Profiles search
Kurt Brown, CIPM
Business Architect, Information Security
Greensboro, NC, United States
Details
Experience:
2022 : Present
Cisco
Business Architect, Information Security at Cisco
• Managed Security & Trust Organization policy desk personnel and developed new policy administrative process to govern and manage 75 corporate policies, standards, and guidelines.
• Lead multiple cross functional stakeholders to adopt security controls alignment to industry frameworks including ISO/IEC 27001, 27002, FedRAMP, HITRUST, SOC 2, and NIST 800-53, 800-171.
• Co-authored a new internal risk framework ensuring controls are reviewed and updated using 8 internal and external risk factors permitting identification of gaps and allowing Executive Management to make informed risk-based decisions on mitigation prioritization.
• Developed assessment process to determine policy critical controls, control enforcement capabilities, and measurement, identifying risks and problem areas stemming from requirement controls implementation and enforcement gaps.
• Built and managed the Policy Program Management Solution within RSA Archer GRC platform.
• Perform audits and assessments on effectiveness of policy controls, analyze assessment findings and make recommendations for security improvements.
• Take managed documents through their review cycles by collaborating with owners, subject matter experts, legal, executive, and extended stakeholders.
• Conducted and lead resources in several large-scale requirements to industry standards mapping exercises to align controls to specific certification requirements including ISO 27001, FedRAMP, HITRUST, SOC 2, CSA, and NIST.
• Write policies and standards to align with Corporate strategy that are enforceable, measurable, and that align with legal, regulatory, and industry standards.
2017 :
Cisco
Business Analyst, Compliance Platforms & Integration
• Information Security Policy Development Team.
• Writing policy awareness material covering 14 variables.
• Interview Subject Matter Experts (SME’s) for project insight.
• Collaborate with multiple teams and departments across Cisco to ensure continuity in business strategy.
2016 : 2017
Project Consulting Specialists
Security Analyst at Cisco
• Perform security audits, risk assessment and analysis.
• Review vulnerability testing results and logs for active or potential security breaches. Take action to mitigate any intrusion attempts or potential risks.
• Run baseline audits on all workstations and servers to discover vulnerabilities. Patch as necessary.
• Manage Records Management program according to governmental guidelines.
• Perform daily compliance monitoring of company and employee activities online.
• Train all employees on IT Security Policies. Maintain and track all training to ensure compliance.
• Work closely with General Counsel and Compliance Manager to facilitate state exam audit requirements and ensure all items are accurate and submitted in their required time frames.
• Ran point on retail divisions SSAE-16 type 1 and type II controls audits.
2014 : 2016
Capital Markets Cooperative
Compliance Oversight Engineer
• Review server event logs for any irregularities. Work to mitigate any issues found.
• Maintain software licensing.
• Run baseline audits on all workstations and servers to discover vulnerabilities. Work to mitigate any issues found.
• Audit each file share and their respective files/folders for proper permissions. Locate any misplaced items and ensure owner moves to correct directory.
• Create and manage user accounts in Active Directory and Exchange server.
• Preform onsite security audits at all branch locations. Follow through with Branch Managers to ensure issues are resolved and maintained according to all local, state, and federal compliance requirements.
• Responsible for mitigation of all physical or employee security incidents.
2012 : 2014
Cunningham & Company
IT Security Engineer-Shared resource with parent Co. Capital Markets Cooperative
Cisco
Business Architect, Information Security at Cisco
• Managed Security & Trust Organization policy desk personnel and developed new policy administrative process to govern and manage 75 corporate policies, standards, and guidelines.
• Lead multiple cross functional stakeholders to adopt security controls alignment to industry frameworks including ISO/IEC 27001, 27002, FedRAMP, HITRUST, SOC 2, and NIST 800-53, 800-171.
• Co-authored a new internal risk framework ensuring controls are reviewed and updated using 8 internal and external risk factors permitting identification of gaps and allowing Executive Management to make informed risk-based decisions on mitigation prioritization.
• Developed assessment process to determine policy critical controls, control enforcement capabilities, and measurement, identifying risks and problem areas stemming from requirement controls implementation and enforcement gaps.
• Built and managed the Policy Program Management Solution within RSA Archer GRC platform.
• Perform audits and assessments on effectiveness of policy controls, analyze assessment findings and make recommendations for security improvements.
• Take managed documents through their review cycles by collaborating with owners, subject matter experts, legal, executive, and extended stakeholders.
• Conducted and lead resources in several large-scale requirements to industry standards mapping exercises to align controls to specific certification requirements including ISO 27001, FedRAMP, HITRUST, SOC 2, CSA, and NIST.
• Write policies and standards to align with Corporate strategy that are enforceable, measurable, and that align with legal, regulatory, and industry standards.
2017 :
Cisco
Business Analyst, Compliance Platforms & Integration
• Information Security Policy Development Team.
• Writing policy awareness material covering 14 variables.
• Interview Subject Matter Experts (SME’s) for project insight.
• Collaborate with multiple teams and departments across Cisco to ensure continuity in business strategy.
2016 : 2017
Project Consulting Specialists
Security Analyst at Cisco
• Perform security audits, risk assessment and analysis.
• Review vulnerability testing results and logs for active or potential security breaches. Take action to mitigate any intrusion attempts or potential risks.
• Run baseline audits on all workstations and servers to discover vulnerabilities. Patch as necessary.
• Manage Records Management program according to governmental guidelines.
• Perform daily compliance monitoring of company and employee activities online.
• Train all employees on IT Security Policies. Maintain and track all training to ensure compliance.
• Work closely with General Counsel and Compliance Manager to facilitate state exam audit requirements and ensure all items are accurate and submitted in their required time frames.
• Ran point on retail divisions SSAE-16 type 1 and type II controls audits.
2014 : 2016
Capital Markets Cooperative
Compliance Oversight Engineer
• Review server event logs for any irregularities. Work to mitigate any issues found.
• Maintain software licensing.
• Run baseline audits on all workstations and servers to discover vulnerabilities. Work to mitigate any issues found.
• Audit each file share and their respective files/folders for proper permissions. Locate any misplaced items and ensure owner moves to correct directory.
• Create and manage user accounts in Active Directory and Exchange server.
• Preform onsite security audits at all branch locations. Follow through with Branch Managers to ensure issues are resolved and maintained according to all local, state, and federal compliance requirements.
• Responsible for mitigation of all physical or employee security incidents.
2012 : 2014
Cunningham & Company
IT Security Engineer-Shared resource with parent Co. Capital Markets Cooperative
Company:
Cisco
About
A Certified Information Privacy Management and Senior Policy Advisor professional with proven leadership in cybersecurity risk and compliance.
Reviewed by Executive Management as one who “excels in his role and who has accountability and integrity”, “with demonstrated project management and technical expertise.” Also, one who “manages internal and external customers with a sense of urgency, performs role without constant oversight, and consistently demonstrates the ability to interface with multiple departments and varying levels within the organization.”
Profile Photo
