Profiles search
LaMarcus L.
CISO | CTO | Speaker | Award Winning Security Advisor | Board Member | Fintech Enthusiast | Digital Transformation | Sr. Information Security Officer for Cyber Risk, Global Cyber Security Services at Fiserv
Atlanta, GA, United States
Details
Experience:
• Governance, Risk and Compliance for over 48,000 internal users;
• Managing information security and risk management for 2-Billion-dollar business unit of the organization.
• Management over application security risk assessments & configuration of penetration test implementations.
• Software Security Impact Analysis (SSIA) (Fortify on Demand, Sonatype, WebInspect, Risk Fabric, ELK)
• Engage with technical teams to verify that our technical security controls and systems are operating properly to protect Fiserv and its clients against emerging Cybersecurity threats.
• Serve as a strategic advisor to business & technology owners.
• Responsible for the identification, analysis, documentation, communication, and monitoring of individual IT risks, for the purpose of driving accountable leaders to effectively remediate these risks within the firm's risk appetite.
• Identify methods for policy / procedure compliance, distribution, training and awareness strategies
• Monitor customer compliance requirements; ensure all projects have a security requirement review at inception
• Customize security policies & procedures in accordance with business requirements
• Provide hands-on support for security tools and issue resolution
• Implement tools and automation for build, configuration management, continuous integration (CI), static and dynamic code analysis, deployment and application monitoring.
• Ensure all relevant KPIs are implemented within the Monitoring Engineering framework.
• Participate in all Production Support activities during incidents and outages. Hands-on technical resource capable of resolving all technical issues within lower and upper environments and making recommendation for performance and capacity improvements.
• Continuously improve micro services architecture to be easy to deploy, scalable, secure and fault tolerant.
• capacity planning, tuning systems stability, provisioning, performance, and scaling of the application infrastructure.
2020 : Present
Fiserv
Sr. Information Security Officer / Cyber Risk Manager, Global Cyber Security Services
• Ensure that Incident Response, Disaster Recovery and Business Continuity plans are in place and tested;
• Review, approve and/or create security policies, controls and cyber incident response planning; e.g., Information security policy, Classification policy, Access control policy, Acceptable use of assets, Risk Assessment, Statement of Applicability, Risk Treatment Plan, etc.
• Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities. Oversee identity and access management;
• Make sure that cyber security policies and procedures are communicated to all personnel and that compliance is enforced;
• Constantly update the cyber security strategy to leverage new technology and threat information;
• Brief the Executive Management Team on status and risks; the implementation status of safeguards.
• Managed delivery of all State of Georgia Executive Orders and GDC Cybersecurity Information Awareness Training.
• Coordinating all efforts related to personnel and Criminal Justice Information System data protection.
• Coordinated development of simulation platform for the Georgia Telecommunication Authority’s Statewide CyberDawg Information Security Training event [2020].
Compliance Management :
• FBI CJIS (Criminal Justice Information System) Security Policy Requirements
• FBI Security Addendum
• NCIC Operating Manual
• Title 28, Code of Federal Regulations –Sub Sec. 20+
• Criminal Justice Information (CJIS) Vendor Compliance Program
• Health Insurance Portability and Accountability Act (HIPPA)
• Georgia Technology Association / NIST
• Georgia Cybersecurity Board / Executive Orders
• Payment Card Industry Data Security Standard (PCI-DSS)
Boards and Committees :
• Change Request Management Board
• Information Technology Board
• Project Management Office
2020 : 2020
Georgia Department of Corrections
Chief Information Security Officer
•Administer and enforce the Information Security Program.
•Created, implement, and fine-tune information security policies that supported the objectives and requirements defined in the BOR-USG security plan. Created and managed University Cybersecurity Program Plan.
•Provided guidance on developing, implementing and effectively managing security processes and programs (Business Continuity Planning and Resilience, Incident Response Planning, Risk Management, Vulnerability Management, and Privacy). Created, implemented, and fine-tuned University Incident Response Plan.
• Managed internal security controls that were successful in ensuring compliance with BOR-USG security policies and Georgia Cybersecurity Board Executive Orders.
• Researched emerging technologies and identified use cases for inclusion into the Defense Security Profile.
• Engaged with IT managers as a key member of major project teams to ensure security considerations were addressed early and effectively.
• Coordinated security audits (internal/ external) from multiple agencies including State of Georgia Department of Audits and Accounting with excellent results.
• Conducted periodic gap analysis reviews of the internal Information Security program using industry standards e.g. ISO27001 and National Institute of Standards (NIST) Special Publications (800 Series).
• Create Project plans and assisted with monitoring and tracking of cyber-security solutions with focus on external and internal stakeholder congruity and other key metrics;
Compliance Management :
• Gramm-Leach-Bliley Act / Federal Student Aid (GLBA/FSA)
• European Union - General Data Protection Regulation (GDPR)
• Health Insurance Portability and Accountability Act (HIPPA)
• Federal Trade Commission / Federal Financial Institutions Examination Council (FTC/ FFIEC)
• Georgia Technology Association / NIST
• Georgia Cybersecurity Board / Executive Orders
• Payment Card Industry Data Security Standard (PCI-DSS)
2019 : 2020
University System Of Georgia
Information Security Officer
•Level 2-4 merchants readiness assessments ; Building assessment baseline to ensure that compliance is achieved efficiently
•Vendor Management with Approved Scanning Services and Penetration testing; focus on target identification, foot printing, and server and service vulnerability identification.
