Lawrence Eugene Blessing

Download as doc, pdf, or txt
Download as doc, pdf, or txt
You are on page 1of 5

Lawrence Eugene Blessing

MSc. Cyber Security


CCP, CISA Information Security Analyst (GRC)

PROFESSIONAL SUMMARY:
 Cybersecurity GRC expert, which includes extensive experience working with SOX, ISO
27001/27002, NIST SP 800-53r4, NIST Cybersecurity Framework (CSF), NIST RMF (NIST SP 800-
37), SOC2 Type 1 and 2, PCI-DSS, which was gained in different roles over 10+ years in GRC roles,
as well as 10+ years in IT audit/SOX roles. GRC experience includes strategy, policy, and procedure
development, GRC platform selection and use (RSA Archer GRC and ServiceNow GRC),
cybersecurity risk process design, PCI DSS certification support, HITRUST implementation support,
and technical security assessments. Technical security assessments performed of IT infrastructure,
AWS, Azure, cloud, Peoplesoft ERP, networks, and web applications.
 Extensive international experience. Have performed IT audit assignments in UK (England), France
(Paris), and Austria (Vienna). Worked at Credit-Suisse Group and lived in Zurich, Switzerland for
nine months. IT Audit Manager for Banco Italiano based in Milan, Italy for two years with area of
support Italy and Ireland. IT Security architect and project manager for KPMG (London) for three
years in Riyadh, Saudi Arabia implementing WAN security for National Information Center
throughout Saudi Arabia for the larges WAN in Middle East with 22,000 users.
 Third-Party Risk Management contract with Disney supporting Disney global legal, finance and IT
infrastructure departments for seven months, and five months with United Health Group.
 Expert level with Microsoft suite including Word, Excel, and PowerPoint.
 Hold Master of Science (Cyber Security Technology), at the University of Maryland University
College (UMUC) graduating in 2018 with a GPA of 3.80. UMUC has been designated as a National
Center of Academic Excellence in Information Assurance and Cyber Defense Education by the
National Security Agency and the Department of Homeland Security and as a National Center of
Digital Forensics Academic Excellence by the Defense Cyber Crime Center Academic Cyber
Curriculum Alliance.

Areas of Expertise:
 Governance, Risk & Compliance (GRC) Management
 GRC Subject Mater Expert to Technical and User Community
 Lifecycle Management of Client Responses to Risk Assessments and Audit Findings
 IT Security Risk Management; Technical Writer of Policies, Procedures, and Standards
 Lifecycle Management of Cybersecurity Policies, Standards, Procedures, Process Guidelines and
Support Documentation; IT Audit / SOX
 Splunk (Supported Cyber Analyst Team on Integrating with GRC)
 Government contract accounting and government contract review to assure compliance with
government regulations and contract requirements, Compliance Reporting
 Collaboration with DevOps; Written, Verbal, and Online Communications at All Levels
 Project Management; Security Awareness Training; Business Continuity/Disaster Recovery Planning
 IT Controls Compliance; Infrastructure Security
 ServiceNow GRC Support; RSA Archer GRC Support; Third Party Risk Management
 BASEL II/III; SOC2 Type 1 and 2; PCI-DSS
 Cloud Computing Security (AWS & Azure); Identity Access Management (IAM); COSO
 NIST Cyber Security Framework (CSF), NIST SP 800-171, NIST SP 800-171A, NIST SO 800-172,
NIST SP 800-172A, NIST SP 800-37 (Risk Management Framework) and 800-53r5 (Security and
Privacy Controls)
 FedRAMP; US government regulations: DFARS: 252.204-7008, 252.204-7009, and 52.204–7012,
and 52.204-21, International Traffic in Arms Regulations (ITAR); NIST CSF
 Business Case Development; Support IT strategy development and implementation
 Key Performance Indicators (KPIs)
 Logical Approach; IT Security Consulting; Application Technology; Data Privacy Consulting
 Data Analysis; Internal Audit; Presentations; Work with C-level management

EDUCATION AND TRAINING:


Education:
 Master of Science in Cyber Security Technology, GPA 3.80: University of Maryland University
College, Adelphi, MD.
 Associates of Arts in Business Administration, GPA 3.90: Central New England College,
Worcester, MA.
 Bachelor of Science Accounting, GPA 3.67: Bentley University, Waltham, MA
 Certificate for Client/Server Development: Worcester Polytechnical Institute Graduate School,
Worcester, MA.

