Risk Management Security Operations
Resume:
Summary
Highly accomplished and results-driven Cybersecurity Executive with 20+ years of progressive leadership experience in developing, executing, and overseeing robust global cybersecurity programs across federal, DoD, and private sectors. Strategic partner to CEOs, CIOs, CFOs, and CISOs, adept at managing enterprise-wide cyber risk, leading complex security operations, and ensuring stringent compliance within highly regulated environments. Expertise spans Cybersecurity Strategy, Governance, Risk & Compliance, Enterprise Risk Management, Cloud Security, Threat Intelligence, Incident Response, and Security Architecture. Passionate about safeguarding critical information assets, enabling business objectives through proactive security, and fostering high-performing teams. Bilingual in Spanish and Portuguese.
Key Skills & Competencies
Forward-thinking strategist: skilled in devising and operationalizing a security strategy across multiple operating entities
A storyteller: who translates technical security concepts into business terms and articulates the value of security investments to stakeholders.
Honor, Courage, Commitment: to upholding the highest standards of integrity and accountability in managing the organization’s security program.
Flexible and adaptable: to respond to evolving security challenges and organizational needs.
A Change Agent: that fosters a culture of innovation and continuous improvement, encouraging experimentation, and adapting to evolving circumstances and environment.
An Authentic and Tenacious Leader: who leans in to partnering with peers and is a collaborative team leader who is steadfast in leading by example.
Exemplary Organizational Skills coupled with proactive initiative-taking meticulous attention to detail, and adept time management, flourishing in a dynamic and rapidly evolving environment.
Acts as a culture ambassador: living organizational values with ethics and integrity.
Cybersecurity Strategy & Leadership: Global Program Development, Strategic Planning & Execution, Executive Advisory, Vision & Roadmap Definition, Security Transformation, Policy & Standards Development.
Governance, Risk & Compliance (GRC): Enterprise Risk Management (ERM), Risk Assessment & Mitigation, Audit Management, Regulatory Adherence (GDPR, HIPAA, CCPA, SOX, PCI DSS, FISMA, NIST RMF).
Security Operations & Management: SOC Oversight, Incident Response (IR) Frameworks, Threat Intelligence, Threat Hunting, Vulnerability Management, Security Monitoring.
Security Architecture & Engineering: Secure Cloud Design (AWS, Azure, GCP), Network Security, Application Security, Data Security (DLP, Encryption), Identity & Access Management (IAM), Security Tool Implementation.
Team Leadership & Development: Building & Mentoring High-Performing Teams (up to 70 personnel), Talent Acquisition, Performance Management, Professional Development, Cross-functional Collaboration.
Executive Communication: Stakeholder Engagement, Executive Briefings, Technical-to-Business Translation, Interagency & Multinational Coordination.
Program & Budget Management: PMP Certified, Multi-Million-Dollar Budget Management, Resource Optimization, Program Delivery, Process Optimization, Project Management.
Operational Excellence: Business Continuity (BC/DR), Operational Resilience, Continuous Improvement, Innovation.
Education
M.S., Business Administration (MBA) DeVry University, Arlington, VA 2012
M.S., Mgmt. Information Systems (MIS) Bowie State University, Bowie, MD 2008
B.A., Communications Trinity International University, Miami, FL 2001
Adjunct Professor (Cybersecurity/MIS Program) Bowie State University, Bowie, MD 2009 – Present
Certifications
Certified Information Security Manager (CISM) - ISACA Cert. # 1630829
Project Management Professional (PMP) - PMI Cert. # 430368
Certified Chief Information Officer (CCIO) - National Defense University May 2016
Certified AWS Cloud Practitioner
ITIL 2011 - Cert. # 0232071501QG4F
Certified Ethical Hacker (CEH) - EC-Council Cert. # 949063
Governance, Risk, and Compliance Conference Miami, FL 2023
Professional Experience
Federal Cybersecurity Director / Sr. Information Security Officer Cyber Resilience Group (CRG) LLC Miami, FL – Remote Aug 2020 – Present
Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA) Washington, D.C. Executive Privacy & Risk Security Controls Advisor/Sr. Information Security Officer Oct 2022 – Present
oLed the development and implementation of a comprehensive cybersecurity strategy for a major federal agency, resulting in a significant reduction in security incidents and improved compliance with federal regulations e.g., NIST 800-53, FedRAMP.
oBuilt and managed a high-performing team of 25 cybersecurity professionals, fostering collaboration, innovation, and continuous improvement.
oSpearheaded Zero Trust security principles adoption and implemented advanced security technologies to enhance threat detection and response capabilities.
oDesigned and secured cloud infrastructure: DHS CISA AWS LZ IaaS-SaaS-PaaS to meet stringent federal security control requirements.
oAssisted CIO and CISO in migrating and executing global cybersecurity strategy solutions with Cloud IaaS – AWS and Azure, across all DHS business units, resulting in a 40 percent increase in security maturity FISMA scores globally.
oOversaw daily security operations, including SOC management and incident response functions, achieving a 20 percent reduction in Mean Time to Respond to critical incidents.
oManaged enterprise-wide cybersecurity risk assessments and developed comprehensive mitigation plans, effectively reducing identified high-risk vulnerabilities by percent.
