Experienced cybersecurity professional with a strong background in information technology (IT) governance, risk management, compliance, and project management. Results-oriented leader with excellent problem solving and analytical capabilities. Ability to collaborate with individuals to foster team development, mentor/coach staff and create sustainable partnerships.
Ask me about
Jan 2016 - Sep 2021
Assist the House Chief Information Security Officer establish, manage and maintain the House's Audit & Compliance and Risk Management programs. Identify, evaluate and report risks meeting compliance requirements and support the House maintain a strong security risk posture. - Functions as senior level advisor to the CISO and other senior House officials. - Oversees operating budget of over $5 million and manages 25 Federal and contractor support staff. - Monitors and assesses performance metrics of strategic comprehensive security and IT risk management program. - Manages third-party and IT operational risk programs for on premise, vendor, and cloud environments. - Works with internal and external auditors managing information requests, findings, and remediation plans. Mitigated 20-year IT significant deficiency leading to a clean Financial Statement Audit report. - Key contributor in the development of a Cybersecurity Scorecard as part of a Legislative Branch Cybersecurity Working Group task in conjunction with the Library of Congress. , Adeniji - Established the CAO Enterprise Risk Management (ERM) Program working with House Chiefs (CIO, CRO and COO) and House business units (i.e., HR, Finance, Logistics).
Jan 2015 - Dec 2016
Assurance and Risk Management Lead
Provided leadership in the development and effective execution of the Office of the Chief Administrative Officer's RMF Program. Responsible for directing and managing tactical risk management team plan, develop, and review key Assessment & Authorization (A&A) deliverables for CAO managed/hosted systems. Additional responsibilities are noted below. - Created and implemented of the House Security Risk Management Program leveraging industry frameworks. Developed policies, standards, and guides to assist CAO stakeholders understand CAO minimum security baselines, identify system weaknesses and mitigate associated risks. - Develop third party security review process in response to CAO need for strategic guidance on Cloud based systems. - Facilitated monthly status briefings with House Information Resource (HIR) Senior Leadership. Collaborated and managed cross functional HIR relationships to include Vendor Management, Technology Management and Business Continuity. Interfaced with Internal Controls to address Office of Inspector General audit findings. - Served as a Contracting Officer Representative (COR) for multiple contracts. Participated in hiring evaluation panels for CAO Federal and contract staff.
Jan 2010 - Dec 2015
Information Assurance Manager
Led IT oriented initiatives for multiple health market clients. Focused on high-level information security support and SDLC compliance at the operational level. Helped to develop and promote MBL's internal people strategy functions (i.e., Recruiting, Training, and Professional Development). Client engagements include: Project Manager - Department of Veterans Affairs (VA) - Provided mid-level project management support to the VA's Information Security Compliance Program. Coordinated multiple client projects, to include information security governance activities and other related initiatives. Facilitated and participated in multiple weekly client meetings to capture project updates and drive project completion. Worked with multiple contractors to develop project management artifacts (i.e., project plans, bi-weekly reports and ad hoc reports). Developed metrics and reports to communicate program status and posture to executive level customers. IT Governance/FISMA Compliance Lead - Department of Health and Human Services (HHS) − Functioned as the lead for the FISMA workstream under the HHS Cybersecurity Program. Managed a project team in providing IT security program compliance support to include analysis of new and existing Federal, Department, and National Institute of Standards and Technology (NIST) mandates and guidance. Led activities related to the aggregation, review and analysis of security and privacy data metrics. Created monthly dashboards depicting security posture based on validated data. Optimized process used to respond to quarterly and annual data calls from internal HHS, Office of Management and Budget (OMB) and other Federal organizations. , Adeniji IT Project Management - Food and Drug Administration (FDA) Provided project management support for multiple centers under the FDA's Information Technology and Program Management Support Services (ITSS) contract. Project roles are noted below. − Served as a Project Manager for the Knowledge Management Hub. Escorted the project through the multiple phases of the HHS SDLC process to include the