Profiles search
Chase Rickson, GSEC, CSM
Cybersecurity Services Manager at Palomar Specialty
Saint Paul, MN, United States
Details
Experience:
Key Responsibilities :
-Oversee all Cybersecurity services including but not limited to, Security Awareness Training, Phishing Simulations, SOC and Incident Response activities, management of ~$500k annual Budget, cybersecurity employees, security tools and applications, penetration testing, and tabletops.
-Serve as a security subject matter expert in a consultative capacity with the infrastructure teams by conducting security reviews/remediation at various stages of the systems and capability deployments.
-Perform threat modeling, and architecture reviews, and ensure critical vulnerabilities are identified, communicated to team members, and drive delivery of mitigations.
-Manage security policy and control lifecycle across the publication, enforcement, update, and audit.
-Research and recommend changes to procedures and systems to enhance systems and data security.
-Research emerging technologies and maintain awareness of current security risks in support of security enhancement and development efforts.
-Coordinate around, participate in, and manage information security projects and infrastructure projects
-Develop and implement tools to test, monitor, and enforce security policy; including metrics to understand policy effectiveness.
-Automate security processes to reduce as much manual work as possible.
-Maintains SIEM and administers security policies to control access to systems.
-Monitor, triage, and respond to SIEM alerts.
-Execute security controls to prevent hackers from infiltrating company information or jeopardizing programs.
-Research attempted efforts to compromise security protocol and recommends solutions.
-Research the latest in information technology security trends to keep up to date with the subject and use the latest technology to protect information.
-Conduct frequent testing of simulated cyber-attacks to look for vulnerabilities in the computer systems and take care of these before an outside cyber-attack.
2021 : Present
Palomar
Cybersecurity Services Manager
- Consult with and provide guidance to project teams, control owners, and partners to safely enable business objectives.
- Work directly with business leaders to facilitate information risk analysis and mitigation plans.
- Develop and maintain relationships with business and technology leaders, developers, architects and stakeholders to support and facilitate risk management practices.
- Embrace and influence a culture of continuous improvement by evaluating, collaborating, and recommending program and service improvement opportunities.
- Assist with the development and maintenance of Information Security awareness and education materials and presentations.
- Support internal, external, and client audits by interview and preparing any necessary evidence.
- Identify and collaborate on building additional security key performance and risk indicators to support increased security and risk awareness, understanding, and expectations.
- Development and maintenance of documented Information Security policies, standards, and controls.
- Maintain security testing methodology, provide testing guidance, and facilitate third party security testing engagements.
- Support and facilitate security risk review sessions and committee meetings.
2020 : 2021
Securian Financial
Information Security Consultant
- Phishing Operations in an enterprise network
- Incident Response activities and investigations
- Follows industry standard Incident Response procedures to monitor and respond to security events by taking the necessary course of actions such as identifying, containing, eradicating, remediating, extracting indicators, disseminating IOCs to supporting teams.
- Simulated Phishing campaigns to include design, deployment and metric reporting
- Lead for the delivery of weekly Security Operation reports to Enterprise Information Security group
- Analyze computing environments to determine vulnerabilities, recommend safeguards to mitigate risk, and perform compliance reviews to ensure applications and servers are operating in accordance with established policies and procedures.
- Perform Incident Handling duties and coordinate with business and application owners to contain and remediate security incidents.
- Maintain security infrastructure & cyber-security operations to mitigate identified risks, to meet business objectives, and to meet regulatory requirements.
- Utilize security technologies and tools, such as SIEM, IDS/IPS, Malware Analysis platforms, logical access controls, packet capture, endpoint detection and response (EDR), and security operations management systems, in order to support security across the enterprise.
2018 : 2020
Abbott
Senior Specialist Cybersecurity
Core Responsibilities :
-PCI Audit coordination and facilitation for self assessments or onsite visits. Work with various teams to collect evidence to support the requirements and remediation if a deficiency or gap is identified.
-This support includes facilitation of audit assessment, analysis of evidence from key owners and stakeholders, and remediation or process improvement activities.
-SME/Admin for the Enterprise GRC solution.
-Facilitate process improvement and workflow development for Information Security and it Stakeholders.
-Document or assist in the creation or maintenance of security policies and processes.
-Conduct risk assessments and analysis of vendors who require access or have existing access to systems, applications, databases, and data to ensure that access is appropriate and separation of duties does exist.
-Participate in projects and works with business units to provide security consulting.
-Management and monitoring of Security Toolset.
2018 : 2018
Washington County
Senior Information Security Analyst
Core Responsibilities :
-PCI Audit coordination and facilitation for onsite audit visits. Work with various teams to collect evidence to support the requirements and remediation if a deficiency or gap is identified.
-Participate in the business case, use cases, and requirements gathering and documentation supporting a GRC platform RFP.
-Define and document roles for the administration and maintenance the GRC platform, filling the associated GRC responsibilities.
-Support new system and information integrations in the GRC platform.
-Facilitate process improvement and workflow development for GRC services and stakeholders.
-Document or assist in the creation or maintenance of security and compliance driven processes.
-Work with stakeholders and security SME's to develop meaningful and actionable metrics and dashboards.
Conduct risk assessments and analysis of existing access to systems, applications, databases, and data to ensure that access is appropriate and separation of duties does not exist. Participate in projects and works with business units to provide requirements on implementation of controls for day to day business and audit requirements. This support includes facilitation of audit assessment, analysis of evidence from key owners and stakeholders, and remediation or process improvement activities.
2016 : 2018
MoneyGram International
Information Security Analyst II GRC
-Oversee all Cybersecurity services including but not limited to, Security Awareness Training, Phishing Simulations, SOC and Incident Response activities, management of ~$500k annual Budget, cybersecurity employees, security tools and applications, penetration testing, and tabletops.