Pension Benefit Guaranty Corporation (PBGC) Washington, D.C. Federal Cybersecurity Director/Sr. Subject Matter Expert (SME) Aug 2020 – Oct 2022
oProvided C-SCRM awareness training to Federal Government Procurement Department for Contracting Officers (COs) and Contracting Officer Representatives (CORs).
oAuthored and published EO 14028, NIST 800-161 Cybersecurity Supply Chain Risk Management (CSCRM), IS Contingency Plan, Strategy, Implementation plans and procedures.
oCollaborated with Softech, LLC development teams and PBGC Office of Information Technology to proactively address security issues, upgrade systems, and implement/maintain security controls.
oDetermined security violations and inefficiencies by conducting periodic audits and working directly with the government COR and PBGC Security Operations Center.
oDeveloped RMF security assessment & authorization (ATO) documentation supporting Operations & Maintenance, and Continuous Diagnosis & Mitigation Phase of PBGC SDLC, aligning with FISMA/NIST & Enterprise Performance Life Cycle Framework.
oConducted training webinars and conference calls for PBGC clients on interpreting preliminary vulnerability assessment audit findings and preparing for formal FISMA audits, annual risk assessments, and contingency planning exercises.
oInstalled NetSparker cloud and Web Inspect for software input data integrity.
oAssisted in transitioning Trusted Agent to RSA Archer in DevOps for future implementation of the automated security assessment authorization system.
Cybersecurity Director/Executive Risk Controls Advisor Fiserv, Inc. Coral Springs, FL Apr 2018 – Aug 2020
Led the IT Security Compliance program for the Latin American, Central American, and Caribbean Region, serving as a Cybersecurity Leader and liaison between auditors for the CISO at Fiserv, including the $2B Merger & Acquisition of Fiserv & LATAM First Data.
Ensured consistent compliance with global data protection regulations (GDPR, CCPA) and industry-specific standards (NIST CSF), successfully navigating 10 external audits with zero critical findings.
Scheduled and coordinated over 15 annual PCI Audits with LATAM Auditors, achieving zero PCI DSS findings.
Assessed and remediated over 25 Point of Sale (POS) vulnerable applications in collaboration with technical vulnerability management teams during PCI quarterly scans.
Completed over 10 comprehensive documentation reviews, providing technical evidence for data security controls to senior management, internal stakeholders, SOX auditors, and audit firms (KPMG) in scoping and evaluating SOX environments.
Led SailPoint IAM System administration for LATAM Employee Lifecycle management, overseeing over 200 privileged user system engineers, developers, network engineers, and system administrators.
Directed CyberArk & SailPoint One Data solutions migration into the Fiserv Enterprise in the LATAM Region (Brazil, Argentina, Panama, Colombia), conducting privilege user risk assessments for insider threat, tracking, enforcement, and certified access across the enterprise.
Authorizing Official Representative/Sr. Information Security Officer (SISO) DoD Threat Reduction Agency (DTRA) Ft. Belvoir, VA Nov 2016 – Apr 2018
Led, managed, and mentored a global team of 70 information security professionals, fostering a culture of continuous learning and high performance.
Transitioned over 185 Information Systems from DIACAP to Risk Management Framework in the eMASS DISA enterprise, completing six months ahead of project schedule. Awarded Leadership Team Award and Letter of Commendation from the Secretary of Defense.
Managed the cybersecurity budget of over $55M annually, optimizing expenditures to achieve maximum security ROI for U.S. DoD NIST RMF Cyber Support Services Contract.
Collaborated extensively with IT, business units, and external partners to integrate security best practices into all aspects of the organization.
Directed the implementation and optimization of key security technologies, including DoD DIACAP transition to NIST RMF framework, SIEM/SOAR platforms, and EDR Solutions.
Advised the Chief Information Officer and Chief Information Security Officer on comprehensive cybersecurity strategies and planning for the Department of Defense CIO Getting to Green and Scorecard Program.
Oversaw the evaluation and implementation of tools and applications to investigate anomalies and respond to/remediate incidents, in collaboration with Enterprise Security Operation Directors, Managers, and Supervisors.
Ensured the implementation of cybersecurity incident response projects and security solution implementations, such as Trusted Internet Connection and Vulnerability and Patch Management.
Deputy Chief Information Security Officer (CISO) U.S. Navy, Navy Engineering Logistics Office (NELO) Washington, DC Nov 2015 – Nov 2016
Managed a team of over 60 government and contractor professionals in direct and matrix reporting structures.