development of project artifacts, assisting in Center level presentations, as well as other facilitation actions. − Supported core stakeholders within the Center for Drug Evaluation and Research (CDER) perform business requirements gathering and analysis for the Real-Time Application Portable Interactive Device (RAPID) mobile application, a project helping to facilitate data mining of MedWatch submissions. Served as a liaison between the National Library of Medicine (NLM) and the FDA organizing various data gathering stakeholder activities necessary for collecting preliminary requirements for the prototype. Crafted the business case while working closely with CDER staff to develop the Statement of Work and other acquisition related documents in support of communicating the project business need. − Supported deployment management initiatives for the Division of Systems. Provided project management support for migration activities relating to the FDA's ICT21 Data Center modernization effort. Championed configuration management position during project- sponsored meetings (i.e., stage gate reviews, Change Control Boards (CCBs), integrated project team (IPTs) meetings). Served as a technical writer crafting documentation for the FDA's configuration management tools. − Developed a standardized Capital Planning Investment Control (CPIC) Framework, defining the process steps for the Select, Evaluate and Control phases, applicable to the Center for Devices and Radiological Health (CDRH) information technology investments. The development of this framework helped to standardize activities relating to the Center's information technology investments and ensured alignment with the FDA and HHS level CPIC Framework and policies.
Jan 2005 - Dec 2010
Booz Allen Hamilton
Supported federal government clients with A&A efforts, IT security policy architecture development, and program documentation relating to compliance with regulatory law and guidance. Supervised and mentored direct report consultants. Participated in internal marketing and performed account planning functions. Major engagements include: Information Security Project Manager - Substance Abuse and Mental Health Services Administration (SAMHSA) − Managed a small-scale information assurance team in programmatic support and project execution for SAMHSA information security strategic missions. Provided onsite guidance and consulting services directly to the Chief Information Security Officer in a variety of areas including IG audit support, Incident Response, and Security Authorization assessments for the Agency's information systems. Performed subsequent compliance activities (i.e., Risk Assessments, Plan of Action and Milestones (POA&M) management, Contingency Plan testing, etc.) for the Agency's information systems. − Provided review to the agency on legislative requirements, IT security program development, implementation and compliance oversight. Educated and interviewed contractor systems officials on NIST SP 800-53 security controls, determining the level of compliance for applicable security controls and risk areas. Assisted draft contract language as part of the program's , Adeniji contractor oversight program. Developed program management plans, communication materials, program assessment, oversight plans, OMB compliance reports and program-level performance metrics. Continuous Improvement Workstream Lead - Department of Energy (DOE), Office of Energy Efficiency and Renewal (EERE) − Managed the development, management, and mitigation of system POA&Ms and oversaw the program office's quarterly and annual Information Security, Internal Scorecard and Privacy metric submissions to DOE's Office of the Chief Information Officer (OCIO). Provided support in system security plan updates and risk assessment development. Interpreted legislation, developed performance metrics and established evaluation parameters for principal program areas.
Jan 2004 - Dec 2005
Served as the system administrator for the Occupational Safety training database, SkillsSoft GoTrain, tracking employee online training requirements and completion. Completed a procurement detail awarding single source contracts for equipment, supplies and services. Additional duties are noted below. − Developed and maintained records management system for safety programs. Assisted in contract modification and additional scoping/descoping cost estimates for health facility. Provided functional assistance to Occupational Health, Safety and Environmental team in OSHA and NEPA compliance. TECHNOLOGIES • McAfee MVision Cloud Access Security • Tenable Nessus Security Center and Security Broker (CASB) Manager • IBM Security AppScan, GitLab, Veracode • Splunk • HP Service Center, Remedy, ServiceNow • RSA Archer GRC • Jasper Business Intelligence, Power BI • Collaboration Tools: Microsoft Teams, WebEx, Zoom
Information Security Handbook
University of Maryland
masters, Strategic Information Management
University of Maryland
bachelors, Management Science and Statistics