Craig - Security Architect
- Develops cross-functional management and security engineering business aligned cross-functional programs. Direct people manager and risk team builder and independent contributor.
- Designs and implements IT risk governance programs, including policy and procedure development and management.
- Managed information and network security risk assessment team building and procedural design.
- Strong hands on experience in governance, security, risk, and compliance program development.
- Develops governance risk and compliance infrastructure also disaster recovery/business continuity strategy.
- Experience in IT governance risk and security budget management, cloud computing risk management, ethical hacking, offshore and domestic vendor management.
- Designs security metrics, data loss prevention programs, security risks and controls engineering and management.
- Acts as internal security and risk evangelist and advisor to senior executives.
MIS Risk & Compliance - Service Master - Tennessee - Current
- Managed security and incidents for all lines of business and geographical regions, which includes intrusion event analysis, live computer forensics, and malware analysis.
- Developed risk and threat management program, vulnerability analysis capability, security architecture and DevOps/SecOps management.
- Conducted business impact analysis and risk assessments as part of a business continuity management system.
- Performed risk assessments and vulnerability analyses.
- Work with management, other team members, development teams, business analysts, enterprise leaders and end users to ensure data protection for systems used by all areas the organization.
- IDevOpsnted ISO 27001 based metrics and threat/risk analysis develops programs successfully.
- Led specific efforts to support other IT security work streams with the implementation of the appropriate security requirements and standards.
- Specialized in program capability development for vulnerability management, security intelligence, security architecture, compliance frameworks, and the operation of advanced security tools and or operations.
- Created and implemented risk mitigating strategies and advised on acceptable mitigating controls related to policy and standard exceptions.
- Created risk management program that includes IT and risk assessments.
- Implemented program techniques to predict, detect and respond to malicious activity.
- Assessed suitability and applicability of specific products for security and risk management implementations.