Profiles search

Jonathan Chesebrough

Governance, Risk & Compliance (GRC) | Cybersecurity & Resiliency | Third-Party Risk | IT & Management Consulting | Internal Audit | Double Master's Summa Cum Laude | DoD Security Clearances | Cyber-certified (DoD 8570)
Atlanta, GA, United States

Details

Education: Master of Business Administration - MBA



University of Maryland Global Campus

2014 : 2016

Master of Science

Cybersecurity

University of Maryland Global Campus

2012 : 2015

Bachelor’s Degree

Information Technology

Virginia Tech

1998 : 2003

DAWIA Certificates in Information Security and Engineering



Defense Acquisition University
Experience: Leads a team of infosec governance professionals within the Security and Resiliency organization specializing in complex customer and supplier security negotiations and responding to security inquires (assessments, audits, vulnerabilities, and incidents). Identifies security risks, operational infeasibilities, deviations from industry standards/regulations, and general liabilities within customer and supplier contracts. Partners cross-functionally (Legal, Privacy, Compliance, Sales, Business Units, Product Teams, Third-Party Risk Management) to automate processes, develop security assurance collateral, support vendor risk management and supplier regulatory compliance, and enable customer acquisition and annually recurring revenue. Provides first-line security response and enablement to customers and suppliers.

• Drove revenue enablement, customer acquisition, and retention by personally processing 186 contracts (to-date) valued over $3.26B in new and annually recurring revenue (ARR)

• Personally reviewed 121 (to-date) critical supplier contracts supporting VMware products, Services and corporate functions

• Responds dynamically to security assessments and follow-up inquiries from strategic, high-value, and regulated customers (e.g., Financial Services, Energy Grid Operators/Utility Providers, Telecom)

• Leads first-line response to customer security vulnerability, incident, and geopolitical instability inquiries (312 to-date) by coordinating cross-functionally (Legal, SIRT, Incident Management)

• Automates/streamlines processes (e.g., developed RACI matrices; implemented HelpNow+ ticketing system to manage security requests and enable managerial metrics reporting)

• Mentors and empowers peers through skills development, delegation, and coaching through complex requests, issue resolution, and escalation management

2021 : Present

VMware

Information Security

Led a team of auditors on the Third-Party Vendor Risk Management team. Performed ISMS/Governance (managerial, operational, physical and technological) security risk assessments of suppliers to regulated energy sector clients. Identified gaps in supplier governance. Served as account manager for energy sector utility provider clients.

• Led a team of 3-5 security risk assessors on the Third-Party Vendor Risk and Supply Chain Risk Management Team

• Reviewed and approved third-party vendor risk assessments performed by Senior Assessors

• Evaluated Information Security Management Systems (ISMS) and security governance of suppliers to FERC regulated (NERC CIP-13) energy sector clients (utility providers and energy grid operators), to include managerial, operational, physical, and technical controls

• Identified gaps between supplier governance, industry standards and contractual agreements

• Determined findings representing deficiencies in supplier ISMS programs

• Documented and reported findings in supplier governance to clients

• Performed smoke and user acceptance testing (UAT) of proprietary assessment and vulnerability management platform

• Provided subject matter expertise and mentoring to new and junior assessors

• Served as the account manager for two energy sector utility provider clients

• Participated in an international risk assessment pilot project

• Reviewed third party Non-Disclosure Agreements, security contracts, security contract supplements, and Service Level Agreements (SLA)

• Produced service level metrics and Quarterly Business Reports (QBR) aligned to client delivery and contractual obligations

2020 : 2021

Fortress Information Security

Lead Senior Security Risk Associate & Account Manager, TPRM/SCRM

Served as a L2 specialist on the leadership team of the Internal Audit and Advisory Services IT department. Performed complex audits of Voya’s IT, cybersecurity, and privacy practices. Provided guidance to junior auditors. Partnered with business unit leadership to develop remediation or mitigation strategies for deficiencies identified during audits.

• Performed IT, cybersecurity, and privacy practice audits and interpreted risk assessments to evaluate internal processes and systems

• Analyzed the internal design and effectiveness of controls governing IT and cybersecurity functions of the business

• Communicated with internal stakeholders to interpret the processes and workflows governing IT and cybersecurity functions

• Evaluated controls employed to mitigate technology, operational, fraud, financial, and reputational risks

• Developed procedures to communicate testing objectives, processes and methodologies to management

• Identified potential or actual weaknesses, gaps and deficiencies in the design and effectiveness of controls, processes and procedures

• Worked with business leaders to design strategies mitigating or remediating control gaps, risks and vulnerabilities

• Collaborated with audit and business (e.g., corporate, legal, executive, investigations) leadership to track, close and report on the status of Internal Audit findings

• Performed mitigation or remediation status checks with business units to manage the closure of findings

• Contributed to the ongoing modernization of functions and processes governing the internal audit department

• Volunteered on the social committee to organize department events fostering team building

• Interviewed potential candidates for IT Internal Audit staff

• Helped drive program efficiency as a member of the IAAS leadership team, participated in IT Internal Audit leadership team huddles and meetings

2019 : 2020

Voya Financial

IT Audit Security Specialist ll, Internal Audit and Advisory Services

Served as a U.S. Federal Service Government Civilian (U.S. Navy) at the NO-5 (Information Security) and ND-4 (Engineering) grades at the Naval Information Warfare (NAVWAR) Command, formerly the Space and Naval Warfare (SPAWAR) Command.

