Summary
Overview
Work History
Education
Skills
Timeline
Generic

Christopher Kurowicki

Portland,OR

Summary

Accomplished Security and Compliance Analyst with a proven track record at Cambia Health Solutions, enhancing IT controls and leading security solutions projects. Expert in analytical thinking and team leadership, significantly improving information security processes. Skilled in risk analysis and project management, driving continuous improvement and compliance across technical and business teams.

Overview

18
18
years of professional experience

Work History

Security and Compliance Analyst III

Cambia Health Solutions
07.2017 - Current
  • Regularly reviews progress toward remediation efforts with IT and business leaders, technical teams, internal audit and other key stakeholders.
  • Evaluates effectiveness of IT controls against established standards to assure effectiveness and efficiency, and provides recommendations for improvement.
  • Provides guidance and subject matter expertise to IT and business teams on processes, controls and objectives around audit and information security activities, and best practices.
  • Interprets a variety of instructions, procedures, documentation, policies, standards, regulations, best practices and personal interviews to establish both current state and desired future state of systems and processes.
  • Identifies issues, collects information and data to perform root cause analysis, establishes facts, and works to develop remediation plans.
  • Assists in developing metrics and reporting to summarize overall results for information security.
  • Assists other areas of the department as needed or assigned to balance workload/further education.
  • Works with IT and business Management to create clear, actionable plans detailing specific deliverables, timelines and accountability to resolve information security issues.
  • Leads small project teams consisting of cross-functional staff to define, design, develop and implement security solutions.
  • Develops Security Awareness Training content, and coordinates annual training activities.
  • Supports daily operational security activities (such as Data Loss Prevention, and Vulnerability Scanning, HR and Legal investigations).
  • Maintains Information Security Policy and Standards documentation, and manages waivers to policy/standard.
  • Participates as needed in Incident Response activities.

Information Security Analyst

Umpqua Bank
04.2015 - 07.2016
  • Responded to security incidents, including direct customer contact.
  • Reviewed SOC2 reports as part of the vendor management program.
  • Reviewed system configurations to ensure PCI compliance.
  • Created the certification and accreditation program for new systems.
  • Applied ISO 27001 and 27002 controls to systems and devices.
  • Responsible for project engagement to ensure compliance with bank security standards.
  • Developed customer-facing awareness and training materials.

Information Security Analyst

Portland General Electric Co.
07.2014 - 06.2015
  • Performed basic penetration testing on systems.
  • Configured systems and devices to comply with NERC, PCI, ISO and 8500 series controls.
  • Performed security testing on systems and applied fixes where applicable.
  • Provided written and oral presentation of vulnerabilities and mitigation requirements to management.
  • Oversaw multi-million dollar projects to ensure compliance with industry best practices.
  • Educated departments on industry best practices.
  • Implemented automated patching and configuration solutions

Knowledge Operations Manager

United States Air Force, USAF
01.2006 - 01.2014
  • Obtained TS/SCI security clearance, with talent keyhole, gamma, and special intelligence caveats
    Responsible for configuring systems to DoD specifications.
  • Educated units on DoD security mandates.
  • Responsible for obtaining and configuring secure communications equipment for Joint Personnel
    Recovery Agency (JPRA).
  • Managed top secret records for various units including the 110th Communications Squadron and 217th Air Operations Group.
  • Personally selected for my information security knowledge to assist with a communications project for Special Operations Command (SOCOM) and Air Combat Command (ACC).
  • Screened incoming physical communications for potentially dangerous materials.
  • Additional duty included appointment as a Records Custodian (RC) ensuring the safe storage and
    secure disposition of sensitive records.
  • Performed troop movement and accountability duties during contingency operations.
  • Managed secure voice communications equipment during contingency operations.

Education

Master of Science - Computer And Information Systems Security

Eastern Michigan University
Ypsilanti, MI

Bachelor of Science - Computer And Information Sciences

Eastern Michigan University
Ypsilanti, MI

Skills

  • Analytical Thinking
  • Team Collaboration and Leadership
  • Documentation And Reporting
  • Project Management
  • Information Gathering
  • Data Research and Validation
  • Process Improvements
  • Continuous Improvement
  • Risk Analysis
  • Report Preparation
  • Root Cause Analysis
  • Issue Identification

Timeline

Security and Compliance Analyst III

Cambia Health Solutions
07.2017 - Current

Information Security Analyst

Umpqua Bank
04.2015 - 07.2016

Information Security Analyst

Portland General Electric Co.
07.2014 - 06.2015

Knowledge Operations Manager

United States Air Force, USAF
01.2006 - 01.2014

Master of Science - Computer And Information Systems Security

Eastern Michigan University

Bachelor of Science - Computer And Information Sciences

Eastern Michigan University

Similar Profiles

CREATE PROFILE
Christopher Kurowicki