Special Thompson
Richmond
Summary
Dynamic information security leader with extensive experience at Verizon, excelling in risk management and stakeholder engagement. Proven track record in enhancing cybersecurity posture and compliance through effective communication and relationship building. Skilled in NIST frameworks, driving initiatives that significantly mitigate security risks and elevate organizational resilience.
Overview
10
10
years of professional experience
1
1
Certification
Work History
Associate Director (Information Risk Management)
Verizon
Richmond
02.2023 - Current
- Responsible for promoting technology defense concepts, methodologies and strategies to help reduce the risk of a security incident occurring
- Educates internal and external stakeholders on security processes and procedures
- Engages with the business and various functions such as Finance, Legal, Regulatory, Compliance, Audit, and/or Supply Chain to identify risks and lead the implementation of risk mitigation plans
- Addresses matters requiring executive escalation and decision making
- Works with stakeholders both internal and external to IRM to develop reasonable KPI's where we can measure against our ability to identify, respond, and remediate security risks
- Motivates, mentors, trains and advises team members on the importance of the identification of IT Security risks as well as compliance to IT Security policies and standards and ensures individual development plans are built and executed to achieve a productive and impactful team
- Ensures people resources are appropriately aligned to assigned projects and responsibilities based on skills and performance
- Partners with other leaders and subject matter experts on other IT security teams to provide support and cross-train people resources
- Makes recommendations regarding the hiring, firing, advancement, performance, promotion or any other change of status of team members
- Assesses employee performance, holds employees accountable, takes appropriate corrective actions, and trains and provides ongoing direction and feedback to team members
Senior Principal (Cyber Governance)
Verizon
Ashburn
09.2021 - 02.2023
- Served as the budget point of contact for GRC, coordinating with key stakeholders to ensure that important initiatives are funded and tracked, as well as tracked other team expenditures such as headcount, certifications, and training
- Served as the Administrator for the Risk Currency Governance Steering Committee coordinating with the development team and key stakeholders to ensure new risk currency items were reviewed in a timely manner, voted on, scheduled for implementation, and communicated
- Supported Risk Currency expansion efforts by coordinating meetings and helping define requirements to expand into the Product and Third Party risk areas
- Supported Exceptions Management transformation efforts by serving as one of the Issues/Exceptions Management points of contact to support requirements sessions and track against key action items
- Led several working groups in support of Exceptions Management and strategic efforts (Risk Calculator, Compensating Controls, Issues Management) to determine key requirements and track against action items
- Supported efforts to revamp Governance operations by cleaning up the enterprise-wide inventory of GRC related Steering Committees, developing charter templates and reviewing and updating Governance processes
- Supported the GRC Steering Committee by aligning speakers and developing agendas for the quarterly meetings and capturing and disseminating meeting minutes
- Led a cross-functional team of security professionals to develop and consolidate training resources for Application Custodians into a Learning Pathway
- Supported special and confidential projects on an as-needed basis
Manager (Technology Audit)
Verizon
Ashburn
11.2020 - 09.2021
- Designed, executed, and provided oversight for Technology standalone audits on a variety of areas including but not limited to: Enterprise Vulnerability Management, Customer Authentication, POS Tokenization, and Open Source Software
- Executed multiple Operational Reviews, briefing directly to the Verizon Internal Audit SVP
- Identified risks within the company pertaining to critical business processes and provided suggestions for future audit considerations
- Developed relationships with peers/stakeholders throughout the enterprise and discussed process improvements that would aid in the enhancement of Verizon's cybersecurity posture
- Provided guidance to prior audit clients on security control development and remediation either based on independent knowledge, best practices, and/or relationships developed with ISO's throughout the business
- Performed peer reviews of audit reports to ensure quality assurance prior to report issuance
- Tracked audit remediation actions and milestone progress for multiple projects across the team on a weekly basis
