Information Security Architect

Mark O. McBride

Senior Consultant Information Security

Information Security Architect

Rancho Cordova, CA • 916-***-****

****.*.*******@*****.***

https://www.linkedin.com/in/mcbrmx01/

Information Security Leader and Enterprise Security Architect with extensive experience serving businesses and clients in the government, commercial, and healthcare sectors. Oversees the development of robust, agile, scalable security products to enhance the security posture and meet business and technology needs. Expert in designing multi-platform, integrated security, risk management, and data protection solutions for systems and applications. Establishes IT, security, and risk governance frameworks, policies, and processes for compliance with internal controls and regulatory requirements. Coaches and leads high-performance teams through complex projects and in the design, build, and implementation of new cyber tools.

Core Competencies

Information Security/Cybersecurity

Data Loss Protection and Governance

Strategic Business/IT Planning

Vendor and Stakeholder Relations

IT/IS Governance Frameworks

HIPPA Compliance

NIST 800-53 (R4 and R5) Compliance

NICE Workforce Framework

Human Capital Management

PII Governance, Protections and Compliance

FIPS 140, 199 and 200 Controls, Compliance and Governance

Cloud Security/Data Security Assessments

Incident Management

Cyber Risk Management/Assessments

Cloud Platforms and Services Architecture Design

Auditing and Regulatory Compliance Assessments/Reviews

CMMC Controls and Governance

CMMI Governance and Controls

FISMA Regulations and Controls

Threat Management/Vulnerability Assessment

Plan of Action and Milestones (POA&M)

CUI/CDI Information Systems Requirements

Digital Forensics and Analysis

Solution Architecture Design

Project and Budget Management

Process and System Improvement

Career Experience

Level 4 Ventures, Inc., Oakland Ca April 2024 – Present

Senior Information Security Consultant/ Enterprise Security Architect

Lead the internal Information Security organization for Level 4 Ventures. Provides strategic oversight and tactical leadership for Information Security and Cyber Security policies, processes and methodologies to senior leadership. Authored all internal Information policies and lead efforts that achieved 100 percent security compliance in the O365(E5)/Azure cloud environment. Serves as Chief Security Architect for Consulting/Contracting efforts to State of California government agencies operating in hybrid and cloud environments. Created Department of General Services – Information Security Office Data Loss Protection Plan encompassing 22 Business Units and 6 hosted environments

Lead teams in the development and implementation of strategies and action plans to mitigate and reduce threats, incidents, and risks for data protection and data loss solutions.

Created comprehensive Data Protection Plan Providing Data Classification, Categorization and Labeling requirements for all information assets within the control or, or under the custodianship of the Department of General Services containing PII/PHI or other sensitive information.

Architected and implemented Data Loss Protection solution preventing unintentional or unauthorized export or leakage of data.

Implemented NIST 800-53 Security Standards and Controls for all Systems, Devices, Applications and Services ensuring data integrity and positive control of all information assets.

Developed and lead implementation of NICE Workforce Framework v1.0.0 within the Level 4 Ventures consulting organization

Created Human Capital Management framework mapping consultants skillsets to vendor requirements, tracking training and educational achievements and developing training/certification roadmaps for all consultants

Implemented Data Categorization and Classification to ensure FIPS 199 Compliance

Momentus Space, Inc., Santa Clara, CA August 2022 – April 2024

Information Security Lead Enterprise Security Architect

Oversee the Security Operations Center (SOC) team in security information and event management (SIEM) activities. Serve as the primary point of escalation for all information security and cybersecurity incidents. Lead enterprise vulnerability management from discovery, notification, and containment through remediation, validation, and reporting.

Lead teams in the development and implementation of strategies and action plans to mitigate and reduce threats, incidents, and risks.

Created Enterprise Change Management Control Process and Review/Approval Board

Developed and lead implementation of NICE Workforce Framework within Momentus Space organization ensuring conformance with NiCE Framework components, categories, roles and competencies.

Implemented CMMC/CMMI (Moderate) Security Standards for all Systems, Devices, Applications and Services

Created NIST 800-53 System Security Plan (SSP), authored POA&M’s which addressed gaps, shortfalls and enhanced existing controls

Implemented Risk Management Framework (RMF) process for all systems, devices and applications

Created regular Vulnerability Scanning and Remediation Plan for all end points (Servers, PC’s, Network Devices and Mobile Systems)

Conducted Risk Assessments and Security Audits for all Vendors, Contractors and Partners

Implemented Data Categorization and Classification to ensure FIPS 199 Compliance

Served as internal lead for Red and Blue Team pen testing activity conducted by external organization

Authored Policy, Directives and Procedure documents which resulted in 100 percent compliance during internal and external third-party Information Security Audits

Formed and chaired the Cyber Risk Advisory Council to provide senior leaders with critical information on emerging cyber threats, initiatives, and project roadmaps.

Established an Information Technology and Information Security governance framework with aligning with corporate policies, procedures, and processes.

Advised the IT team on information security matters and recommended solutions for business and end-user requests.

Spearheaded several initiatives that reduced annual costs by over $125K.

Sutter Health, Inc., Sacramento, CA December 2019 – August 2022

Cloud Security Lead Active Directory Architect

Led the migration and upgrade from MS Windows 2008 Active Directory (AD) to Azure AD including the AD schema and domain for 500,000+ objects. Assessed risks across external vendor systems, services, and applications. Guided the project teams in monitoring and responding to discovered and reported incidents.

