Alex Grohmann

CISO

Washington DC-Baltimore Area

About

• Seasoned information security manager with professional experience specialized in information security, enterprise risk management, policy development and systems architecture. • Subject matter expert in areas associated with threats against the domestic financial service institutions including phishing, malware and account credential compromises with technical certifications including CISSP, CISA, CISM, and CIPT. • Known for demonstrating superb management, leadership, problem solving, communication and decision making skills. Specialties: • CISSP, CISA, CISM, CIPT

Experience

  • CISO at Undisclosed
    2021 - Present · 5 yrs 7 mos

    CISO work... just as you would imagine.

  • ISSA International Board of Directors (2018-2024) at Information Systems Security Association (ISSA)
    2018 - 2024 · 6 yrs

  • Information Security Consultant at Sicher Consulting LLC
    2014 - 2021 · 7 yrs

    Client: Government Contracting Solutions Provider o FISMA controls evaluation for Government contractor in line with NIST 800-171 o Ownership of compliance of controls to meet FISMA ATO guidelines Client: Government Sponsored Enterprise o Working to establish a refined controls enterprise level framework against standards and guidelines including: SOX, COSO, and COBIT o Provided guidance concerning technology risk Client: Credit Union o Evaluated newly created information security policies and evaluated against their basis, ISO 27001/2 o Coordinated business and IT departments to communicate and education on the policies while determining compliance ability o Created a gap assessment of the ability of the business to comply with the ISO 27001/2 security policies Client: Electrical Utility o Development an internal security program (where none previously existed) with primary focus on securing the underlying SCADA infrastructure and the company’s electronic security perimeter (ESP) and physical security perimeter (PSP) o Managed security compliance of NERC CIP standards (with a heavy focus on CIP-007) o Project managed security efforts including annual cyber vulnerability assessments (NERC CIP requirement) and implementation of security tools to mitigate threats including Flexera / Secunia, Tripwire, Wombat, McAfee vulnerability scanner and McAfee security information and event management (SIEM) appliance (greenfield implementations)

  • Sr Manager, Technology Risk at MorganFranklin Consulting
    2012 - 2014 · 2 yrs

  • Program Manager at SeNet International
    2011 - 2012 · 1 yr