* Creation and management of technology roadmaps, e.g.: SIEM, IDS, SOC, SIEM

* Developed capability roadmaps addressing mitigation of internal and external threats

* Formulated, documented and communicated IT Security strategy to IT leadership

* Best Practice Identification

* Security architecture development, e.g.: Virtual Data Center, Zoning/segmentation, BYOD, Cloud adoption, Endpoint protection, secure web gateway

* Documented alignment of proposed solutions to frameworks, architecture, strategy, business need and threat mitigations

* Gap assessment (framework, maturity, capability, threat, business initiative)

* Compelling and persuasive communication skills

* Responsible for developing corporate e-mail communications

* Able to tailor messages to all levels and audience types/sizes

* Significant PowerPoint presentation experience

* SharePoint expertise

*I have experience and/or certification in Lean Six Sigma (green belt), Agile, Technical project management, AWS Well Architected Framework

*Deep knowledge of various security relevant frameworks including NIST CSF, NIST 800-53, ISO 2700x and experience mapping to corporate policy

*Experience assessing alignement with NIST CSF, NIST 800-53, ISO 2700x

* Assessments of how technology solutions would resolve security concerns, for example: CASB, SEG, NGAV, Email protection, malicious domain protection

* Gap identification and mitigation analysis

* Product, solution and vendor analysis and comparisons. Solution bake-offs, product selection, RFP creation and response evaluation.

* Deep knowledge of various security relevant frameworks including NIST CSF, NIST 800-53, ISO 2700x

* Collaboratively set, evaluate, and manage goals and priorities

* Ability to lead through example, influence and negotiation

* Guidance and mentorship to security teams at varied seniority levels

* Trusted advisor, thought leader, consultant

* Champion the strategy and vision of the organization

* A trusted team member leading by example

* Demand and impact analysis, management engagement and approval cycles

* Development and maintanence of artifact content including policy, standard, guidelines

* Data classification and handling policy and guidance

* Alignment of policy artifacts to industry standards and regulatory environments (e.g. NIST, ISO, PCI..)

* Management of the policy function maturity level and the organizational policy framework

* AWS and Azure Security design

* Cloud adoption security strategy and frameworks alignment and creation

* Infrastructure security as code (e.g. AWS CloudFormation)

* Automation support (e.g. Python, Lambda, scripted workflows)

* Architecting secure cloud-based infrastructure and application solutions

* Website development, maintenance. SharePoint adminstration and content management.

* Java

* Python

* Static and basic web pages (like this one) that rely on Javascript

* Cloud infrastructure as code - CloudFormation

* Scripting - Javascript, Powershell, more

* Documenting

* DevSecOps

* Platform conversions and technology transitions

* COBOL, Algol, Perl, VisualBasic, more

* SQL

* Creation and maintenance of a detailed security awareness calendar, highlighting monthly training themes, articles, newsletters, site updates, and internal communication updates.

* Development of training and awareness materials including site theme pages, articles, newsletters, posters, digital signage, and courseware

* Scheduling and promotion of essential cybersecurity annual training along with additional specialized and role-based training as needed, with executive reporting on training completion and effectiveness

* Organization of monthly forums to educate the global workforce on emerging cybersecurity topics and trends

* Identification of training demand based on attack simulation results, compliance challenges and regulatory scope, detected events and incident lessons learned

* Advocating for human based controls and the awareness/training components necessary to achieve them

* Creation and transmittal of cybersecurity-related communications for a broad range of audiences, both internal and external

* Acting incident response manager for a global pharmaceutical firm

* Escalation point for SOC issues

* Performing post-mortem lessons learned

* Identification of playbook and runbook gaps against current threat landscape

* Management of IR document collection assuring consitency, validation, policy alignment and accessibility

* Incident response focal point