SENIOR CYBERSECURITY AUDIT AND COMPLIANCE SPECIALIST
Sheila Hallinan has 30+ years' experience in Information-Security specializing in the development of Cybersecurity Framework policies and standards thereby ensuring compliance with federal, state, contractual, insurance and regulatory agencies related to government, financial and health industries. Leveraging her experience to create gap-analysis, risk assessments and security road maps, Sheila effectively works across organizational boundaries to build a strategy design, to include plans for development and implementation of the plan, through to daily operations, process and procedure, thereby creating a sustainable security and compliance program. By utilizing existing teams and talent, everyone is involved in the transformation, establishing grass-roots level acceptance and pride in the program development. Sheila possesses excellent strategic and tactical planning skills, laying out a long term vision for managed functions and building tactical plans in order to achieve desired outcomes. She provides company-wide direction in areas of policy and planning for technology and related functions. Expert experience in: conducting audits and risk assessments in large corporate and federal environments, tracking and interpreting laws and regulations, developing and implementing appropriate information security measures, maintaining compliance to ensure that the most current requirements are being met, to include International, Federal, State, and Industry specific compliance. Highly effective as a key communicator between the corporate world, government agencies and the technological sectors (IT, Security, Compliance, Legal, Auditing) by ensuring the flow of information in the form of dashboards and metrics promotes organizations to make educated decisions, improving functional performance while remaining cost effective. Repeatable day-to-day compliance though continuous monitoring is documented, which establishes regular reviews and performance reports, resulting in successful reduction of capital expenditures and eliminating unanticipated audit findings. Manager/Lead Cyber Security Security Documentation Vulnerability Assessments Project Manager Risk Assessments Network & System Security Plans CISSP Continuous Monitoring Top Secret Clearance Authentication & Access Control Audit and Accountability Strong Security Posture Federal Laws (FISMA 2014, SOX, International Laws (EU GDPR Industry specific requirements Cybersecurity Act of 2015, FAR) and eff. May 2016), (e.g. NIST, PCI DSS, FISMA, HIPAA, FEDRAMP, ISO, ITL) 1 Accomplished business leader with over [Number] years of management, strategy, product development, delivery and operational experience in the [Industry name] industry. High-profile executive successful at leveraging career experience to enhance organizational productivity and efficiency by effectively directing and supporting operations, services and solutions. Motivated [Job Title ] adept at improving business and IT systems availability, reliability, security and scalability. Distinguished executive accomplished in increasing organizational productivity, reducing staff turnover and discovering cost-saving solutions to operational problems. Cutting edge IT executive with an entrepreneurial spirit, strong business acumen and record of success in delivering solutions to operations, cost management and risk reduction issues. Senior finance and technology executive with extensive experience in technology operations, project management and strategic sourcing. High-performing Executive with 16 years of Healthcare experience. In-depth knowledge of healthcare operations at all levels. Demonstrated proficiency in staffing, training and development, budgeting and program management. Innovative Product Executive with proven ability to create highly profitable programs through marketing, training, and partner relationships. Experienced executive specializing in corporate development and strategic planning.
Crisis management consulting
Strategic objective execution
Operations and finance expert
SENIOR CYBERSECURITY AUDIT AND COMPLIANCE SPECIALIST, 07/2013 to Current Sheila M. Hallinan SECURITY GOVERNANCE & COMPLIANCE OFFICER World Fuel Services
Implemented company policies, technical procedures and standards for preserving the integrity and security of data, reports and access.
Consistently met deadlines and requirements for all production work orders.
Developed work-flow charts and diagrams to ensure production team compliance with client deadlines.
Recommended network security standards to management.
Monitored and evaluated unit performance on key security issues, recommending corrective action programs where appropriate.
Inspected security design features, installations and programs to verify compliance with applicable standards and regulations.
job title, 01/2015 to Current WFS employee
Contractor, 07/2013 to 01/2015 KGS [Kforce Government Solutions – Fairfax, VA
Evaluated the WFS-MSTS information system architecture, hardware, software and network.
Collected and read all existing documentation, and presented the officers with a Gap Analysis and time frame to meet FISMA compliance.
Created all documentation for C&A package; established continuous monitoring to sustain requirements compliance; evaluated scan and vulnerability testing; created an annual self-assessment process and accumulation of artifacts in preparation for ST&E or auditors.
