Craig - Security Architect


  • Develops cross-functional management and security engineering business aligned cross-functional programs. Direct people manager and risk team builder and independent contributor.
  • Designs and implements IT risk governance programs, including policy and procedure development and management.
  • Managed information and network security risk assessment team building and procedural design.
  • Strong hands on experience in governance, security, risk, and compliance program development.
  • Develops governance risk and compliance infrastructure also disaster recovery/business continuity strategy.
  • Experience in IT governance risk and security budget management, cloud computing risk management, ethical hacking, offshore and domestic vendor management.
  • Designs security metrics, data loss prevention programs, security risks and controls engineering and management.
  • Acts as internal security and risk evangelist and advisor to senior executives.

Recent Engagements

MIS Risk & Compliance - Service Master - Tennessee - Current

  • Managed security and incidents for all lines of business and geographical regions, which includes intrusion event analysis, live computer forensics, and malware analysis.
  • Developed risk and threat management program, vulnerability analysis capability, security architecture and DevOps/SecOps management.
  • Conducted business impact analysis and risk assessments as part of a business continuity management system.
  • Performed risk assessments and vulnerability analyses.
  • Work with management, other team members, development teams, business analysts, enterprise leaders and end users to ensure data protection for systems used by all areas the organization.
  • IDevOpsnted ISO 27001 based metrics and threat/risk analysis develops programs successfully.
  • Led specific efforts to support other IT security work streams with the implementation of the appropriate security requirements and standards.
  • Specialized in program capability development for vulnerability management, security intelligence, security architecture, compliance frameworks, and the operation of advanced security tools and or operations.
  • Created and implemented risk mitigating strategies and advised on acceptable mitigating controls related to policy and standard exceptions.
  • Created risk management program that includes IT and risk assessments.
  • Implemented program techniques to predict, detect and respond to malicious activity.
  • Assessed suitability and applicability of specific products for security and risk management implementations.