•Gap Analysis : Developing a comprehensive list of all remediation projects
•Remediation : Device configuration; Design, build, deploy and test of new or updated systems ; Process validation
•Training for in-house staff responsible for new systems, policies, procedures and controls.
•Evaluate and streamline core IT systems for multiple clients. Retired obsolete applications, established scalable platforms supporting business growth and strengthening information security.
2018 : 2019
Compliance Consultant
PCI Compliance Consultant
Security Assessment :
•Assist in the integration of assessment of assets, threats & vulnerabilities & assists in weighing
the calculated risk
•Enforced security strategies across applicable control families of NIST 800-53 r4, NIST SP 800-37.
•Conduct security research in keeping abreast of latest security issues & of hacker methodologies for Risk & Compliance; Maintain supporting documentation, adherence & identify gaps.
•Assist in responding to information security incidents and investigations.
•Conduct research on and maintain proficiency in computer network exploitation, tools, techniques, countermeasures, & trends in computer network vulnerabilities, network security.
Splunk Implementations :
•Planning & supporting of execution of assembling; Ownership of the log & data mining service.
•Perform data mining and analysis, utilizing various queries and reporting methods.
•Designing and maintaining production-quality dashboards.
•Perform research and conduct assessments of emerging threats.
•Develop filters to assist in the identification of significant events.
Tenable Nessus Implementations :
•Develop and present business cases to Management to improve security posture to effectively mitigate advanced threats
•Responsible for identifying & classifying cyber security vulnerabilities and work on mitigation plans with system owners, ensure plans are documented understood & track the results of the plan execution.
•Help build/improve an exception process to manage policy compliance deviation; On-board the assets for target technologies in enterprise security tool
System Administrator :
•Implementing network security policies; Consulting with staff, managers and executives on best security practices
•Developing and updating disaster recovery protocols; Perform network integration activities
•Assisted with applicable control families of NIST SP 800-47 (GTA PS-08-003,009,027,011)(SS-08-038/Remote)
• Defending systems against unauthorized access
2005 : 2018
State Capitol of Georgia General Assembly
Senior Information Technology Engineer
• Managing information security and risk management for 2-Billion-dollar business unit of the organization.
• Management over application security risk assessments & configuration of penetration test implementations.
• Software Security Impact Analysis (SSIA) (Fortify on Demand, Sonatype, WebInspect, Risk Fabric, ELK)
• Engage with technical teams to verify that our technical security controls and systems are operating properly to protect Fiserv and its clients against emerging Cybersecurity threats.
• Serve as a strategic advisor to business & technology owners.
• Responsible for the identification, analysis, documentation, communication, and monitoring of individual IT risks, for the purpose of driving accountable leaders to effectively remediate these risks within the firm's risk appetite.
• Identify methods for policy / procedure compliance, distribution, training and awareness strategies
• Monitor customer compliance requirements; ensure all projects have a security requirement review at inception
• Customize security policies & procedures in accordance with business requirements
• Provide hands-on support for security tools and issue resolution
• Implement tools and automation for build, configuration management, continuous integration (CI), static and dynamic code analysis, deployment and application monitoring.
• Ensure all relevant KPIs are implemented within the Monitoring Engineering framework.
• Participate in all Production Support activities during incidents and outages. Hands-on technical resource capable of resolving all technical issues within lower and upper environments and making recommendation for performance and capacity improvements.
• Continuously improve micro services architecture to be easy to deploy, scalable, secure and fault tolerant.
• capacity planning, tuning systems stability, provisioning, performance, and scaling of the application infrastructure.
2020 : Present
Fiserv
Sr. Information Security Officer / Cyber Risk Manager, Global Cyber Security Services
• Ensure that Incident Response, Disaster Recovery and Business Continuity plans are in place and tested;
• Review, approve and/or create security policies, controls and cyber incident response planning; e.g., Information security policy, Classification policy, Access control policy, Acceptable use of assets, Risk Assessment, Statement of Applicability, Risk Treatment Plan, etc.
• Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities. Oversee identity and access management;
• Make sure that cyber security policies and procedures are communicated to all personnel and that compliance is enforced;
• Constantly update the cyber security strategy to leverage new technology and threat information;
• Brief the Executive Management Team on status and risks; the implementation status of safeguards.
• Managed delivery of all State of Georgia Executive Orders and GDC Cybersecurity Information Awareness Training.
• Coordinating all efforts related to personnel and Criminal Justice Information System data protection.
• Coordinated development of simulation platform for the Georgia Telecommunication Authority’s Statewide CyberDawg Information Security Training event [2020].