Licenses & Certifications:


 Certified CMMC Professional (CCP)
 Certified Information Systems Auditor (CISA) Certification Number: 16129113. Expires January 31,
2025
 Held HITRUST Certified CSF Practitioner (CCSFP), Number 59051.
 Held CISM from 2008 to 2012
 ISO27001 Foundations Exam

TECHNICAL SKILLS:
 Compliance Standards: NIST 800-53, NIST 800-37 (RMF) (Replaced DIACAP C&A Defense
Contractors), ISO27001/2, HITRUST, FFIEC, FDIC, GLBA, PCI-DSS, GDPR, CCPA, and FBI
CJIS.
 Software: Microsoft Office Applications (Outlook, Word, Excel, Access, and PowerPoint), GRC
Software (RSA Archer and ServiceNow GRC), Windows Server, Linux.

PROFESSIONAL EXPERIENCE:
PSEG Long Island, NYC 11/2023 to Present
Cybersecurity Specialist and Project Manager
 Performing administrative and technical project management support for electrical utility
organization to support remediation of cybersecurity audit comments. Project restructured to reduce
cost, my position was eliminated and replaced by full time employee.

Dollar General, Remote 07/2022 to 02/2023


Cybersecurity - IT Risk Manager
 Assisted cybersecurity department of a retail giant with 20,000 stores and $32 billion in revenue in
addressing internal audit's remarks for IT general and app controls of major point of sale project.
 Delivered proactive support to CISO and top management in addressing key risks related to crucial
projects by finding solutions and reassigning as non-critical.
 Designed and developed IT risk management tools, such as risk register, to enable management of
numerous complex risks related to major rollout of next generation point-of-sale system.
 Designed reporting for senior management with risk management metrics.
Cisco, Inc, CA 02/2022 to 05/2022
Cybersecurity - Cloud Compliance Engineer
 Strategically positioned as cloud compliance engineer for Cisco global cloud compliance PMO
initially on a long-term contract delivering cloud compliance support to internal and external audit
and SOC 2.
 Conducted in-depth review to support SOC 2 audit for eight security products using ISO27001 IT
Security Framework (ITSF).
 Enhanced control analysis and maintained documentation by delivering proactive support to the
Cloud Compliance Group.
 Provided enhanced documentation, superior to existing SOC 2 documentation that delivered superior
approach to SOC 2 program.
 The contract was abruptly ended due to internal financial issues that resulted in layoffs and the
repurposing of my contract.

Farmers Insurance, Woodland Hills, CA 08/2021 to 02/2022


Information Security Specialist
 Provided SOC 2 audit support to Farmers Insurance to meet reporting requirements for stakeholders
regarding migration of seven MetLife applications to hybrid hosting model combining on-premises
and AWS cloud environments. Adhered to ISO27001 IT Security Framework.
 Consistently collaborated with cybersecurity department to create SOC 2 framework and evaluate
controls for Met-Life's major application acquisition.
 Designed and executed SOC2 audit management tool based on comprehensive research of AICPA
literature, providing high-quality products from cybersecurity department.

Hoag Memorial Hospital Presbyterian, Irvine, CA 12/2020 to 08/2021


Cybersecurity Engineer
 Positioned as interim cybersecurity risk specialist, implementing governance, risk, and compliance
program, which included implementing risk program, selecting integrated risk management solution,
and PCI while supporting 12-month-delayed HITRUST CSF implementation.
 Served as interim cybersecurity GRC specialist and increased progress of lagging HITRUST project
from 2% to 40% in nine months.
 Utilized Excel to design and develop 25 MB HITRUST implementation management tool,
providing CISO, for first time, insight to lack of progress over two years, only 2% of 726 controls
completed, with expenditure of $300K.
 Supporting design of GRC program that included Third-Party Risk Management.
 Focused on IAM of user access across various healthcare areas, such as patient intake, clinical, HR,
finance, and accounting.
 Cybersecurity incidents/vulnerability scanning exception analysis and remediation.
 Worked closely with the legal department to determine which California and Federal laws applied to
privacy within the hospital for patients and employees.

