Information Security Governance, Risk and Compliance

JOHN W. NICOL JR

St. Louis, MO ***** 618-***-**** *********@*****.***

History of success strengthening enterprise infrastructure, reducing risks, auditing systems, managing service level agreements, and enforcing security policy. Highly adept at analysis and reporting of information systems and reporting discrepancies while recommending course of actions directly to executive level staff. Active Top-Secret Clearance. HIGHLIGHTS OF EXPERTISE

• Systems & Business Analysis

• RMF & eMASS

• Technology Training & Documentation

• Enterprise IT Networks & Infrastructure

• Proactive Risk Analysis & Mitigation

• Incident Response & Escalation

Management

• Requirements Gathering & Analysis

• Budgeting & Resource Management

• Metrics & Performance Management

• Customer Engagement &

Communication

• Root Source Problem Isolation &

Resolution

National Geospatial Intelligence-Agency - St. Louis, MO Authorizing Official/Designating Representative Rividium (03/2025-present)-Contractor As an Authorizing Official Designated Representative (AODR), I served as a trusted advisor, ensuring our systems met stringent security and compliance standards. I conducted thorough risk assessments, meticulously evaluating the effectiveness of existing security controls and identifying potential vulnerabilities. Based on my assessments, I developed comprehensive risk mitigation strategies and presented well-informed recommendations to the Authorizing Official for informed decision-making. My responsibilities extended to developing and maintaining essential security documentation, including system security plans and risk assessment reports, ensuring clarity and transparency throughout the authorization process. I actively collaborated with system owners and stakeholders to remediate identified vulnerabilities and implement security enhancements, fostering a strong culture of security awareness. Furthermore, I stayed abreast of evolving cybersecurity threats and emerging best practices to proactively mitigate risks and provide informed guidance and support to the Authorizing Official.

• Managed and approved Accreditation Packages in accordance with ISO/IEC 15026-2, ensuring compliance and authorizing [Number] software applications/systems/networks for operational use.

• Reviewed and provided final authorization on security documentation, including [Types of Documents, e.g., System Security Plans, Risk Assessments], verifying risk levels fell within established acceptable limits.

• Defined and documented acceptable risk thresholds for software applications, networks, and systems based on criticality, sensitivity, and impact analyses, aligning with organizational risk tolerance.

• Developed and implemented cybersecurity policies, plans, and strategies aligned with industry best practices (NIST, ISO 27001) and relevant regulations to mitigate organizational risk.

• Forecasted and secured necessary manpower resources to support cybersecurity objectives, ensuring adequate staffing for risk assessments, authorization reviews, and ongoing monitoring.

• Coordinated cybersecurity operations across multiple departments and business units, facilitating cross-functional collaboration for seamless integration of security measures and risk management.

• Cultivated strategic partnerships with external organizations (e.g., government agencies, industry groups) to share threat intelligence, collaborate on cybersecurity initiatives, and enhance overall security posture.

Authorizing Official/Designating Representative

IT professional backed by 20 years of technical and logistics achievement CAREER SUMMARY

US TRANSCOM – SCOTT AFB, IL

SECURITY ENGINEER III PARAGON TECHNOLOGIES (03/2024-03/2025) – Contractor Provided technical support in the areas of vulnerability assessment, risk assessment, network security, product evaluation, and security implementation. Responsible for designing and implementing solutions for protecting the confidentiality, integrity, and availability of sensitive information. Provided technical evaluations of IT systems and assists with making security improvements. Participated in design of information system contingency plans that maintain appropriate levels of protection and meet time requirements for minimizing operations impact to customer organization. Conducts security product evaluations, and recommends products, technologies, and upgrades to improve the organization’s security posture. Understands Information Security Continuous Monitoring (ISCM) concepts and the employ of security automation and risk dashboarding tools and processes to identify and respond to risk and support more efficient Assessment & Authorization processes such as ongoing authorization more quickly. Conducted testing and audit log reviews to evaluate the effectiveness of current security measures. ILLINOIS AIR NATIONAL GUARD - COMMUNICATIONS, SCOTT AFB, IL CYBER SUPPORT SUPERINTENDENT (4/2020 -12/2024) -Master Sergeant/E-7 Oversees IT plans & projects, cyber security, and knowledge management sections for the 126th Air Refueling Wing. Develop and lead cross-functional teams to deliver customizable solutions that mitigate risk, minimize downtime, streamline operations, boost efficiency, and accelerate growth. Interprets mission drivers and steers solutions for service delivery to align with operational priorities while maximizing capabilities of the United States Air Force. ILLINOIS AIR NATIONAL GUARD - COMMUNICATIONS, SCOTT AFB, IL INFORMATION SYSTEMS SECURITY MANAGER (12/2017 - 4/2020) -Master Sergeant Ensures Confidentiality, Integrity, and Availability of user data on the Air Force network and enforces adherence to DoD and Air Force policies and standards.

