Profiles search

Eric Kennedy, PMP

Information Security, Regional Program Manager ★ Dares to aspire...CISSP, Data Privacy, Strategic Planning ★ InfoSec Expertise in Compliance/Risk/Assurance/ISO 27001/Project Management ★ Technology Services, ICT4D
New York, NY, United States
Details

Education: Bachelor of Science

Computer Science

Drexel University



CCNA

Cisco Certified Network Associate

Borough of Manhattan Community College

2016

Network+ (CompTIA)

Computer Networking Technologies

Per Scholas

2015

Experience: Key Achievements :

- Lead two company units to ISO 27001 certification, within 2 years

- Manage the information security program for the region's +50 offices

As the leader of InfoSec within US/Canada, oversee operational maturity, risk management, GRC/A with the enterprise-wide information & technology security program.

GRC & Assurance :

Manage the region’s protection of information assets using global frameworks ISO 27001/27002/27005, GDPR, Cyber Essentials Plus; GRC tools : BitSight VRM (‘ThirdPartyTrust’), CyberGRX; industry references &

guidance : ISF, IAPP, SANS, NIST 800-171.

Provide subject matter expertise on all areas of InfoSec governance/compliance/regulatory.

Achieve & maintain the region's InfoSec certifications.

Collaborate with Data Privacy-Protection/Legal to ensure operations & management align with regulatory requirements.

Report to Group Director on regional adoption & efficacy of InfoSec processes, procedures, policies; coordinate to revise where needed.

Contribute to the strategic vision & objectives for enterprise-wide InfoSec GRC & IT security initiatives.

Business Engagement :

Establish & maintain mature relationships with regional leadership, management, service owners to ensure growth of InfoSec GRC.

Communicate complex risk & security matters via clear & actionable guidance to executives, management, other professionals. Share ideas for continuous improvements.

Provide advisory on security risks within business plans & proposals.

Assess & report operational requirements & budgetary considerations for regional InfoSec resources.

Risk Management :

Manage the risk mgmt functions for region’s InfoSec program.

Identify & analyze InfoSec risks via assessment cycles.

Verify risk mitigation plans & actions are defined, executed, progressed to completion.

Audit : Lead the audit program for the region’s InfoSec program.

Specializations :

- Management of Information Security Systems - ISMS

- Lead Auditor - ISO27001

- Leading of Audit Teams - ISO27001

2020 : Present

Undisclosed

Regional Program Manager, Information Security (Compliance, Governance, Assurance, GRC)

Specialized in :

- Management of Information Security Systems (ISMS)

- Risk Assessment (ISO 27005)

- Lead Auditor (ISO 27001) [equivalent to CISA]

- Certified competency in auditing management systems (ISO 19011)

Key Achievements :

• Documentable success managing the information security risk management system (ISMS) for a complete compliance cycle, achieving continued accreditation.

• Conducted yearly internal risk assessments of ISO27001 controls, and internal audits of the ISMS.

Contributions :

• Ensured effective implementation of compliance with the company's InfoSec framework & standards; also led as point-of-contact for guidance on InfoSec operations as actualized in policies, processes, procedures of five company divisions : Operations, Legal, IT, HR, Facilities.

• Identified & mitigated risks to information assets, using frameworks & tools ISO 27001/27002/27005, GDPR, CIS Top-20 Critical Security Controls. Verified risk mitigation actions were defined & executed. Led as the escalation point for InfoSec issues.

• Managed the yearly risk assessment of the information assets & processes as implemented within the ISMS.

• Managed & conducted internal audits of the ISMS; coordinated & documented Corrective Actions, resultant of audit or policy violations or other company requirements.

• Managed the yearly external audits conducted by the ISO registrar.

• Conducted semi-annual review meetings with C-level executive leadership represented in the ISMS.

• Responded to RFIs, RFPs, surveys from stakeholders & potential/current customers concerning the company's InfoSec posture.

• Produced & communicated quarterly awareness advisories on information- & cyber- security topics, using resources such as NIST, SANS Institute, CISA, CIS, other industry references & trends.

• Assisted with the response to, reporting & resolution of InfoSec incidents; verified follow-up actions are executed; contributed to the knowledge base of lessons-learned from handling incidents.