SOAProjects, Inc, Mountain View, CA 11/2019 to 05/2020


Engineer, IT Compliance & Advisory Services
 Executed IT compliance projects, such as SOX. Planned and developed scope of IT audits for
financial applications on ERP platforms.
 Conducted SOX testing for numerous companies while maintaining strict compliance with defined
timelines and budgetary constraints. Conducted TPRM reviews of vendors.
 Contracted Covid-19 and firm had major revenue problems due to pandemic. Had to quit due to
extended Covid illness.
Verizon Smart Communities Division, San Jose, CA 08/2018 to 05/2019
GRC/Security Analyst
 Delivered proactive support regarding public safety solutions by ensuring compliance with FBI
Criminal Justice policies in GovCloud of Amazon Web Services IAAS cloud model.
 Executed NIST-based risk assessment and FedRAMP requirements based on NIST standards and
utilizing ISO27001 IT Security Framework.
 Spearheaded overall aspects involved in execution of FBI Criminal Justice Information Services
framework for two law enforcement applications by utilizing numerous NIST documents, such as
NIST SP 800-53r4.
 Cybersecurity incidents/vulnerability scanning exception analysis and remediation.

Cathay Bank, Rosemead, CA 11/2017 to 08/2018


IT Security Consultant
 Positioned as security consultant for PCM at Cathay Bank, focusing on maintaining strict regulatory
compliance with FFIEC, FDIC, GLBA, and PCI-DSS standards. Evaluated security of patch
management, vulnerability scanning, and IT infrastructure.
 Delivered subject matter expertise to ensure timely completion of activities for multiple frameworks,
including FFIEC, FDIC, GLBA, and PCI-DSS standards.

The Walt Disney Company, Burbank, CA 03/2017 to 09/2017


IT Security Consultant
 As a contractor, performed TPRM for Walt Disney Studios, Legal, Finance, and IT Infrastructure
globally vendor cyber security, disaster recovery and business continuity controls.
 Worked with cloud security controls (IaaS, PaaS, and SaaS).
 Used ISO27001 IT Security Framework (ITSF).

UHG, Monarch Health Care, Irvine, CA 12/2015 to 03/2017


IT Compliance Analyst
 Managed overall aspects involved in localization of UHG's IT and security policies to Monarch
Health Care division, resulting in integration of local LAN IT into UHG infrastructure with UHG
policy alignment.
 Adhered to ISO27001 IT Security Framework.
 Established and implemented robust processes for new UHG acquisition to integrate acquisition’s
network into UHG’s network.

HP, Remote, Brea, CA 02/2015 to 11/2015


Cyber Security-Business Security Planning Analyst
 Performed IT security review of 200+ applications to support the anticipated split of HP into two
entities 10/31/2015, HP Enterprises and HP Incorporated.
 Application security reviews consisting of on-premises applications and IT infrastructure, as well as
HP private cloud, Microsoft Azure, and AWS. Used ISO27001 IT Security Framework (ITSF).
 Participated in the cybersecurity incident response process by assisting in incident forensic analysis,
risk assessment, and remediation.

Mercury Defense Systems, Cypress, CA 07/2012 to 02/2015


IT Audit/SOX Consultant
 As a full-time employee supported corporate audit department by performing IT audit/IT SOX testing
of local defense manufacturing applications and local IT infrastructure.
 Supporting government contracting accounting and contract adherence federal control regulations and
contract requirements, and federal regulatory compliance.
PC Mall, Torrance, CA 01/2008 to 07/2012
Manager, SOX Finance & IT Compliance
 As full-time employee, functional manager who started the SOX Compliance Department and
performed SOX testing for four ½ years.
 Used ISO27001 security framework and PCI-DSS security framework to assure adequate security
compliance for application and IT infrastructure.
 Also, employed COBIT to provide guidance to development of IT department and support business
continuity / disaster recovery.
 Participated in the cybersecurity incident response process by assisting in incident forensic analysis,
and risk management.

You might also like