Risk Management Program Manager
Resume:
Gary Love
https://www.linkedin.com/in/gary-love-*933b1178
****.*.****@*******.***
EXECUTIVE SUMMARY
Cybersecurity leader with over 16 years of experience and a robust background in cloud security assessments and compliance. Proven track record in managing high-performing teams and aligning secure cloud architectures with industry best practices across AWS, Azure, and GCP. Drives strategic vision to enhance revenue, service quality, and customer satisfaction while mentoring teams and spearheading innovative cloud security initiatives.
PROFESSIONAL EXPERIENCE
4L IT Solutions LLC Nov 2024 - Present
Compliance Consultant / Cybersecurity Product Owner / Risk Management Framework (RMF) / GRC Consultant
•Directed compliance audits and cloud security assessments for clients such as Chiefs Construction and Tuskegee University, aligning implementation with NIST CSF, NIST 800-53, ISO 27001, ISO 9001, and ISO 20000-1 frameworks.
•Evaluated client compliance postures with a focus on cloud security controls and risk management best practices, identifying improvement opportunities and providing strategic recommendations.
•Developed comprehensive compliance frameworks, including policies, procedures, controls, and documentation aligned with ISO standards and regulatory requirements.
•Optimized the deployment of the ServiceNow Strategic Portfolio Management (SPM) suite, streamlining project intake, prioritization, and performance tracking across cybersecurity, compliance, and cloud security initiatives.
•Managed Disaster Recovery, Business Continuity, and IT Resiliency initiatives, ensuring seamless operations in both cloud and on-premises environments.
•Collaborated with executive management teams to align compliance and risk management strategies with business objectives, fostering robust governance and vendor management practices.
•Conducted training sessions and workshops to enhance client and staff understanding of evolving compliance requirements, industry trends, and cybersecurity best practices.
•Delivered executive-level reporting on compliance, GRC, and IT risk posture to inform decision-making, emphasizing cloud-related security risks.
•Oversaw the management of cloud and on-premises environments, leveraging expertise in cloud computing and modern control frameworks.
•Led project leadership and program management activities using tools like Microsoft Project, Asana, Trello, and Jira to drive successful delivery of security, compliance, and risk initiatives.
ASTRION Mar 2024 - Nov 2024
Information System Security Manager (ISSM) Montgomery, AL
Designed and implemented control baselines for SaaS cloud environments, mapping requirements to NIST 800-53, FedRAMP, and agency-specific security standards.
•Developed and maintained comprehensive cybersecurity documentation for IT/OT systems, ensuring adherence to standards such as ITSC, SSP, ISCM Plan, MRAB, and Security Test Plans via eMASS.
•Conducted in-depth gap assessments against NIST 800-53 Rev. 5 controls while developing tailored System Security Plans (SSP), POA&Ms, and risk treatment strategies to support cloud security objectives.
•Ensured IT/OT configurations complied with NSA Security Technical Implementation Guides (STIG), Security Requirements Guides (SRG), vendor specifications, and industry best practices in both cloud and hybrid settings.
•Authored Standard Test Procedures (STPs) and cybersecurity test scripts in accordance with NIST SP 800-53A and FedRAMP standards to validate cloud security postures.
•Reviewed security artifacts to verify alignment with SSP requirements, providing detailed control pass/fail assessments.
•Updated eMASS records to reflect current system configurations and managed Plan of Action and Milestones (POA&M) items.
•Advised on and implemented security solutions to mitigate risks, supporting project management and enhancing cloud security practices.
•Deployed and supported Microsoft security solutions—including Azure Security Center, Microsoft Defender for Cloud, and Microsoft Sentinel—to monitor, detect, and respond to cybersecurity threats across cloud and hybrid environments.
•Analyzed threat vectors and residual risks for failed controls, reporting findings to executive stakeholders with a focus on cloud security implications.
•Championed ISO 27001 certification audits, streamlining processes and mentoring audit teams, while reinforcing robust security controls across cloud infrastructures.
•Fostered a culture of continuous improvement by identifying process enhancements and implementing changes to optimize team efficiency and delivery quality.
•Mentored and coached team members on cybersecurity and Agile principles, supporting professional growth and strengthening cloud security expertise.
Aviation and Missiles Solutions Oct 2021 - Mar 2024
Sr. Cybersecurity Analyst/ Product Owner-Scrum Master Huntsville, AL
As the Cybersecurity Agile Product Owner, I led and managed the project's cybersecurity roadmap using Agile principles and practices. My key responsibilities and tasks are:
•Led cyber project planning to collaborate with stakeholders to define cyber project goals, scope, and deliverables to developed a high-level project plan and created a backlog of prioritized user stories or tasks.
