Profiles search
Kevin Smith
Principal Information Security Analyst, GDIT
Details
Education:
Masters of Science
Information Assurance
Norwich University
2004 : 2005
Bachelor of Arts
Computer Information Systems
William Penn College
1993
Associates
High Tech Electronics
Des Moines Area Community College
1989
High School
Dexter Senior High School
1979 : 1982
Information Assurance
Norwich University
2004 : 2005
Bachelor of Arts
Computer Information Systems
William Penn College
1993
Associates
High Tech Electronics
Des Moines Area Community College
1989
High School
Dexter Senior High School
1979 : 1982
Experience:
2017 : Present
General Dynamics Information Technology
Principal Information Security Analyst
Responsibilities include :
- Understanding Corporate Information Security Programs and applying them o the Principal Global Investors business unit.
- Identify risks and issues in the business unit and participate in risk assessments with Corporate Information Security.
- Collaborate with Corporate Information Security, suppliers or IT staff to implement controls.
- Operate as an extension of the Business Information Security Officer (BISO) to execute upon all security related strategies as it relates to the business unit.
2016 : 2017
Principal Global Investors
Senior Information Security Analyst
* Coordinated corporate information security program.
- Prepared organization for a SOC2 audit.
- Developed security policy and implemented security awareness training
- Conducted security audits and risk assessments for internal and external customers
- Conducted threat and vulnerability monitoring
- Developed computer incident response procedures and acted as lead responder
* Managed FISMA compliant information security programs for Federal contracts including the Centers for Medicare and Medicaid Measure Authoring Tool (MAT) and the Quality Innovation Network National Coordination Center (QIN-NCC) and the Quality Innovation Network Quality Improvement Organizations for Iowa, Illinois, and Colorado (QIN-QIO).
- Acted as Information System Security Officer for Centers for Medicare and Medicaid contracts.
- Developed and implemented system security plans and plan of actions and milestones.
- Performed risk assessments and conducted security control testing.
- Conducted privacy impact assessments.
- Developed disaster recovery plans and conducted exercises.
- Developed training programs and mentoring for Security Points of Contacts (SPOCs).
* Act as information security subject matter expert.
- Assessed and responded to security requirements in contracts and requests for proposals.
- Designed, reviewed and assessed security in information system architectures.
- Performed infrastructure and web application vulnerability assessments.
- Coordinated with infrastructure teams to implement DISA-STIGs and USCCGB in the environment.
- Supported HIPAA Privacy Officer with development of compliant processes and procedures.
2015 : 2016
Telligen
Senior Information Security Analyst
Transitioned to NewWave Telecom & Technologies to fill the key security position in the NewWave-GDIT, LLC joint venture. Managed FISMA compliant information security programs for Federal contracts including the Centers for Medicare and Medicaid Chronic Condition Warehouse (CCW) and Virtual Research Data Center (VRDC).
* Managed security deliverables for the transition of the CCW/VRDC from General Dynamics Information Technology to the NewWave-GDIT, LLC joint venture.
- Drafted security impact assessments, interconnection security agreements (ISA) and third party web site privacy assessments (TPWA) related to transition.
- Developed and implemented system security plans and plan of actions and milestones.
- Performed risk assessments and conducted security control testing.
- Conducted privacy impact assessments.
- Developed and conducted contingency plan tests and exercises.
* Act as information security subject matter expert.
- Assessed and responded to security requirements in agile development processes
- Designed, reviewed and assessed security in information system architectures
- Performed infrastructure and web application vulnerability assessments
- Provide ad hoc security support for NewWave corporate security and other contracts
* Managed conversion of CCW security reporting from the CMS CFACTS 1.0 system to the CFACTS 2.0 system.
* Managed the CCW side of a Department of Homeland Security Risk and Vulnerability Assessment, resulting in the fewest findings the assessors had seen.
2015 : 2015
NewWave Telecom & Technologies, Inc.
Senior Security Manager
* Managed FISMA compliant information security programs for Federal contracts including the Centers for Medicare and Medicaid Chronic Condition Warehouse (CCW) and the Quality Improvement and Evaluation System (QIES).
- Developed and implemented system security plans and plan of actions and milestones.
- Performed risk assessments and conducted security control testing.
- Conducted privacy impact assessments.
- Developed security compliant multi-tier, multi-zone infrastructure architecture.
- Developed and presented role-based security awareness training.
- Developed and conducted contingency plan tests and exercises.
- Conducted data management plan security reviews for researchers requesting access to CMS data.
* Acted as information security subject matter expert.
- Assessed and responded to security requirements in a CMMI Level 3 development process that included Agile, Waterfall, and Iterative system design life cycles.
- Designed, reviewed and assessed security in information system architectures
- Performed infrastructure and web application vulnerability assessments
* Supported business partner in turning around risk of losing authority to operate for a Center for Medicare & Medicaid Services contract, resulting only three low findings.
- Worked with IT management and workforce to develop a security program that coordinated with the organization’s Capability Maturity Model Integration efforts.
- Worked with organization’s senior management to develop a set of compliant information security policies that fit the corporate culture.
- Worked with all levels or organization personnel to implement security processes.
