

Professional Summary
Information Security professional with 13+ years of progressive experience spanning Information Technology, Information Security, Governance, Risk & Compliance (GRC), and enterprise cybersecurity. Experienced leading ISO 27001:2022 and SOC 2 Type II audit readiness, coordinating enterprise vulnerability management, penetration testing remediation, facilitating cybersecurity tabletop exercises, and developing security governance, policies, awareness programs, and enterprise risk initiatives. Trusted advisor to executive leadership, auditors, and cross-functional stakeholders across North America, EMEA, and APAC, delivering risk-based security solutions that strengthen organizational resilience, improve enterprise security maturity, and support strategic business objectives.Information Security professional with 13+ years of progressive experience spanning Information Technology, Information Security, Governance, Risk & Compliance (GRC), and enterprise cybersecurity. Experienced leading ISO 27001:2022 and SOC 2 Type II audit readiness, coordinating enterprise vulnerability management and penetration testing remediation, facilitating cybersecurity tabletop exercises, and developing security policies, awareness programs, and governance initiatives. Trusted partner to executive leadership, auditors, and cross-functional teams across North America, EMEA, and APAC, delivering risk-based security solutions that strengthen organizational resilience and support business objectives
• Lead Governance, Risk, and Compliance (GRC) initiatives supporting enterprise Information Security programs across multiple global campuses, including Ashburn, Manassas, EMEA, and APAC locations.
• Lead the organization's ISO 27001:2022 and SOC 2 Type II audit readiness program by coordinating 100+ audit artifacts, enterprise-wide evidence collection, control validation, stakeholder engagement, and corrective action tracking across Information Technology, Operations, Human Resources, Engineering, Physical Security, Facilities, and executive leadership.
• Oversee Information Security Management System (ISMS) activities, ensuring audit readiness, evidence management, corrective action tracking, and continuous improvement aligned with ISO 27001:2022 requirements.
• Develop and continuously improve enterprise information security policies, standards, procedures, governance documentation, and supporting security frameworks to strengthen organizational security, compliance, and enterprise security maturity.
• Manage the enterprise penetration testing and vulnerability remediation lifecycle by coordinating third-party assessments, creating and tracking remediation tickets, validating corrective actions, and overseeing vendor re-testing across corporate and Operational Technology (OT) environments supporting multiple data center locations.
• Drive enterprise vulnerability remediation efforts across five Ashburn data centers and corporate operations by partnering with Information Technology, Engineering, Operations, and third-party vendors to prioritize findings, reduce organizational risk, and validate remediation through successful re-testing.
• Facilitate enterprise cybersecurity tabletop exercises (2 completed) involving executive leadership and cross-functional stakeholders to evaluate incident response capabilities, identify operational gaps, and strengthen organizational cyber resilience.
• Develop corrective action plans from tabletop exercises, assign remediation activities, monitor implementation progress, and improve organizational incident response maturity.
• Support enterprise risk management initiatives by identifying organizational risks, evaluating business impact, documenting mitigation strategies, and communicating organizational risk posture to executive leadership.
• Build executive dashboards, compliance metrics, audit scorecards, and remediation reports used by C-suite executives while partnering with 30+ cross-functional stakeholders across Information Technology, Engineering, Operations, Property Management, Human Resources, Risk, Environmental Health & Safety (EHS), Corporate Services, Facilities, Physical Security, and executive leadership.
• Present compliance updates, audit status reports, security metrics, risk summaries, and remediation progress to executive leadership, including C-suite executives, vice presidents, directors, and key business stakeholders.
• Serve as the primary liaison between internal stakeholders, external auditors, technical teams, and third-party vendors to resolve audit findings, coordinate remediation efforts, and support successful audit outcomes.
• Partner with Human Resources, Information Technology, Operations, and business leaders across North America, EMEA, and APAC to standardize global security onboarding, governance, awareness, and compliance processes supporting international business operations.
• Lead enterprise security awareness initiatives, phishing simulations, security communications, and onboarding activities that strengthen organizational security culture and employee awareness.
• Facilitate Change Management governance activities by evaluating security impacts, documenting compliance requirements, and supporting operational changes aligned with organizational security standards.
• Collaborate with Microsoft security professionals on cybersecurity initiatives, security assessments, industry best practices, and technical engagements supporting enterprise security improvements.
• Participate in Microsoft cybersecurity summits, technical workshops, and industry conferences to remain current on emerging threats, evolving technologies, and cybersecurity best practices.
