Summary
Overview
Work History
Education
Skills
Websites
Education Training Certifications
Information Assurance Tools
Professional Development Activities
Experience Knowledge
Personal Information
Timeline
Generic

Davies Christian

Columbia,MD

Summary

Accomplished Cybersecurity and IS Audit Analyst with 16 years of progressive experience managing vulnerabilities and ensuring the organization's information security program is effectively managed, compliant with relevant regulations and standards, and aligned with business objectives and best practices in governance, risk, and compliance, resulting in a 25% decrease in security incidents and vulnerabilities. Initiate and coordinate vulnerability scans and penetration tests, identifying gaps, and remediating 75% of security weaknesses before they could be exploited. Develops information security, training and awareness initiatives that support the organization goals in vulnerability and technology perspectives and reduce internal vulnerabilities by 75%. Conducts thorough reviews of legal contracts and agreements to ensure compliance with information security and privacy requirements. Strong collaborative, influencing and interpersonal skills, curious to understand the business environment with high ethical standards, and operating with absolute discretion and trustworthiness.

Overview

16
16
years of professional experience

Work History

IT Senior Security Specialist

BCA Watson Rice LLP
08.2023 - Current
  • Devise control testing for several client applications used for generating Financial Statements
  • Prepares SOC2 Readiness Assessment Plan that outlines tasks, procedures, deliverables, and timelines
  • Develops and documents accurate and complete work papers that adequately support audit findings and work performed and present those findings to Senior Audit Leadership and executive level stakeholders
  • Identifies, analyze, and evaluate cloud security and privacy risks through vendor provided SOC2 analysis and other cloud security control documentation
  • Evaluate highly complex processes, risks and controls and identify observations for improvement or compliance and advisory engagements in accordance with Agile project management methodology
  • Conducts security audits, assessments, and evaluations, and ensure that corrective actions are taken to address any identified issues
  • Assists Audit Management by conducting risk assessments and developing audit programs and test procedures, disclosing any deficiencies observed during the audit
  • Leads information technology, business assurance and advisory engagements to identify bottlenecks in projects critical path and help accelerate project completion prior to deadline
  • Applies authoritative references as guidance that includes the AICPA SSAE 18, NIST Special Publications, and ISACA IT Assurance Framework (ITAF)
  • Identifies risks and process deficiencies of IT solutions and processes to ensure that major issues are identified and presents these issues for biweekly departmental production support meeting
  • Accomplishment: By adhering to the Service Organization Control Type 2 (SOC2) requirements, I ensure, that third-party service providers store and process client data in a secure manner to minimize the risk of data breaches or privacy breaches by 75% in accordance with the organization’s IT policies and practices for compliance with regulatory and legal requirements
  • Develops and enforces the implementation of security policies, procedures, and best practices that will result in a 25% decrease in security incidents and vulnerabilities over time.

Information Technology Specialist

CDC - Centers for Disease Control (Global Health Center)
10.2022 - 08.2023
  • Developed, implemented, and maintained security policies, procedures, and controls to protect information systems and data confidentiality, integrity, and availability
  • Provided input to the Senior management to support development of a dynamic Internal Audit Plan for related risks, and execution of audit activities against the areas of highest risk
  • Conducted security risk assessments, identified vulnerabilities and risks, and developed mitigation strategies
  • Monitored compliance with security policies, standards, and regulations, and reported any non-compliance issues to management
  • Led teams in execution of assurance and advisory engagements as part of the cybersecurity team, management process and the IT project intake process
  • Assessed all delivered services against all relevant Service Level Agreements (SLAs) and customer satisfaction requirements and led reviews of the consumption of services, performance & compliance of operational controls
  • Worked with application support team to manage the application Change Advisory Board (CAB) and developed training modules to help train CAB members in roles and responsibilities
  • Maintained Configuration Control Baseline documentation and worked with Application Managers to manage Configuration Control Board (CCB) Meetings that included scheduled meetings, set up agendas, provided reference documents, and maintained public folders and SharePoint Sites
  • Scheduled and conducted Lessons Learned meetings after change implementation and maintained and tracked Lessons Learned database, including improvement recommendations
  • Ensured that recommended changes were included and shared with appropriate stakeholders
  • Conducted security awareness and training programs for employees, contractors, and other stakeholders to promote a culture of security awareness
  • Responded to security incidents, conducted investigations, and implemented remediation measures (POA&M)
  • Represented Internal Audit in initiatives of moderate complexity and timely execution of related continuous auditing activities within moderately complex areas
  • Accomplishment: Developed and implemented a security awareness training program, that resulted in a 50% decrease in security incidents caused by employee error
  • Conducted regular vulnerability scans and penetration tests, identifying, and remediating 75% of security weaknesses before they could be exploited.

