logo
Keep in touch with meI'm using Intch to connect with new people. Use this link to open chat with me via Intch app
Work Background
Manager Internal IT Audit
CSGManager Internal IT Audit
Sep. 2023Des Moines, IAManage the execution of the IT Audit plan, including all aspects of planning, fieldwork, reporting, and deficiency management. Lead complex and risk-based IT and technology audits and reviews. Oversee the execution and provide oversight over regulatory and compliance audits, as required (SSAE18 SOC1, ISO 27001, IT SOX). Contribute to internal risk assessments and data analytics strategies, including identifying opportunities to use analytics and continuously monitoring internal audit engagements and risk assessments. Participate in assessing new business processes to evaluate and document workflows and the associated risk and control environment. Collaborate and manage a working relationship with business partners, external auditors, and Internal Audit service providers. Consult or act in an advisory role with cross-functional teams to identify controls or process improvement opportunities. Prepare and present impactful reports outlining findings, recommendations, and control improvements. Coach, develop, and mentor a diverse and global team. Stay updated on industry best practices, emerging risks, and regulatory requirements related to IT governance.
GRC & IT SOX Compliance Manager
Werner EnterprisesGRC & IT SOX Compliance Manager
Apr. 2022 - Jun. 2023Nebraska, United StatesAs the GRC & SOX Controls Manager I developed and managed controls and services to lead all enterprise departments in their efforts to gain and maintain compliance with internal and external IT control frameworks. Mentored interns from local universities to develop career paths and manage their keystone projects. Developed and implemented roadmaps for all information security and cybersecurity projects in alignment with Azure DevOps scrum masters to track and measure the effectiveness of work and eliminate unexpected external dependencies. Core Services & Achievements: - Managed and aligned enterprise policy and standard frameworks with legal, internal audit, and record retention schedules. - Established an information risk management (IRM) program compliant with NIST IR8286. - Published knowledge base and trained the GRC team to perform services consistently. - Modernized third-party risk management process to provide an end-to-end business risk. - Cataloged external vendor assessment requests into a centralized repository. - Conducted internal risk assessments on IT assets to assign criticality and identify control gaps. - Conducted weekly and monthly control tests to update risk metric dashboards, and assisted with project decisions across the enterprise. - Implemented a cybersecurity due diligence program for Mergers and Acquisitions. - Maintained the InfoSec Risk Register to catalog threats, incidents, impacts, mitigation efforts, and compensating controls, and provided risk reports to leadership. - Worked with department directors to establish controls, standards, and testing procedures to meet regulatory compliance narratives. - Published risk control metrics (RCM) with internal and external auditors to verify SOX and privacy compliance across in-scope assets. - Managed Security Awareness and Training Program for the entire Enterprise.
Sr. Security Risk Analyst (GRC)
Omaha Public Power DistrictSr. Security Risk Analyst (GRC)
Aug. 2020 - Apr. 2022Omaha, Nebraska, United StatesAs an analyst on the GRC Team my responsibilities included policy and standard framework development to align the organization with NIST CSF v1.1. I also performed internal and third party assessments to identify gaps and assign risk levels and operate as an incident response manager when events occurred to generate necessary documentation, provide executive updates, and ensure incident response teams followed playbook and stayed on task. Core Services & Achievements: - Developed and published the organization’s Information Classification Policy - Developed technology policy review processes and procedures to ensure full NIST CSF compliance and to ensure reviews were executed annually. - Provided technical writing advice and consulting to multiple departments’ development of standards and procedures. - Developed compliance alignment documentation between NIST CSF, NIST 800-53r5, C2M2 and NERC, COBIT, ISO, and other third-party controls to assist the GRC team with a diverse understanding of compliance needs. - Represented Cybersecurity and GRC seats on the board for project implementation and road-map planning, and led breakout teams to analyze future implementation strategies. - Consulted SME on cybersecurity integration strategies for high-availability projects to ensure minimized risks throughout upgrades, installations, or other integrating features. - Ensured change requests did not introduce or increase risk through technology upgrades and changes followed guidance and compliance concerns. - Developed internal risk assessment process incorporating risks into existing risk register and Enterprise Risk Management processes. - Conducted internal risk assessments and device hardening checklist to comply with FedRAMP, DoD, DHS, NERC, CMMC and C2M2 regulations. - Coordinated external assessment contractors to ensure organizational alignment with third-party regulations and compliance frameworks. - Responded to third-party risk assessments by other vendors.