•Implemented Agile frameworks by using Scrum, Kanban, and SAFe Agile; facilitates Agile ceremonies, including daily stand-ups, sprint planning, sprint reviews, and retrospectives.
•Enhances strategic alignment and governance maturity by leveraging key SPM modules, including Project Portfolio Management (PPM), Demand Management, and Resource Management.
•Led the implementation of the NIST Cybersecurity Framework (CSF) across multiple client environments, aligning security practices with business objectives and regulatory requirements.
•Managed a cross-functional Cybersecurity Agile team of 12 members; assigning tasks, providing guidance, and ensuring that team members had the necessary resources and support to deliver high-quality results.
•Identified project risks and developed mitigation strategies; regularly assessed and addressed potential obstacles that could have impacted project timelines or deliverables.
•Led the overhauling of secure coding guidelines and standards, enhanced the overall security posture of the organization's applications
•Implemented automated security testing tools and processes, streamlining the identification and remediation of security vulnerabilities.
•Established a cyber-vault to create immutable, air-gapped backups; enhanced data protection and enabling rapid recovery from cyber threats.
•Collaborated with third-party security vendors to assess the security posture of externally sourced applications, ensured compliance with regulatory requirements.
•Demonstrated a strong understanding of Identity and Access Management (IAM) concepts and practices, such as Role Based Access (RBAC), least privilege, access automation methods, user access, and cloud access concepts.
•Supported identity governance processes, which involved defining and enforcing policies for access control, segregation of duties, and compliance requirements; allowed the organization to perform regular access reviews, manage entitlements, and demonstrate compliance with regulations and industry standards.
•Led cyber network design, system integration, and application development initiatives; ensured compliance with company and IT security policies, standards, operating requirements, as well as governmental guidelines and industry best practices.
•Managed the design and implementation of Zero Trust solutions, closely monitored compliance with regulations and industry standards.
•Served as Team Lead for Cybersecurity Supply Chain Risk Management (c-SCRM); continuously monitored and evaluated emerging technologies and trends in the SCRM, leveraging this knowledge to enhance and optimize network design, system integration, and application development initiatives.
ERP International INC Feb 2020 - Nov 2021
Sr. Project Manager, Product Owner/Scrum Master Gunter AFB, Montgomery Al
•Served as a servant leader consultant for Agile Development and Sustainment teams for the Medical Readiness Decision Support System (MRDSS).
•Collaborated with product owners and stakeholders to define product vision, roadmaps, and prioritization based on customer needs, regulatory requirements, and business goals, ensuring the delivery of high-quality, user-centered products within agreed-upon timelines and budgets.
•Managed the program's migration from a centralized integration environment to an AWS cloud environment; consolidated and provisioned Active Directory for user access to the new environment, worked with customers to provision accounts, including ticket management, customer service desk, security rights, and permissions.
•Facilitated Scrum ceremonies, including sprint planning, daily stand-ups, sprint reviews, and retrospectives; ensured adherence to Scrum principles and maximized team productivity.
•Led a twenty-member cross-functional team of developers, analysts, and subject matter experts in developing requirements and user stories for MRDSS.
•Monitored and communicated project progress, risks, and dependencies to stakeholders; proactively addressed obstacles or bottlenecks; managed project budgeting and monthly status reporting metrics.
•Acted as Task Lead, serving as a liaison between the government Program Management Office and the contracting company.
•Partnered with product leadership to drive and manage the SDLC sustainment and development processes; ensured the product team understood the direction and vision.
1Synch Technologies Jun 2019 - Feb 2020
Business Analyst / Functional Analyst Gunter AFB, AL
•Delivered business analytical support to the Air Force Reserve and National Guard Theater Medical Information Program Air Force (TMIP-AF) Family of Systems, including AHLTA-T, TC2, TMDS, MSAT, MIRTH, and CDR.
•Led Electronic Health Record (EHR) modernization initiatives, overseeing the transformation of legacy systems to enhanced EHR platforms.
•Collaborated with cross-functional teams—comprising IT, medical staff, and administrators—to gather requirements, assess needs, and define project scope.
•Developed and executed comprehensive modernization plans, ensuring seamless integration with existing workflows and compliance with healthcare regulations.
•Conducted training sessions for medical staff, facilitating a smooth transition to new EHR systems, which significantly reduced onboarding time and enhanced user proficiency.
•Coordinated with third-party vendors to integrate specialized modules, resulting in improved interoperability and enhanced patient care.
•Contributed to achieving overall healthcare service efficiency, including increased data accuracy, reduced documentation errors, and improved patient outcomes.
UIC Government Services Apr 2019 - Jun 2019
IT Acquisition Specialist/Business Analyst Gunter AFB, AL
•Collaborated with five product owners and five government leads to ensure the completion and accuracy of
•acquisition documentation for United States Air Force (USAF) Civil Engineering Systems.
