Risk Management Program Manager
Resume:
Michael E. Allen CISM, CISA, CDPSE
Cybersecurity Governance, Risk, and Compliance
Resolute IT Security Thought Leader committed to creating and maintaining safe internal system operations and external data transmission policies to reduce liability and mitigate risks. Well-versed in IT security, protection, risk management disciplines, and industry standards. Demonstrated strengths in leading internal data risk, health, and security initiatives at any scale.
Creator of holistic IT risk management techniques for highly efficient and extremely secure operations. Maintains systematic compliance with IT policies, standards, and controls to assess vulnerability and protect crucial information. Thorough consultation throughout the technology road map, design, and launch factors in the latest vulnerability assessment protocols to determine internal security mitigation and tolerance.
Technical Program Manager (Governance & Compliance)
Milestone Technologies (@ Meta) / Houston / 2024 – Present
Manage multiple concurrent projects that require coordination with cross-functional stakeholders and teams to meet cybersecurity regulatory requirements.
Lead and manage large-scale compliance and operations projects from planning, development, socialization, launch, and adoption.
Monitor, track, and escalate relevant security risks and issues to ensure timely mitigation
Develop project plans and communicate regularly with management and stakeholders on project status, risks, and dependencies.
Host and lead regular project meetings with respective stakeholders to define requirements, approaches, and resources.
Woodforest National Bank / Houston / 2024 - 2024
Develop, plan, and execute audit programs based on risk assessment results. Oversee internal audits, formulate audit plans, and facilitate critical discussions with senior management to address and resolve key audit findings.
Developed IT Risk Register for the ERM team for a significant bank conversion project to help identify and manage current and future IT risks.
Sr. Program Manager, Cybersecurity Supply Chain
HP, Inc. / Spring, TX/ 2023 – 2024
Led cybersecurity risk management initiatives by partnering with key stakeholders to strengthen HP's cybersecurity posture within the supply chain. Managed risk remediations utilizing Jira. Utilized empathetic communication skills to address concerns and provide actionable feedback, improving remediation performance.
Championed the early adoption of the AI Program utilizing Microsoft Copilot, delivering insights and examples on leveraging AI to create additional opportunities and perspectives. This led to management adopting it for the Supply Chain organization.
Michael E. Allen CISM, CISA, CDPSE
Cybersecurity Governance, Risk, and Compliance
Sr. Program Manager, Mixed Reality, Integrated Visual Augmentation (IVAS) HoloLens for US Army (Governance, Risk, and Compliance)
Microsoft / Houston / 2021 - 2023
Set clear management expectations for the MR IVAS Program for risk management (total value $ 22 billion). Influence MR Product Lines to align on shared goals. Liaison with the MR product engineering and services teams to perform risk assessments. Managed risk projects using Azure DevOps, ensuring compliance with data privacy regulations (GDPR). Led effort to design and deploy the Risk Management module of ServiceNow for Mixed Reality.
Delivered expert IT Risk and Compliance recommendations, leveraging industry regulations, standards, and frameworks (GDPR, NIST 800- 53, NIST RMF, NIST CSF, ISO 27001) alongside GRC tools to bolster security measures.
Lead Cybersecurity Governance, Risk, and Compliance Analyst
Chevron / Houston / 2013 – 2021
(*Contractor from May 2013 – December 2013)
Orchestrated the agile development and execution of new processes, markedly improving the risk assessment procedure for mobile, cloud, and on-prem applications. This led to a 92% decrease in completion time for low-level risk assessments, optimizing resource allocation towards more critical assessments and projects.
Served as the primary point of contact for significant enterprise projects with increased visibility (Tier 1 Cloud- SaaS- IaaS-PaaS, International Divestitures, HIPAA, Facebook Workplace, Unmanaged Devices, Android OS), third-party risk, data privacy, and provided GRC training for inexperienced staff, contractors, and interns.
Championed enterprise-level risk management practices, contributing to developing a strong culture focused on protective policies and procedures, and delivered IT Risk and Compliance recommendations and risk registers adhering to industry standards and frameworks (NIST 800-53, COBIT, ISO 27001) using GRC tools.
Directed development and implementation of new processes through an agile approach, optimizing the risk assessment process for Mobile and Cloud Applications, thereby enhancing lower-tier IT asset security.
Acted as the primary liaison for significant enterprise projects, increasing visibility and managing third-party risk while providing GRC training to augment staff, contractors, and interns' understanding of risk management.
Led as an IRSM Data Privacy Coordinator to oversee the data privacy program and raise organizational capabilities through guidance, awareness, and training for business process owners by creating exercises to manage and protect personal data.
Championed Data Privacy tools (Archer GRC) to perform assessments to ensure compliance with regulations such as GDPR and CCPA.
M A
CONTACT
************@*****.*** Michael E. Allen
EDUCATION
MBA / Global Management University of Phoenix
Bachelor of Science / Computer Science
Texas Southern University
EXPERTISE
Governance, Risk, and Compliance (GRC)
IT General Controls
SOX
IT Risk Management
Third-Party Risk Management
IT Service Management
Cloud (SaaS, IaaS, PaaS) Governance
IT Training
Team Management
IT Controls Management
Data Privacy (GDPR, CCPA)
Process Improvement
PCI Compliance
Problem Solving
IT Consulting
IT Audit
IT Security Contract Clause Analysis
PROFESSIONAL PROFILE
EXPERIENCE
M A
TECHNICAL SKILLS
●GRC Applications (i.e., RSA Archer GRC, ServiceNow GRC, NAVEX)
●SaaS, IaaS, PaaS Platform Risk Analysis
●SOC 2 Type 2 Attestation Analysis
●SAP
●NIST, ISO, COBIT
●ITSM
●Jira, Azure DevOps, GSD
Certifications
Certified Information Security Manager (CISM)
License No. 13111095
Certified Information Systems Auditor (CISA)
License No. 13111095
Certified Data Privacy Solutions Engineer (CDPSE)
License No. 2002918
Professional Affiliations
ISACA
ISSA
NSBE
Kappa Alpha Psi Fraternity, Inc.
\
EXPERIENCE continued
Contact this candidate