Compliance Management :
• FBI CJIS (Criminal Justice Information System) Security Policy Requirements
• FBI Security Addendum
• NCIC Operating Manual
• Title 28, Code of Federal Regulations –Sub Sec. 20+
• Criminal Justice Information (CJIS) Vendor Compliance Program
• Health Insurance Portability and Accountability Act (HIPPA)
• Georgia Technology Association / NIST
• Georgia Cybersecurity Board / Executive Orders
• Payment Card Industry Data Security Standard (PCI-DSS)
Boards and Committees :
• Change Request Management Board
• Information Technology Board
• Project Management Office
2020 : 2020
Georgia Department of Corrections
Chief Information Security Officer
•Administer and enforce the Information Security Program.
•Created, implement, and fine-tune information security policies that supported the objectives and requirements defined in the BOR-USG security plan. Created and managed University Cybersecurity Program Plan.
•Provided guidance on developing, implementing and effectively managing security processes and programs (Business Continuity Planning and Resilience, Incident Response Planning, Risk Management, Vulnerability Management, and Privacy). Created, implemented, and fine-tuned University Incident Response Plan.
• Managed internal security controls that were successful in ensuring compliance with BOR-USG security policies and Georgia Cybersecurity Board Executive Orders.
• Researched emerging technologies and identified use cases for inclusion into the Defense Security Profile.
• Engaged with IT managers as a key member of major project teams to ensure security considerations were addressed early and effectively.
• Coordinated security audits (internal/ external) from multiple agencies including State of Georgia Department of Audits and Accounting with excellent results.
• Conducted periodic gap analysis reviews of the internal Information Security program using industry standards e.g. ISO27001 and National Institute of Standards (NIST) Special Publications (800 Series).
• Create Project plans and assisted with monitoring and tracking of cyber-security solutions with focus on external and internal stakeholder congruity and other key metrics;
Compliance Management :
• Gramm-Leach-Bliley Act / Federal Student Aid (GLBA/FSA)
• European Union - General Data Protection Regulation (GDPR)
• Health Insurance Portability and Accountability Act (HIPPA)
• Federal Trade Commission / Federal Financial Institutions Examination Council (FTC/ FFIEC)
• Georgia Technology Association / NIST
• Georgia Cybersecurity Board / Executive Orders
• Payment Card Industry Data Security Standard (PCI-DSS)
2019 : 2020
University System Of Georgia
Information Security Officer
•Level 2-4 merchants readiness assessments ; Building assessment baseline to ensure that compliance is achieved efficiently
•Vendor Management with Approved Scanning Services and Penetration testing; focus on target identification, foot printing, and server and service vulnerability identification.
•Gap Analysis : Developing a comprehensive list of all remediation projects
•Remediation : Device configuration; Design, build, deploy and test of new or updated systems ; Process validation
•Training for in-house staff responsible for new systems, policies, procedures and controls.
•Evaluate and streamline core IT systems for multiple clients. Retired obsolete applications, established scalable platforms supporting business growth and strengthening information security.
2018 : 2019
Compliance Consultant
PCI Compliance Consultant
Security Assessment :
•Assist in the integration of assessment of assets, threats & vulnerabilities & assists in weighing
the calculated risk
•Enforced security strategies across applicable control families of NIST 800-53 r4, NIST SP 800-37.
•Conduct security research in keeping abreast of latest security issues & of hacker methodologies for Risk & Compliance; Maintain supporting documentation, adherence & identify gaps.
•Assist in responding to information security incidents and investigations.
•Conduct research on and maintain proficiency in computer network exploitation, tools, techniques, countermeasures, & trends in computer network vulnerabilities, network security.
Splunk Implementations :
•Planning & supporting of execution of assembling; Ownership of the log & data mining service.
•Perform data mining and analysis, utilizing various queries and reporting methods.
•Designing and maintaining production-quality dashboards.
•Perform research and conduct assessments of emerging threats.
•Develop filters to assist in the identification of significant events.
Tenable Nessus Implementations :
•Develop and present business cases to Management to improve security posture to effectively mitigate advanced threats
•Responsible for identifying & classifying cyber security vulnerabilities and work on mitigation plans with system owners, ensure plans are documented understood & track the results of the plan execution.
•Help build/improve an exception process to manage policy compliance deviation; On-board the assets for target technologies in enterprise security tool
System Administrator :
•Implementing network security policies; Consulting with staff, managers and executives on best security practices
•Developing and updating disaster recovery protocols; Perform network integration activities
•Assisted with applicable control families of NIST SP 800-47 (GTA PS-08-003,009,027,011)(SS-08-038/Remote)
• Defending systems against unauthorized access
2005 : 2018
State Capitol of Georgia General Assembly
Senior Information Technology Engineer
Company:
Fiserv
About
Proven Information Technology implementations and project management experience, while
demonstrating excellent collaborating skills with key business and IT industry leaders to develop
security policies and procedures to ensure confidentiality, integrity, and availability.
Prides himself on: Always being an asset to the team and never a liability!
Demonstrating capabilities and contributions to define, deploy and monitor risk,
compliance, and information security programs that will be used to positively impact organizational
processes, on multi-platforms, that drive financial and logistical KPIs.
Profile Photo
