NCTC formed a Risk Committee in 2020 with the goal of formalizing oversite of the organization's risk profile. The primary focus of this committee is Information Technology and Business Operations. I have led this committee since its inception. This committee has multiple KPIs that roll up to the Board of Directors which include a "Risk Profile" for all technology resources, reports on findings from security audits, operational risks.
Worked directly with NCTC's in-house counsel (Jeff Nourse)
Led on all technical aspects including insurance application, implementation of policies + tools, owner of all security related Organization-Level Commitments
Addresses each unique line of business, related technical platforms, and alternative business operations during an outage
Led Executive level staff, assigning roles, responsibilities, and preparation
Commitments on restoration times from IT, testing annually
Mock Cyber Security Event (Hack / Ransomware)
In-house mock event with NCTC's Executive Level - Ransomware event where critical platforms are encrypted with decryption key being ransomed
Author of Cyber Playbook [1] Defined Severity Level [2] Financial Thresholds [3] Law Enforcement + 3rd Party Support (Cyber Security Partner) [4] Executive Level Responsibilities and Task Assignments [5] Formalized Communication (in-house, public, Board of Directors, social media)