Managed the cybersecurity budget of over $150M annually, optimizing expenditures to achieve maximum security ROI for U.S. Department of Navy Special Access Program, NELO.
Provided expertise in high availability, contingency planning, COOP, disaster recovery, and automated provisioning.
Designed solutions for various deployment models (Private, Public, Community, Hybrid) and cloud service models (IaaS, PaaS, SaaS) to optimize cloud computing for FedRAMP in AWS and Azure environments.
Advised on over 10 storage and security solutions to securely store data in multi-tenancy environments for DoD Joint Task Force operations.
Advised the Chief Information Officer (CIO) and Chief Information Security Officer (CISO) on comprehensive cybersecurity strategies and planning for Department of the Navy Special Access Programs (SAP).
Oversaw and executed managerial authority over federal and contract staff implementing the National Institute of Standards and Technology (NIST) Risk Management Framework.
Developed performance metrics to measure Department’s cyber risks, security requirements, and establish goals for Enterprise measurement.
Identified critical success factors (CSFs), monitored risks, and ensured regular and effective communication with internal/external stakeholders for effective and compliant management.
Presented to leadership and other government officials on cybersecurity and privacy matters.
Provided guidance for Business Continuity (BC) and Disaster Recovery (DR) initiatives, policies, and procedures to ensure continued operation of services across the Department.
Sr. Information Security Officer (SISO) / Sr. Application Security Officer Department of State (State Department), DS-CTO Rosslyn, VA Nov 2012 – Nov 2015
Managed and led a team of over 25 government and contractor professionals in direct and matrix reporting structures.
Managed the cybersecurity budget of over $75M annually, optimizing expenditures to achieve maximum security ROI for Diplomatic Security Bureau Office of the CTO.
Reported regularly on security posture, key metrics, and strategic initiatives to senior leadership and the Board of Directors, ensuring informed decision-making.
Drove continuous improvement and innovation within the security program, proactively adapting to emerging threats and technological advancements.
Led the cybersecurity strategy for the Diplomatic Security Bureau, ensuring the protection of U.S. diplomats, over 450 embassies, and sensitive information systems worldwide.
Developed and implemented a new cybersecurity framework to address unique challenges of operating in diverse and hostile international environments.
Spearheaded initiatives to secure critical infrastructure, protect sensitive data, and educate diplomats about cybersecurity threats and best practices.
Played a key role in mitigating a major cyberattack targeting U.S. embassies, preventing data breaches, and enhancing international collaboration on cybersecurity.
Successfully defended against 7500 cyberattacks; Secured over 400+ embassies in over 120 countries.
Collaborated with developers in testing, migrating, and implementing secure software solutions.
Ensured compliance with DS CTO policy and standards/regulations (FISMA/NIST/CIS/FAM/FAH), providing gap analysis on current security policies (asset classification, security controls, incident management, vulnerability management plans).
Provided oversight in implementing comprehensive risk management strategies, ensuring alignment with the Department’s risk management policy, for continuous monitoring, security data analysis, and FedRAMP cloud sponsorships.
Provided guidance for Business Continuity (BC) and Disaster Recovery (DR) initiatives, policies, and procedures to ensure continued operation of services across the Department.
IT Security Program Manager/Principal Security Architect / Sr. Associate Booz Allen Hamilton McLean, VA Nov 2006 – Nov 2012
Led and managed over 35 contractors & independent verification and validation consultants on the Veteran Affairs OCIO Cybersecurity Business Continuity-Resilience Program 2007 – 2009, which resulted in VA receiving an A grade during the annual FISMA Scorecard Audit.
Developed performance metrics to measure Department’s cyber risks, security requirements, and establish goals for Enterprise measurement.
Led the development and implementation of a comprehensive cybersecurity strategy for a major federal agency, resulting in a significant reduction in security incidents and improved compliance with federal regulations; e.g., NIST 800-53, FedRAMP.
Built and managed a high-performing team of 25 cybersecurity professionals, fostering collaboration, innovation, and continuous improvement.
Provided expert guidance to senior leadership on cybersecurity risks, mitigation strategies, and emerging threats.
Developed and revised existing security policies, processes, and procedures, utilizing NIST's Risk Management Framework: SP 800-37 and Recommended Security Controls for Federal Information Systems: SP 800-53.
Interacted with product designers and developers to analyze security features, identify improvements, and recommend modifications.
Conducted technical risk assessments of applications, analyzing and mitigating system vulnerabilities.
Evaluated web-based applications, databases Oracle 10-11g, SQL Servers, Drupal, and COTS systems for security vulnerabilities and implemented realistic mitigating strategies.
Prepared systems security accreditation paperwork for systems audited against FISMA standards.
Awards and Recognition
Two (2) Joint Commendation Medals, U.S. SOUTHCOM, J3 Operations
Three (3) Navy Achievement Medals, U.S. Navy
Contact this candidate