Richard Long, CISA, CISM, CISSP, CDPSE

Experience

• 

  US Navy | Submarine Service

  Nov 1981 - Jan 1992

  1st Class Machinist's Mate (Nuclear Plant Operator)

  Responsibilities• Nuclear Plant Operation: Expertly operated and maintained the nuclear propulsion systems of a submarine, ensuring optimal performance and safety.• Reactor Control: Monitored and controlled reactor parameters, including temperature, pressure, and power levels, to meet operational requirements and safety standards.• Routine Maintenance: Conducted routine maintenance and inspections of reactor components, identifying, and resolving issues to prevent operational disruptions.• Emergency Response: Responded to and managed emergency situations, applying in-depth knowledge of reactor systems and protocols to ensure the safety of the crew and the submarine.• Training and Mentoring: Trained and mentored junior personnel in nuclear plant operations, emphasizing safety protocols, troubleshooting techniques, and preventive maintenance practices.• Documentation and Reporting: Maintained accurate records of plant operations, incidents, and maintenance activities. Provided detailed reports to superiors and higher command as required.• Radiation Safety: Enforced strict radiation safety protocols, ensuring compliance with regulatory standards, and protecting personnel from unnecessary exposure.• Collaboration: Collaborated with other shipboard departments, including engineering, navigation, and communications, to achieve seamless integration of submarine operations.• Readiness Inspections: Prepared the nuclear propulsion plant for rigorous inspections, ensuring compliance with Navy regulations and standards. Show less

• 

  Sungard Availability Services

  Feb 2005 - Apr 2007

  Sr. Security Consultant

  Responsibilities• Ethical Hacking: Conduct comprehensive ethical hacking and penetration testing activities to identify and exploit vulnerabilities in client systems, applications, and networks.• Vulnerability Testing: Perform in-depth vulnerability assessments, utilizing a variety of tools and methodologies to identify weaknesses in information systems, providing actionable recommendations for remediation.• Risk Assessments: Conduct thorough risk assessments, evaluating potential security threats, and proposing risk mitigation strategies to safeguard organizational assets.• Enterprise Assessments: Provide technical support for enterprise-wide security assessments, collaborating with cross-functional teams to ensure the integrity, availability, and confidentiality of critical systems.• Technical Security Support: Offer expert technical support for clients undergoing security assessments, assisting with the implementation of security controls, and addressing vulnerabilities to enhance overall security posture.• Incident Response: Collaborate in incident response efforts, contributing technical expertise to investigate and mitigate security incidents promptly.• Client Communication: Clearly communicate technical findings and recommendations to clients, both in written reports and through direct interactions, ensuring a thorough understanding of security risks and suggested countermeasures.• Continuous Improvement: Stay abreast of emerging threats, vulnerabilities, and industry best practices. Continuously refine methodologies and tools to enhance the effectiveness of security assessments. Show less

• 

  Trustwave

  Apr 2007 - Aug 2008

  Security Consultant

  Responsibilities• PCI-DSS Audits: Lead and execute comprehensive Payment Card Industry Data Security Standard (PCI-DSS) audits for clients, ensuring adherence to regulatory requirements and industry best practices.• Risk Assessment: Conduct thorough risk assessments to identify vulnerabilities and recommend mitigation strategies, focusing on the protection of cardholder data.• Compliance Verification: Verify and validate compliance with PCI-DSS requirements through detailed examination of policies, procedures, and technical controls.• Client Engagement: Collaborate closely with clients to understand their unique business environments, tailor audit approaches, and provide actionable recommendations for security enhancements.• Security Architecture Review: Evaluate and assess security architectures, identifying weaknesses and proposing improvements to enhance overall information security posture.• Audit Documentation: Prepare detailed audit reports, documenting findings, recommendations, and compliance status, providing clients with a clear understanding of their security posture.• Stakeholder Communication: Effectively communicate audit results to various stakeholders, including technical and non-technical audiences, highlighting critical issues, and providing strategic guidance. Show less

• 

  FishNet Security

  Sept 2008 - Nov 2009

  Security Consultant

  Same responsibilities as prior position. Certified as a PA QSA

• 

  Sears

  May 2010 - Mar 2013

  Technical Specialist - IT Compliance

  Responsibilities• Annual PCI-DSS Audit: Spearheaded the annual Payment Card Industry Data Security Standard (PCI-DSS) audit, ensuring the organization's compliance with PCI-DSS requirements. Coordinated with internal and external audit teams to facilitate a thorough and successful audit process.• IT Compliance Oversight: Played a pivotal role in ensuring adherence to IT compliance standards and policies across the organization.• Regulatory Framework Management: Monitored changes in relevant regulations, industry standards, and compliance requirements affecting IT operations. Ensured that IT practices aligned with legal and regulatory requirements.• Policy Development: Developed, reviewed, and updated IT compliance policies and procedures, ensuring they reflected the latest industry best practices and compliance standards.• Risk Assessments: Conducted regular risk assessments on IT systems, processes, and infrastructure. Identified vulnerabilities and recommended remediation measures to maintain a secure and compliant IT environment.• Internal Audits: Collaborated with internal audit teams to facilitate IT compliance audits. Participated in the preparation and response to audit inquiries, ensuring a smooth and efficient audit process.• Incident Response: Assisted in the development and implementation of incident response plans related to IT compliance. Participated in investigations and provided insights to prevent future incidents.• Training and Awareness: Provided training sessions to IT teams and relevant stakeholders on compliance policies, procedures, and best practices. Raised awareness of the importance of IT compliance throughout the organization.• Documentation and Reporting: Maintained accurate and up-to-date documentation related to IT compliance efforts. Prepared and presented compliance reports to management as needed. Show less

