Accomplishments include: * Compiled and reconciled disparate compliance data into the RSA Archer eGRC platform. Brought a holistic and resilient view of risk exposure and value to Chevron. * Authored and enhanced Archer capabilities by developing an analytical and integrated reporting dashboard solution. This solution provides visibility into a layered cybersecurity landscape and across cybersecurity key dimensions. This in-turn serves the needs of decision quality and supports operational excellence for diverse audiences (execs, internal audit, team leads and members) * Coordinated Security & Access Operations vulnerability testing and remediation * Evaluated evidence for its completeness with the anticipated outcome of internal / external auditor examination. * Maintained consistent and regular communications with numerous business and project teams. This is vital to proactively managing issues, risk, and expectations of data confidentiality, integrity and access (CIA) My Veteran Community Jul 15 - May 17 Director, Chief Operations Officer (Volunteer) The accomplished challenge: My Veteran Community was born out of an intense outcry from a great number of new veterans making the transition to civilian life. Moving from an extremely structured life to a self-directed world presents sudden and painful challenges. MVC is a collaborative and actionable commitment to active service members, veterans, and their families as they transition into civilian life using mentoring, coaching and information resources to match individual needs to solution providers. Accomplishments include: * Fully delivered the requested Self-Service Security assessment solution. Management is now empowered to make focused and informed decisions throughout the IT SDLC, business and focus on harnessing cyber risk intelligence. - Led client in formalizing the tools and assessment processes required to create or maximize shareholder (business) value. Articulate leading business issues and trends using Key Performance Indicators (KPIs). - Principal security focus surrounds data loss prevention, specifically using the CIA risk model of continuity (includes data Confidentiality, Integrity and Availability). - Empowered management to proactively reduce the likelihood of negative events and lost opportunities while maximizing IT and business market performance. Chevron North America Feb 15 - Jul 15 IT Cyber Security Risk / Compliance Consultant The accomplished challenge: Be a member of the IRM Excellence team and build multiple business work streams that prioritize cyber risks, create a comprehensive framework that embeds resilient cyber risk management into the business operating and decision model. Establishes efficient practices that are standardized, sustainable, systematic and effective methods to managing cyber information threats. Accomplishments include: * Compiled and reconciled disparate compliance data into the RSA Archer eGRC platform. Brought a holistic and resilient view of risk exposure and value to Chevron. * Worked closely with Deloitte & Touché to develop a holistic cyber security and IT control framework to collect and report Key Risk Indicators (KRI), Key Performance Indicators (KPI) from a simplified best practice perspective using numerous authoritative sources (e.g. NIST, ISO, CobIT, ITIL, NERC) * Established a consistent and reproducible approach - by monitoring, identify and analyze risk across multiple business unit silos and appropriately respond these risk based on priority and impact * Principal security focus surrounds data loss prevention, specifically using the CIA risk model of continuity (includes data Confidentiality, Integrity and Availability). * Established business context for risk - by provide a complete view of risk exposure across multiple business unit processes with measurable and actionable risk and control indicators * Coordinated and simplified the relationships between policies, standards, procedures and controls * Simplified operational control management - ensure control systems are properly designed and operating effectively by documenting, classifying / simplifying controls, self-assessments, capturing cyber risk results and organizing forensic remediation efforts. Chevron Phillips Chemical Apr 14 - Nov 14 Industrial Control Systems Cyber Security Risk Consultant The accomplished challenge: Establish a multinational cyber-security governance and risk (GRC) roadmap and framework with a clear structure, responsibilities and operating workflow processes that enables the client to obtain measurable and actionable results over the architecture, operations, change management, deployment, and data standards. Accomplishments include: * Assembled and cross referenced numerous complex inputs from OSA, NIST, CobIT, ITIL, SANS, NERC CIP, and ISO sources / standards. * Established a holistic framework that objectively assesses cyber security from 31 process perspectives. * Review, assess and identify 3rd party vendor cyber security risk and control gaps for IT general and application controls. Furnish management guidance over best-practice cyber risk remediation and control opportunities (implement, monitor, execute). * Implemented a multi-level drill-down dashboard for management of cyber risk assessment reporting. This custom on-demand solution empowers all staff, team leads, and management to engage, measure, track and trend the effective impact of summarized or successively detailed data. (work efforts, vulnerabilities, priorities, risks, locations, systems, etc.) * Led client in formalizing the tools, processes and assessments needed to understand the means and methods to create or maximize shareholder (business) value. Articulate leading business issues and trends using Key Performance Indicators (KPIs). * Measurably increased efficiency and effectiveness of this central team using consistent standards, tools, and practices using project and data loss process elements