2017 : 2019

BDP International

Manager, Information Security Compliance

Proactive in defining, planning, developing and securing my next professional position.

2015 : 2017

Esperanto Estonteco

Professional Development

• Researched, discovered, pursued leads, and built relationships with potentially new donors, partners and clients -- with the goal and expectation that donor support will be received, to fund several current and/or proposed programs.

• Created and conducted presentations to prospective donors and partners the mission & objectives of the organization, describing how their support will advance the development and goals of its programs.

• Contributed ideas and suggestions for the design and planning of current/future programs, together with the guidance of the organization's Director and Board of Trustees.

• Attended any networking and funding opportunities--held in or near Nairobi--with donors, partners, NGOs, and other members of the international development community.

• Reported to main office and Director by email on a weekly basis, reporting all program development activities performed.

2011 : 2015

A.N.A.S.S.

Program Development Manager, Consultant

• Responsible for the management of all company computer workstations and business applications.

• Performed quality assurance testing on hardware and software upgrades to ensure proper system functionality.

• Provided technical support and system troubleshooting of hardware and software problems.

• Assisted in the definition and documentation of procedures for technical support of IT services and applications.

• Provided project assistance to the proposal to create a LAN with Internet access.

• Oversaw and provided technical advice on all aspects of the organization's implementation of computer network systems.

• Worked closely with management and staff to assure the overall quality of IT services within the organization.

2009 : 2010

UDEK

IT (ICT) Project Officer

Company: Undisclosed

Years of Experience: 27

Skills Account Management, Analysis, Business Analysis, Business Requirements, Capacity Building, Career Counseling, CCNA, CISA, Client Liaison, Compliance Assessments, Compliance Management, Critical Thinking, Cybersecurity, Data Privacy, General Data Protection Regulation (GDPR), Information Security, Information Security Governance, Information Security Management, Information Security Management System (ISMS), Information Technology, International Business, International Development, International Relations, International Standards, Interview Preparation, ISO 27000, ISO 27001, ISO 27002, Negotiation, NGOs, Nonprofit Organizations, Nonprofits, Problem Solving, Program Management, Project Management, Requirements Analysis, Security Audits, Security Certification, Security Compliance, Security Controls, Security Policy, Security Risk, Stakeholder Management, Systems Analysis, Team Building, Team Leadership, Team Management, Technical Training, Troubleshooting
About ★ Expertise in Compliance & Governance for Information/Cyber Security, Risk Assurance, GRC

★ Experienced in Program Management, Risk Management, Project Management, Technology Services

★ Career development in CISSP, Strategic Planning

~ Promoting ICT4D, and capacity building in International Development sectors

__________________________________________________________________________



★ NOTE to Sourcers & Recruiters:



Primarily considering positions that are, or inline for, leadership roles -- e.g. titles of...

~ Assistant or Deputy CISO

~ 'SVP' or 'VP' or 'Head'

~ ‘Director’ – inclusive of 'Assistant', 'Deputy', 'Associate'



Willing to consider:

SENIOR-level management titles: Head or Lead or Officer or BISO or 'Chief of Party' or 'Manager'



★ Do not send roles with titles of Analyst, Engineer, Architect, Administrator, Specialist, Technician, Support, Auditor or similar.

__________________________________________________________________________



Versatile and performance-motivated International Professional whose diverse experience has generated a track record of achievements in areas of information security risk management, program management, technology services, business consulting, and international development.

Successful in developing, implementing and managing risk-based information security strategies and objectives, information security management systems, and achieving ISO/IEC 27001 certification--for multiple companies.

Proven achievements in Program Management : problem-analysis/resolution/lessons-learned reporting; managing people and operational resources; validating that trust and integrity are provided to stakeholders, clients, partners, team members; achieving objectives and providing deliverables per quality & schedule agreements; promoting and leading the commitment to the team: success for all!

Exceptional communicator with demonstrated success in the challenges of working & living in multicultural and international environments.

__________________________________________________________________________



CORE COMPETENCIES:

• Compliance, Governance, GRC - Information/Cyber Security

• Program Management

• Risk Management

• Project Management

• Technology Solutions Delivery

• Cross-Functional Collaboration

• Multi-Cultural Communications, E-IQ, Social IQ