-Serve as a security subject matter expert in a consultative capacity with the infrastructure teams by conducting security reviews/remediation at various stages of the systems and capability deployments.
-Perform threat modeling, and architecture reviews, and ensure critical vulnerabilities are identified, communicated to team members, and drive delivery of mitigations.
-Manage security policy and control lifecycle across the publication, enforcement, update, and audit.
-Research and recommend changes to procedures and systems to enhance systems and data security.
-Research emerging technologies and maintain awareness of current security risks in support of security enhancement and development efforts.
-Coordinate around, participate in, and manage information security projects and infrastructure projects
-Develop and implement tools to test, monitor, and enforce security policy; including metrics to understand policy effectiveness.
-Automate security processes to reduce as much manual work as possible.
-Maintains SIEM and administers security policies to control access to systems.
-Monitor, triage, and respond to SIEM alerts.
-Execute security controls to prevent hackers from infiltrating company information or jeopardizing programs.
-Research attempted efforts to compromise security protocol and recommends solutions.
-Research the latest in information technology security trends to keep up to date with the subject and use the latest technology to protect information.
-Conduct frequent testing of simulated cyber-attacks to look for vulnerabilities in the computer systems and take care of these before an outside cyber-attack.
2021 : Present
Palomar
Cybersecurity Services Manager
- Consult with and provide guidance to project teams, control owners, and partners to safely enable business objectives.
- Work directly with business leaders to facilitate information risk analysis and mitigation plans.
- Develop and maintain relationships with business and technology leaders, developers, architects and stakeholders to support and facilitate risk management practices.
- Embrace and influence a culture of continuous improvement by evaluating, collaborating, and recommending program and service improvement opportunities.
- Assist with the development and maintenance of Information Security awareness and education materials and presentations.
- Support internal, external, and client audits by interview and preparing any necessary evidence.
- Identify and collaborate on building additional security key performance and risk indicators to support increased security and risk awareness, understanding, and expectations.
- Development and maintenance of documented Information Security policies, standards, and controls.
- Maintain security testing methodology, provide testing guidance, and facilitate third party security testing engagements.
- Support and facilitate security risk review sessions and committee meetings.
2020 : 2021
Securian Financial
Information Security Consultant
- Phishing Operations in an enterprise network
- Incident Response activities and investigations
- Follows industry standard Incident Response procedures to monitor and respond to security events by taking the necessary course of actions such as identifying, containing, eradicating, remediating, extracting indicators, disseminating IOCs to supporting teams.
- Simulated Phishing campaigns to include design, deployment and metric reporting
- Lead for the delivery of weekly Security Operation reports to Enterprise Information Security group
- Analyze computing environments to determine vulnerabilities, recommend safeguards to mitigate risk, and perform compliance reviews to ensure applications and servers are operating in accordance with established policies and procedures.
- Perform Incident Handling duties and coordinate with business and application owners to contain and remediate security incidents.
- Maintain security infrastructure & cyber-security operations to mitigate identified risks, to meet business objectives, and to meet regulatory requirements.
- Utilize security technologies and tools, such as SIEM, IDS/IPS, Malware Analysis platforms, logical access controls, packet capture, endpoint detection and response (EDR), and security operations management systems, in order to support security across the enterprise.
2018 : 2020
Abbott
Senior Specialist Cybersecurity
Core Responsibilities :
-PCI Audit coordination and facilitation for self assessments or onsite visits. Work with various teams to collect evidence to support the requirements and remediation if a deficiency or gap is identified.
-This support includes facilitation of audit assessment, analysis of evidence from key owners and stakeholders, and remediation or process improvement activities.
-SME/Admin for the Enterprise GRC solution.
-Facilitate process improvement and workflow development for Information Security and it Stakeholders.
-Document or assist in the creation or maintenance of security policies and processes.
-Conduct risk assessments and analysis of vendors who require access or have existing access to systems, applications, databases, and data to ensure that access is appropriate and separation of duties does exist.
-Participate in projects and works with business units to provide security consulting.
-Management and monitoring of Security Toolset.
2018 : 2018
Washington County
Senior Information Security Analyst
Core Responsibilities :
-PCI Audit coordination and facilitation for onsite audit visits. Work with various teams to collect evidence to support the requirements and remediation if a deficiency or gap is identified.
-Participate in the business case, use cases, and requirements gathering and documentation supporting a GRC platform RFP.
-Define and document roles for the administration and maintenance the GRC platform, filling the associated GRC responsibilities.
-Support new system and information integrations in the GRC platform.
-Facilitate process improvement and workflow development for GRC services and stakeholders.
-Document or assist in the creation or maintenance of security and compliance driven processes.
-Work with stakeholders and security SME's to develop meaningful and actionable metrics and dashboards.
Conduct risk assessments and analysis of existing access to systems, applications, databases, and data to ensure that access is appropriate and separation of duties does not exist. Participate in projects and works with business units to provide requirements on implementation of controls for day to day business and audit requirements. This support includes facilitation of audit assessment, analysis of evidence from key owners and stakeholders, and remediation or process improvement activities.
2016 : 2018
MoneyGram International
Information Security Analyst II GRC
Company:
Palomar
About
Business professional with a strong work ethic, self-motivated and goal-oriented. Confident and adaptive to change, takes initiative, and solves problems. Works well with others and always looks forward to learning more from them. Experience in managing Information Security Awareness Program, Audit, Internal Risk and Vendor Risk assessments, medical devices, process engineering/improvement, and documentation control.
Specialties: Crew 212 Leadership Development, Process Development, Process Improvement, Project leadership, and training.
Good written and verbal communication skills with demonstrated ability to communicate and interact effectively with others.
Profile Photo