- Identified areas throughout the audit function that could be improved to enhance audit efficiency
- Received several Spotlight awards for leadership, going above and beyond, stepping up, and being a team player
Senior Advisory Consultant
Deloitte
Arlington
07.2016 - 06.2018
- Supported NIST Cybersecurity Maturity Assessments for various parts of a Federal agency
- Provided Information Systems Security Officer (ISSO) support to a Federal Law Enforcement agency to assist them with Authorization and Accreditation (A&A) activities and support their efforts to migrate their mobile applications to the cloud (AWS)
- Provided in-depth analysis of cybersecurity policies to show how Federal agencies’ cybersecurity activities tie back to Federal cybersecurity regulations and proactively identified gaps where regulations were not being met
- Provided oversight for activities performed by junior personnel that helped drive projects to completion in support of a Federal agencies’ efforts to achieve cyber resiliency
- Supported the creation of weekly and monthly progress reports which summarized the activities Deloitte workstreams performed / accomplished during the reporting period, activities planned for the next reporting period, current risks and issues facing the project, and project financials
- Maintained high quality work deliverables while meeting project milestones and keeping projects on track
- Communicated with stakeholders across Federal agencies in an effort to facilitate meetings that help provide more transparency, increase the lines of communication across the various offices, and decrease duplicative efforts
- Drafted audit findings, recommendations, and executive audit reports to present to process stakeholders and executive leadership
- Recognized for building strong relationships with clients and team members
Senior Consultant
Booz Allen Hamilton
Arlington
12.2014 - 07.2016
- Served as the lead for interagency collaboration between various commands for a military branch under the Department of Defense pertaining to the remediation of systems with unmitigated Category I (CAT I) vulnerabilities
- Provided subject matter expertise for Public Key Infrastructure Enablement, Public Key Infrastructure Enforcement, and Data at Rest policy and compliance
- Communicated with Resource Sponsors on the alignment of resources for official Department of Defense programs and cybersecurity requirements.
- Performed analysis of Department of Defense system architecture diagrams for cybersecurity and regulatory compliance.
- Supported the creation of weekly briefings to senior management and the Chief Information Officer of a Federal agency on the status of cybersecurity activities
- Providing recommendations to senior executive leaders in the execution of Federal agencies’ cybersecurity plans / functions
- Provided customer support at the Echelon I level for a military branch under the Department of Defense in support of obtaining DIACAP/RMF Category I System Vulnerability connection authority.
- Maintained the information library for a military branch under the Department of Defense in support of Public Key Infrastructure and Data at Rest waiver actions and assertions and worldwide Flag and General Officer Alternate Tokens.
- Reviewed and assessed systems with High Risk vulnerabilities for policy and regulatory compliance, and preparing packages for Senior Executive Service Officer review.
- Assisted in the development of cybersecurity policy for a military branch under the Department of Defense
Education
Bachelors Degree - Information Systems, Computer Security
Strayer University
Skills
- Risk management
- Information security
- Stakeholder engagement
- Security compliance
- Relationship building
- Effective communication
- NIST Cybersecurity Framework
- NIST Risk Management Framework
Certification
- Certified Information Systems Security Professional (CISSP)
Verizon Leadership Programs
- Women of the World, 11/01/24
- Pre-Leadership Academy, 11/01/22
Timeline
Associate Director (Information Risk Management)
Verizon
02.2023 - Current
Senior Principal (Cyber Governance)
Verizon
09.2021 - 02.2023
Manager (Technology Audit)
Verizon
11.2020 - 09.2021
Senior Advisory Consultant
Deloitte
07.2016 - 06.2018
Senior Consultant
Booz Allen Hamilton
12.2014 - 07.2016
Bachelors Degree - Information Systems, Computer Security
Strayer University
Similar Profiles
Jason YoungJason Young
Senior Account Manager at VerizonSenior Account Manager at Verizon
Jessica JonesJessica Jones
Professional Sales Representative at VerizonProfessional Sales Representative at Verizon
Eugenia GordonEugenia Gordon
Associate Director of Accounting - Cash at VerizonAssociate Director of Accounting - Cash at Verizon
Stephanie BoweringStephanie Bowering
Network Engineer at VerizonNetwork Engineer at Verizon
Bradley HallBradley Hall
Independant Filmmaker at Thanks Dad ProductionsIndependant Filmmaker at Thanks Dad Productions