Jan 2015 – Jan 2020 · 5 yrs · Portland, Oregon, United States

• Architect strategies for the global information risk management group and direct enterprise and third-party vendor risk assessments for the world’s largest supplier of athletic shoes and apparel with $36B+ in revenue.
• Oversee data sharing agreements, policies, procedures, and standards, collaborations with compliance and governance groups, legal counsel, and terms for legal contracts.
• Advise business unit leaders on vendor services and product procurement by developing and submitting executive reports encompassing risk analyses, evaluations, and recommendations.
• Improve information security controls by interviewing vendors and internal stakeholders, evaluating operational effectiveness, and implementing modifications.
• Prevent the inadvertent exposure of sensitive data by vendors and internal stakeholders by documenting vulnerabilities and rectifying problem areas.

Jan 2014 – Jan 2015 · 1 yr · Portland, Oregon Area

• For primary client Bonneville Power Administration designed system security plans and life cycle documents aligned with the Federal Information Security Management Act (FISMA) and National Institute of Standards and Technology (NIST) 800-53, Defense Information Systems Agency’s (DISA) Security Technical Implementation Guides (STIG), and internal executive guidance for a leading technology services provider.
• Mitigated risk by analyzing technology operations and ensuring compliance with best practices relative to vulnerability and change management, system confidentiality, and document and data integrity.
• Developed management summaries in Word, PowerPoint, Excel, and Visio.

Jan 2012 – Jan 2014 · 2 yrs · Bentonville, Arkansas, United States

• For the primary client Walmart led International Organization for Standardization (ISO) 27001/2 security assessments across 60+ locations spanning North and South America, Asia, and Europe for one of the big four accounting organizations with $29B+ in revenue.
• Advised business unit stakeholders on risks, system architecture, and security policies.
• Protected sensitive data by performing manual discovery of electronically protected health information (ePHI), including conducting interviews with business leaders, reviewing data repositories, designing data flow diagrams, and assessing HIPAA-related security controls.
• Prevented data loss by developing a comprehensive playbook detailing deployment paths.
• Averted security-related disasters by investigating and resolving system vulnerabilities, analyzing gaps, and implementing regulatory frameworks, standards, and processes.

Jan 2006 – Jan 2011 · 5 yrs · Orlando, Florida, United States

• Managed system controls, including documentation for certification and accreditation, compliance with Department of Defense (DoD), federal government, and corporate requirements, and security policies and procedures for the world’s largest weapons manufacturers and military technology providers with $30B+ in revenue.
• Oversaw the physical security program relative to visitor access, badges, the Joint Personnel Adjudication System (JPAS), intrusion detection system (IDS), and contingency plans.
• Ensured operational readiness for external audits by executing internal information systems audits.
• Mitigated risk by identifying compliance gaps and implementing improvement action plans and milestones.
• Achieved departmental goals by assessing purchase requests and approving equipment upgrades.
• Increased adherence to technical documentation requirements by developing accountability processes.

Jan 2005 – Jan 2006 · 1 yr

• • Managed technology security systems, including firewalls, data protection controls, vulnerability scanning, and risk mitigation for one of the largest companies in the aerospace, defense, security, and technologies industry with $53B+ in revenue.

Jan 1999 – Jan 2005 · 6 yrs

• • Oversaw technical services and support, escalated issues, network assessments, security audits, and remote monitoring and management.

Jan 1997 – Jan 1999 · 2 yrs · McLean, Virginia, United States

• • While at Trident Data Systems (later acquired by Veridian), installed and configured hardware, software, and networks monitored system performance and ensured security compliance for a provider of technology solutions to military and intelligence community customers.