
Patience C. Curtis
- Senior IT Program Manager / Cyber Security Manager
- Charlotte, NC
- Member Since Apr 06, 2023

Patience C. Curtis, PMP, CRISC
Senior IT Program Manager | Cyber Security Manager
Strategic, analytical IT manager with 16+ years of progressive experience in IT delivery, security protocols, information assurance, and cyber security program implementation. Confident leader and communicator with proven record of successful collaboration with C-level management, cross-functional teams, vendors, and clients. Driven, diligent professional with high commitment to improving processes and driving the bottom line for businesses. Highly knowledgeable in controls assessment, governance, risk, and compliance (GRC) solutions and cyber security standards and frameworks including Federal Risk and Authorization Management (FedRAMP), COBIT, ITIL, NEI, NERC/CIP, NIST/FISMA, HIPAA, SOX, PCI-DSS, CAF, SDLC, ISO/IEC, CMS, and HITRUST.
Areas of Expertise & Technical Skills
|
§ Program Management § Project Management § Motivational Leadership § Cyber Security § Governance, Risk & Compliance |
§ Information Assurance § Process Improvements § Cross-Team Collaboration § Stakeholder Communication § Change Management |
§ Agile § MS Project § Visio § Clarity § PeopleSoft |
Professional Experience
MULTIPLE EMPLOYERS, Various Locations 2009 - Present
Senior Cyber Security & IT Program Manager
Managed IT operations, programs, security, governance, risk, and compliance for large organizations across multiple industries including finance, technology, energy, and government. Aligned IT programs with business goals in close collaboration with C-level leadership. Architected cyber security programs and products, established standards and programmatic controls, implemented enterprise-wide security policies for contingency operations, and drove remediation for information security vulnerabilities. Designed and executed improvement initiatives, conducting in-depth analysis to determine optimal solutions for enterprise goals. Led development of adoption, change management, and communication strategies in coordination with interdepartmental teams.
Key Projects:
US BANCORP: OCC Audit & MRA Remediation/ Enterprise Risk Management (2018)
Team Size: 10 Staff & 16 Contractors · Methodology/Tools: MS Project, SharePoint, Tableau, Archer, IDM
§ Conducts periodic internal reviews or audits to ensure compliance procedures are followed.
§ Directs the internal investigation of compliance issues, assess product, compliance, or operational risks and develops risk management strategies.
§ Collaborates with business divisions and departments (e.g. Risk Management, Internal Audit, Consumer Groups, etc.) to direct compliance issues to appropriate existing channels for investigation and resolution
§ Coordinates with risk partners (audit, compliance, legal, risk management) groups to document processes and communicate related information to stakeholders.
§ Remains informed of regulatory developments within or outside of the company as well as evolving best practices in compliance control
§ Prepares reports for senior management and external regulatory bodies as appropriate to include MRA Issue Remediation & closure activities; governance & sustainability reporting routines, and business analytics metrics.
WELLS FARGO & CO.: Enterprise Monitoring & Regulatory Compliance Project (2017)
Budget: $5M · Team Size: 3 Staff & 4 Contractors · Methodology/Tools: Splunk, MS Project, ArcSight, CyberArk
§ Streamlined incident response process, shortening service-level agreement (SLA) timeline by two days.
§ Created proofs of concept for parallel business processes, reducing ancillary analysis by 30%.
§ Interface with technical personnel and other teams as required to perform daily monitoring and review of security events
§ Optimized C-level decision-making process by building and managing 52 Splunk executive reporting dashboards for SANS 20 Critical security controls and KPI metrics in Splunk Enterprise.
§ Developed best practices for security monitoring & reporting; performed network incident investigations, determining the cause of the security incident and take steps to contain and eradicate the threat
CHARTER COMMUNICATIONS: Regulatory Compliance & Internal Audit Project (2016 - 2017)
Budget: $20M · Team Size: 8 Staff & 3 Contractors · Methodology/Tools: MS Project, SharePoint, Others
§ Improved systems security and reduced vulnerabilities through execution of 45 Security Assessment & Authorization (SAA) packages under governance, risk management, and compliance (GRC) frameworks.
§ Overhauled three enterprise information security programs for hybrid assessment strategies inclusive of NICT, COBIT, PCI-DSS, and HIPAA.
§ Mitigated business risk by reengineering risk management policies, procedures, processes, systems, and internal controls in collaboration with multiple internal teams and external vendors.
WELLS FARGO & CO.: IT Transformation Readiness Project (2014)
Budget: $2M · Team Size: 7 Staff & 5 Contractors · Methodology/Tools: Prosci ADKAR, MS Project
§ Drove smooth, positive change management by developing comprehensive adoption and communication strategies, conducting extensive primary research, and collaborating with stakeholders across business units.
§ Empowered service liaisons to serve as effective ambassadors by educating them on Change Management Program tenets and structured framework.
§ Enhanced understanding of Transformation Readiness workstreams for five lines of business through training sessions utilizing ADKAR model.
§ Spearheaded design, engineering, testing, and deployment of enterprise solution implementation within the Technology Operations Group.
ERIE INSURANCE GROUP: Information Security Strategy & Program Development Project (2014)
Budget: $150M · Team Size:10 Staff & 2 Contractors · Methodology/Tools: MS Project, Others
§ Established strategic vision, guiding principles, roadmaps, and standard operating procedures (SOP) for integration of IT programs and systems across business units.
§ Developed and delivered six strategic initiatives and 18 roadmap efforts for Enterprise Access Control & Governance and Information Security Governance, Risk Management, and Compliance teams.
§ Drove alignment of IT programs with eight priority GRC initiatives and Internal Audit Partnership Alliance.
§ Influenced strategic and tactical direction for enterprise IT solutions to augment corporate growth and future technological advances.
Additional Experience
BISO Analyst/INFOSEC Analyst, Open Systems Technologies, TIAA-CREF, Charlotte, NC
Sr. Risk Coordinator/Sr. Regulatory Compliance Manager, Bank of America, Charlotte, NC
Sr. NERC/CIP Program Manager, Tennessee Valley Authority, Chattanooga, TN
Cyber Security Program Consultant Energy & Utilities (Duke, Exelon, GE-Hitachi, Shaw Group/ CBI) multiple locations
Program Manager, Accenture, Washington, DC
Sr. INFOSEC Program Manager, National Institutes of Health (NIH), Rockville, MD
Program Manager/Sr. Cyber Security Analyst, Client Network Services, Inc./Dept. of Energy, Rockville, MD
Sr. Cyber Security Program Lead, Nuclear Regulatory Commission (NRC), Rockville, MD
Sr. Information Security Specialist, Integrations Communications Solutions, Inc., Frederick, MD
US ARMY--Chief Information Systems Officer, CPT/O-3, US Army, Camp Humphreys, South Korea
Education & Certifications
Doctorate (PhD) in Information Technology, (progressive) 2020
Capella University, Minneapolis, MN
Master of Science in Information Technology, 2006
University of Maryland University College, Adelphi, MD
Bachelor of Science in Telecommunication Electronic Systems, 2000
Cameron University, Lawton, OK
Certified in Risk and Information Systems Control (CRISC), Cert #1002179
Information Systems Audit and Control Association (ISACA)
Project Management Professional (PMP) Certification, Cert #1260855
Project Management Institute (PMI)