Senior Information Security Specialist

C-HIT, LLC - Enterprise Portal Services Project (EPS)
04.2021 - 10.2022
  • Worked with outside vendors on a broad range of specific technology controls and information security programs, policies, and standards, and made recommendations to direct management, related to services, product agreements and comprehensive or large project initiatives
  • Collaborated with other business units to ensure that security is integrated into developing, deploying, and maintaining information systems and data
  • Conducted regular project status meetings, and provided regular reports on the Project Status for all projects and demonstrated the continual assessment and mitigation of potential risks to project success
  • Ensured that projects are defined, monitored, and implemented in a structured, consistent manner that promotes predictability and quality of outcomes so that projects are completed on time and within scope and budget
  • Utilized the NIST framework to identify, protect, detect, respond, and recover from all malicious activities, including devices, networks, cloud (AWS), applications, data, and users
  • Communicated valuable metrics to senior leadership, including timely visibility of security incidents, vulnerabilities, and issues
  • Worked with DevSecOps team to perform application code reviews and provided enterprise security expertise to application/system development teams
  • Accomplishment: Monitored and analyzed security events and logs, identified, and responded to 95% of security alerts and notifications quickly
  • Investigated and remediated a security breach, reducing the impact on the organization by 80% and preventing further damage.

Senior Information Security Specialist

C-HIT, LLC - Identity Management Project (IDM)
08.2019 - 03.2021
  • Worked closely with the Chief Security Architect, to document high level business and functional requirements necessary to evaluate proposed projects and track project decisions on a backlog list
  • Conducted gap analysis between identified requirements and requirements of existing IDM supported systems and determined the level of effort necessary to have existing systems meet these stakeholder requirements
  • Utilized automated security tools to conduct security vulnerability assessments of systems and networked devices to facilitate risk-based decision making and determined if the proposed project aligns with IDM project strategic plans
  • Completed a project intake analysis report that included results and outlined possible solutions, and risks associated with each IDM solution for review approval and prioritization by all stakeholders
  • Developed and maintained a thorough knowledge of Risk Management with an emphasis on the interplay between various capabilities as well as their enterprise-wide impact
  • Communicated program controls, measurements, metrics, and assessment results confidentially, professionally, and effectively, in both written and verbal formats, with business, technical, and third-party stakeholders
  • Collaborated with specialized areas of risk, and control assessments and prepared high quality risk assessment reporting for senior executives and Risk Committees as required
  • Accomplishment: Configured and maintained security tools and systems, resulting in a 30% increase in system reliability and availability
  • Developed and implemented security policies, procedures, and best practices, that resulted in a 25% decrease in security incidents and breaches.

Information Systems Security Officer (ISSO)

Department of Homeland Security (DHS) – (Unisys Federal - Federal Contracts)
09.2008 - 08.2019
  • Managed all security requirements as defined by the CSPO Assessment and Authorization Process, NIST -SP-800-53/A/B/FISMA/FIPS-140-2 and related Federal Government directives
  • Defined, developed, implemented, and managed standards, policies, procedures, and solutions that mitigated risk and maximized security, service availability, efficiency, and effectiveness
  • Worked with system stakeholders to document all requirements for approved projects and systems
  • Assisted in planning and performing required project-level reviews, reports, maintenance, and control of associated records and managed Project Management Contracts as necessary
  • Worked with business units to align Project Management processes, documents, and systems, and supported the training and development of Project Management skills throughout the DHS IT
  • Performed due diligence with third party vendors to ensure compliance with organization requirements
  • Facilitated education and training to the organization on cybersecurity procedures and controls
  • Accomplishment: Collaboratively developed a security architecture and design, that resulted in a 20% increase in system security and resilience
  • Researched and evaluated emerging security threats and vulnerabilities, and provided recommendations for mitigation and prevention that were implemented
  • Developed on-going technology risk reporting, and defined risk metrics to regularly measure control effectiveness that reduced organizations level of risk exposure and vulnerabilities by 25%.

