Kevin Smith
Education:
Masters of Science
Information Assurance
Norwich University
2004 : 2005
Bachelor of Arts
Computer Information Systems
William Penn College
1993
Associates
High Tech Electronics
Des Moines Area Community College
1989
High School
Dexter Senior High School
1979 : 1982
Experience:
2017 : Present
General Dynamics Information Technology
Principal Information Security Analyst
Responsibilities include :
- Understanding Corporate Information Security Programs and applying them o the Principal Global Investors business unit.
- Identify risks and issues in the business unit and participate in risk assessments with Corporate Information Security.
- Collaborate with Corporate Information Security, suppliers or IT staff to implement controls.
- Operate as an extension of the Business Information Security Officer (BISO) to execute upon all security related strategies as it relates to the business unit.
2016 : 2017
Principal Global Investors
Senior Information Security Analyst
* Coordinated corporate information security program.
- Prepared organization for a SOC2 audit.
- Developed security policy and implemented security awareness training
- Conducted security audits and risk assessments for internal and external customers
- Conducted threat and vulnerability monitoring
- Developed computer incident response procedures and acted as lead responder
* Managed FISMA compliant information security programs for Federal contracts including the Centers for Medicare and Medicaid Measure Authoring Tool (MAT) and the Quality Innovation Network National Coordination Center (QIN-NCC) and the Quality Innovation Network Quality Improvement Organizations for Iowa, Illinois, and Colorado (QIN-QIO).
- Acted as Information System Security Officer for Centers for Medicare and Medicaid contracts.
- Developed and implemented system security plans and plan of actions and milestones.
- Performed risk assessments and conducted security control testing.
- Conducted privacy impact assessments.
- Developed disaster recovery plans and conducted exercises.
- Developed training programs and mentoring for Security Points of Contacts (SPOCs).
* Act as information security subject matter expert.
- Assessed and responded to security requirements in contracts and requests for proposals.
- Designed, reviewed and assessed security in information system architectures.
- Performed infrastructure and web application vulnerability assessments.
- Coordinated with infrastructure teams to implement DISA-STIGs and USCCGB in the environment.
- Supported HIPAA Privacy Officer with development of compliant processes and procedures.
2015 : 2016
Telligen
Senior Information Security Analyst
Transitioned to NewWave Telecom & Technologies to fill the key security position in the NewWave-GDIT, LLC joint venture. Managed FISMA compliant information security programs for Federal contracts including the Centers for Medicare and Medicaid Chronic Condition Warehouse (CCW) and Virtual Research Data Center (VRDC).
* Managed security deliverables for the transition of the CCW/VRDC from General Dynamics Information Technology to the NewWave-GDIT, LLC joint venture.
- Drafted security impact assessments, interconnection security agreements (ISA) and third party web site privacy assessments (TPWA) related to transition.
- Developed and implemented system security plans and plan of actions and milestones.
- Performed risk assessments and conducted security control testing.
- Conducted privacy impact assessments.
- Developed and conducted contingency plan tests and exercises.
* Act as information security subject matter expert.
- Assessed and responded to security requirements in agile development processes
- Designed, reviewed and assessed security in information system architectures
- Performed infrastructure and web application vulnerability assessments
- Provide ad hoc security support for NewWave corporate security and other contracts
* Managed conversion of CCW security reporting from the CMS CFACTS 1.0 system to the CFACTS 2.0 system.
* Managed the CCW side of a Department of Homeland Security Risk and Vulnerability Assessment, resulting in the fewest findings the assessors had seen.
2015 : 2015
NewWave Telecom & Technologies, Inc.
Senior Security Manager
* Managed FISMA compliant information security programs for Federal contracts including the Centers for Medicare and Medicaid Chronic Condition Warehouse (CCW) and the Quality Improvement and Evaluation System (QIES).
- Developed and implemented system security plans and plan of actions and milestones.
- Performed risk assessments and conducted security control testing.
- Conducted privacy impact assessments.
- Developed security compliant multi-tier, multi-zone infrastructure architecture.
- Developed and presented role-based security awareness training.
- Developed and conducted contingency plan tests and exercises.
- Conducted data management plan security reviews for researchers requesting access to CMS data.
* Acted as information security subject matter expert.
- Assessed and responded to security requirements in a CMMI Level 3 development process that included Agile, Waterfall, and Iterative system design life cycles.
- Designed, reviewed and assessed security in information system architectures
- Performed infrastructure and web application vulnerability assessments
* Supported business partner in turning around risk of losing authority to operate for a Center for Medicare & Medicaid Services contract, resulting only three low findings.
- Worked with IT management and workforce to develop a security program that coordinated with the organization’s Capability Maturity Model Integration efforts.
- Worked with organization’s senior management to develop a set of compliant information security policies that fit the corporate culture.
- Worked with all levels or organization personnel to implement security processes.
2013 : 2015
General Dynamics Information Technology
Principal Information Security Analyst
Company: General Dynamics Information Technology
Years of Experience: 25