SUMMARY

• Business focused technology leader with over fifteen years of Chief Information Security Officer CISO and cyber risk management experience. Seasoned in establishing end-to-end enterprise information security and IT risk management programs. Innovative solution architect skilled in building cybersecurity programs that provide immediate and scalable rigor in safeguarding enterprise systems and data. Excels in leading companies to recognize and avoid strategic security oversights and tactical pitfalls in dynamic corporate environments
• Hands-on involvement at both operational and executive levels to drive strong awareness and commitment to transform enterprise security controls
• Cross-functional expertise in security solution architecture, infrastructure operations, application development, and business process engineering
• Executive presentation skills at the VP, CxO, and Board of Directors levels
• Balanced win / win negotiator with service providers, business leaders, technology subject matter experts, auditors, regulators, general counsel, and vendor management
• Proficient in establishing technology-wide risk management programs focused on identifying, tracking, and mitigating technology driven business impacts
• Hands-on experience with control frameworks including ISO, NIST, SANS 20, COBIT, ISMS, ITIL, and CMMI and regulations including Sarbanes-Oxley, FFIEC, HIPAA, HITECH, PCI, GLBA, and NERC CIP
• Skilled in achieving successful audit and regulatory outcomes including SSAE16 exams

PROFESSIONAL EXPERIENCE

Chief Information Security Officer, Risk Management, and Compliance

Confidential

• Assessed, designed, and led the implementation of a robust enterprise security program that supported the company's transformational business strategy to elevate LPL's leadership position as the largest domestic independent broker dealer and preferred financial platform service provider for over 14,000 independent financial advisors
• Collaborated with business and technology leaders to establish a foundational security strategy and tactical approach that balanced long-term industry standard control frameworks and immediate security gap remediation
• Garnered executive support and operational team cooperation to implement key security capabilities. Notable implementations include:
• Replacement of legacy firewalls to Fortinet UTM unified threat management platform
• Integration of legacy Websense and Sourcefire IDS controls into Fortinet UTM
• Prolexic DDOS Distributed Denial of Service safeguards
• Transition from passive Network Intrusion Detection to inline Network Intrusion Prevention
• LogRhythm SIEM Security Incident and Event Monitoring platform
• Online access re-certifications and core access provisioning via Sailpoint
• Symantec Data Loss Prevention and Data Insight
• Symantec VIP two factor authentication for VPN remote access
• Ping Federate and RSA Adaptive Authentication for 2-Factor Single-Sign-On
• Veracode application security scanning services
• Qualys vulnerability scanning to harden over 8,000 host devices
• Designed and implemented a hybrid organization model comprised of internal subject matter experts, external consulting experts, and managed security service providers
• Member of LPL's Risk Oversight Committee and co-chair of LPL's Security and Privacy Risk Subcommittee responsible for security risk identification, evaluation, and mitigation

Executive Consultant Information Security, Risk Management, and Compliance

CConfidential

• Consulting engagements focused on providing expert security advice and hands-on triage to address immediate and highly visible security and regulatory risks. Highlights include:
• Enterprise wide security policies, standards, and procedures to address a regulatory matter requiring attention MRA
• Provided expert advice for responding to formal risk and control self-assessments for international IT application delivery teams
• Fast track deployment of Symantec Data Loss Prevention
• Clients include: Fortune 200 commercial retail bank, Fortune 300 energy company, Fortune 400 global information security services company, global turf and landscape maintenance company, global payment services company, application security services company

Chief Information Security Officer, Risk Management, and Compliance

Confidential

• Established and operated an enterprise-wide information security and risk management program as part of Ameriprise Financial's divestiture from American Express.
• Information security highlights include:
• Implemented a cross-functional security operations center SOC
• Integrated firewall, intrusion detection, vulnerability scanning, wireless rogue device monitoring, and system access logs into a centralized Arcsight security event monitoring and response solution
• Deployed Symantec Data Loss Prevention for over 28,000 users
• Rolled out hard drive encryption to over 28,000 managed and unmanaged workstations
• Enabled ongoing Veracode application vulnerability scanning
• Implemented automated user account provisioning using IBM Tivoli Identity Manager
• Incorporated multi-factor authentication via Bharosa now Oracle to comply with FFIEC guidance
• Converted from McAfee to Symantec antivirus for over 28,000 workstations
• Led collaborative strategic planning with the privacy and corporate security officers to establish a unified approach for protecting sensitive information
• Hands-on engagement with the general counsel's office to enhance master service agreement contract language with the purpose of holding vendors accountable for protecting company information
• Partnered with the vendor management organization to implement a scalable security vendor review process utilizing online self-assessment questionnaires
• Executed an information security management model with third party service providers including IBM Global Services and leading India based firms
• Technology risk management highlights include:
• Integrated a technology risk management program with the company's enterprise-wide operational risk management program
• Facilitated a balanced and rational set of risk-based IT general controls including formal risk registers and SDLC checkpoints
• Incorporated COBIT, ISO, ITIL, COSO, and ISMS control frameworks to establish a common control language with internal and external auditors
• Technology audit regulatory highlights include:
• Remediated significant Sarbanes-Oxley control gaps in less than one year. Received the highest marks from Internal Audit for control effectiveness for 12 consecutive quarters
• Successful outcomes for regulatory exams and audits focused on information security, technology risk management, and IT general controls
• Implemented a PCI Payment Card Industry solution that eliminated the electronic storage of payment card numbers and initiated consistent use of a third party payment processing service
• Established an evidence library of all Sarbanes-Oxley controls and audit action plans

Executive Consultant Corporate Information Security Officer IT Infrastructure Leader

Confidential

• Engaged to design and implement an enterprise-wide information security program to achieve SOX and HIPPA compliance. Highlights include:
• Implemented Waveset for automated user identity and access provisioning
• Hardened over 4,000 server hosts
• Integrated Siteminder for Single-Sign-On
• Mainframe access remediation for over 20,000 profiles

Vice President of Information Security, Infrastructure and Web Development

Confidential

Vice President IT Performance Capacity Planning

Confidential

Performance Engineering Manager

Confidential