• Support cybersecurity assessments aligned with the NIST Cybersecurity Framework (CSF) by coordinating cross-functional stakeholders, documenting remediation activities, and strengthening enterprise security controls.
• Prepare executive presentations, governance documentation, audit reports, meeting minutes, strategic communications, and compliance documentation supporting enterprise cybersecurity initiatives.
• Managed the enterprise Security Champion Program, partnering with security champions across multiple engineering organizations to strengthen security culture, increase engagement, and expand organizational security awareness.
• Led enterprise security awareness initiatives by designing, delivering, and continuously improving role-based training programs, phishing simulations, security communications, and educational campaigns for employees and Security Champions.
• Developed security awareness strategies that identified organizational knowledge gaps, improved employee engagement, and strengthened security adoption across technical and non-technical teams.
• Coordinated cross-functional security initiatives across Engineering, Security, GRC, and Product teams, managing project planning, stakeholder communications, timelines, and implementation activities.
• Managed enterprise vulnerability remediation initiatives by partnering with engineering teams to prioritize security findings, coordinate corrective actions, and monitor remediation progress through completion.
• Performed cloud security reviews across AWS and Google Cloud Platform (GCP) by validating Identity and Access Management (IAM) configurations, reducing excessive cloud permissions, and supporting cloud security best practices.
• Developed and maintained enterprise information security policies, procedures, standards, and security awareness documentation supporting organizational security objectives and compliance initiatives.
• Planned and executed quarterly phishing simulation campaigns using KnowBe4, analyzed campaign results, identified organizational risk trends, and developed targeted remediation strategies to strengthen employee security awareness.
• Developed a comprehensive Plan of Action & Milestones (POA&M) based on phishing campaign results to reduce organizational risk and improve long-term security awareness maturity.
• Collaborated with third-party security vendors to deliver enterprise security awareness training, coordinate program logistics, manage vendor relationships, and support successful security education initiatives.
• Supported enterprise penetration testing activities by coordinating vendor engagements, participating in cloud security assessments, validating Identity and Access Management (IAM) controls, and documenting remediation activities.
• Reported security assessment results, cloud security findings, and remediation progress to the Chief Information Security Officer (CISO), Deputy Director of Security, and Governance, Risk, and Compliance (GRC) leadership.
• Collaborated with the GRC team to support compliance initiatives aligned with ISO 27001, SOC 1, SOC 2, PCI DSS, and organizational security requirements through documentation, policy development, and security awareness activities.
• Developed technical documentation and user guidance supporting implementation of the Prisma Cloud security platform, improving onboarding and adoption among software engineering teams.
• Partnered with engineering teams to automate identification and reporting of Prisma Cloud security findings across containers, virtual machines, source code repositories, and cloud assets, improving visibility into enterprise security risks.
• Drove cross-departmental security initiatives that integrated security best practices into day-to-day operations, strengthening organizational security culture and improving collaboration between business and technical teams.
• Presented security program updates, awareness metrics, phishing campaign results, and remediation recommendations to security leadership, business stakeholders, and executive management.
• Evaluated emerging cybersecurity threats, cloud technologies, compliance requirements, and industry best practices to continuously improve enterprise security programs
• Served as an Information Systems Security Officer (ISSO) supporting classified Department of Defense (DoD) information systems within a Sensitive Compartmented Information Facility (SCIF), ensuring compliance with federal cybersecurity requirements and security policies.
• Led Information Security Management activities by developing, implementing, and continuously improving security policies, procedures, technical controls, and compliance documentation protecting classified information systems.
• Conducted security assessments, risk analyses, and control reviews to identify vulnerabilities, evaluate system security posture, and recommend risk-based remediation strategies.
• Managed cybersecurity risk activities using eMASS, including creating and maintaining Plan of Action & Milestones (POA&M), updating security controls, documenting remediation activities, and tracking assessment results through completion.
• Supported the Department of Defense Risk Management Framework (RMF) by evaluating security controls, analyzing Cyber Scorecard metrics, validating compliance requirements, and recommending risk-based security improvements that strengthened organizational compliance.
• Collaborated with process owners, engineers, system administrators, and data architects to review system documentation, evaluate business processes, resolve audit findings, and improve operational security.
• Partnered with Governance, Risk, and Compliance (GRC) stakeholders to investigate audit findings, coordinate remediation efforts, and validate corrective actions supporting continuous compliance.
