Risk and Compliance Manager
- Responsible for the development of Aptiv’s governance, risk, and compliance program with an emphasis on NIST 800-30, NIST Cybersecurity Framework, CIS Top 20, and ISO 27001/27002.
- Function as the Data Privacy Officer for Connected Services, responsible for managing the divisions General Data Protection Regulation (GDPR) and California Consumer Protection Act (CCPA) programs.
- Manage and mentor employees related to risk management, software development, and incident response.
- Ensure the security of Connected Services software development, cloud-based server/serverless IT systems, PKI, and product lines.
- Develop information technology policies, standards, and procedures.
Chief Information Security Officer
- Created Merit’s Community CISO program which performed risk assessments for member organizations. The team evaluated administrative and technical controls based on the use of Open Source Intelligence, NIST Cybersecurity Framework, and the Centers for Internet Security Critical Security Controls.
- Responsible for Merit’s internal governance, risk, and compliance program.
- Co-chaired the development of Merit Network’s Cyber Defense Portfolio which provided managed security services to its membership.
- Developed content for workshops and presentations which have been given throughout the country.
- Hired and managed Merit’s cybersecurity team providing feedback on performance, gave direction and follow up tasks, and had weekly 1 on 1 meetings with individual staff.
- Created training workshops for internal employees on various security related topics.
Enterprise Security Architect
- Perform key security roles assisting state agencies in architecting new or existing systems, identify risks, and develop compensating controls and remediation plans.
- Ensure agency systems met federal, state, and 3rd party regulatory compliance requirements.
- Lead security architect for projects related to federated identity management and deployment of internal cloud services.
- Create and modify State of Michigan security-related policies, standards, and procedures.
- Co-chair of the Enterprise Audit team and a member of the PCI, Enterprise Architecture, Solution Design Team, and Medicaid Compliance Project core teams.
- Conduct preliminary audits for the state’s IRS and Affordable Care Act programs to ensure they meet Publication 1075 and NIST SP 800-53 control objectives.
- Develop continuing education for internal staff.
- Conducted Department of Technology, Management, and Budget control evaluations using CobiT 4.1 governance framework.
Senior Systems Engineer
- Developed and executed a project to redesign the company’s data center to provide high availability for the company and its customers.
- Lead systems engineer for managed hosting services of external customers which included web, email, and database hosting.
- Simplified desktop and server configuration along with implementing centralized identity management.
- Improved Linux deployment and management by creating customized scripts, implemented centralized conﬁguration management services, and custom RPM development.
- Lead high profile security projects which included multifactor authentication and full disk encryption.
- Deployed hard drive and removable media encryption software to high risk users.
- Migrated the university’s LDAP servers while adding multimaster replication for high availability, SSL encryption, and roaming user home directories.
- Developed new server builds based on industry standard security guidelines along with creating tools to streamline the process.
- Supervised student employees who worked for the enterprise technology services department. Responsible for assigning projects, mentoring, and giving yearly reviews to those employees.
Big Rapids, MI
Master of Science
Information Systems Management
Advanced Studies Certificate In Information Security and Network Management
Graduated: May 2009
Mount Pleasant, MI
Bachelor of Science
Major: Information Technology
Minor: Media Design, Production, and Technology
Graduated: May 2007
Certified Information Systems Security Professional (ISC2)
Certified Security Web Application Engineer (Mile2)
Certified Penetration Testing Engineer (Mile2)
ITIL v.3 Foundation (AXELOS Ltd.)
CobiT v.4.1 Foundation (ISACA)