Information Assurance lead, stationed at the Command’s Naval Information Warfare Center, Atlantic. Responsible for the full range of cybersecurity, Assessment & Authorization (A&A), Certification & Accreditation (C&A), and Authorities to Operate (ATO) on Govt networks for a major ACAT 1AC U.S. Navy Program of Record (PoR) information system deployed globally (combatant ships, shore facilities, agencies, and sensitive locations to include the White House).

• Managed NIPRNet and SIPRNet eMASS accreditation packages

• Maintained System Security Plans (SSP), Risk Assessment Reports (RAR) and Plans of Action and Milestones (POA&M)

• Installed, configured, and deployed automated tools to perform static and dynamic assessments of Navy IT systems (e.g., Tenable Nessus, ACAS SecurityCenter, HP WebInspect, HP Fortify)

• Collaborated with active duty forward-deployed forces to analyze and assess vulnerabilities of systems on combatant ships, at shore sites, and in support data centers in both classified (SIPRNet) and unclassified (NIPRNet) environments

• Coordinated with software engineers to mitigate or remediate security vulnerabilities identified from automated scanning and information assurance vulnerability alerts (IAVA) issued by DoD authorities

• Coordinated with command Information Assurance Vulnerability Manager (IAVM) to ensure complete and accurate tracking of IAVA compliance

• Maintained security accreditations ensuring systems are authorized to operate on U.S. Navy and other military networks

• Responsible for compliance with Executive Orders for the management and safeguarding of classified information 

• Competed a DISA course on Host Based Security System (HBSS) administration ePO (currently named ESS)

2015 : 2018

NAVWAR

Information Systems Security Engineer (ISSE), Cybersecurity Lead, and A&A/C&A SME

Broad range of experience as an Associate with Booz Allen Hamilton—a global management and technology consultancy. Served multiple internal leadership, client delivery, and program management roles across DoD and Federal domains. Frequently led teams of 5-7 staff and 15-30 industry experts. Provided cybersecurity, force readiness and force protection analyses. Successfully led multi-year engagements to analyze and modernize legacy information systems and enterprise processes.

Roles : Program Manager, Requirements Manager, Lead Business Systems Analyst, Cybersecurity Analyst

Federal and DoD clients : DHS, NAVIFOR, FLTCYBERCOM, CNRFC, COMOPTEVFOR, NAVAIR, NAVWAR (SPAWAR), AIR FORCE, DISA

* Please inquire for detailed work history and accomplishments at Booz Allen.

2004 : 2015

Booz Allen Hamilton

Associate (Program Manager; Technology, Strategy & Cybersecurity Consultant)
Company: VMware
Years of Experience: 19

Skills

A&A, Account Management, Business Process Improvement, Coaching & Mentoring, Contract Management, Contract Negotiation, Contractual Agreements, Cross-functional Collaborations, Cross-functional Coordination, Cross-Functional Team Building, Cross-functional Team Leadership, Customer Acquisition, Customer Engagement, Customer Relationship Management (CRM), Cybersecurity, Defense, DITSCAP, Federal Government, Government, Government Contracting, Information Assurance, Information Security, Information Security Governance, Information Security Management System (ISMS), Integration, Leadership, Non-disclosure Agreements, Operational Streamlining, Process Automation, Professional Mentoring, Program Management, Project Management, Quarterly Reporting, Reporting & Analysis, Requirements Analysis, Resiliency, Risk Assessment, Risk Management, Risk Management Framework (RMF), Security, Security Audits, Security Incident Response, Team Leadership, Third-Party Vendor Management, Third Party Risk Management (TPRM), U.S. Department of Defense, U.S. Department of Defense Information Assurance Certification and Accreditation Process (DIACAP), User Acceptance Testing, Vendor Contracts, Vendor Negotiation

About

Experienced and credentialed security and risk management practitioner with over 20 years of leadership and professional experience across DoD, Federal and corporate domains:



• Governance, Risk and Compliance (GRC)

• Management and IT consulting

• Security contracts review, negotiation and management

• DoD Assessment & Authorization (A&A) and Certification & Accreditation (C&A)

• Cyber-certified and DoD 8570 compliant

• Internal and third-party risk assessment

• Internal IT auditing

• Information security, risk management and resiliency

• Enterprise systems integration

• Mission analyses

• U.S. DoD and military intelligence and force readiness

• Cross-functional coordination and partnership

• Protection of classified information

• Held and maintained DoD Security Clearances (TS)



Member of two University of Maryland Honor Societies: Upsilon Pi Epsilon International Honor Society for the Computing and Information Disciplines and Phi Kappa Phi Honor Society.



University of Maryland:

• Master of Business Administration, Dec 2016, Summa Cum Laude, GPA 4.0

• Master of Science in Cybersecurity, Dec 2015, Summa Cum Laude, GPA 4.0

• Graduate Certificate in Cybersecurity Technology, May 2014



Virginia Polytechnic Institute and State University (Virginia Tech):

• Bachelor of Science in Mgmt., Entrepreneurship, and Information Technology, May 2003



• (ISC)2 CISSP in-progress (boot camp 09/17/2023 – 09/22/2023)

• GIAC Security Leadership (GSLC): DoD 8570 IAM III (exp 09/30/2026; #8505)

• CompTIA Security+: DoD 8570 IAT II (exp 05/18/2027; #COMP001020410268)

• DoD Defense Acquisition University (DAU) Defense Acquisition Workforce Improvement Act (DAWIA) certifications: Information Security (2018) and Engineering (2015)