2013 : 2015
General Dynamics Information Technology
Principal Information Security Analyst
General Dynamics Information Technology
Principal Information Security Analyst
Responsibilities include :
- Understanding Corporate Information Security Programs and applying them o the Principal Global Investors business unit.
- Identify risks and issues in the business unit and participate in risk assessments with Corporate Information Security.
- Collaborate with Corporate Information Security, suppliers or IT staff to implement controls.
- Operate as an extension of the Business Information Security Officer (BISO) to execute upon all security related strategies as it relates to the business unit.
2016 : 2017
Principal Global Investors
Senior Information Security Analyst
* Coordinated corporate information security program.
- Prepared organization for a SOC2 audit.
- Developed security policy and implemented security awareness training
- Conducted security audits and risk assessments for internal and external customers
- Conducted threat and vulnerability monitoring
- Developed computer incident response procedures and acted as lead responder
* Managed FISMA compliant information security programs for Federal contracts including the Centers for Medicare and Medicaid Measure Authoring Tool (MAT) and the Quality Innovation Network National Coordination Center (QIN-NCC) and the Quality Innovation Network Quality Improvement Organizations for Iowa, Illinois, and Colorado (QIN-QIO).
- Acted as Information System Security Officer for Centers for Medicare and Medicaid contracts.
- Developed and implemented system security plans and plan of actions and milestones.
- Performed risk assessments and conducted security control testing.
- Conducted privacy impact assessments.
- Developed disaster recovery plans and conducted exercises.
- Developed training programs and mentoring for Security Points of Contacts (SPOCs).
* Act as information security subject matter expert.
- Assessed and responded to security requirements in contracts and requests for proposals.
- Designed, reviewed and assessed security in information system architectures.
- Performed infrastructure and web application vulnerability assessments.
- Coordinated with infrastructure teams to implement DISA-STIGs and USCCGB in the environment.
- Supported HIPAA Privacy Officer with development of compliant processes and procedures.
2015 : 2016
Telligen
Senior Information Security Analyst
Transitioned to NewWave Telecom & Technologies to fill the key security position in the NewWave-GDIT, LLC joint venture. Managed FISMA compliant information security programs for Federal contracts including the Centers for Medicare and Medicaid Chronic Condition Warehouse (CCW) and Virtual Research Data Center (VRDC).
* Managed security deliverables for the transition of the CCW/VRDC from General Dynamics Information Technology to the NewWave-GDIT, LLC joint venture.
- Drafted security impact assessments, interconnection security agreements (ISA) and third party web site privacy assessments (TPWA) related to transition.
- Developed and implemented system security plans and plan of actions and milestones.
- Performed risk assessments and conducted security control testing.
- Conducted privacy impact assessments.
- Developed and conducted contingency plan tests and exercises.
* Act as information security subject matter expert.
- Assessed and responded to security requirements in agile development processes
- Designed, reviewed and assessed security in information system architectures
- Performed infrastructure and web application vulnerability assessments
- Provide ad hoc security support for NewWave corporate security and other contracts
* Managed conversion of CCW security reporting from the CMS CFACTS 1.0 system to the CFACTS 2.0 system.
* Managed the CCW side of a Department of Homeland Security Risk and Vulnerability Assessment, resulting in the fewest findings the assessors had seen.
2015 : 2015
NewWave Telecom & Technologies, Inc.
Senior Security Manager
* Managed FISMA compliant information security programs for Federal contracts including the Centers for Medicare and Medicaid Chronic Condition Warehouse (CCW) and the Quality Improvement and Evaluation System (QIES).
- Developed and implemented system security plans and plan of actions and milestones.
- Performed risk assessments and conducted security control testing.
- Conducted privacy impact assessments.
- Developed security compliant multi-tier, multi-zone infrastructure architecture.
- Developed and presented role-based security awareness training.
- Developed and conducted contingency plan tests and exercises.
- Conducted data management plan security reviews for researchers requesting access to CMS data.
* Acted as information security subject matter expert.
- Assessed and responded to security requirements in a CMMI Level 3 development process that included Agile, Waterfall, and Iterative system design life cycles.
- Designed, reviewed and assessed security in information system architectures
- Performed infrastructure and web application vulnerability assessments
* Supported business partner in turning around risk of losing authority to operate for a Center for Medicare & Medicaid Services contract, resulting only three low findings.
- Worked with IT management and workforce to develop a security program that coordinated with the organization’s Capability Maturity Model Integration efforts.
- Worked with organization’s senior management to develop a set of compliant information security policies that fit the corporate culture.
- Worked with all levels or organization personnel to implement security processes.
2013 : 2015
General Dynamics Information Technology
Principal Information Security Analyst
Company:
General Dynamics Information Technology
Years of Experience:
25
Skills
Business Continuity, Computer Forensics, Computer Security, Data Center, Disaster Recovery, Firewalls, FISMA, HIPAA, Information Assurance, Information Security, Information Technology, ISO 27001, Penetration Testing, Risk Assessment, SDLC, Security, Security Architecture Design, Security Audits, Security Awareness, Security Policy, Software Documentation, Vulnerability Assessment
About
Specialties: Information Assurance
Profile Photo