Worked intensely as a NIST 800.53, Rev 4 (Subject Matter Expert) SME to bring the organization to compliance for the on-site DLA ATO.
Created a tailored NIST CSF (Cybersecurity Framework) for WFS, including crosswalks that consolidated similar requirements under NIST, PCI, ISO, SOX and several international laws.
SR. CYBER-SECURITY SPECIALIST, nowher compan
Senior Cyber-Security Specialist, 05/2011 to 07/2013 Intercom Federal Systems
for Small Business Administration (SBA) assigned to work on NIST C&A package for ATO renewal.
Updated SSP, CP, CM, IRP, BIA, PIA, Risk Assessment, etc.
Re-organized HW/SW inventory in a DB, down to patch level on software and ports & protocol on hardware.
Build MS Access DB that supported scan findings being dumped into a DB linked to HW inventory to drill-down using dashboard interface.
Work closely with Ops for monthly scans and mitigation and supply fixes for Ops team, via same DB.
Successfully submitted new POA&Ms for acceptance of additional time/resources or acceptance of residual risk.
Created SOPs where they were missing, reorganized Security documentation and submitted all to change-control tool to be maintained.
Constantly worked to cross-train other team members.
Wrote summaries of all new policies.
Responded to auditor requests for more information.
SECURITY GOVERNANCE & COMPLIANCE OFFICER, Sheila M. Hallinan
Reported to Directory of SBA.
Successfully on-boarded two new hires for team, based on Rationalization to Director POA&M activity dropped from 44 per year to 0 per year for 2 years Supported 2 successful ATOs in 2 years (Primary system and new subsystem) Completed ATO packages (SSP, CM, CP, BIA, Continuous Monitoring, IRP, Patch Mgmt., Vulnerability Assessment Plan, PIA, etc.) and wrote new policy.
Reviewed, updated (or re-wrote), and acquired signatures for 100% of the documentation.
SENIOR IA SPECIALIST, 07/2010 to 05/2011 Excentium, LLC
for DoD and DHS creating FISMA packages "from the dirt...up", multitasking on several ATO packages simultaneously.
Collect "vendor" data being purchased by DHS, by interviewing, testing and examining their artifacts.
Highly knowledgeable of DoD/NIST IA policy, controls, processes, procedures and expectations (when policy is not met).
Proven ability to create entire packages, including
LEAD SECURITY SPECIALIST, 01/2006 to 07/2010 Northrop Grumman Corporation
4 years 7 months) Responsible for maintaining ATO accreditation in accordance with applicable DoD and NIST/Federal requirements; support of day-to-day security of operational activities; developing policies and procedures to ensure IS reliability and accessibility, prevention and defense against unauthorized access to network and PII data.
Document and maintain the DIACAP including artifacts such as System Security Plan (SSP), Continuity of Operations Plan (COOP), Disaster Recovery Plans, Contingency Plans, Testing, Security Awareness Training Program and security-related SOPs.
Comply with NIST C&A methodology in creating Certification Package to attain DTS ATO.
3 Sheila M.
Hallinan SECURITY GOVERNANCE & COMPLIANCE OFFICER ISSO/CISO Coordinated Patch Management (IAVM and Vendor), Anti-Virus updates, monitor network health through the use of STIGS, SRRs (Solaris, Linux, Windows, and Oracle) and checklists for Enterprise Encryption, IDS/IPS, Firewalls (Juniper) routers (Cisco) and VPN (Cisco).
Conducts risk and vulnerability assessments of planned and installed components to identify vulnerabilities, risks, and protection needs; creates Plans of Action and Milestones (POA&Ms) and Risk Assessment reports.
Ensures asset hardening is completed and initiate requests for exception and waiver to the Designated Approving Authority DAA).
SR. INFORMATION SECURITY SPECIALIST, 07/2002 to 07/2006 Artel LLC
As the Team Lead for the DSN Switch Inventory, supervise a staff of six and advise DISA on how to meet the security requirements of DoD regulation DODI 8100.3 RE
Bachelor of Science: University of Maryland College Park -
Bachelor of Science (BS): Pre-Law and Business Management, Univer of md - Pre-Law and Business Management