MICHAEL A. HAUSER
Cleveland,OH
Summary
Results-focused IT security professional with strength in customer-facing positions. Proactive leader with strengths in communication and collaboration. Proficient in leveraging Risk Management Frameworks and Vulnerability Management knowledge to promote robust security systems in an ever-changing environment. Adept at managing concurrent objectives to promote efficiency and influence positive outcomes.
Overview
11
11
years of professional experience
1
1
Certification
Work History
Cybersecurity Governance and Compliance Consultant, CEO
CARMhaus Consulting
Cleveland, OH
02.2023 - Current
- Cybersecurity Governance, Risk & Compliance (GRC) Consultant specializing in medium and small businesses
- Providing a comprehensive list of GRC solutions for medium and small businesses
- Over 30 clients served across the Midwest region
- Stood up localized Eramba Risk Management Platform
- Implemented NIST 800-53, ISO 27001, and HIPAA frameworks to effectively store assessments, artifacts, and Plans of Action and Milestones
- Conducted risk assessments and implemented risk management lifecycles for clients
- Including Plans of Action and Milestones
- Completed questionnaires for clients using RSA Archer
- Wrote and edited relevant information security documents such as Policies & Procedures, Incident Response Playbooks, Disaster Recovery Plans, and employee handbooks
- Conducted business impact analyses to assist stakeholders in purchasing and implementing the most relevant mitigating controls for the size and scope of their businesses
- Managing learning management software to ensure customer compliance and education
- Hired and coordinated with contractors to organize penetration tests
Cybersecurity Governance and Compliance Analyst
Covia Corporation
Independence, OH
07.2022 - 02.2023
- Cybersecurity and Governance analyst in Information Security Team
- Drafted, edited, and assisted in implementing cybersecurity policies based on NIST 800-53 family of controls
- Acted as first contact for cybersecurity incidents
- Drafted cybersecurity newsletters for communications team to distribute across company
- Managed and stream-lined User Access Review process across company in accordance with Sarbanes-Oxley Act (SOX) compliance
- Remediated 100 incidents per month with a 99.4% close rate within Service Level Agreement (SLA) time
- Utilized SentielOne to scan and isolate endpoints in the event of a cyber-attack or other security incident
- Conducted After Action Reports (AARs) and risk assessments to identify and remediate gaps in security posture
- Managed User Access Reviews (UARs) manually for SOX relevant systems in organization of over 2500 employees
- Regularly met with internal IT auditor to gather documentation and organize meetings with system owners
- Regularly met with system owners to review and remediate issues in user access and revocation processes to financially relevant Systems
- Worked with 3rd party vendors to improve vulnerability remediation and incident response for clients
- Leveraged metrics and past review data to assist in purchasing automated UAR software
- Utilized ServiceNow, Rapid7, and SentinelOne to manage asset reclamation and retirement processes
- Utilized Rapid7 to conduct vulnerability scans and reports to identify and remediate vulnerabilities
- Held weekly meetings with system administrators and system owners to create plans of action to remediate vulnerabilities.
Cyber Fraud Claims Adjuster II
National General Insurance
Cleveland, OH
07.2021 - 06.2022
- Worked as a claims adjuster in the organization’s cyber-fraud division
- Regularly consulted on gaps in security hygiene and informed managers of downward trends in metrics due to inefficient business processes and information service issues
- Complied with company and state insurance guidelines resulting in an average close rate of 9 days
- Managed caseload of 400 clients each quarter
- Provided an average of 6 processing efficiency recommendations per month to back-end developers and claims managers
- Completed 8 focus audits per quarter
- Closed average of 500 exposures per quarter by leveraging strong organizational and multitasking abilities.
Data Analyst / Risk Analyst
TGS Soluções Digitais
Porto, Portugal
09.2018 - 05.2021
- Data analyst managing client sales database and generating reports to assist Sales and Marketing division in analyzing sales strategies and marketing cycles
- Given assessor duties in administering internal assessments on systems and managing gaps in cybersecurity posture
- Used qualitative and quantitative risk matrices to individually assess systems in accordance with ISO 27001 guidelines
- Conducted Interviews with system owners to find gaps in cybersecurity hygiene
- Identified organizational controls to update cybersecurity awareness programs which increased compliance and lowered adverse events by 3% over the fiscal year
- Completed UK GDPR transitional assessments with efficiency and accuracy, resulting in retention of the company's largest clients.
