Resume

Professional Summary

Dynamic and results-oriented Senior Risk Manager with over 20 years of expertise in spearheading and advancing Information Security and Risk Management programs. Masterful in security frameworks and standards, with a robust background in risk assessment, management, and compliance. Excel in collaborating with cross-functional teams to drive comprehensive technology risk assessments and strategic operational realignment. Certified CISSP, PMP, and ITIL professional, renowned for delivering technical excellence and leadership acumen.

Skills

• Risk Assessment and Management: Expertise in identifying, analyzing, and evaluating security risks and vulnerabilities in IT systems and networks.
• Security Governance: Proficient in developing and implementing security policies, procedures, and key risk indicators to foster a secure organizational environment.
• Analytical and Problem-Solving: Skilled in analyzing complex security issues, providing actionable insights, and driving effective risk mitigation strategies.
• Communication and Collaboration: Effective communicator adept at collaborating with stakeholders at all levels to facilitate technology and cybersecurity risk assessments.
• Security Frameworks and Standards: Extensive knowledge of NIST Cybersecurity Framework, ISO 27001, CIS Controls, and PCI-DSS.

Professional Experience

Technology Risk Manager Senior - Charles Schwab (08/2017 – Present)

• Spearheaded the groundbreaking Monitoring Metrics program, fortifying Cybersecurity Oversight.
• Led as Subject Matter Expert (SME) for SIEM and Security Data Sciences programs.
• Formulated validation programs for Information Technology Risk Management and Information Systems Risk Management, aligning with FFIEC IT Handbook and COBIT frameworks.
• Collaborated with 1st, 2nd, and 3rd Lines of Defense and Business units for comprehensive technology and Cybersecurity risk assessments.
• Provided technical SME support for other risk management teams conducting annual Secure Software Development Lifecycle (SDLC) and Application assessments.

Owner - BrainWerkz (02/2017 – 08/2017)

• Empowered SMBs through expert leadership in Network Security, System Administration, and Project Management.

Manager International I.T. Operations - 360Training.com (11/2015 – 02/2017)

• Pioneered the Information Security program, fostering a secure organizational environment.
• Led IT Security and Data Center process improvements through scheduled audits.
• Developed Security Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) for enhanced Executive Management oversight.
• Formulated policies and procedures for the Information Security program leveraging NIST 800-53, CIS, SANS Top 20, and more.
• Led Risk and Business Impact analyses, establishing Disaster Recovery/Business Continuity policies.
• Developed and conducted End-user security awareness training.
• Implemented PCI-DSS compliance scans and certification using OpenVAS.
• Directed a globally distributed team across functional areas of IT Operations.
• Deployed Governance Risk and Compliance (GRC) software Practical Threat Analysis (PTA).
• Implemented a Performance Measurement Framework, significantly improving internal customer satisfaction.

Education

• M.S. Cybersecurity and Information Assurance, Western Governors University (01/2021)
• M.A. Humanities, University of Houston Clear Lake, TX (05/1995)
• B.S. Behavioral Science, University of Houston Clear Lake, TX (12/1991)

Professional Development

• CISSP #425805
• PMP #1504010
• IT Project+ COMP001004072318
• ITIL Foundations v3 & v4
• MCSE 2084689

Professional Organizations

• ISC2 and ISC2 Austin Chapter – CISSP Exam Writer (Multiple sessions)
• Project Management International (PMI) and PMI-Austin Chapter