Incident Response Risk Management

KURT HAILSTOCK

CYBER-SECURITY PROFESSIONAL

240-***-**** **********@*****.***

Objective

Dynamic and detailed-oriented cybersecurity professional with robust expertise in risk management, incident response, and compliance, including PCI DSS, NIST SP 800-53, ISO/IEC 27001, and CIS Controls. Proven track record in enhancing organizational security through strategic frameworks, policy development, and hands-on incident management. Seeking to leverage my analytical and project leadership skills in a role focused on cybersecurity, risk assessment, and GRC optimization. Skills

Outstanding leadership skills Reporting and communication Exceptional, communication and interpersonal skills Access management Team player with great collaboration skills Enterprise technologies Cyber incident response Risk management

IT governance and compliance of NIST Network security assessment SIEM- Security information and event management Exceptionally dependable Excellent management skills Self motivated and Self-starter Ability to influence executive level leadership High level of professionalism Ability to lead teams, and multi faceted projects effectively CIS Controls V8 ISO 27001 Risk mitigation

*PCI DSS Analyst: Knowledge of PCI DSS compliance, data protection policies, and network security protocols.

*GRC Analyst: In-depth understanding of governance, risk, and compliance practices, policy creation, and third- party risk management.

*Cybersecurity Analyst: Proficiency in monitoring and analyzing security events using SIEM tools, threat intelligence, and incident response.

*Risk Analyst: Risk assessment and mitigation, vulnerability management, and familiarity with frameworks for quantitative risk analysis.

*Incident Response Analyst: Expertise in incident response processes, digital forensics, and utilizing incident response tools and frameworks.

*Third-Party Analyst: Vendor risk management, compliance audits, and due diligence assessments for third-party service providers.

Professional Experience

Cybersecurity Manager, Eretmis, Inc

March 2023 – Current

• Actively defend against cyber security incidents by identifying, analyzing, and containing various security threats in real time, ensuring organizational resilience against cyber-attacks. Address vulnerabilities promptly with effective incident responses.

• Demonstrate excellent communication skills through effective collaboration, assisting in the timely mitigation of security threats, and maintaining the security posture under minimal supervision.

• Manage day-to-day, Cybersecurity operations and project initiatives. Facilitate and manage the controls, framework, audit, requests, and related activities for IT and Information Security.

• Proactively monitor network traffic, server, and cloud performance metrics to detect and analyze anomalous activities and potential threats, ensuring advanced threat preparedness and minimal impact on system integrity and performance.

• Assist with the development and maintenance of GRC metrics and dashboards.

• Participate in the Security Awareness Training, providing training and support to team members.

• Create detailed security policies and procedures.

• Lead real-time incident response and containment, analyzing threats with a strong focus on PCI DSS and other regulatory compliance.

• Develop and enforce security policies aligned with NIST SP 800-53 and ISO 27001, enhancing the organization’s compliance posture.

• Proactively identify vulnerabilities and conducted root cause analysis to prevent future incidents, utilizing SIEM tools and network traffic monitoring.

• Create and manage a GRC dashboard to track compliance metrics and risk levels, providing executive teams with data-driven insights into organizational security. GRC Specialist, Diaspocare

January 2022 – February 2023

• Performed an assessment for the organization, to prioritize their security efforts, allocate resources, and develop a plan to straighten their overall security posture.

• Contributed to the development of incident response plans, and procedures.

• Assisted in conducting risk and vulnerability assessments.

• Led several projects and oversaw their success with cybersecurity-based development and application requirements to strengthen the organization’s security standards and business requirements.

• Tasked with anticipating new threats and actively working to prevent them from occurring.

• Conducted employee security awareness training, developed secure business and communication practices, identifying security objectives and metrics, choosing and vetting third-party vendors, ensuring that the company is in regulatory compliance with the rules for relevant bodies, and enforcing adherence to security practices.

• Led the update of an incident response plan to include detailed responses, utilizing a series of tabletop exercises.

• Executed comprehensive risk and vulnerability assessments to strengthen overall security posture, with a focus on PCI DSS and third-party risks.

• Updated and enhanced the incident response plan, using tabletop exercises to validate response strategies and improve recovery times.

• Implemented security awareness training and compliance reviews to ensure adherence to best practices and regulatory requirements.

• Oversaw third-party security assessments and compliance checks to mitigate risks associated with vendors and external partners.

Cybersecurity Specialist, UPISA

January 2014 – December 2021

• Translated Business objectives into comprehensive Cybersecurity strategies aligned with organizational goals.

• Identified and managed cyber risk, including threat assessment, vulnerability management, and incident response planning

• Insured programs complied with relevant Cybersecurity regulations in industry standards.

• Streamlined operational processes to enhance efficiency and effectiveness of cyber security processes, reducing vulnerabilities and increasing incident response agility.

• Utilized strong interpersonal skills to foster collaboration between various departments including HR and IT.

• Provided cyber security awareness training to employees, fostering a security conscious culture.

• Applied crisis management skills to lead incident response teams during cybersecurity incidents, minimizing impact, and restoring normal operation.

• Collaborated with external vendors, to evaluate and select cyber security solutions, ensuring they met organizational requirements and standards.

• Continuously improved Cybersecurity posture through active risk management and lessons learned from incidents.

Education

Virginia Polytechnic Institute and State University Bachelor of science, human nutrition foods and exercise Certificates

CompTIA Security+ - In Progress

CISSP- Certified Information System Security Professional – In Progress

Contact this candidate