Todd Hinson
Details
● (51%) Legal Corporate and Commercial (C&C) and (49%) IT Security Governance and Compliance
RESPONSIBILITIES :
● Cybersecurity Contract Review, Negotiation, Drafting, and Approval
● Vendor Supply-Chain and Third-Party IT Security Governance
● M&A and R&D Deal Cybersecurity Due Diligence for Trading Operations, Energy Generation, and Nuclear Fleet
● GOSP Stakeholder (Governance-Oversight-Support-Perform) for Cybersecurity Policy and Frameworks implementation and compliance (Internal & External as well as Regulatory & Audit Roles)
● Cybersecurity Committee menberships (plural) and Corporate Management functions
2022 : Present
Constellation
Cybersecurity Contracts Principal (Legal - Corporate and Commercial)
ASSIGNMENTS :
● Cybersecurity Programs & Compliance - Security Governance and Strategic Analysis
RESPONSIBILITIES :
● Risk Management Framework (RMF) Compliance to include NIST and NERC frameworks (e.g., NIST SP 800-53, NIST SP 800-171, NERC CIP, and NERC Reliability Standards) as well as Cybersecurity Maturity Model Certifications (CMMC 2.0 Levels 1-3)
● Audit evidence creation, verification, and packaging in support of RMF Compliance within Constellation Energy Group (Energy Wholesale, Retail, and Generation at https : //www.constellationenergy.com/our-company/our-story/about-constellation.html)
● Security Risk Assessment (SRA) Scorecard and Questionnaire drafting, response, and evaluation
● Vendor, Client, and Third-Party (3rd Party) Supply-Chain Risk Assessments to include contractual drafting, Terms & Conditions (T&Cs) security implications, and IT compliance requirements interpretations
● CISO-type activities in business information mapping and security evaluation to support the protection of Controlled Unclassified Information (CUI) in U.S. Government contracting and non-federal information systems
2021 : 2022
Constellation
Senior Cybersecurity Compliance Analyst (IT Security CISS)
ASSIGNMENTS :
● Corporate Information Security Services (CISS) - Security Governance and Strategic Analysis
RESPONSIBILITIES :
● Risk Management Framework (RMF) Compliance to include NIST and NERC frameworks (e.g., NIST SP 800-53, NIST SP 800-171, NERC CIP, and NERC Reliability Standards) as well as Cybersecurity Maturity Model Certifications (CMMC 2.0 Levels 1-3)
● Audit evidence creation, verification, and packaging in support of RMF Compliance within Exelon, Constellation NewEnergy, Exelon-Generation, and 6 major U.S. electric utility companies (the Exelon companies at https : //www.exeloncorp.com/companies)
● Security Risk Assessment (SRA) Scorecard and Questionnaire drafting, response, and evaluation
● Vendor, Client, and Third-Party (3rd Party) Supply-Chain Risk Assessments to include contractual drafting, Terms & Conditions (T&Cs) security implications, and IT compliance requirements interpretations
● CISO-type activities in business information mapping and security evaluation to support the protection of Controlled Unclassified Information (CUI) in U.S. Government contracting and non-federal information systems
2021 : 2022
Exelon
Senior Analyst, Security Governance (IT Security CISS - Compliance)
ASSIGNMENTS :
● General Counsel's Office – Compliance & Ethics – NERC Legal Regulatory & Corporate Compliance
RESPONSIBILITIES :
● Energy Sector support of the Bulk Electric System (BES or the Grid) via FERC / NERC Reliability Standards Enforcement, CyberSecurity Initiatives , Risk Analysis, and Corporate Compliance Program implementation
● Compliance support of Exelon, Exelon-Generation, ACE, BGE, ComEd, DPL, PECO, PEPCO, and Constellation; the Exelon companies (https : //www.exeloncorp.com/companies)
● Support of Internal Investigations into potential non-compliance with Reliability Standards as well as related internal ethics issues
● Maintain Exelon's Corporate NERC Compliance legal tracking database across more than 400 matters
● Coordinate with external Regulatory administrative personnel (FERC/NERC/ReliabiltyFirst/or other ERO) on pending enforcement matters
● Maintain legal document repositories and tracking files for Internal Investigations and CyberSecurity matters
● Perform research and analysis to support the resolution of NERC Open Enforcement Action (OEA) matters
● Interface directly with all Exelon's Business Units on tasks required to resolve OEAs
● Review and edit Self-Reports and Self-Logs (i.e., Regulatory disclosures) as well as Mitigation Narratives and Mitigation Evidence (i.e., Mitigation Packages) for legal sufficiency and risk flags
● Coordinate and review responses to Regulatory Requests for Information (RFIs)
● Prepare internal management briefings, on a regular basis, as to the status of Exelon's NERC Compliance Programs
● Analyze compliance matters for trends and Compliance Program status or health
● Participate, from a legal or cyber risk perspective, in Internal Investigations as well as Corrective Action Program (CAP) initiatives, such as Apparent Cause Analysis (ACE), Root Cause Analysis (RCI))
