Summary
Overview
Work History
Education
Skills
Websites
Certification
Affiliations
Timeline
Generic

Andrew Mule

Goodlettsville,TN

Summary

Organized and dependable candidate successful at managing multiple priorities with a positive attitude. Willingness to take on added responsibilities to meet team goals.

Years of experience with SOC2, NIST SP 800-171, NIST 800-53, ISO 27k, HIPAA.

Overview

11
11
years of professional experience
1
1
Certification

Work History

Director SaaS Security and Compliance

eGain
01.2022 - Current
  • Work with external auditors on regulatory and compliance program audits and assessments
  • Review system designs and architecture
  • Provide security-related recommendations based on NIST guidelines
  • Review security policies and procedures requirements for FedRAMP services
  • Enforcing and updating SSP and its related documentation
  • POA&M's: Track findings and work with teams to remediate risks
  • Liaise with government agencies on both technical and security matters
  • Working with 3POA.Liaise with cyber security, legal, corporate risk management and technical stakeholders
  • Strengthened internal controls by reviewing existing policies and procedures, ensuring compliance with regulatory requirements.
  • Facilitated cross-functional collaboration for improved decision-making processes within organization.
  • Evaluated company documentation to verify alignment with regulatory requirements.
  • Security controls testing: NIST-CSF, SOC2, Cloud Control Matrix
  • Awareness and training
  • Monthly reporting/hot topics
  • Project management

Manager - Security Program Integrity

Horizon Blue Cross Blue Shield
04.2018 - 01.2022
  • Evaluated effectiveness of current policies and procedures, recommending improvements when necessary.
  • Continuously monitored risk landscape for emerging threats or changes in regulatory environment, adapting investigative strategies as needed to maintain optimal vigilance against potential risks.
  • SOC2 (specifically hired to manage these), HIPAA audits (NIST-CSF)
  • Nessus, Rapid7, NIST CSF Benchmarking
  • FAIRTM quantitative risk analysis modeling (successfully reduce cyber insurance premiums)
  • Managed a team of 6 direct reports/analysts responsible for maintaining corporate security and compliance
  • CISO Metrics/Reporting
  • Operations: ServiceNow workflow design and reporting - GRC and SecOps: 15% reduction in server build compliance drift
  • 25% reduction in risk exception ticket volume
  • 100% C-level participation in annual Security Policy and Standards Attestation for 20 Security Policies and 27 Security Standards
  • Program management ($500K to $2.5M): Within budget and timeline: Annual SOC2 Type 2 Audit
  • Within budget and timeline: Implementation of new security awareness campaign
  • Within budget and timeline: Implementation of API security and compliance program.
  • Facilitated cross-functional collaboration for improved decision-making processes within the organization.

IT Risk Manager

British Telecom (BT Plc)
12.2015 - 04.2018
  • SOC2 audit management
  • BT Cloud Connect Azure - pre-ISO certification assessment
  • ISO risk assessments
  • Corrective action planning
  • Self-motivated, with a strong sense of personal responsibility.
  • Worked effectively in fast-paced environments.
  • Skilled at working independently and collaboratively in a team environment.

3rd PARTY RISK CONSULTANT

Insight Global
12.2012 - 04.2015
  • Conducted 3rd Party Risk Assessments for Deutsch Bank, KPMG and other financial corporations
  • Enhanced company''s risk profile by conducting thorough risk assessments and audits.
  • Optimized resource allocation towards high-priority risks, delivering cost-effective solutions that balanced both short-term needs and long-term resilience goals.
  • Identified areas of vulnerability by conducting comprehensive business impact analyses, guiding proactive measures to reduce potential losses.
  • Developed detailed action plans to mitigate potential risks, safeguarding company assets and reputation.
  • Security policy and standards authoring: Incident Response, Red Team Exercise, Change Management

Education

Master of Science - Systems Engineering, Space Science/Security Engineering

Stevens Institute of Technology
Hoboken, NJ
05.2016

Skills

  • CISSP

  • Risk Management

  • Verbal and written communication

  • Friendly, Positive Attitude

  • Calm Under Pressure

Certification

  • Certified CISSP - Certified Information Systems Security Professional - (ISC)²
  • Certified HCISPP - HealthCare Information Security and Privacy Practitioner - (ISC)²
  • Certified CDPSE - Certified Data Privacy Solutions Engineer - ISACA
  • Certified AWS - Amazon Web Services Certified Cloud Practitioner
  • Certified FAIR - Factor Analysis of Information Risk Management

Affiliations

  • Signal Intelligence Officer, Cyber Corps, TN State Guard
  • CISSP certification Groups (exam developer)
  • HCISPP certification Groups (exam developer)
  • NIST-CSF Privacy Group (contribute to the development of the NIST Control Framework for Privacy)
  • (ISC)² International Information Systems Security Certification Consortium - Member
  • ISACA - Member
  • H-ISAC: Health Information Sharing and Analysis Center - Member
  • MS-ISAC: Multi-State Information Sharing and Analysis Center
  • Association of the United States Army - AUSA

Timeline

Director SaaS Security and Compliance

eGain
01.2022 - Current

Manager - Security Program Integrity

Horizon Blue Cross Blue Shield
04.2018 - 01.2022

IT Risk Manager

British Telecom (BT Plc)
12.2015 - 04.2018

3rd PARTY RISK CONSULTANT

Insight Global
12.2012 - 04.2015

Master of Science - Systems Engineering, Space Science/Security Engineering

Stevens Institute of Technology

Similar Profiles

CREATE PROFILE
Andrew Mule