Maintained system, end-user, and data compliance with security policies, protocol, and standards in the hybrid cloud environment.

Evaluated existing security policies, controls, and processes and recommended improvements to enhance the security posture.

Ensured HIPAA Compliance for all Systems and Data (Cloud, Hybrid and On-Prem)

Developed and implemented advanced threat protection (ATP) controls and data loss protection (DLP) controls.

Collaborated closely with the systems and application teams to reduce vulnerabilities and threats across the enterprise environment.

Ensured new applications and systems complied with HIPPA and HITECH regulatory requirements

Conducted Cyber Security Reviews and Assessments of M&A candidates to determine scope of remediation actions and Threat Management Risks during on boarding

Led the team in consolidating nine disparate onsite data centers into two hosted HA converged data centers, which saved $1.5M in annual operating costs.

TekSystems, Inc., Sacramento, CA March 2019 – December 2019

Information Security Officer

Client: California Department of Healthcare Services

Managed all aspects of cybersecurity operations for the Medi-Cal/Medicare system. Directed a 14-member team of security analysis in SOC engineering and forensic analysis functions supporting 750+ end-users and over 13 billion records across 47 office locations.

Designed and established ATP and DLP controls.

Conducted NIST 800-53 based Security Assessment for all systems

Established Data Classification and Categorization processes to ensure HIPAA/PII/PHI data is identified and protected as per legal and regulatory requirements.

Ensured all systems, devices and data where managed as per the policies identified in the SIMM 5300 and SAM 5300 Manuals

Led the investigation, analysis, and mitigation of reported security incidents.

Delivered effective security strategies and responses to ensure current and future systems stability.

Implemented new processes for system hardening based on CIS level 1 (Moderate) standards for all systems, devices and applications that resulted in zero security incidents.

Aerojet Rocketdyne, Inc., Rancho Cordova, CA October 2011 – January 2019

Security Lead Enterprise Security Architect June 2015 – January 2019

Led the design, delivery, and configuration of complex, fully-integrated enterprise security solutions for government and commercial clients such as the Department of Defense (DoD), Lockheed Martin, Boeing, Northrup Grumman, and many others. Conducted security assessments of IT environments, systems, and applications at client sites. Trained and mentored new team members and supported professional development.

Architected and engineered a hybrid cloud solution enabling O365 E5 level security for all enterprise data and confidential information aligned with FIPS 140-2 and FedRAMP requirements and standards.

Designed DLP perimeter controls that provided notification to the SOC of external export attempts and prevention of unauthorized data exports.

Created NIST 800-53 System Security Plan (SSP), authored POA&M’s which addressed gaps, shortfalls and enhanced existing controls

Implemented Risk Management Framework (RMF) process for all systems, devices and applications

Improved the security posture by optimizing existing processes and tools and implementing new technologies.

Created and facilitated staff training courses on cybersecurity principles, practices, and standards.

Lead internal Threat Hunting Teams conducting Red and Blue Team Pen Testing evolutions

Established internal audit processes to ensure systems compliance with Security and Exchange Commission (SEC), Governance, Risk, and Compliance (GRC), and Sarbanes-Oxley (SOX) requirements.

Through effective security team leadership, contributed to Aerojet Rocketdyne, Inc. becoming one the first commercial DoD contractor companies to receive DoD Authority to Operate (ATO) an information processing system.

Infrastructure Architect Security Architect May 2013 – June 2015

Led the development and rollout of a long-term enterprise security strategy and roadmap for all IT systems architecture.

Collaborated with solution architects and technology and business subject matter experts (SMEs) to design and build flexible and scalable solutions aligned with business objectives and goals.

Guided a team in the successful completion of six internal audits and three external audits with zero critical findings.

Senior System Engineer October 2011 – May 2013

Administered, maintained, and supported all classified computing systems. Served as the principal escalation point for Tiers I-III enterprise IT issues.

Reviewed and approved all new system architecture designs and provided technical guidance for implementation.

Liaised with the operations, cybersecurity, and internal audit teams to maintain compliance with DoD, Department of Homeland Security (DHS), Missile Defense Agency (MDA), and National Aeronautic Space Administration (NASA) regulatory requirements.

Previous Experience

System Engineer, Wintel and Microsoft System Configuration Manager (SCCM) (April 2011 – October 2011) • Robert Haft Technology, Inc., Sacramento, CA

System Engineer, Wintel, System Center Operations Manager (SCOM), and SCCM (September 2010 – April 2011) • CDI, Inc., Sacramento, CA

System Administrator, Open Systems Intercommunication – Interim Statewide Automated Welfare System (OSI-ISAWS) (September 2009 – June 2010) • Vector Consulting, Inc., Sacramento, CA

Senior Systems Engineer, Client Technology Services (January 2001 – May 2009) • Health Net, Inc., Rancho Cordova, CA

Additional experience as

Senior Desktop Support Technician, Field Services Department • Health Net, Inc., Rancho Cordova, CA

Consultant Lead Technician (Contract) • Pacific Gas and Electric Co., Fresno, CA

HP Certified Technician • Hewlett Packard, Inc., Fresno, CA

Service Member • United States Navy

Education

Bachelor of Science in Computer Science University of Northern Florida, Jacksonville, FL

Certifications & Training

Certified Information Systems Security Professional (CISSP), ISC2, 2017

Honors & Awards

Numerous performance awards and recognition for technical ability, leadership, and strategic planning, Aerojet Rocketdyne

Other Qualifications

Inactive Secret Security Clearance

Contact this candidate