Paul Mooney

CISSP (Certified Information Systems Security Professional) - Masters of Science in Technology Management

Bowling Green, KY, United States

Details

Education: NSA Cybersecurity Workforce Certificate Program

Computer and Information Sciences and Support Services

University of Louisville

2022 : 2022

Masters of Science in Technology Management

Engineering/Industrial Management

Western Kentucky University

2007 : 2008

Experience: • Implement and monitor all enterprise/organizational compliance and security initiatives to meet business goals along with customer and regulatory requirements.

• Monitor and execute organizational IT Audit and Control practices, policies and standards related to compliance to Security Frameworks such as SOC, HITRUST, NIST, ISO 27001 and HIPAA Privacy and Security Rules.

• Perform detailed audits and gap assessments across corporate IT infrastructure (both on premise and in the Cloud) to determine the overall level of risk for the organization using known methodologies, frameworks and best practices.

• Monitor Change Control processes and access requests to ensure all requests meet security and compliance requirements.

• Produce reports and risk assessments detailing areas of compliance and noncompliance.

• Support incident response activities, including conducting investigations, reconstruct incidents from available resources and producing detailed reports to determine potential breaches.

• Identify and communicate current and emerging security threats for hardware and software used for the production and internal domains, including upgrades to current processes.

• Analyze vulnerability scans and other technical reports to plan remediation activities across multiple stakeholders.

2022 : Present

Net Health

Cybersecurity Compliance Analyst

• Assist in developing and implementing NIST 800-53 rev.5 framework within the organization with goals to improve organization maturity level.

• Review, document, evaluate, and test manual and automated computer controls.

• Interviewed SMEs to gather artifacts/evidence on implemented controls.

• Prioritize control projects based on severity of risk and non-compliance

• Understand security and compliance posture, and drive risk treatment activities.

• Support project-efforts by tracking, drafting, updating, and auditing project documentation, trackers, dashboards tickets and workflows.

• Review National Institute of Standards and Technology (NIST) publications applicable to FISMA and other directives for applicability to the organizations IT Security Program.

• Drafted program policy and procedure documents, creating SOPs, creating, and updating testing procedures (based on NIST 800-53A) for assessing information systems

2022 : 2022

TCC Software Solutions

Cybersecurity Business Process Analyst - Contractor

• Managed Built’s SaaS technology offering support for SOC audits, contracts, privacy and data governance, cybersecurity policies, AML/BSA regulations, training, vendor and risk management on AWS and Google cloud platforms.

• Responded to customer audit/due diligence requests and provided support to complete data libraries for upcoming SOC audits based on PCI foundations.

• Create and maintain policies, procedures, guidelines and instructions for consistency and effectiveness in accordance with information security industry best practices frameworks.

• Assisted in developing training and documentation to ensure consistent adoption of compliance policies and managing vendors.

• Organized and collected documentation towards Built’s BIA, BCP, and DRP initiatives.

• Manage the review, update and approval of all Security governance documents

2021 : 2022

Built Technologies

InfoSec Compliance Analyst

• Managed activities for patent development and submission.#62/918,168 # 62/751,001

• IoT device evaluation, research, assessments, and development. (Dementia & Alzheimer’s device)

2018 : 2020

Boxer Security

Founding Partner & Chief Operating Officer

• Served as the Western Kentucky University Compliance Officer supporting a multitude of initiatives in research and information security for a campus of over 20k students and 1000 staff members.

• Act as Facility Security Officer, Intelligence Liaison Officer, and Export Controls Officer regarding Cyber Defense Laboratory, United States Export laws and Security on the Western Kentucky University campus through which federal regulatory compliance of overseas business, travel, transfer of equipment/property through hazard analysis, risk assessments, and valuation restrictions, and non-U.S. Persons and employees to conduct activities on or through Western Kentucky University.

• Provided timely guidance and support to faculty, staff, and students across different campus sectors. Managed four separate boards with over 50 members and staff in reporting lines by developing and implementing successful strategies towards training, policy, and audits.

• During my term, productivity tripled while driving response time down 90% on average across the various sectors in research compliance in all disciplines. A sample of the GRC categories include NIST, EAR, ITAR, OFAC, HIPAA, OHRP, OLAW, Biosafety, and working with NIH, DSS, FEMA, DHS, and FBI.

2009 : 2018

Western Kentucky University

Compliance Manager & Facility Security Officer

Company: Net Health

Years of Experience: 25

Skills

Administration, Analytical Skills, Coaching, Communication, Community Service, Continuous Improvement, Continuous Process Improvement, Customer Service, Data-driven Decision Making, Data Analysis, Data Collection, Disciplinaries, Event Management, Facility Security, Industry standards, Interpersonal Leadership, Interpersonal Skills, IT Audit, IT Controls, Leadership, Management, Microsoft Excel, Microsoft Office, Microsoft Word, Organizational Development, Policies & Procedures, Problem Solving, Product Development, Professional Ethics, Program Coordination, Program Management, Project Management, Quality Assurance, Remote Troubleshooting, Research, Research Compliance, Risk Management, Safety Regulations, Security, Self Defense, Skill Development, Supervisory Skills, Survey Design, Time Management, Training

About

I am a results driven compliance / security professional with over 25 years of experience in providing organized and efficient solutions towards a multitude of initiatives. Experienced in governance, risk management, and compliance I have leadership experience and proven ability to work and thrive in many cross-functional roles, with success in aligning objectives to achieve growth while balancing competing interests and priorities through managing dozens of various level employees. I have earned the CISSP certification and the NSA Cybersecurity Workforce Certificate to further my career in information/cyber security.

Experience in the NIST 800-53 rev.5 and PCI frameworks in the SaaS sector while contributing towards advancing company maturity levels through internal audits. I have in depth experience reviewing artifacts/evidence, writing and assessing policy and procedure, and responding to client and third-party concerns for consistency and effectiveness in accordance with information security industry best practices.

I have spent over a decade in Operations/Risk/Project Management, Research, Safety, Customer Service, Quality, Facility Security, and Higher Education with an ability to develop and implement successful strategies while working within policy to achieve growth.