Experience

US WorldMeds

• United States
• Pharmaceutical Manufacturing
• 1 - 100 Employee

• IT Security & Compliance Specialist

  • Feb 2018 - Present

  IT Security & Compliance Specialist • Works as a liaison between IT, the business units and Information Security team to ensure complete and effective implementation of security controls, standards, and supporting policies. • Defines and executes the roadmap, control, and audit of internal IT Security functions. • Manages IT Compliance issues through resolution with the appropriate subject matter experts. • Works with IT subject matter experts to produce detailed documentation including, but not limited to: logical access, facilities management, network architecture with ACL controls, logical diagrams, etc. • Identify and determine IT Security improvements and standards using CIS (Critical Infrastructure Security Controls) as a model. • Develop policies and procedure documentation related to the effective development and execution of the companies IT Security Program. • Manage all Security End User Training and testing by collaborating with internal business units using KnowBe4 security awareness system. • Draft a complete, custom, IT Security Program with action items for each area of risk. • Document and execute internal IT audit schedule and plans with audit attributes for each internal IT control. • Create internal IT general controls (ITGC) for all company assets including but not limited to Facilities Management, Applications, Video Surveillance, Security Awareness, Vulnerability Mgmt., Vendor Management, Disaster Recovery, Vendor Management, Veeva Document & Learning Management, Computer Systems Validation, Knowbe4 Security Awareness. Manage company KnowB4 Security Awareness metrics - Phishing campaigns, end user training. Show less



LG&E and KU Energy LLC

• United States
• Utilities
• 700 & Above Employee

• IT Compliance Analyst

  • Jul 2014 - Jul 2017

  LOUISVILLE GAS & ELECTRIC, Louisville, KY 2014 – 2017 IT Compliance Analyst Leader within company’s IT department compliance efforts in alignment with the Sarbanes-Oxley Act. Supported department representatives in accomplishing objectives of identifying and appropriately documenting internal controls. • Engaged transaction, control owners and assessed operational efficiency, based on technical and organizational knowledge. Identified issues, assisted remediation efforts with IT transaction owners. • Assisted in preparing verbal and written reports for management during and at the conclusion of the examination, discussing findings, recommending corrective action and suggesting improvements in operations. Improved ease of auditing by defining testing attributes. • Provided technical oversight, ensuring adequate and appropriate documentation of department internal controls, minimizing risk. • Performed periodic testing, provided internal and external auditors with requested evidentiary information and reports regarding the execution of IT department internal controls. Improved testing process by remediating issues prior to the external audits. • Effectively communicated with clients regarding adherence to policies, procedures and standards for the IT corporate environment. Provided a transparent environment. • Created control exceptions and deficiencies reports. Provided to IT management, internal audit and others as applicable and appropriate. • Successfully brought new applications into SOX compliance using internal IT controls. • Created and maintained new IT Compliance SharePoint site used to store and manage SOX Narrative updates, collaborate and resolve IT, SOX & Audit Services issues. Improved communications within IT. • Identified deficiencies, communicated issues to internal audit services team. Collaborated with SOX, Audit Services, E&Y, & Deloitte to investigate issues. Assisted with remediation efforts w / IT control and transaction owners. Show less



Carewise Health

• Louisville, Kentucky Area

• Information Security Manager/Lead

  • May 2011 - Jun 2014

  • Ensured updates to IT Policy & Procedures document and IT Controls Poster are maintained, posted and available to their appropriate resources. • Created a ticket based vetting & ratification process for all new and existing IT Controls & IT Policy and Procedures. Minimized bureaucracy & lengthy or unproductive conference calls, created a vehicle to ensure rapid exposure of IT controls and policies. • Provided Senior Level IT Management & Executives with security related metrics based upon fact - audit results. • Manage IT Security personnel (Team) and continually support their initiatives, progress, direct efforts toward “big picture” Security initiatives while meeting business requirements. • Collaborated w/Systems team to coordinate Vulnerability Mgmt scans. Conduct VM scans on all servers – Enterprise Wide using Nessus, IBM VMS external VM system. Provided reports, remediation of exceptions. • Conducted formal risk assessments within CWH Business/ IT to determine the critical points of business exposure. – Logical Access, Ops, CM, Infrastructure Change Control, Network, Application, Network Intrusion Detection, Data Network, PCI, Vulnerability Mgmt., Patch Management etc. • Conducted an internal ISO27K assessment w/ CWH IT Leadership team - Defined Gaps between standards and current processes. Create Remediation Efforts details. Plan/Execute – change/update SOP's. • Managed Annual external Penetration Testing & internal VM scanning requirements, activities. • Led Two Factor authentication implementation project proof of concept project. • Led Enterprise level “IT Security Awareness” campaign including monthly newsletter & annual IT Security training plan. Show less



