Lawrence Eugene Blessing
Lawrence Eugene Blessing
Lawrence Eugene Blessing
PROFESSIONAL SUMMARY:
Cybersecurity GRC expert, which includes extensive experience working with SOX, ISO
27001/27002, NIST SP 800-53r4, NIST Cybersecurity Framework (CSF), NIST RMF (NIST SP 800-
37), SOC2 Type 1 and 2, PCI-DSS, which was gained in different roles over 10+ years in GRC roles,
as well as 10+ years in IT audit/SOX roles. GRC experience includes strategy, policy, and procedure
development, GRC platform selection and use (RSA Archer GRC and ServiceNow GRC),
cybersecurity risk process design, PCI DSS certification support, HITRUST implementation support,
and technical security assessments. Technical security assessments performed of IT infrastructure,
AWS, Azure, cloud, Peoplesoft ERP, networks, and web applications.
Extensive international experience. Have performed IT audit assignments in UK (England), France
(Paris), and Austria (Vienna). Worked at Credit-Suisse Group and lived in Zurich, Switzerland for
nine months. IT Audit Manager for Banco Italiano based in Milan, Italy for two years with area of
support Italy and Ireland. IT Security architect and project manager for KPMG (London) for three
years in Riyadh, Saudi Arabia implementing WAN security for National Information Center
throughout Saudi Arabia for the larges WAN in Middle East with 22,000 users.
Third-Party Risk Management contract with Disney supporting Disney global legal, finance and IT
infrastructure departments for seven months, and five months with United Health Group.
Expert level with Microsoft suite including Word, Excel, and PowerPoint.
Hold Master of Science (Cyber Security Technology), at the University of Maryland University
College (UMUC) graduating in 2018 with a GPA of 3.80. UMUC has been designated as a National
Center of Academic Excellence in Information Assurance and Cyber Defense Education by the
National Security Agency and the Department of Homeland Security and as a National Center of
Digital Forensics Academic Excellence by the Defense Cyber Crime Center Academic Cyber
Curriculum Alliance.
Areas of Expertise:
Governance, Risk & Compliance (GRC) Management
GRC Subject Mater Expert to Technical and User Community
Lifecycle Management of Client Responses to Risk Assessments and Audit Findings
IT Security Risk Management; Technical Writer of Policies, Procedures, and Standards
Lifecycle Management of Cybersecurity Policies, Standards, Procedures, Process Guidelines and
Support Documentation; IT Audit / SOX
Splunk (Supported Cyber Analyst Team on Integrating with GRC)
Government contract accounting and government contract review to assure compliance with
government regulations and contract requirements, Compliance Reporting
Collaboration with DevOps; Written, Verbal, and Online Communications at All Levels
Project Management; Security Awareness Training; Business Continuity/Disaster Recovery Planning
IT Controls Compliance; Infrastructure Security
ServiceNow GRC Support; RSA Archer GRC Support; Third Party Risk Management
BASEL II/III; SOC2 Type 1 and 2; PCI-DSS
Cloud Computing Security (AWS & Azure); Identity Access Management (IAM); COSO
NIST Cyber Security Framework (CSF), NIST SP 800-171, NIST SP 800-171A, NIST SO 800-172,
NIST SP 800-172A, NIST SP 800-37 (Risk Management Framework) and 800-53r5 (Security and
Privacy Controls)
FedRAMP; US government regulations: DFARS: 252.204-7008, 252.204-7009, and 52.204–7012,
and 52.204-21, International Traffic in Arms Regulations (ITAR); NIST CSF
Business Case Development; Support IT strategy development and implementation
Key Performance Indicators (KPIs)
Logical Approach; IT Security Consulting; Application Technology; Data Privacy Consulting
Data Analysis; Internal Audit; Presentations; Work with C-level management
TECHNICAL SKILLS:
Compliance Standards: NIST 800-53, NIST 800-37 (RMF) (Replaced DIACAP C&A Defense
Contractors), ISO27001/2, HITRUST, FFIEC, FDIC, GLBA, PCI-DSS, GDPR, CCPA, and FBI
CJIS.
Software: Microsoft Office Applications (Outlook, Word, Excel, Access, and PowerPoint), GRC
Software (RSA Archer and ServiceNow GRC), Windows Server, Linux.
PROFESSIONAL EXPERIENCE:
PSEG Long Island, NYC 11/2023 to Present
Cybersecurity Specialist and Project Manager
Performing administrative and technical project management support for electrical utility
organization to support remediation of cybersecurity audit comments. Project restructured to reduce
cost, my position was eliminated and replaced by full time employee.