Education

Master of Science - Information Technology

Johns Hopkins University
Baltimore, MD

Master of Science - Information Security Management

Johns Hopkins University
Baltimore, MD

Bachelor of Science - Business Administration And Management

Strayer University
Washington, DC

Skills

  • Security awareness training
  • Risk assessment and mitigation
  • Vulnerability scanning
  • Penetration Testing
  • Security event monitoring and analysis
  • Incident response and remediation
  • Security tool configuration and maintenance
  • Security policy development and implementation
  • Cross-functional collaboration
  • Cloud Security
  • IT Security Audit - perform IT audits and controls testing for several client applications covering planning, execution and reporting phases and other related activities including development of engagement of risk assessment
  • Sr Information Security Analyst- provide technical guidance and mentorship to team members on security best practices and standards and serve as the primary point of contact for security-related inquiries and incident
  • Strong Leader - Strong understanding of the NIST Cybersecurity risk & compliance frameworks, to lead, plan, execute, monitor, control and oversee the execution and implementation of the frameworks, with the ability to develop policies and standards and effectively communicate executive level reports and Cybersecurity risk functions to executives
  • Keen Business Acumen - develop effective relationships and very resourceful with an aptitude for productive teamwork and relationship building Manage all aspects of communications, acting on securing necessary procurements and performing all aspects of quality management
  • Solid Interpersonal Skills – strong and excellent communication skills with proven ability to maintain and create effective networks with all levels of IT staff and business management
  • Subject Matter Expert - lead seamless transitions to reduce infrastructure footprint, increase reliability, and broaden capabilities with scalable, stable, and secure solutions

Education Training Certifications

  • Johns Hopkins University, Baltimore, MD, Master of Science Degree - Information Systems and Telecommunications, Graduate Certificate, Information Security & Risk Management
  • Strayer University, Washington, DC, Bachelor of Science Degree - Business Administration, ISC2 Certification and Accreditation Professional (CAP) (DoDI 8570.01-M IAM Level II), CompTIA Security+ CE Certification (DoDI 8570.01-M IAT Level II), Certified Information Systems Security Professional (CISSP)–Expected Completion Date – June 2024

Information Assurance Tools

  • RMF processes using GRC RSA Archer
  • EMASS
  • Datalake
  • Trusted Agent FISMA (TAFT)
  • NIH Cyber Security Assessment Tool (NCAT)
  • Cyber Security Assessment and Management (CSAM) Tools
  • XACTA (IACS) 360 IA Manager
  • Agiliance Risk Vision (RV)
  • CMS FISMA Assessment Controls Tracking System (CFACTS)
  • Jira
  • SharePoint
  • Service Now
  • Confluence
  • Agile framework such as Scrum
  • MS Office

Professional Development Activities

  • I lead and perform research work on Information Security projects related to Governance, Risk and Compliance.
  • I do weekly presentations to management on the security posture of the systems I manage.
  • I coordinate courses on Security Awareness and training and Risk Management annually.
  • I attend seminars and training courses for professional development.

Experience Knowledge

  • Experience & Knowledge of Electronic Health Record and Case management systems; implementing security solutions for cloud-based systems, including IAM, network security, data protection, and compliance.
  • Stay current with the latest security trends, technologies, and regulations, and provide recommendations for improvement.
  • Experience & Knowledge of IT technologies (e.g., Cloud Computing, Operational Technology, Network Architectures, Software Development, Operating Systems, Databases, COTS Applications, Datalake) and related processes, controls, and risks.
  • Experience with Cloud Security (AWS, HIPAA/HITRUST), NIST CSF assessment and implementation (Segregation of Duties analysis) and ISO Standards (ISO/IEC 27001/GDPR/SOX), and SOC2 Compliance.

Personal Information

Title: MSc., Security+, CAP

Timeline

IT Senior Security Specialist

BCA Watson Rice LLP
08.2023 - Current

Information Technology Specialist

CDC - Centers for Disease Control (Global Health Center)
10.2022 - 08.2023

Senior Information Security Specialist

C-HIT, LLC - Enterprise Portal Services Project (EPS)
04.2021 - 10.2022

Senior Information Security Specialist

C-HIT, LLC - Identity Management Project (IDM)
08.2019 - 03.2021

Information Systems Security Officer (ISSO)

Department of Homeland Security (DHS) – (Unisys Federal - Federal Contracts)
09.2008 - 08.2019

Master of Science - Information Technology

Johns Hopkins University

Master of Science - Information Security Management

Johns Hopkins University

Bachelor of Science - Business Administration And Management

Strayer University

Similar Profiles

CREATE PROFILE
Davies Christian