● Skilled in all O365 applications plus SharePoint, Project, and Outlook as well as legal applications (Relativity, Exterro, eDocs)
2017 : 2021
Exelon
Senior Legal Analyst (Corporate Governance, Ethics & Policy)
ASSIGNMENTS :
● General Counsel's Office – Compliance & Ethics – NERC Legal Regulatory Compliance
RESPONSIBILITIES :
● Enterprise regulatory compliance to FERC, NERC, and ERO Reliability Standards in North America
● Energy Sector support of the Bulk Electric System (BES) reliability via cybersecurity, risk analysis, and compliance program implementation which must comply with Corporate Management Models
● Legal sufficiency review and drafting of mitigation evidence documents for submission to regulators
● Legal support of two supervising attorneys and nine stakeholder attorneys within the Compliance & Ethics practice group
● Research, drafting, and review of Compliance Program control documents
● Regulatory filing composition and review to ensure legal sufficiency of NERC Self-Report, Self-Log, and Audit submissions to include Narratives, Mitigation Plans, Evidence packages, and responses to RFIs (Requests for Information)
● Tracking of compliance Metrics enterprise-wide, across nine major business units (utilities and generation fleet) as well as real-time reporting to Legal leadership, Firm management committees, or project teams
● Incident response from a legal perspective in compliance to NERC CIP (Critical Infrastructure Protection) and 693 (Operations & Planning) Standards; risk-analysis, fact pattern review, self-reporting, mitigation, and closure via compliance exception, dismissal, or settlement agreement
● SharePoint Site development and collaborative document management in support of all above functions
● Excel, Access, PowerPoint, Word and Adobe document creation in support of all above functions
● Regulatory Audit support across a broad spectrum of NERC Standards and Requirements
● Legal Hold processing to include notification, data collections, and custodian communications
● All standard and typical General Counsel or law firm support functions as expected of a Senior Paralegal (e-Doc Management, e-Discovery, etc.)
2016 : 2017
Exelon Corporation
Senior Legal Analyst (FERC / NERC Regulatory Compliance)
About
Throughout my career I have always sought a collegiate environment as part of a symbiotic team. I have enjoyed being a Leader, a Manager, and a Team Member with a great deal of success as a Project-Lead or Subject Matter Expert (SME) within Cybersecurity, Legal, Engineering, Regulatory Compliance, Corporate Policy, and Financial Services areas. I have been fortunate to have worked with some of the most talented Corporate Leaders, IT Innovators, Attorneys, and Senior Level Executives throughout my career ... and I have greatly benefited from their professional guidance. I have positioned myself for the next-step opportunity in management development which builds upon my past accomplishments.
Beyond 2023, I hope to leverage my Corporate, Legal, and Compliance experience as well as my Cyber Technical experience (which spans Cybersecurity, Engineering, Information Technology, and Government Contracting) to advance my career into a Sr. Manager position within Cyber Programs, Policy Oversight, and/or Contract Management. With a Masters of Engineering in Cybersecurity Policy and Compliance from GWU ... a degree which combines cybersecurity technical expertise with corporate governance and the management of multiple Risk Management Frameworks (e.g., NIST CSF, CMMC 2.0, NERC CIP, CMMC, FedRAMP) ... I am poised for the next level of career advancement.
In my career thus far, I am proud to have supported Constellation Energy (Markets, Generation, and Nuclear) (NASDAQ:CEG) and Exelon Corp with its large Electric Utility and Transmission holdings. I am also honored to have supported the DoD, NSA, DIA, the U.S. Army, and General Dynamics as well as other large DIB contractors. Additionally, I have supported the Big Law firms of Weil Gotshal & Manges and Allen & Overy (domestically and internationally) and the prestigious General Counsels Offices of the DOJ-USAO-Md, the American Bankers Association, and T. Rowe Price.
As part of my skill set, I maintain excellent verbal and written communications; the ability to multi-task; and the capacity to cope with a high-volume workload. I always hope to be the Go To resource for routine AND difficult Lifts and I have been characterized as the person who Keeps the Trains Running On-Time”. I genuinely believe in THE TEAM concept and make it a priority for inclusive communication AND recognition.
Finally, I am well-traveled globally, making me culturally aware and in-tune with Corporate Diversity, Equity, and Inclusion (DEI) objectives; having lived in Europe, Asia, and several United States locations.
Profile Photo
