georgetown, Texas
EXPERIENCE
ITAAPS LLC, SEPTEMBER 2011 TO PRESENT
FEDERAL DEPOSIT INSURANCE CORPORATION (FDIC) (OCT 2023 – PRESENT)
LEAD INFORMATION SYSTEM SECURITY OFFICER
• Direct 20 Information System Security Officers (ISSOs) as they implement security for over 200 systems/ subsystems.
• Provide technical oversight, direction, improvements, risk analyses, and guidance.
• Recommend security solutions for new systems and document security control implementations statements in System Security Plans.
• Review system changes to ensure security requirements are met, recommend mitigation and remediation solutions for vulnerabilities, and support Security Control Assessments. NMB (JULY 2022 – OCT 2023)
INFORMATION SYSTEM SECURITY OFFICER
• Provided Information System Security Officer services to the National Mediation Board (NMB).
• Provided Information Response support.
• Reviewed audit logs to detect anomalous activity.
• Recommended mitigation and remediation solutions for vulnerabilities, and support Security Control Assessments. FDIC (APRIL 2021 – JUNE 2022)
INFORMATION SYSTEM SECURITY OFFICER
• Provided risk analysis, recommended security solutions, and documented security control implementations statements in System Security Plans.
• Reviewed system changes to ensure security requirements are met, recommended mitigation and remediation solutions for vulnerabilities.
• Supported Security Control Assessments by obtaining evidence and artifacts and explaining the implementation of security controls.
SUMMARY
Leads a team of 20
Information System
Security Officers in
securing FDIC systems.
KEY ACHIEVEMENTS
Provided senior
leadership visibility on
programmatic, enterprise,
and system level risks.
Increased the
effectiveness and
efficiency of the
Information System
Security Officers program
through automation,
improved processes, and
leadership.
2
INTERNAL REVENUE SERVICE (IRS) (MAY 2013 – APRIL 2021)
TEAM LEAD SECURITY CONTROLS ASSESSOR
• Conducted Risk Management Framework security control assessments and compliance with SP 800-53.
• Ensured compliance with Federal Information Security Management Act (FISMA), Risk Management Framework
(RMF) and NIST Special Publications (SP800 series). NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST)
(MAY 2012 – MAY 2013)
ASSESSMENT AND AUTHORIZATION TEAM LEAD
• Conducted Risk Management Framework security control assessments on National Institute of Standards and Technology (NIST) systems at Gaithersburg, MD.
• Tested and evaluated the effectiveness of security controls to determine their compliance with SP 800-53, wrote Security Assessment Reports (SAR) and made recommendations
based on the likelihood and impact of the risk to remediate, mitigate, or accept the risk.
• Performed vulnerability scanning and analysis.
SECUREIT LLC (OCTOBER 2011 – MAY 2012)
DEPARTMENT OF TRANSPORTATION
• Provided risk analysis, recommended security solutions, and documented security control implementations statements in System Security Plans for the Department of Transportation.
• Performed Cloud Security Risk analysis for commercial client.
VERIS GROUP (JULY 2006 – OCTOBER 2011)
MANAGER, PROGRAM & COMPLIANCE MANAGEMENT
DOD / DEFENSE LOGISTICS AGENCY (DLA), IRS, UNITED STATES MARSHALS SERVICE (USMS), OFFICE OF PERSONNEL
MANAGEMENT (OPM)
• Ensured clients’ compliance with the Federal Information Security Management Act (FISMA) and DoD security
requirements.
• Implemented NIST Federal Information Processing
Standards (FIPS) and NIST Special Publications (SP800 series).
SUMMARY
Led teams to conduct
independent Security
Controls Assessments on
IRS, NIST and DoD/DLA
systems.
Conducted security
controls assessments on
complex systems for
multiple agencies.
KEY ACHIEVEMENTS
Increased the
effectiveness and
efficiency of security
controls assessments
through improved
processes and leadership.
3
CIMARRON SOFTWARE INC (MARCH 2002 – JULY 2006)
INFORMATION TECHNOLOGY SECURITY ENGINEER
NATIONAL AERONAUTICS AND SPACE ADMINISTRATION/JOHNSON SPACE CENTER (NASA)
• Performed operational engineering support of on-orbit International Space Station systems.
• Conducted Trend Analysis for system performance and anomaly resolution.
• Reviewed vulnerability scans and provided mitigation recommendations to continually assess and improve the security posture of the Mission Control Center and represented I.T. Security Engineering in the Configuration Control Board.
• Supported Information Assurance of Mission operational systems to include working on Configuration Management, Continuity of Operations, Incident Management Plans, Disaster Recovery Plans, Patch Management, and Antivirus Signature Update Plans.
• Performed project management duties to ensure acquisitions and sub-contractor support remained on schedule and budget.
EDUCATION
COLORADO TECHNICAL UNIVERSITY (2005)
Bachelor of Science, Business Administration /
Concentration in Information Technology
UNIVERSITY OF TEXAS (2021)
Post Graduate Program in AI & Machine Learning
ACTIVE CERTIFICATIONS
Certified Information Systems Security Professional
(CISSP)
Certified Information Systems Auditor (CISA)
Project Management Professional (PMP)
Artificial Intelligence Governance Professional (AIGP)
Artificial Intelligence Risk Management Professional
(AI RMF)
Certified Governance, Risk and Compliance (CGRC)
Certificate of Cloud Security Knowledge (CCSK)
SUMMARY
Provided I.T. Engineering
for NASA on both Mission
Control Center systems and
on-orbit systems.
KEY ACHIEVEMENTS
Improved security of
Mission Control Center
systems through designing
controls and evaluating and
remediating risks.
Provided operational
support for International
Space Station on-orbit
systems.
Improved security of
on-orbit communications
systems.
Contact this candidate