09/2016 thru 12/2016

Risk Assessment Subject Matter Expert (SME)

Risk Assessment Subject Matter Expert (Consultant)

Performed Time Warner Cable and Charter Cable “Merger” Security Risk Assessment, Attack & Penetration (A&P), and full Program Management services located in Charlotte, North Carolina and Tampa, Florida in support of Charter Spectrum telecommunications practice and other merger initiatives. Served as the Risk Assessment Subject Matter Expert (SME) developing corporate Cyber Security specifications ensuring risk, cloud compliance, and assurance efforts to conform with NIST/FISMA and PCI DSS industry framework standards, resiliency, and dependability requirements at the software, hardware, system, and network environment levels.  Responsible for executive briefings, face-to-face dialogue and project daily status reporting, to include:

Highlights of Achievements:

  • Developed and implemented full Risk Assessment artifacts, tools, and cloud methodology for Charter Spectrum Executive Leadership “Corporate Merger” decisions
  • Direct client interaction experience; working closely with clients to elicit assessment and accreditation-related documents and implementation, and consulting on current issues; reporting on assessment and related findings
  • Assessed alignment with SOX, PCI-DSS, ISO-27001/2 and NIST-800 controls for critical enterprise systems; develops effective and efficient processes to remediate compliance groups
  • Lead Assessor and Program Manager for Risk and Attack & Penetration testing procedures
  • Demonstrated superior skills in developing, testing, and implementing cloud application security measures, systems and/or network security posture requirements involving applications, network, incident response and contingency and recovery plans, tests, and exercises

Tactical Accomplishments:

  • Provided strong knowledge and experience providing accurate security evaluation of software applications, system, or network, documenting the security posture, capabilities, and vulnerabilities against relevant IA compliances
  • Demonstrated expertise in applying cloud Information Security principles and requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
  • Provided expert knowledge of Risk Management Framework requirements and applicable information security publications and standards (NIST, FISMA, FIPS)
  • Provided superior experience writing technical information security related documents such as System Security Plans (SSP) and Risk Assessments
  • Superior interpersonal, communication, presentation, and writing skills

Performed and analyzed risk assessment, vulnerability and penetration testing assessments output and incorporating the results into security related documentation