Lincoln, Nebraska, United States
Engaging and collaborative Cybersecurity leader with 14 years of management experience, in government, banking and healthcare, looking for challenging opportunities to create robust programs, develop high performing teams and foster the development of IT professionals.
Took this opportunity to return to personnel management in addition to Cybersecurity program management. Lead multiple cross functional cybersecurity teams for Conagra covering Identity, Governance, Risk and Compliance as well as Enterprise Resource Planning systems. Teams consist of over 24 individuals to include onshore and offshore resources ranging from analysts to security architects. Responsible for creating strategies and roadmap for Identity and GRC functionality to protect Conagra and its multiple manufacturing and office locations. • Create roadmap for modernization and automation of identity and GRC programs • Development of Third Party Risk Management program • Collaborate on organizational transformations to Agile methodology • Management of multiple internal and external audits and assessments • Creation of Governance Framework based on NIST CSF • Coordination of internal risk management identification, mitigation and reporting • Align IAM and GRC strategy with corporate priorities
Recruited to build out a security and compliance program to support multiple business initiatives supporting a SaaS solution for benefits administration targeted to small to medium businesses. Requires knowledge of multiple security frameworks and requirements as well as knowledge and experience in technical control design. Responsible for attaining and maintaining SOC2 Type II report and HITRUST certification. Coordinated privacy management processes to align with CCPA requirements. • Established C-Suite Strategic Security Committee for business leader alignment and information sharing • Designed compliance and reporting program to consistently monitor performance of the information security program • Manage third party relationships with revenue organization to coordinate with vendors and customers to address Vendor Management due diligence requirements • Maintained all HIPAA and HITRUST requirements for Information Security requirements to include control design, employee security awareness training and communications • Lead efforts around audit and assessment activities to include industry certifications as well as remediation of findings related to engagements and risk profile • Created and maintained all policy, plan and standards documentation to manage the information security program to include establishment of cybersecurity risk management program
Lead multiple BCBS of Nebraska operational cybersecurity teams encompassing various cybersecurity domains. Team responsibilities included monitoring, incident response, identity and access management, risk assessment and compliance activities. Provided overall strategy and vision for improving operational cybersecurity. Worked directly with stakeholders throughout the organization to support business initiatives while maintaining and/or improving information security posture. • Manage CyberSecurity compliance efforts, with an emphasis on HIPAA, HITRUST and other regulatory requirements • Design and aid in the implementation of effective technical security controls and monitoring processes; appropriately responds to and supports remediation of security threats • Develop, execute and maintain staffing and training plans to ensure the department is appropriately staffed and is able to provide the technical skills needed to support the enterprise • Manage and balance the cybersecurity and team budgets. Provide input to the portfolio budgets to ensure adequate resources for control maintenance or improvement • Develop, maintain and manage complex relationships with third party vendors/ Managed Security Providers, including contract/software/hardware negotiations, SLA management and enterprise Incident/risk assessments
Promoted to VP of IT Security responsible for monitoring and managing the Information Security program for the American National Corporation enterprise network consisting of over 30 locations throughout Nebraska, Iowa and Minnesota. Daily responsibilities include team management, leadership collaboration, coordination of testing and remediation and managing security projects and budgets. • Directly manages security team consisting of one security engineer and one security analyst • Responsible for ensuring compliance with the OCC as well as with security requirements such as FFIEC, PCI-DSS and GLBA • Serves as primary cybersecurity point of contact for company leadership • Coordinates with other IT teams to identify and implement technical, policy and/or procedural improvements to security posture • Manages budgets to identify potential cost savings while maintaining or improving security
Appointed as the Information Security Officer responsible for developing the Information Security Program for the American National Corporation enterprise network. Daily responsibilities include policy development, vulnerability and risk assessments, incident response and vendor communications. • Researches new information security solutions and works closely with vendors currently providing information security services • Researches information security threats that could impact American National Corporation operations through the use of Threat Intelligence and news sources • Performs investigation of network incidents to validate and respond to possible malicious activity • Monitors the Vulnerability Management Program • Performs Risk Assessment activities in accordance with NIST 800-30 • Provides weekly updates to company leadership regarding current network security posture, threats, and projects • Serves as primary point of contact for company leadership and end user community for all cyber security related issues
Promoted to manage an Air Force Enterprise Security team consisting of eight IT Security professionals supporting Information Assurance efforts for the overall Air Force intelligence community. Team includes Policy Writers, IT Security trainers, SharePoint/Content Managers and Electronic Records Managers. Works closely with Computer Network Defense personnel currently standing up an enterprise Security Control Center utilizing ArcSight, Archer and HBSS. In addition, Enterprise Security team also supports Security Control Assessors performing IT auditing utilizing the Risk Management Framework based off of the NIST 800 series. Manages special projects on behalf of government customers to include oversight of the completion of in house Assessment & Authorization tracking tool. • Manages day to day operations for Enterprise Security office and serves as liaison between government customers and contractor personnel • Monitors and tracks team member projects to ensure correct priorities are assigned, milestones are established, and resources are available to complete assigned duties • Submits required contract deliverables in the form of weekly and monthly status reports to government personnel documenting contractor efforts
Promoted to manage team of three network security engineers performing Certification and Accreditation activities for telecommunication systems deployed throughout the Air Force Enterprise. Oversee creation of contingency documentation, system level agreements, and artifacts to support security baseline of systems. Manage day-to-day operations to ensure system completion within customer provided timeframes. Review system documentation to check for proper mitigation responses in accordance with DOD instructions and standards. • Developed in house tracking utility, CAST Dashboard, to provide timely and accurate project information, to include progress, milestones, goals and accountability, to customers and government leadership • Completed and maintained ten certification and accreditation packages saving the Department of Defense ~$3.8 million • Initiated organizational plan to fulfill yearly Federal Information Systems Management Act (FISMA) requirements for all systems certified and accredited by CAST
Created multiple documents used for completion of Certification and Accreditation activities for CAST. Updated multiple template documents to increase efficiency in testing efforts. Managed the team SharePoint portal to assist in sharing of information and to maintain a network location for shared Information Assurance resources. • Automated all template documentation to auto populate for testing purposes • Drafted checklists and policy and procedure documentation to formalize CAST responsibilities and efforts • Formalized presentations to organizational leadership for information on project status