Uploaded File
Sheridan
Sheridan.Clemens@gmail.com
202-549-0367
2512 Interlock Drive
Kissimmee, FL 34741
Manager of Privacy Programs
10 years experience W2
01/02/2023
2
Recommendations
Average rating
333
Profile views
Summary

Experienced IT Security, risk, compliance, and privacy consultant with a demonstrated history of working with the commercial and public sector.

Experience
Manager of Privacy of Programs
May 2021 - present
Orlando, FL
No skills were added
Remove Skill
Information Security Consultant
Hospitality and Entertainment
Mar 2015 - May 2021
  • Responsible for the continuous development of corporate Information Security policy, security controls, and standards.
  • In collaboration with SME’s from across the various business lines, have modernized, consolidated, and re-base lined the corporate mandates for security requirements.
  • Responsible for educating TWDC business lines and operating partners on changes to policy and security controls, translating the security requirements for non-technical business process owners, and communicating proposed changes to policies and standards.
  • Responsible for developing the data classification strategy in coordination with legal, privacy, and compliance stakeholders.
  • Developing content for and maintaining communication channel from corporate GIS to the business lines for security policy, major projects, and events.
Information Security Compliance Enterprise Security
Remove Skill
Information Security Senior
Information Technology
May 2014 - Mar 2015
  • Co-lead the development, implementation, training and deployment of new risk management framework (RMF) based on adapting Federal NIST RMF for a private corporate structure and incorporating additional control requirements from existing ISO, SOX and PCI selection.
  • Performed gap analysis of existing Information Security strategy and co-writing new corporate level information security policies and standards to address.
  • Briefing stakeholders from board of directors down to developers and business areas on changes being implemented.
  • Managed project for assessment of General Support Systems and the most business critical applications, encompassing a 2.8 Million spend over 1 year.
  • Performed incident response and spillage reduction for vulnerabilities stemming from zero day exploits. Identified vulnerabilities and evaluated patch management within systems using Qualysguard and Nessus Security Center.
  • Performed manual and automated testing of applications for OWASP top 10 and exploits using BURPS suite and other tools. Worked with newly formed threat intelligence team to procure, authorize and implement FireEye advanced threat detection appliances.
  • Mentored junior and intern analysts in assessment strategies, knowledge of control libraries, and risk and compliance lifecycle.
  • Assisted Legal Department in proper encryption of data and migration from retired solutions while maintaining required chain of custody.
  • Responsible for writing business cases for planned spending in the coming year on new technologies, training, and additional hiring required.
Risk Management Information Security Compliance Automated Testing NIST SOX Data Migration Enterprise Security Auditing Systems Engineering OWASP PCI Patch Management Nessus Project Management RMF
Remove Skill
References
Average Rating

1 recommendation
Risk and Compliance Analyst
Government
Oct 2012 - May 2014

(Contract Position for the FDA)

  • Responsible for examining and testing security configurations, settings, people and processes of information systems and applications per NIST SP800 series and seeking FedRAMP approval for prospective cloud service providers.
  • Responsible for coordinating with system owners to deploy centralized logging and monitoring solutions, SPLUNK and Mandiant.
  • Responsible for interviewing system owners, information system security officers, system and database administrators, and analyzing vulnerability and compliance scans from Nessus Security Center of Windows, Solaris, and Linux systems, to determine the security posture of the system.
  • Responsible for examining custom written code, JavaScript, SQL, various shell scripts, for security vulnerabilities.
  • Responsible for providing recommended remediation for identified security deficiencies in authorization packages for the authorizing official and providing risk analysis and recommendations to security leadership to support the approval of security waiver requests.
SQL Solaris Compliance Risk Assessment Risk Management NIST Splunk Shell Scripts Linux Analysis Nessus Risk Analysis
Remove Skill
References
Average Rating

1 recommendation
Integration Engineer
Government
Nov 2011 - Oct 2012
  • Part of audit team, tasked with inspecting multiple facilities nationally to verify performance, evaluate processes, and validate system specifications.
  • Performed inspection, troubleshooting and Tier 1 support of equipment.
  • Identified inefficiencies in process and provided solutions to program management, office of information technology, and systems development and engineering.
  • Developed systems and criteria to evaluate facilities performance and collaborated on strategies to transition them to success.
Program Management Auditing Technical Support Systems Engineering
Remove Skill
HSPD-12 Implementation Specialist
Information Technology
Jun 2011 - Oct 2011
  • Member of team tasked with deploying and ensuring sustainable operation of PIV cards to USDOT field locations across the nation.
  • Trained agents through hands on and distance learning methods while emphasizing information security.
  • Initialized and tested equipment for deployment.
  • Developed technical documents for agent’s reference.
  • Performed database entry and maintenance for records of applications.
Information Security
Remove Skill
Edit Skills
Non-cloudteam Skill
Education
Bachelor's in Computer Animation
Full Sail University
Certifications
CISSP
Skills
Compliance
2021
5
Enterprise Security
2021
4
Information Security
2021
4
Nessus
2015
2
NIST
2015
2
Risk Management
2015
2
Analysis
2014
1
Auditing
2015
1
Linux
2014
1
Project Management
2015
1
Risk Analysis
2014
1
Risk Assessment
2014
1
RMF
2015
1
Shell Scripts
2014
1
Solaris
2014
1
Splunk
2014
1
SQL
2014
1
Systems Engineering
2015
1
Automated Testing
2015
1
CISSP
0
1
Customer Service
0
1
Cyber Security
0
1
Data Migration
2015
1
DIACAP
0
1
Disaster Recovery
0
1
in-memory databases
0
1
IT Audit
0
1
Marketing Management
0
1
Microsoft Office
0
1
Network Security
0
1
OWASP
2015
1
Patch Management
2015
1
PCI
2015
1
Penetration Testing
0
1
Problem Solving
0
1
Process Improvement
0
1
Program Management
2012
1
Public Cloud
0
1
Requirement Analysis
0
1
Sales
0
1
SDLC
0
1
SOX
2015
1
Strategic Planning
0
1
System Administration
0
1
Team Build
0
1
Technical Support
2012
1
Technical Writing
0
1
Training
0
1
Vulnerability Assessments
0
1
Windows
0
1