Information Technology Consultant
Self-Employed
Midland, TX
12.2015 - 05.2018
- Contracted by lease operators to conduct IT field service work for Oilfield Completions operations
- Eventually built book of business to over 30 clients and implemented an equipment leasing service dependent upon customer needs
- Installed WLAN systems with WPA2 authentication for increased service and security of stakeholders
- Managed equipment placement, power management, infrastructure expansion, security for onsite assets
- Updated software versions with patches and new installations to close security loopholes and protect users
- Acted as single point of contact for customers during technical faults and security-related events.
Crew Supervisor & Trainer
Kryptonite Energy Services
Washington, PA
07.2014 - 01.2016
- Crew Supervisor for heavy equipment and hydraulic fracturing operations
- After four months attained OSHA-30 and PEC SafeLand certifications to oversee OSHA compliance and risk management of employees
- Updated training and compliance guidelines to ensure proper techniques and safety measures were taken
- Maintained Job Safety Analysis (JSA) documents for each worksite and ensured they met OSHA compliance and operating company standards
- Investigated casualties and near misses that occurred on jobsites
- Including on-site investigation, post-incident interviews and debriefings
- Logged incidents and altered internal safety strategies to lower incidents by 14% over the course of the fiscal year.
Store Manager and Trainer
Sleep Outfitters
Cleveland, OH
09.2012 - 06.2014
- Sales Associate promoted to Store Manager after 3 months; then promoted to Corporate Trainer in 9 months
- Specialized in sale of luxury mattress and bedding products in central Ohio
- Trained new-hires in sales process and DOS-based POS system
- Managed Personal Identifying Information of customers in accordance with PCI DSS standards
- Earned top Tempurpedic seller in the Central Ohio territory
- Collaborated with corporate leaders to implement marketing strategies to design and implement updated Point of Sale system
- Utilized sales and marketing data to analyze effectiveness of current strategies and altered sales strategy to increase store volume by 30% and store revenue by 130% over the course of the first year.
Education
Bachelor of Science in Computer Science -
Universidade Do Porto
05.2021
Skills
- CompTIA Security Certification
- In the process of attaining Certified Information Systems Auditor (CISA)
- Experience in drafting, editing, and implementing Risk Management Frameworks (RMFs)
- Very experienced in working within Risk Assessment Frameworks (RAFs) and vulnerability management
- Comfortable working both independently and in collaboration with others to investigate vulnerabilities, assess information systems, and create Plans of Action and Milestones to improve the overall security posture of the organization
- Guidelines and Frameworks: GDPR, PCI DSS, HIPAA, NIST SP 800 Series, ISO 27001, SOC 2
- Tools: RSA Archer, Eramba, Rapid7, SentinelOne, Tenable, Qualys, LogRhythm, Windows Cloud Defender, SeviceNow, Splunk, OneTrust, Eramba, Linux, Windows OS, Microsoft Office Suite
Certification
- CompTIA Security+
Timeline
Cybersecurity Governance and Compliance Consultant, CEO
CARMhaus Consulting
02.2023 - Current
Cybersecurity Governance and Compliance Analyst
Covia Corporation
07.2022 - 02.2023
Cyber Fraud Claims Adjuster II
National General Insurance
07.2021 - 06.2022
Data Analyst / Risk Analyst
TGS Soluções Digitais
09.2018 - 05.2021
Information Technology Consultant
Self-Employed
12.2015 - 05.2018
Crew Supervisor & Trainer
Kryptonite Energy Services
07.2014 - 01.2016
Store Manager and Trainer
Sleep Outfitters
09.2012 - 06.2014
Bachelor of Science in Computer Science -
Universidade Do Porto
Similar Profiles
Ramanathan VenkatramanRamanathan Venkatraman
Test Manager at GDS Consulting Ernst & Young Global Consulting ServicesTest Manager at GDS Consulting Ernst & Young Global Consulting Services
Gina M. BlissGina M. Bliss
Founder at Penn Family Pharma Consulting, LLC – Bliss Compliance ConsultingFounder at Penn Family Pharma Consulting, LLC – Bliss Compliance Consulting
Anagha PaulAnagha Paul
Managing Partner at Adar Consulting, previously an affiliate of Rise One ConsultingManaging Partner at Adar Consulting, previously an affiliate of Rise One Consulting
Hanean ShehadehHanean Shehadeh
Stable Manager at Self-employeedStable Manager at Self-employeed
Sarah E. WinglerSarah E. Wingler
Private Client Specialist at Robert W. Baird & Co. IncorporatedPrivate Client Specialist at Robert W. Baird & Co. Incorporated