Open to opportunities

David Spooner

@davidspooner

Message

Dedicated Information Security professional with expertise in Risk Management.

United States

Message

What I'm looking for

I am looking for a role that fosters growth and values cybersecurity excellence.

I am a dedicated Information Security professional with a Bachelor's degree in IT and a minor in Secure Computers and Networking. With nearly five years of experience in Risk Management, Governance, and Compliance, I have developed a strong foundation in cybersecurity principles and practices. My proven ability to lead teams and resolve workplace issues efficiently has been instrumental in my career. I pride myself on my excellent character and work ethic, exemplified by achieving the rank of Eagle Scout in the Boy Scouts of America.

In my role as an Information Security Analyst at AdventHealth, I was an integral part of the Cybersecurity GRC team within a HITRUST certified Health Care System. I was directly responsible for minimizing risks through annual security risk assessments based on HIPAA Security Rule, HITRUST CSF, NIST, and SOC 2. My experience includes designing and utilizing GRC tools like ServiceNow and LockPath Keylight to enhance team efficiency and user experience. I have also facilitated risk remediation by collaborating with Risk Owners to develop and implement Risk Treatment plans.

Most recently, I worked as an IT Compliance & Governance Analyst at NBCUniversal, where I upheld compliance with GDPR/CCPA laws and automated PCI-DSS User Access Reviews. My role involved maintaining communication with application owners to ensure compliance across systems and supporting the development of IT Disaster Recovery Plans. I am eager to leverage my skills and experience to contribute to a forward-thinking organization.

Experience

Work history, roles, and key accomplishments

IT Compliance & Governance Analyst - Contractor

NBCUniversal

May 2024 - Present (1 year 1 month)

Ensured compliance with GDPR/CCPA by processing guest data requests and automating PCI-DSS 4.0 user access and infrastructure reviews. Maintained regulatory compliance for Universal Destination and Experience's systems and guided organizational progress through change management and policy exception processes.

GDPR CCPA PCI DSS Jira Change Management Policy Management Compliance

Information Security Analyst - Associate, Risk Management

AdventHealth

May 2019 - Present (6 years 1 month)

Managed risk for physician practices and assets through annual security risk assessments based on HIPAA, HITRUST CSF, NIST, and SOC 2. Designed and utilized GRC tools like ServiceNow and LockPath Keylight to enhance team efficiency and facilitate risk remediation with stakeholders.

Risk Management GRC HIPAA NIST SOC ServiceNow LockPath Keylight Cybersecurity

Education

Degrees, certifications, and relevant coursework

University of Central Florida

Bachelor of Science, Information Technology

Grade: 3.57

Activities and societies: Recurring member of the Dean’s List

Pursued a Bachelor of Science in Information Technology with a minor in Secure Computers and Networking (SCAN). Gained a strong foundation in cybersecurity principles and practices, preparing for a career in information security.

Strawberry Crest International Baccalaureate Program

International Baccalaureate Diploma, High School

Grade: 6.01

Activities and societies: Achieved rank of Eagle Scout for Boy Scouts of America; volunteered over 150 community service hours, Relay for Life events.

Completed the International Baccalaureate Diploma program, demonstrating academic excellence and a strong work ethic. Achieved a high weighted GPA of 6.01, indicating strong performance across diverse subjects.