• Planned and executed the six phases of the NIST Risk Management Framework for the 126 Air Refueling Wing. Successfully and efficiently migrated the 126 ARW Authorization and Accreditation from DIACAP to RMF and attained an approval to operate.

• Accomplished Information Security Professional with a proven track record in developing and implementing comprehensive security policies and procedures, ensuring alignment with industry standards and regulatory requirements.

• Conducted regular risk assessments and vulnerability scans, resulting in a substantial reduction in system vulnerabilities and an overall enhancement of security measures.

• Collaborated with cross-functional teams to design and implement robust security controls, including access management, encryption, and network segmentation, significantly improving the organization's security posture.

• Managed and maintained security systems, provided impactful security awareness training, conducted thorough security audits, and stayed abreast of the latest security trends, contributing to enhanced security measures, reduced risk, and ensured compliance with standards such as NIST, ISO, and HIPAA.

• Successfully managed the 126th ARW Information Assurance Program encompassing communications security, emission security, host security, boundary protection, compliance, certification and accreditation, IA awareness and training.

• Led incident response efforts, minimizing the impact on operations by promptly investigating and resolving security events.

ILLINOIS AIR NATIONAL GUARD - COMMUNICATIONS, SCOTT AFB, IL IT PLANS AND PROGRAMS MANAGER (10/2014 - 11/2017) - Master Sergeant Planed, coordinated, tracked, and evaluated IT projects for the 126 ARW. Advised squadron, group, and wing commanders on resource availability and federal procurement processes and regulations.

• Base Equipment Custodian (BECO) facilitating the inventory, support, and lifecycle of over 4K IT assets worth $2.7 million.

ILLINOIS AIR NATIONAL GUARD - LOGISTIC READINESS SQUADRON, SCOTT AFB, IL CLIENT SUPPORT ADMINISTRATOR (9/2007 - 10/2014) - Master Sergeant/E-7 Managed hardware and software. Performed configuration, management, and troubleshooting. Removed and replaced components and peripherals to restore system operation. Installed and configured software operating systems and applications. Provided service to end-users for operation, restoration, and configuration of information systems. Reported security incidents and executed corrective security procedures.

• Formulated and executed short and long-term strategies for responding to IT infrastructure needs for all LRS flights to streamline and support the mission of eight KC-135 aircraft. ILLINOIS AIR NATIONAL GUARD - LOGISTIC READINESS SQUADRON, SCOTT AFB, IL LOGISTICS MANAGEMENT SYSTEMS SPECIALIST (3/2000 - 9/2007) -Technical Sergeant/E-6 Oversaw activities that included purchasing, transportation, inventory, and warehousing. Directed the movement of a broad range of Department of Defense assets and used information systems to plan and track the movement of products.

• Revamped supplies degraded operations procedures utilizing current and “next level” technologies to ensure complete accountability and visibility during manual accounting periods.

Bachelor of Science in Computer Information Technology GRANTHAM UNIVERSITY AAS in Electronics Systems Technology COMMUNITY COLLEGE OF THE AIR FORCE Professional Development: ISC2 Certified Authorization Professional/ Certified Governance, Risk & Compliance/ CompTIA Security+

EDUCATION & CREDENTIALS

Contact this candidate