Information Operations and Cyber Security Analyst
Alaka`ina Foundation Family of CompaniesInformation Operations and Cyber Security Analyst
Aug. 2019 - Aug. 2020San Antonio, Texas AreaActive Security Clearance: Secret, March 2019 - Present As a cybersecurity risk analyst on the Air Force Mission Assurance Assessment Team (AFMAAT), I conducted on-site risk assessments in accordance with DoD’s Defense Threat Reduction Agency (DTRA) guidance and benchmarks. The target of these assessments identified the risks, threats, hazards, and likelihood to impact the operations of DoD assets owned or managed by the Air Force. The output of the assessments generated technical reports containing risk-rated issues related to technology, published for the Pentagon and presented in person to base commanders. Reports were codified with the DTRA Guidelines and Benchmark controls.
Information Security Analyst III
TraceSecurityInformation Security Analyst III
Feb. 2016 - Mar. 2019Baton Rouge, Louisiana AreaAs a senior analyst at TraceSecurity I performed all core services to the highest level of quality and enhanced my skills as a technical writer, risk manager, public speaker, penetration tester, and threat hunter. These skills allow me to conduct comprehensive evaluations and testing procedures that populated professional reports, presentations, and mitigation plans. Provide oral and written post-evaluations detailing remediation plans and maturity guidance. Designed and executed risk-based IT audits to ensure clients met their corresponding regulations (i.e., ISO, HIPPA, NIST, COBIT, SOX, NCUA, FFIEC, FDIC, InTREx). Analyze threats for false positives and provide real-time reports, manage vulnerability programs with automated and on-demand scanning, testing, analytics, and reporting to clients per their individual scope of work. Core Services Performed Include: - Vulnerability Assessments - Physical Security Inspections - IT Security Audits - Risk Assessments - Social Engineering - Internal and External Penetration Tests - Security Awareness Training/Workshops - Phone, Email, and In-Person Social Engineering Tests - Web-Application Tests
Director of Technology
Christian Life AcademyDirector of Technology
Aug. 2014 - Dec. 2015Baton Rouge, Louisiana AreaAs the Director of Technology, I provided and maintained the overall vision and leadership of the development, implementation, and management of enterprise information systems to support school operations and to achieve the most effective, cost-beneficial, campus-wide IT operations possible.
Director of Technology
Maranatha High SchoolDirector of Technology
Jun. 2012 - Aug. 2014Pasadena, CAAs the Director of Technology, I provided and maintained the overall vision and leadership of the development, implementation, and management of enterprise information systems to support school operations and to achieve the most effective, cost-beneficial, campus-wide IT operations possible.
Director of Technology
Tri-City Christian SchoolDirector of Technology
Jul. 2006 - Jun. 2012Vista, California, United StatesAs the Director of Technology, I provided and maintained the overall vision and leadership of the development, implementation, and management of enterprise information systems to support school operations and to achieve the most effective, cost-beneficial, campus-wide IT operations possible.
IT Manager
WORLD EMERGENCY RELIEFIT Manager
Jan. 2001 - Dec. 2005Carlsbad, CAInstalled technology procedures for every department within the US offices and assisted with Global integration of their online presence while building a secure payment gateway allowing online contributions and constituent record collection to comply with strict state and board regulated security requirements.
TASO
United States Marine CorpsTASO
Apr. 1997 - Aug. 2000Camp Pendleton North, California, United StatesProvided desktop support for 200+ Marines and Government employees while assisting with the migration to the Windows NT server and desktop platforms.

Requests

Touchpoint image
6
Personal Pitch
Governance, Risk, Compliance, and IT Audit
Intch is a Professional Networking App for the Future of Work
300k+ people
130+ countries
AI matching
See more people like Stephen on Intch
IT
224406 people
8
CEO @ AssetData
18
Student @ PDX Code Guild
15
Business analysts @ National Flood Services
ITProject Manager
61750 people
15
Business analysts @ National Flood Services
15
Project Manager @ Federal contractor
15
IT Project Manager @ ORIX USA