of NIST, SANS, ITIL and CobIT. This empowers this client to achieve proactive and measurable cyber security protection over their Primary Homeland Security targets. * Empowered business owners to assess and expect key security support based on common asset and workflow process portfolio. Goals and reporting indicators cascade down to individual contributors and managers using R.A.C.I. Accomplishments include: * Compiled and reconciled disparate compliance data into the RSA Archer eGRC platform. Brought a holistic and resilient view of risk exposure and value to Chevron. * Worked closely with Deloitte & Touché to develop a holistic cyber security and IT control framework to collect and report Key Risk Indicators (KRI), Key Performance Indicators (KPI) from a simplified best practice perspective using numerous authoritative sources (e.g. NIST, ISO, CobIT, ITIL, NERC) * Established a consistent and reproducible approach - by monitoring, identify and analyze risk across multiple business unit silos and appropriately respond these risk based on priority and impact * Principal security focus surrounds data loss prevention, specifically using the CIA risk model of continuity (includes data Confidentiality, Integrity and Availability). * Established business context for risk - by provide a complete view of risk exposure across multiple business unit processes with measurable and actionable risk and control indicators * Coordinated and simplified the relationships between policies, standards, procedures and controls * Simplified operational control management - ensure control systems are properly designed and operating effectively by documenting, classifying / simplifying controls, self-assessments, capturing cyber risk results and organizing forensic remediation efforts. Chevron Phillips Chemical Apr 14 - Nov 14 Industrial Control Systems Cyber Security Risk Consultant The accomplished challenge: Establish a multinational cyber-security governance and risk (GRC) roadmap and framework with a clear structure, responsibilities and operating workflow processes that enables the client to obtain measurable and actionable results over the architecture, operations, change management, deployment, and data standards. Accomplishments include: * Assembled and cross referenced numerous complex inputs from OSA, NIST, CobIT, ITIL, SANS, NERC CIP, and ISO sources / standards. * Established a holistic framework that objectively assesses cyber security from 31 process perspectives. * Review, assess and identify 3rd party vendor cyber security risk and control gaps for IT general and application controls. Furnish management guidance over best-practice cyber risk remediation and control opportunities (implement, monitor, execute). * Implemented a multi-level drill-down dashboard for management of cyber risk assessment reporting. This custom on-demand solution empowers all staff, team leads, and management to engage, measure, track and trend the effective impact of summarized or successively detailed data. (work efforts, vulnerabilities, priorities, risks, locations, systems, etc.) * Led client in formalizing the tools, processes and assessments needed to understand the means and methods to create or maximize shareholder (business) value. Articulate leading business issues and trends using Key Performance Indicators (KPIs). * Measurably increased efficiency and effectiveness of this central team using consistent standards, tools, and practices using project and data loss process elements of NIST, SANS, ITIL and CobIT. This empowers this client to achieve proactive and measurable cyber security protection over their Primary Homeland Security targets. * Empowered business owners to assess and expect key security support based on common asset and workflow process portfolio. Goals and reporting indicators cascade down to individual contributors and managers using R.A.C.I. Accomplishments include: * Assembled and cross referenced numerous complex inputs from OSA, NIST, CobIT, ITIL, SANS, NERC CIP, and ISO sources / standards. * Established a holistic framework that objectively assesses cyber security from 31 process perspectives. * Review, assess and identify 3rd party vendor cyber security risk and control gaps for IT general and application controls. Furnish management guidance over best-practice cyber risk remediation and control opportunities (implement, monitor, execute). * Implemented a multi-level drill-down dashboard for management of cyber risk assessment reporting. This custom on-demand solution empowers all staff, team leads, and management to engage, measure, track and trend the effective impact of summarized or successively detailed data. (work efforts, vulnerabilities, priorities, risks, locations, systems, etc.) * Led client in formalizing the tools, processes and assessments needed to understand the means and methods to create or maximize shareholder (business) value. Articulate leading business issues and trends using Key Performance Indicators (KPIs). * Measurably increased efficiency and effectiveness of this central team using consistent standards, tools, and practices using project and data loss process elements of NIST, SANS, ITIL and CobIT. This empowers this client to achieve proactive and measurable cyber security protection over their Primary Homeland Security targets. * Empowered business owners to assess and expect key security support based on common asset and workflow process portfolio. Goals and reporting indicators cascade down to individual contributors and managers using R.A.C.I.

Highlights:

• Documentation
• Focus
• Framework
• Oracle
• Business Contingency Planning
• COBIT
• Cyber
• Management
• Oracle Database Administration
• PeopleSoft
• agile
• it jobs
• IT risk
• IT controls
• NIST
• CYBER RISK
• BUSINESS PROCESS
• COMPLIANCE
• IT PROCESS
• ASSESSMENT
• INFORMATION RISK
• REQUIREMENTS ANALYSIS
• PROJECT MANAGEMENT
• BUSINESS ANALYSIS
• APPLICATION CONTROLS
• IT CONTROLS