Andrew Kochinski
Details
Intensive Arabic Language Immersion Program - The American University in Cairo - graduated 2010
- Sr. Project Manager for Southwest Airlines in the Cybersecurity Defense department, supporting the Governance, Risk, Compliance & Privacy (GRC&P) Team
- Responsible for managing epics through the Scaled Agile Framework (SAFe) kanban flow, defining the team’s 3-year strategic roadmap, and securing organizational funding for planned initiatives
- Project management for regulatory compliance, risk management, security governance, and privacy enablement projects
- Implementation and operationalization of a GRC workflow automation platform
IT Security Governance Manager, Alaska Airlines, Seattle WA, July 2019 – October 2022
- Program Manager for the Alaska Airlines ITS CyberSecurity team, responsible for the PCI compliance program, IT risk management program, and internal security governance framework
- Led the annual merchant level-1 PCI DSS compliance assessment with external QSA, including interviews, evidence collection, gap analysis reporting, penetration testing, and issues remediation
- Developed and implemented automated processes for risk intake, policy exception, and annual security control review workflows
- Managed the IT risk register and facilitated risk review workshops with stakeholder teams, including risk scoring, risk strategy planning, and remediation management
- Administrator of a 3rd party SaaS automated compliance management platform
Sr. IT Security Compliance Analyst, Alaska Airlines (contracted through Loft9 Consulting), Seattle, WA, February 2017 – July 2019
- Coordinated Alaska’s merchant level 1 PCI compliance assessments from 2017 to 2019
- Revamped Alaska Airlines’ internal IT SOX control framework to algin with updated technologies and operational procedures
- Implementation of a 3rd party SaaS automated compliance management solution for IT audit workflows
- Facilitated external audits and penetration tests, including control testing, evidence collection, and deficiency remediation
- Developed an internal IT security control framework for Alaska Airlines, incorporating industry-standard security requirements (CIS, ISO, NIST) and compliance obligations (PCI and SOX)
Business Analyst, Microsoft (contracted through Loft9 Consulting), Seattle, WA, April 2016 – January 2017
- Developed reporting dashboards of IT incidents in Power BI and ServiceNow
- Established a monthly review cycle of reporting dashboards with product management team, incorporating user feedback into product development
- Managed User Experience sentiment survey and developed data insights for product enhancements
- Analyzed service desk tickets to identify trends, issues, end-user feedback, and new product features
Project Finance Coordinator, Aramco Services Company, Houston, TX, February 2013 – April 2016
- Assisted in the delivery of over USD $5 billion in export credit agency (ECA) financing to the USD $20 billion Sadara Project, the largest petrochemical facility in the world to be built in a single phase
- Coordinated the receipt, review, and submittal of financial reimbursement documentation to the five ECA lenders utilized on the Sadara Project (US ExIm, UKEF, K ExIm, K-Sure and Euler Hermes)
- Managed a team of ECA Coordinators stationed at international satellite project offices
- Worked with primary EPC contractors to ensure content eligibility compliance requirements were met
- Responsible for developing and managing the project’s export credit financial reimbursement schedule and preparing monthly cash-flow projections for the treasury department
Organizational Effectiveness Specialist, Aramco Services Company, February 2012 – February 2013
- Designed an executive-level project controls dashboard and managed the reporting procedure for seven asset groups on the Sadara Project (a USD $20 billion petrochemical project)
- Updated reporting metrics as the project transitioned into peak construction phase
- Developed and managed a project-wide relocation database
Skills
Project Management, PCI Compliance, SOX Compliance, NIST CSF, UCF, GDPR Compliance, Security Control Implementation and Testing, IT Audits, Issue Remediation, Data Analysis, Project Scheduling, Microsoft Excel (highly capable), IT Risk Management, GRC Platforms (ZenGRC, ServiceNow IRM)
About
I am a cybersecurity project manager with over a decade of diverse experience across cybersecurity compliance, IT security governance frameworks, and project finance. I have spent the past 5+ years working in PCI compliance for the airline industry (Alaska Airlines and Southwest Airlines). I have a deep understanding of the PCI DSS, and demonstrated experience implementing requirements and remediating deficiencies.
In addition to PCI, I have experience in compliance programs for Sarbanes-Oxley (SOX), the Department of Defense, and the Transportation Security Administration, as well as a deep understanding of generic security control frameworks such as NIST CSF UCF. I have managed projects to implement 3rd party SaaS tools to support compliance management workflows, and acted as an administrator and SME on the platform post-implementation.
I hold a Project Management Professional (PMP) certification from the Project Management Insitute, and I am currently studying to obtain a Certified Information Systems Auditor (CISA) certification from ISACA.