Summary
Overview
Work History
Education
Skills
Certification
Awards
Languages
Credentials
Timeline
Generic

Aaron Kunec

Canton,MI

Summary

Risk Manager with expertise in program maturity and risk management. Specializes in ISO compliance and continuous improvement, leading teams to strengthen security frameworks. Proven track record of delivering impactful results in cybersecurity initiatives through effective collaboration and communication.

Overview

15
15
years of professional experience
1
1
Certification

Work History

Program Manager - Penetration Testing

DTE Energy
Detroit Metropolitan Area
10.2022 - Current
  • Establish and launch Penetration Testing Program incorporating two-year development strategy based on program maturity model that embeds testing framework and standards (OWASP, MITRE ATT&CK, NIST 800-53)
  • Direct and assess testing program operations encompassing role development, scheduling of personnel, performance evaluations, timeline adherence, procurement of tools, budget oversight, and proceeds management.
  • Manage ongoing penetration testing program maturity utilizing frameworks such as Capability Maturity Model (CMM), Process Integration, and Agile / Kanban to foster Continuous Improvement (CI) and development

Staff Risk Analyst - Cyber Security

GE Power
Greater Detroit Area
06.2019 - 10.2022
  • Execute third-party risk assessments through on-site evaluations and detailed examination of submitted documentation, assessing and documenting potential inherent risk.
  • Facilitate discussions involving vendors, the supply chain, and project stakeholders to effectively manage inherent risks and devise mitigation plans.
  • Establish and communicate metrics covering Key Performance Indicators, Key Risk Indicators, and Key Control Indicators linked to Third Party Suppliers, Joint Ventures, and Divestitures risk assessments.
  • Supervised offshore contractor operations, streamlining supplier communications, executing data entry tasks, and generating metrics for supplier defect assessments.
  • Act as ISO 27000 and NIST Compliance Champion for external vendors and internal audit personnel.

Sr Cyber Security Researcher

GE Power
Belleville, Michigan
11.2015 - 06.2019
  • Direct planning and implementation of security testing initiatives involving Red Team, Penetration Testing, and security gap assessments.
  • Engage product and system owners in evaluating possible security vulnerabilities while providing consultation on remediation planning
  • Communicate monthly performance metrics and reports to executive leadership.
  • Guide management in establishing strategy for future path of information security program management strategies.
  • Optimize and assess processes, procedures, and standards to boost accuracy, agility, and efficiency of operations
  • Led coaching initiatives for new team members, ensuring seamless integration and skill enhancement.

Information Security GRC Analyst

LifeLock
Tempe, Arizona
11.2014 - 11.2015
  • Facilitate organized internal risk assessments and appraise internal risk by applying ISO 31000 standards
  • Partner across teams to verify risk findings, assist in mitigation planning, and uphold consistency with internal control frameworks and compliance requirements.
  • Facilitated understanding of security policy objectives to align with business goals efficiently.
    Provided security insights for business procedures and new project developments.
  • Manage remediation efforts from internal and external security assessments.
  • Crafted comprehensive security documentation featuring Risk Acceptance Forms (RAFs), System and Application Hardening Standards, PCI DSS 3.0 alignment with ISO/IEC 27002, and detailed audit checklists and procedures.

IT Security Analyst II

FIS
03.2014 - 11.2014
  • Implement security controls to thwart threats against company information and safeguard programs.
  • Investigated attempted breaches of security protocol and proposed effective solutions.
  • Manage security systems and implement security policies to govern access to systems.
  • Manage company firewall and employ effective encryption strategies.
  • Deliver status reports on security matters to enhance security risk analysis scenarios and response procedures.

Information Security Analyst

Quicken Loans
Greater Detroit Area
08.2010 - 01.2014
  • Executed daily DLP audits
  • Created practical documentation on the handling and transferring of sensitive information for the benefit of end users.
  • Contributed to security risk assessments for new application implementations and evolving business processes impacting roles defined in access governance tool.
  • Managed user accounts, Mailboxes and user groups through Active Directory.

Education

Bachelor of Applied Science (B.A.Sc.) - Information Systems Security

ITT Technical Institute-Canton
Canton
01.2012

Skills

  • Program management and ISO compliance
  • Third party risk management
  • Risk and vulnerability assessment
  • Team leadership and effective communication
  • Continuous improvement strategies
  • Penetration testing expertise

Certification

Certified Information Systems Security Professional (CISSP)

Awards

  • National Technical Honor Society
  • Award of Excellence
  • Outstanding Customer Service, Commitment and Dedication

Languages

English

Credentials

CISSP, BSc

Timeline

Program Manager - Penetration Testing

DTE Energy
10.2022 - Current

Staff Risk Analyst - Cyber Security

GE Power
06.2019 - 10.2022

Sr Cyber Security Researcher

GE Power
11.2015 - 06.2019

Information Security GRC Analyst

LifeLock
11.2014 - 11.2015

IT Security Analyst II

FIS
03.2014 - 11.2014

Information Security Analyst

Quicken Loans
08.2010 - 01.2014

Bachelor of Applied Science (B.A.Sc.) - Information Systems Security

ITT Technical Institute-Canton

Similar Profiles

CREATE PROFILE
Aaron Kunec
Want your own profile? Build for free at Resume-Now.com