Michael B.

Associate Director, Information Security, Risk Management and Compliance

Austin, TX, United States

Details

Education: Bachelor of Science

Management Information Systems, Entrepreneurship

University of Arizona, Eller College of Management

2004 : 2009

Experience: 2022 : Present

Merck

Associate Director, Business Information Security Officer, IT Risk Management and Security

2020 : 2022

Merck

Senior Specialist, Business Information Security Officer, IT Risk Management and Security

• Information Security Engineer, focused on Security Engineering/Architecture compliance support for an advanced hybrid cloud environment and application development projects

• Consulted on securing the design phase of County solutions in conjunction with a datacenter migration to both AWS/Azure Commercial and Government Tenants

• Conducted application regulatory compliance reviews against NIST 800-53rev4, CJIS, FTI (IRS 1075), and HIPAA

• Drove security standards, policies, and procedures to maintain continuous improvement in multiple areas.

• Collaborated with associated stakeholders on the security review process for datacenter, application development, and SaaS/IaaS/PaaS implementations

• Conducted risk assessments in accordance with NIST 800-30 on a multitude of differing technologies while ensuring all applicable laws and regulations were in compliance

• In-depth knowledge of NIST 800-53rev4 family of controls, CIS Top 20 Controls, and OWASP Top 10

• Lead engagement with project teams to ensure security controls are addressed early, reducing rework, driving efficiency, and increasing the quality and quantity of departmental output throughout the software development lifecycle

• Review of solution designs and architectural diagrams for security compliance, customer standards, and firewall updates

• SIEM program - Azure Sentinel Pilot

• Managed a leveraged SOC which utilized the ArcSight SIEM application

• Responsible for managing PKI certification administration for external certificates

2019 : 2020

Perspecta

Security Compliance Engineer

• Successfully implemented SIEM Monitoring for 200 Servers

• Led multiple concurrent small to medium projects from break-fix to infrastructure projects

• Security Compliance, Audit, and Risk - Security compliance, architectural reviews, and managing security risks for application projects

• Member of the Risk Management Framework implementation team

2018 : 2019

Perspecta

Datacenter Operations and Security Compliance, Audit, and Risk

• Successfully developed the Capacity Management Framework for a newly awarded contract

• Collaborated with operational teams from across the organization to update process and procedures

• Leader of the Capacity Management process, tickets, issues, reporting, and forecasting

• Managed Server Availability for the enterprise and met all SLAs

2017 : 2018

DXC Technology

Capacity Manager, Security Compliance, Operations

Company: Merck

Years of Experience: 18

Spoken Language: English, Spanish

Skills

Analysis, Budgets, Business Analysis, Business Process Improvement, Data Analysis, Dependable Team Player, Enterprise Software, HTML, Integration, Java, Leadership, Lean Six Sigma, Microsoft Excel, Microsoft Office, Microsoft SQL Server, Microsoft Word, MS Project, OS X, Philanthropy, PMO, PMP, PowerPoint, Process Improvement, Program Management, Project Management, Project Management Office (PMO), Project Planning, Project Portfolio Management, Proposal Writing, Requirements Analysis, Risk Management, Sales, Scrum, SDLC, Security Compliance, SharePoint, Software Development Life Cycle (SDLC), Software Documentation, Software Project Management, SQL, Team Leadership, Team Management, Teamwork, Troubleshooting, Vendor Management, Visio, Visual Basic, Windows

About

Over six years of experience working in an Information Security role, and 12 years of experience in IT working with teams across a national cross-functional environment driving projects and initiatives to completion. Versatile skill set benefiting multiple departments including Application Project Management Office, Datacenter Management, Proposal Management, Billing Management, and Capacity Management. Team focused professional with a demonstrated ability to be adaptable to the needs of the enterprise. Utilize a risk based and data driven approach to problem solving while supporting key enterprise processes. Strong communication skills with technical, and non-technical team members. Ability to work independently with excellent time management and problem-solving skills, attention to detail, and other related organizational skills.