•Worked closely with stakeholders to develop business problem statements, translating them into detailed user stories for the develop- ment team.
•Clearly communicated product vision and user stories to development teams, ensuring a comprehensive understanding of project objectives.
•Ensured platform compliance with the National Defense Authorization Act (NDAA) and Clinger-Cohen Act (CCA) requirements.
•Created and updated Service Level Agreements (SLAs), Memorandums of Agreement (MOAs), charters, and Concepts of Operations (CONOPS) to support project initiatives.
•Participated in risk management workshops to identify potential system risks.
•Certified Information Security Manager (CISM), ISACA, June 2023
•Developed and updated mitigation plans and tracked action items to address identified risks.
U.S. Army Corps of Engineers Aug 2015 - Sep 2018
Senior IT Project Manager/ Cybersecurity Manager Huntsville, AL
•Collaborated with the Tri-Service Automated Cost Engineering System (TRACES) Program Management Office to manage a cost-es- timating web portal.
•Administered six databases and eight web applications, ensuring optimal performance and security.
•Designed and implemented security features for various Windows architectures, web platforms, and SQL database maintenance systems.
•Transitioned ten standalone environments to a DoD/Government/FEDRAMP-approved cloud source, enhancing system scalability and compliance.
•Collaborated with Microsoft's Identity and Access Management (IAM) team to develop a Public Key Infrastructure (PKI), Common Access Card (CAC), and Single Sign-On (SSO) solution for provisioning user accounts on the new TRACES cloud platform.
•Conducted comprehensive assessments of diverse software environments, utilizing established and customized evaluation frameworks in accordance with FISMA, NIST, and FEDRAMP policies and guidelines.
607th Air Operations Center Aug 2013 - Aug 2015
Senior Project Manager, Configuration Manager Osan AB, ROK
•Directed Configuration Management (CM) functions for the Air Force Air Operations Center (AOC) Weapon System (WS), ensuring alignment with ANSI/EIA-649B standards.
•Developed and implemented CM processes, sustaining the organization's software and hardware environments.
•Managed change control for WS applications, tracking processes from initiation to completion.
•Maintained strict software configuration management across NIPR, ACE, and SOSAN networks.
•Facilitated the AOC's Configuration Change Board, overseeing Engineering Change Notices (ECNs), Engineering Change Requests (ECRs), and variances.
•Represented the AOC at wing-level meetings, conferences, and workshops.
•Prepared PowerPoint presentations and documentation for stakeholder briefings.
AFWAY Aug 2006 - Aug 2013
Project Manager, Configuration Manager, System Administrator, Information Assurance Manager Gunter AFB, AL
•Project Management: Led multiple IT projects, ensuring alignment with Air Force requirements and timely delivery within budget constraints.
•Configuration Management: Implemented and maintained configuration management processes in accordance with ANSI/EIA-649B standards, ensuring accurate documentation and control of system configurations.
•System Administration: Managed and administered multiple databases and web applications, ensuring optimal performance and security.
•Information Assurance: Developed and enforced information assurance policies and procedures, ensuring compliance with FISMA, NIST, and FEDRAMP standards.
•Stakeholder Collaboration: Coordinated with cross-functional teams, including product owners and government leads, to develop acquisition documentation and ensure compliance with National Defense Authorization Act
•(NDAA) and Clinger-Cohen Act (CCA) requirements.
•Risk Management: Conducted risk assessments and developed mitigation plans to address potential vulnerabilities in IT systems.
•
EDUCATION AND CERTIFICATIONS
Faulkner University Montgomery AL
Jun 2010
Master of Science, Management
Faulkner University Montgomery AL
Dec 2007
Bachelor's Degree, Business Administration
CERTIFICATION
•Certified Project Management Professional (PMP): PMI, 3376274, Nov 2028
•Certified Information Security Manager (CISM): ISACA, June 2023
•Certified Information Security Auditor (CISA): ISACA, 222016933, Dec 2022
•Certified CompTIA Advanced Security Practitioner (CASP+): COMP001021920540, Sep 2021
•Certified Expert Independent Assessor (CEIA): Feb 2018
•Certified Expert Risk Management Framework (CERF): Mar 2018
•Certified ISO 27001 Information Executive / Risk Manager / Internal / External Auditor: 2021
•Certified SAFe Scaled Agile Practitioner: 2024
•Certified Scrum Product Owner (CSPO): 2025
•Certified Scrum Master (CSM): 2025
•Certified DevOps Project Manager: International Scrum Institute, Mar 2020: 077*********
•Certified DevOps Generalist: International DEVOPS Certification Academy, Dec 2020: 995***********
•Certified Six Sigma Green Belt: 2021
Contact this candidate