Carewise Health

• United States
• Health, Wellness & Fitness
• 200 - 300 Employee

• IT Security & Controls Manager

  • Mar 2009 - May 2011

  • Conducted internal ISO27K compliance standards audits against the current IT processes and provided the remediation of over 50 areas of deficiencies. • Continually conducted IT risk assessments and risk analysis to help the organization develop security standards and controls as required by HIPPA. • Initiated, facilitated, and promoted activities to foster information security awareness within the organization through an internal Share Point security website. • Created PCI DSS project & remediation plans spreadsheet and related Key management controls. • Monitored compliance within the organizations information security policies and procedures among employees, and other third parties and communicated problems to appropriate department managers, administrators and process owners. • Participated in resolving problems with user provisioning, security violations, incident response and disaster recovery planning. • Greatly improved the User creation, User termination, and User transfer processes by creating and implementing over 100 internal IT controls relating to Logical Access (Application Level & Network user provisioning). • Implemented a Vulnerability Management program using Nessus, Rapid 7 and Microsoft Baseline Security Analyzer solutions to identify, classify, and remediate all system vulnerabilities on over 1000 servers – Unix & Windows. • Provided support of a multiple domain Microsoft Windows 2003 Active Directory network with over 3500 users. • Streamlined a process for measuring Vendor compliances as they relate to IT security by compiling a pertinent security related compliance questionnaire. • Provided Vulnerability Management scan reports to remediate OS and system patch issues using Nessus & MS Security Analyzer. • Implemented Log Management solution using QRadar to build a framework of system log issues and incident monitoring. Show less



-X-

• Food Production
• 700 & Above Employee

• Senior IT Controls Analyst

  • 2005 - Aug 2008

  Accountable for auditing, compilation, and analysis of IT business procedures, controls and policies. Creation and implementation of new controls in accordance to ISO standards. Internal IT auditing , governance and remediation of Sarbanes Oxley related projects. • Planned, produced & executed Sarbanes Oxley audit plans and tracking documentation. • Audited and documented Logical Access, Change Management, Infrastructure Change Control. Operational IT processes and controls for plant manufacturing software systems and network infrastructures. • Created IT Control Narratives for 4 Divisional plants and Corporate Office. • Validated & documented IT controls and processes for Price Waterhouse Cooper to review in preparation of external audit. • Partnered with internal IT leaders and process owners during all audits and remediation efforts ensuring timely audit results. • Tracked and reported all audit data results and documented all business process issues toward remediation Key Accomplishments: • Made significant progress with multiple Segregation of Duties issues within both corporate office and external plants. • Reduced Price Waterhouse Coopers finding from a signification security weaknesses last year to a simple weakness this year after creating IT process Narratives and remediation of all deficiencies. • Identified, documented and remediated over 100 system deficiencies. • Standardized controls and testing processes for tighter system security. Show less



Carriage House Company

• Senior IT Systems Analyst

  • 1998 - 2005

  •Performed on-site analysis, diagnosis, and resolution of desktop and server problems for end-users, recommend and implement corrective solutions, and support for remote users as needed •Installed, configured, tested, maintained, monitored, and resolved workstations and related hardware and software issues. •Administered and resolved issues with associated end-user workstation software products •Provided all telecommunications support as needed. •Provided training and support to end users and staff on computer operation and other issues as needed •Constructed, installed, and tested customized configurations based on various platforms and operating systems •Recommended, scheduled, and performed PC, hardware and peripheral equipment improvements, upgrades, and repairs •Aided in support of business continuity and disaster recovery plans, •Create and maintain documentation (installation, training, network diagrams, etc.) •Maintained and supported wireless devices as needed •Installed, configured, tested, maintained and resolved Windows and/or Linux servers, related hardware and software issues •Supported the development and implementation of infrastructure and new technology projects ranging from remote access, domain migration, taskautomation, systems monitoring, server virtualization, and secure wireless connectivity •Monitored and analyzed network performance on the LAN •Installed and configured network hardware and equipment as needed •Ensured network and IP connectivity of all workstations, application servers, and back-end office infrastructure •Participated in managing all network security solutions, including firewall, anti-virus, and intrusion detection systems Show less



Floyd Memorial Hospital

• Information Systems/Network Specialist

  • 1995 - 1998



Floyd Memorial Hospital and Health Services

• United States
• Hospitals and Health Care
• 100 - 200 Employee

• Network Specialist

  • 1995 - 1998



Transitional Health Services

• PC/Network Specialist

  • 1994 - 1995