• Monitored security incidents, prioritized security alerts, and developed corrective action plans to reduce organizational risk and strengthen incident response capabilities.
• Reported security policy violations, evaluated operational risk, and recommended appropriate safeguards to protect mission-critical information systems in accordance with Department of Defense security requirements.
• Participated in cybersecurity planning meetings with government personnel, technical teams, and security leadership to evaluate emerging threats, coordinate security initiatives, and implement enterprise security improvements.
• Developed security awareness training materials, program documentation, and educational resources that strengthened organizational understanding of cybersecurity policies and secure operational practices.
• Prepared security reports, assessment documentation, executive briefings, and technical communications for internal stakeholders, security leadership, and government representatives.
• Analyzed enterprise IT systems, operational processes, and security procedures to improve accuracy, consistency, operational efficiency, and overall cybersecurity posture.
• Presented cybersecurity findings, risk assessments, and security recommendations to cross-functional stakeholders, supporting informed decision-making and risk-based security improvements.
• Conducted risk assessments and security audits to ensure adherence to DoD standards.
• Provided information security and technical support for enterprise healthcare systems supporting clinicians, administrative personnel, and mission-critical operations within the Department of Veterans Affairs.
• Managed enterprise Active Directory administration, including user provisioning, account lifecycle management, permissions, privileged access, and SIPR/NIPR account administration.
• Administered Public Key Infrastructure (PKI) operations by issuing, managing, and maintaining digital certificates, authentication tokens, and secure access credentials while ensuring compliance with federal cybersecurity requirements.
• Managed vulnerability remediation activities by identifying security risks, evaluating findings, recommending corrective actions, and coordinating mitigation strategies that strengthened the security posture of the Richmond VA Medical Center.
• Investigated, contained, and supported remediation of cybersecurity incidents while partnering with Information System Security Officers (ISSOs) and technical teams to protect enterprise information systems.
• Conducted security assessments and internal security reviews to identify vulnerabilities, validate security controls, and recommend remediation strategies supporting regulatory compliance.
• Partnered with Information System Security Officers (ISSOs) to maintain regulatory compliance, strengthen information security controls, and ensure adherence to federal cybersecurity policies and standards.
• Delivered intelligence support during cybersecurity incident response and forensic investigations involving enterprise information systems and user environments.
• Led IT initiatives to streamline Government Furnished Equipment (GFE) deployment processes, improving operational efficiency and equipment accountability.
• Developed technical recommendations supporting endpoint security, system performance, user training, and operational improvements across the Richmond VA Medical Center.
• Provided enterprise IT support utilizing ServiceNow, remote support tools, and onsite technical services to ensure timely resolution of technical issues impacting healthcare operations.
• Installed operating system updates, security patches, and approved software releases while maintaining compliance with Department of Veterans Affairs security standards.
• Delivered cybersecurity awareness education and technical training for employees covering PKI, Active Directory, account management, and cybersecurity best practices.
• Ensured personnel compliance with Department of Defense cybersecurity awareness training requirements (Levels I, II, and III), supporting organizational security readiness and regulatory compliance.
• Collaborated with cross-functional technical teams, leadership, and stakeholders to evaluate cybersecurity risks, analyze operational data, present recommendations, and support enterprise security initiatives.
• Managed PKI modernization and cybersecurity projects that strengthened identity management, regulatory compliance, and secure access across enterprise environments.
• Prepared technical documentation, operational reports, and security recommendations supporting continuous improvement of enterprise cybersecurity operations.
Certifications
· CompTIA Security+
· AWS Certified Cloud Practitioner
· ISO 27001 Internal Auditor
· Google IT Support Professional
Professional Development & Certification Roadmap
· Certified AICPA SOC Master Implementer (CASI) (Company Sponsored | Upcoming) – Advanced training in SOC reporting, Trust Services Criteria (TSC), governance, control implementation, risk management, and audit readiness.
· Blue Team Level 1 (BTL1) (In Progress) – Junior Security Operations training covering Phishing Analysis, Digital Forensics, Threat Intelligence, SIEM Fundamentals, and Incident Response.
· Blue Team Level 2 (BTL2) (Planned Training) – Advanced Security Operations training covering Malware Analysis, Threat Hunting, Vulnerability Management, Advanced SIEM, and Adversary Emulation.
Certification Roadmap
· CompTIA Advanced Security Practitioner (CASP+)
· ISACA Certified Information Security Manager (CISM)
· ISC² Certified Information Systems Security Professional (CISSP) (Long-Term Goal)