• 

  Trustwave

  Mar 2013 - Oct 2013

  Senior Information Security Consultant

  Responsibilities• PCI-DSS Audits: Lead and execute comprehensive Payment Card Industry Data Security Standard (PCI-DSS) audits for clients, ensuring adherence to regulatory requirements and industry best practices.• Risk Assessment: Conduct thorough risk assessments to identify vulnerabilities and recommend mitigation strategies, focusing on the protection of cardholder data.• Compliance Verification: Verify and validate compliance with PCI-DSS requirements through detailed examination of policies, procedures, and technical controls.• Client Engagement: Collaborate closely with clients to understand their unique business environments, tailor audit approaches, and provide actionable recommendations for security enhancements.• Security Architecture Review: Evaluate and assess security architectures, identifying weaknesses and proposing improvements to enhance overall information security posture.• Audit Documentation: Prepare detailed audit reports, documenting findings, recommendations, and compliance status, providing clients with a clear understanding of their security posture.• Stakeholder Communication: Effectively communicate audit results to various stakeholders, including technical and non-technical audiences, highlighting critical issues, and providing strategic guidance.• Continuous Learning: Stay abreast of evolving security threats, vulnerabilities, and industry trends, incorporating this knowledge into audit methodologies and client recommendations. Show less

• 

  Trustwave, SecureTrust, VikingCloud,

  Oct 2013 - Apr 2022

  Director of Quality Management

  Trustwave (Oct 2013 - Apr 2018) SecureTrust (Apr 2018 - Oct 2021) Viking Cloud (Oct 2021 - Apr 2022)Leadership and Process Improvement - Trustwave (Oct 2013 - Apr 2018)• Led a dedicated team responsible for reviewing PCI-DSS reports, ensuring factual accuracy, and meeting stringent SSC requirements for compliance.• Revamped QA review processes, reducing review time by over 50% while enhancing report quality.• Pioneered root cause problem-solving, redesigning the QA process to address issues at their core.• Specialized in PCI-DSS compliance, maintaining a deep understanding of SSC requirements and industry best practices.Strategic Leadership - SecureTrust (Apr 2018 - Oct 2021)• Successfully navigated the spin-off transition from Trustwave to SecureTrust, ensuring a seamless continuation of quality management practices.• Led a highly trained QA team, fostering a culture of empowerment and decisiveness without fear of repercussions.• Implemented a creative solution with a MySQL database in the production environment to streamline QA report tracking.Adaptability and Acquisition Integration - Viking Cloud (Oct 2021 - Apr 2022)• Contributed to the acquisition transition from SecureTrust to Viking Cloud, demonstrating adaptability and strategic alignment.• Continued to play a key role in maintaining and improving QA processes during the acquisition phase.Collaboration and Team Integration• Collaborated closely with delivery team members and management across all phases of company transitions, ensuring the successful integration of report review processes. Show less

• 

  VikingCloud

  Apr 2022 - Oct 2023

  Vice President Of Quality Management

  Leadership and Strategic Planning• Spearheaded the "VIP Program" during the consolidation of Sysnet, ControlScan, Nuarx, SecureTrust, and Viking Cloud into the new VikingCloud entity. Employed creative critical thinking skills to navigate challenges associated with a large-scale merger while ensuring customer satisfaction.• As Head of the Quality Assurance department, successfully optimized processes through collaboration with the QA team and other departments, implementing changes suggested by team members. Conducted weekly meetings to address issues and propose improvements.Compliance and Governance Oversight• Served as Chair of the Compliance Review Board, engaging in real-time problem-solving discussions with senior managers and employees to ensure adherence to regulatory standards.• Established and maintained the QA Azure SQL database, leveraging it to develop Key Performance Indicators (KPIs) for measuring and tracking quality performance and work queue status.Data Analytics and Reporting• Developed comprehensive Power BI reports tailored to C-level and departmental requirements, consolidating data from various sources. Acquired proficiency in the DAX programming language for precise customization of reports.• Created and managed SharePoint lists displaying the QA work queue status, promoting transparency for delivery team consultants.Process Improvement and Industry Best Practices• Proactively enhanced internal processes through continuous improvement initiatives, incorporating industry best practices to elevate and maintain quality standards.Active QSA certification holder • Commitment to maintaining industry-leading quality standards. valid until 9/2024. Show less

• 

  LRQA Nettitude

  May 2024 - now

  Senior GRC Consultant