Nicholas K.
Education:
Master of Professional Studies in Information Sciences
Cybersecurity and Information Assurance
Penn State University
2017 : 2019
Certfications
Certified US Export Compliance Officer (CUSECO)
Dunlap-Stone University
2016 : 2016
Study Abroad
Fine/Studio Arts, General
Universität Dortmund
2012 : 2013
Experience:
Business Information Security Office (BISO), E-Commerce and Payment Systems.
The BISO's are tasked with reviewing all existing and new projects across the entire organization for a broad scope look at the business requirements, security frameworks, governance, risk, compliance, and privacy best practices. Needless to say, this role is deeply technical, highly communicative and cross collaborative with all levels of the business. Ultimately, my technical and administrative control recommendations are translated and calculated into risk management frameworks for leadership to understand and own.
2022 : Present
H-E-B
Senior Information Security Analyst
Vyze is a Fintech lending platform that was acquired by Mastercard International in 2019. I was brought into Vyze by Mastercard to support the information security team in 2020 as a direct report to the CISO. In April 2021, Ally Financial acquired the Vyze unit to join their Lending Division. LinkedIn has a hard time representing this without it looking like separate roles.
My work is broad in scope, and deepest where it is needed most for the business to thrive. In 2021, I was certified for IC2's CISSP and a candidate for ISACA's CRISC.
A few of my primary responsibilities include :
- Manager of infosec analysts.
- AWS and Azure Administration
- IAM and Security Controls Verification
- Information Security Management System
- PCI-DSS and ISO 27001 compliance
- Vulnerability Management & Research
- Risk Management and Analysis
- Splunk alert efficacy research
- User Administration & Unit level helpdesk
- End-point protection administration
- Host Intrusion Detection Systems (HIDS)
- Windows and Linux system administration
- Public cloud compliance and administration
- Internal auditing & stakeholder reporting
2020 : 2022
Ally Financial
Senior Information Security Analyst
I moved into the SecureLink InfoSec team as a direct report to the CISO. I balanced being the previous Compliance SME/Analyst with these added responsibilities and shifted focus :
- Threat Intelligence and Investigations Analysis
- Third-party Risk Management Architect
- Vendor Assessment Analysis
- Incident Response Management
- EPP/EDR Analysis
- SIEM Inquisitor
- ELK stack wrangler
- Data Analysis in rapid, broad swathes to aid in executive decision making
- Corporate InfoSec awareness evangelist and content creation
- SecureLink Blog and White paper research and author
- NIST, HIPAA, PCI-DSS, CJIS, NERC, CCPA, GDPR, and dozens upon dozens more regulatory research and applied consultations
- Privacy assessor and executive guidance
- Data Ethics evangelist and compass maker
2019 : 2020
SecureLink
Security Analyst
SecureLink is an innovative vendor privileged access management software serving highly regulated industries and secure-by-design customer needs.
As a Compliance Analyst, I strive to assure information security compliance, to incorporate data driven risk management frameworks and to investigate security challenges for the world's toughest jurisdictional, industry and regulatory standards.
Responsibilities :
- Subject-matter expert for : NIST, HIPAA, PCI-DSS, CJIS, NERC, CCPA, GDPR, and a multitude of other regulatory bodies
- Policy and Procedures SME
- Risk Management program maintenance and maturation
- Product research and development guidance as the infosec compliance SME
- Auditing and assessment for corporate and customer facing products
- InfoSec and compliance awareness training content creation for corporate staff of varying roles
- Knowledge Management owner and SME for infosec, compliance and risk management.
- Third-party vendor risk assessment framework architect and risk assessment sharing application owner
- Physical and digital vulnerability assessor
- Disaster Recovery, Business Continuity and Incident Response assessments and guidance
- IT Governance guidance and research
- Privacy advocate and architect
- Data Ethics evangelist and architect
2019 : 2019
SecureLink
Compliance Analyst
Eagle Eye Networks is a global, cloud-native, video surveillance platform and API provider. As a data center manager and multi-faceted technician, I worked as a DevSecOps liaison between Infrastructure, Engineering, Security, Manufacturing, and Supply Chain departments. I ensured that our infrastructure is humming along smoothly day-to-day, while also planned for and ultimately built out rapid expansion projects. I also worked with our security team and external partners to architect, audit and progress our risk management framework.
- Infrastructure Management & Technician
- Linux System Administrator
- Containerization Technician
- Network Technician
- Risk Assessments
- Penetration Tester
- NIST, GDPR, HIPAA, CJIS compliance analyst
- System Design and Project Planning
2018 : 2019
Eagle Eye Networks
Data Center Technician
Company: H-E-B
Years of Experience: 9
Spoken Language: English, French, German