Josh Willison

Personal and Professional Website

Resume for DOMAIN\Josh_Willison

DOMAIN\Summary
Seasoned Security and Privacy practitioner with a focus on Identity and Access Management and over 17 years of experience leading technical and strategic teams, analyzing and developing enterprise architecture and enterprise security across a number of industries. Regularly performs program and project management across several simultaneous work engagements. Extensive experience acting as a de-facto IAM Director/ leader within several organizations to help build out IAM programs from scratch. Continually exceeds expectations by building valuable relationships and works well with people at all levels of an organization including stakeholders, executive management, team members, and clients. Recently obtained an MBA (degree given with distinction), and has maintained a CISSP since 2012

Experience

Experience\Practices
  • Identity and Access Management (IAM)
  • Customer Identity and Access Management
  • Privileged Access Management
  • Enterprise Architecture & Security
  • Team Building & Leadership
  • Executive Level Strategic Consulting
  • Project & Program Management
  • Role-Based Access Control Assessments
  • Third-Party & Vendor Risk Assessments
  • Data Privacy & Information Governance
Experience\Certifications
  • CISSP
  • Security+
  • ITIL v3 Foundation
Experience\Technical
IAM tools, Java, HTML, ColdFusion, Jscript, CSS, SharePoint, SQL, VMware ESXi, Microsoft Hyper-V, Microsoft Office Suite: Word, Excel, Outlook, PowerPoint 
Experience\Education
  • Keller Graduate School of Management – Master's Degree in Business Administration, Minor in Information Security – 2022
  • Radford University – Bachelor of Science in Information Science and Systems with a Minor in Business – 2007

Work History

Work_History\Penn_Med

Company: Penn Medicine
Position: Senior Manager
Duration: 10/2023 - current

  • Leader in Identity and Access Management department at large regional research hospital.
  • Leading efforts to consolidate and mature Identities across multiple domains.
  • Leading efforts to automate birthright provisioning and access provisioning to critical Electronic Medical Record (EMR) system.
  • Interfaces with the business to understand needs, processes, and articulate planned future state.
Work_History\Protiviti

Company: Protiviti
Position: Senior Manager
Duration: 03/2015 - 07/2023

  • Leader in Identity and Access Management consulting practice.
  • Provided executive IT consulting for executing work as a leader in identity practice
  • Recruited at the ground level in a start-up COE for Identity and Access Management
  • Provided project management and team leadership.
  • Key member of Digital Identity business development activities (SOW creation, client scoping, proposal dev)
  • Assisted with the development of COE frameworks, methodologies, and go-to-market strategies or COE staffing plans.
  • Performed strategy and roadmap projects for IAM and PAM as well as technical implementations abiding by client CM or SDLC while preparing project reports or presentations and briefing C-suite stakeholders.
  • Served as a subject matter expert for the PAM discipline, creating frameworks, performing assessments, and developing gaps and recommendations as well as delivering client satisfaction while meeting project requirements.
  • Performed Role-Based Access Control assessments at a major mortgage lender, evaluating the access group environment, comparing it to a maturity model, and leading a cleanup effort focusing on descriptions and attributes.
  • Partnered with clients to solve complex business problems and provide best in class advice and solutions by utilizing a solid understanding of clients' businesses and demonstrating technical competence to deliver first-in-class solutions.
  • Clearly articulated the value drivers of the business to develop opportunities both at existing and new clients including developing future contacts within the business community and serving as a company ambassador in the market.
  • Ensured seamless project management while serving as a subject matter expert by discussing technical or industry trends and seeking opportunities to demonstrate and teach junior/senior managers and staff on the job.
Work_History\KPMG

Company: KPMG
Position: Associate, Information Protection
Duration: 02/2014 - 03/2015

  • Provided insights and guidance for clients to help them better understand market dynamics to improve business performance, turn risk and compliance efforts into opportunities to create, enhance, and preserve value.
  • Performed third party/vendor risk assessments for various clients, performed onsite physical security assessments or remote reviews, and evaluated third-party reports and vendor policies based on NIST guidelines.
  • Interviewed stakeholders in order to view or identify gaps as well as enabled clients to innovate and expand, leverage IT investments, protect financial assets, manage risk, develop winning strategies, and boost market confidence.
  • Worked at the PMO level for third-party vendor risk assessments for a global financial company including interfacing with the client and the client's third-party vendor and leading hardware and software testing during sustainment phase.
  • Coordinated efforts amongst team members in a dispersed geographic environment, oversaw Multi-Firm Engagement agreements, pricing, and budgeting, documented assessment progress, and submitted deliverables.
  • Interfaced with high-level client executives and hands-on technology practitioners to bring meaningful, strategic change in the sphere of information protection, data security and privacy, and business continuity.
  • Assisted with the architecture, configuration, deployment, and service design of network and system security monitoring or analysis tools, Identity and Access Management platforms, IT-GRC platforms, or DLP systems.
  • Developed and conducted end user training sessions for Windows 7, Bitlocker, and MDM migration, led enrollment efforts for a global telecom company, and utilized technical writing skills in order to write/edit/submit reports.
Work_History\BAH

Company: Booz Allen Hamilton
Position: Associate, Information Protection and Business Resiliency
Duration: 07/2008 - 02/2014

  • Supported various DoD clients as a technical IT SME
  • Performed a role the support desk lead and grew the team from 2 to 4 FTEs over the course of 12 months by defining additional needs for support during a government hiring freeze.
  • Developed requirements analysis for software and hardware needs to create a virtualized lab that simulated a full production enterprise environment with tests focused on testing future Common Access Card and PKI implementations.
  • Conducted impact analyses on DoD directives from a component level to write supplemental guidance from them, developed high-level briefs and presented to C-Suite, CISO, and O-7 and up/SES leadership.
  • Reviewed and developed policy and guidance at the DoD-component level as well as oversaw, managed, and documented PKI smart card/token issuance with roles including policy or token creation.
  • Served as website administrator over 10 high visibility public/live web sites including overseeing creating, updating, and modifying the sites as well as conducting back-end server risk assessments and traffic analysis.
  • Conducted analysis of daily data from DoD-wide response to cyber incidents and created a model of operational response effectiveness that allowed the team to increase quality in other data sets.