Heath Davidson
Raleigh,NC
Summary
Highly motivated Cyber/Information Security professional specializing in Governance, Risk, and Compliance. Notable success in the planning, analysis, automation, & implementation of security initiatives. Strategic thinker, driven by continuous improvement.
Overview
14
14
years of professional experience
1
1
Certification
Work History
Principal Security Analyst
Opentext
01.2023 - Current
- Led implementation of automated compliance solutions for Protected B, FedRAMP, and IRAP programs, streamlining assessment, authorization, and continuous monitoring processes to achieve and maintain compliance with rigorous government security standards.
- Spearheaded the modernization of OT GRC tooling (Onspring, OneTrust, ServiceNow) by integrating advanced automation and custom workflows, resulting in a substantial reduction in manual workloads, increased operational efficiency, and the enablement of real-time compliance monitoring and reporting.
- Facilitation of internal & external audit assessments for an extensive compliance portfolio including ISO 27001, SOC2, NIST 800-53, PCI, SWIFT, CE, FedRAMP, IRAP, and ProtectedB scopes.
- Partnered with cross-functional stakeholders to develop, assign, and track corrective action plans (CAPs) for identified compliance gaps, risks, and vulnerabilities, driving effective remediation and continuous improvement.
- Authored and maintained comprehensive security documentation to facilitate seamless knowledge transfer, support onboarding, and ensure consistency and accuracy in security procedures.
- Assessed and managed third-party vendor security postures during contract negotiations, ensuring alignment with organizational standards, minimizing risk exposure, and maintaining detailed records for ongoing vendor risk management.
Information Security Engineering Manager (GRC)
Bandwidth Inc.
07.2019 - 12.2022
- Facilitated external information security audits (ISO-27001, ISO-27701, SOC2 Type 2, SOX, and HIPAA)
- Conducted internal information security audits to identify and correct non-compliance against security controls.
- Engineered, deployed, and maintained Information Security Management System (ISMS) including app development, workflow automation, and metrics.
- Incident Response Team (IRT) Lead responsible for responding, assessing, and mitigating security and privacy related incidents leveraging various security tools (SIEM, CrowdStrike, Cloudflare, etc.)
- Information Security Committee member for advising senior-level management of security and privacy trends and recommendations to mitigate risk.
- Performed risk, vulnerability, and gap assessments and assigned appropriate mitigation and remediation actions.
- Reviewed and validated system security requirements definitions and analyzed system security designs.
- Applied leading theories and concepts to development, maintenance, and implementation of information security standards, procedures, policies, and guidelines.
- Deployed information security awareness training program to including targeted education modules, scenarios testing, and monthly phishing awareness campaigns for 1500+ individual users.
- Dedicated 'Headliner' (mentor) for junior information security team members.
Systems and Security Administrator
ATI Industrial Automation
01.2011 - 07.2019
- Led support team in providing technical assistance to 300+ global users in a 24/7 support environment while functioning as the escalation point for security and advanced technical issues.
- Conducted cybersecurity compliance gap evaluations including NIST 800-171, GDPR, and ITAR.
- Authored and managed company policies, technical procedures and standards for preserving the integrity and security of information systems.
- Strategically designed and maintained information security awareness trainings.
- Performed essential domain functions including Active Directory administration, Microsoft Exchange management, and DR operations.
- Standardized job tasks and trained junior team members on industry best practices and standards
Education
Master of Science - Cybersecurity
Saint Leo University
Tampa, FL08.2019
Skills
- Compliance Management
- Audit Facilitation
- ISMS Management
- Risk Management
- Incident Response
- Awareness Training
- Vendor Risk Management
- Customer Security Assessments
- GRC Tooling & Automation
- FedRAMP
Certification
- AWS Certified Cloud Practitioner (CCP)
- Certified Information Privacy Technologist (CIPT)
- IASSC Six Sigma - Yellow Belt
- CAI - Strategic Management Professional
Timeline
Principal Security Analyst
Opentext
01.2023 - Current
Information Security Engineering Manager (GRC)
Bandwidth Inc.
07.2019 - 12.2022
Systems and Security Administrator
ATI Industrial Automation
01.2011 - 07.2019
Master of Science - Cybersecurity
Saint Leo University
Similar Profiles
DANIEL DAUBEDANIEL DAUBE
Account Development Executive at OpenTextAccount Development Executive at OpenText
Kermith AgliettiKermith Aglietti
Sr. Cloud Applications Engineer - Cloud Services at OpentextSr. Cloud Applications Engineer - Cloud Services at Opentext
CHRIS AGUILARCHRIS AGUILAR
Sr IT Leader (Cloud) at OpenTextSr IT Leader (Cloud) at OpenText
Noel BasnightNoel Basnight
Customer Service Advocate at CenteneCustomer Service Advocate at Centene
Christopher LeeChristopher Lee
Fleet Service Clerk at American AirlinesFleet Service Clerk at American Airlines