Emmanuel Charles
Summary
Information Security professional with over 10 years of expertise in Governance, Risk Management and Compliance (GRC), audits & assessments and policy management. Extensive experience in NIST RMF, CSF and ISO 27001/2 frameworks and standards. Strong leadership, innovative and collaborative skills.
Overview
13
13
years of professional experience
1
1
Certification
Work History
Senior Information Security Specialist
Advanced Cooling Technologies
01.2019 - Current
- Implemented NIST RMF framework to manage Cloud and on-premise applications and systems for Security Authorization and Assessment
- Developed System Security Plan using NIST SP 800-18 publication
- Developed key security documentation including Privacy Threshold Analysis, Privacy Impact Assessment, Incident Response Plan, Continuity Plan, Disaster Recovery Plan, Configuration Management Plan
- Developed Security Assessment Plan (SAP) and Security Assessment Report (SAR) when conducting audits and assessments
- Conducted risk assessment on systems, applications and processes to identify and prioritize information security and IT risks
- Performed audits and assessments to evaluate effectiveness of security controls using NIST SP 800-53A Guidelines
- Implemented information security controls by applying NIST SP 800-53 Rev 5
- Developed security categorization reports for critical applications to determine impact levels using NIST SP 800-60 and FIPS 199
- Created vulnerability management plan using Plan of Actions and Milestones (POA&Ms) methodology
- Reviewed and collaborated with technical teams to remediate vulnerability scans, database scans, penetration tests and web application security assessments
Information Security Specialist
Precision Medical Products INC
01.2016 - 01.2019
- Performed security risk assessments, identified and prioritized and presented report to management using NIST SP 800-30 publication
- Created risk register to track and manage risks and document mitigation strategies and plans
- Conducted controls assessment to determine the operational effectiveness and adequacy of security controls
- Reviewed and evaluated policies, standards and procedures to determine accuracy and completeness
- Conducted security impact assessment to determine the impact of system and environmental changes to security posture
- Developed Risk Control Matrix (RCM) to accurately map and track risk and controls and to conduct periodic review of mitigation plans
- Reviewed vulnerability management plans and determined remediation plans for technical tests and scans
Information Security Assessor
All Holding Company LLC
01.2016 - 01.2017
- Conducted security controls assessments using NIST 800-53A and ISO 27002 standards
- Identified findings and observations and made recommendations for remediating control deficiencies
- Reviewed key documentations such as policies, standards and procedures
- Performed sample testing and walkthrough to identify controls gaps and develop remediation actions
- Interviewed key stakeholders to determine operations and control design and operational efficiencies
- Used TIE methodology during audits and assessments
- Reviewed vulnerability scans and penetration results and created findings report
Cyber Security Analyst
Turkey Hill Dairy
01.2012 - 01.2014
- Conducted business impact assessment to determine critical assets and to prioritize key risk areas
- Evaluated risk profiles for company assets and information systems
- Performed security audits on IT systems to determine adequacy of controls
- Conducted regulatory compliance audits and assessment
- Reviewed and updated security policies, standards and procedures
Education
Bachelor of Science - Information Technology
Millersville University of Pennsylvania
Millersville, PA05.2026
Associate of Applied Science - Electrical Technology
Thaddeus Stevens College of Technology
Lancaster, PA01.2016
Three years of Undergraduate Study - Statistics
Educational Perspectives
Chicago, IL01.2012
Skills
- NIST RMF
- NIST CSF
- FedRAMP
- ISO 27001/2
- FIPS
- ST&E
- A&A
- COBIT
- PCI-DSS
- POAM
- FISMA
- SSP
- ITIL
- SOX
Certification
- CompTIA Security+, In Progress
- Network+, In Progress
Timeline
Senior Information Security Specialist
Advanced Cooling Technologies
01.2019 - Current
Information Security Specialist
Precision Medical Products INC
01.2016 - 01.2019
Information Security Assessor
All Holding Company LLC
01.2016 - 01.2017
Cyber Security Analyst
Turkey Hill Dairy
01.2012 - 01.2014
Associate of Applied Science - Electrical Technology
Thaddeus Stevens College of Technology
Three years of Undergraduate Study - Statistics
Educational Perspectives
Bachelor of Science - Information Technology
Millersville University of Pennsylvania
Similar Profiles
Phillip KeyPhillip Key
Quality Engineer at Advanced Cooling TechnologiesQuality Engineer at Advanced Cooling Technologies
Kyle StewartKyle Stewart
Lab Technician at Advanced Cooling TechnologiesLab Technician at Advanced Cooling Technologies
ShangDe Sam ChenShangDe Sam Chen
Salesforce Consultant & Developer at Advanced Cooling Technologies IncSalesforce Consultant & Developer at Advanced Cooling Technologies Inc
Mariam Abduallah AlsaifMariam Abduallah Alsaif
Senior Information Security Specialist at Digital Planning and Development CenterSenior Information Security Specialist at Digital Planning and Development Center
Chithra SethumadhavanChithra Sethumadhavan
Senior Information Security Specialist at standard chartered BankSenior Information Security Specialist at standard chartered Bank