Eric Kennedy, PMP
Education:
Bachelor of Science
Computer Science
Drexel University
CCNA
Cisco Certified Network Associate
Borough of Manhattan Community College
2016
Network+ (CompTIA)
Computer Networking Technologies
Per Scholas
2015
Experience:
Key Achievements :
- Lead two company units to ISO 27001 certification, within 2 years
- Manage the information security program for the region's +50 offices
As the leader of InfoSec within US/Canada, oversee operational maturity, risk management, GRC/A with the enterprise-wide information & technology security program.
GRC & Assurance :
Manage the region’s protection of information assets using global frameworks ISO 27001/27002/27005, GDPR, Cyber Essentials Plus; GRC tools : BitSight VRM (‘ThirdPartyTrust’), CyberGRX; industry references &
guidance : ISF, IAPP, SANS, NIST 800-171.
Provide subject matter expertise on all areas of InfoSec governance/compliance/regulatory.
Achieve & maintain the region's InfoSec certifications.
Collaborate with Data Privacy-Protection/Legal to ensure operations & management align with regulatory requirements.
Report to Group Director on regional adoption & efficacy of InfoSec processes, procedures, policies; coordinate to revise where needed.
Contribute to the strategic vision & objectives for enterprise-wide InfoSec GRC & IT security initiatives.
Business Engagement :
Establish & maintain mature relationships with regional leadership, management, service owners to ensure growth of InfoSec GRC.
Communicate complex risk & security matters via clear & actionable guidance to executives, management, other professionals. Share ideas for continuous improvements.
Provide advisory on security risks within business plans & proposals.
Assess & report operational requirements & budgetary considerations for regional InfoSec resources.
Risk Management :
Manage the risk mgmt functions for region’s InfoSec program.
Identify & analyze InfoSec risks via assessment cycles.
Verify risk mitigation plans & actions are defined, executed, progressed to completion.
Audit : Lead the audit program for the region’s InfoSec program.
Specializations :
- Management of Information Security Systems - ISMS
- Lead Auditor - ISO27001
- Leading of Audit Teams - ISO27001
2020 : Present
Undisclosed
Regional Program Manager, Information Security (Compliance, Governance, Assurance, GRC)
Specialized in :
- Management of Information Security Systems (ISMS)
- Risk Assessment (ISO 27005)
- Lead Auditor (ISO 27001) [equivalent to CISA]
- Certified competency in auditing management systems (ISO 19011)
Key Achievements :
• Documentable success managing the information security risk management system (ISMS) for a complete compliance cycle, achieving continued accreditation.
• Conducted yearly internal risk assessments of ISO27001 controls, and internal audits of the ISMS.
Contributions :
• Ensured effective implementation of compliance with the company's InfoSec framework & standards; also led as point-of-contact for guidance on InfoSec operations as actualized in policies, processes, procedures of five company divisions : Operations, Legal, IT, HR, Facilities.
• Identified & mitigated risks to information assets, using frameworks & tools ISO 27001/27002/27005, GDPR, CIS Top-20 Critical Security Controls. Verified risk mitigation actions were defined & executed. Led as the escalation point for InfoSec issues.
• Managed the yearly risk assessment of the information assets & processes as implemented within the ISMS.
• Managed & conducted internal audits of the ISMS; coordinated & documented Corrective Actions, resultant of audit or policy violations or other company requirements.
• Managed the yearly external audits conducted by the ISO registrar.
• Conducted semi-annual review meetings with C-level executive leadership represented in the ISMS.
• Responded to RFIs, RFPs, surveys from stakeholders & potential/current customers concerning the company's InfoSec posture.
• Produced & communicated quarterly awareness advisories on information- & cyber- security topics, using resources such as NIST, SANS Institute, CISA, CIS, other industry references & trends.
• Assisted with the response to, reporting & resolution of InfoSec incidents; verified follow-up actions are executed; contributed to the knowledge base of lessons-learned from handling incidents.
2017 : 2019
BDP International
Manager, Information Security Compliance
Proactive in defining, planning, developing and securing my next professional position.
2015 : 2017
Esperanto Estonteco
Professional Development
• Researched, discovered, pursued leads, and built relationships with potentially new donors, partners and clients -- with the goal and expectation that donor support will be received, to fund several current and/or proposed programs.
• Created and conducted presentations to prospective donors and partners the mission & objectives of the organization, describing how their support will advance the development and goals of its programs.
• Contributed ideas and suggestions for the design and planning of current/future programs, together with the guidance of the organization's Director and Board of Trustees.
• Attended any networking and funding opportunities--held in or near Nairobi--with donors, partners, NGOs, and other members of the international development community.
• Reported to main office and Director by email on a weekly basis, reporting all program development activities performed.
2011 : 2015
A.N.A.S.S.
Program Development Manager, Consultant
• Responsible for the management of all company computer workstations and business applications.
• Performed quality assurance testing on hardware and software upgrades to ensure proper system functionality.
• Provided technical support and system troubleshooting of hardware and software problems.
• Assisted in the definition and documentation of procedures for technical support of IT services and applications.
• Provided project assistance to the proposal to create a LAN with Internet access.
• Oversaw and provided technical advice on all aspects of the organization's implementation of computer network systems.
• Worked closely with management and staff to assure the overall quality of IT services within the organization.
2009 : 2010
UDEK
IT (ICT) Project Officer
Company: Undisclosed
Years of Experience: 27
★ Experienced in Program Management, Risk Management, Project Management, Technology Services
★ Career development in CISSP, Strategic Planning
~ Promoting ICT4D, and capacity building in International Development sectors
__________________________________________________________________________
★ NOTE to Sourcers & Recruiters:
Primarily considering positions that are, or inline for, leadership roles -- e.g. titles of...
~ Assistant or Deputy CISO
~ 'SVP' or 'VP' or 'Head'
~ ‘Director’ – inclusive of 'Assistant', 'Deputy', 'Associate'
Willing to consider:
SENIOR-level management titles: Head or Lead or Officer or BISO or 'Chief of Party' or 'Manager'
★ Do not send roles with titles of Analyst, Engineer, Architect, Administrator, Specialist, Technician, Support, Auditor or similar.
__________________________________________________________________________
Versatile and performance-motivated International Professional whose diverse experience has generated a track record of achievements in areas of information security risk management, program management, technology services, business consulting, and international development.
Successful in developing, implementing and managing risk-based information security strategies and objectives, information security management systems, and achieving ISO/IEC 27001 certification--for multiple companies.
Proven achievements in Program Management : problem-analysis/resolution/lessons-learned reporting; managing people and operational resources; validating that trust and integrity are provided to stakeholders, clients, partners, team members; achieving objectives and providing deliverables per quality & schedule agreements; promoting and leading the commitment to the team: success for all!
Exceptional communicator with demonstrated success in the challenges of working & living in multicultural and international environments.
__________________________________________________________________________
CORE COMPETENCIES:
• Compliance, Governance, GRC - Information/Cyber Security
• Program Management
• Risk Management
• Project Management
• Technology Solutions Delivery
• Cross-Functional Collaboration
• Multi-Cultural Communications, E-IQ, Social IQ