Manager, It Security, Data Privacy & Risk Resume
San Francisco, CA
SUMMARY:
- Accomplished IT Security, Governance Risk & Compliance Transformation Expert with experience in the roles of Principal Advisor, Program Manager, Product Manager
- Project Manager, and Systems Configuration Advisor with an exceptional leadership background developing and implementing world - class infrastructure and enterprise-wide security solutions with an emphasis on risk mitigation & tracking systems, implementation of IT security policies, internal controls, DR/BCP preparation, and verification processes for the financial, energy, and healthcare sectors.
- Executive Planning, Strategic Deployment
- High-Performance Team Development
- Program Management, Project Management
- PCI-DSS, SOX, PCAOB, HIPAA, NIST, UCF, COSO, COBIT ISO 27001, 27002, FedRamp, GLBA, AML, FINRA
- Regulatory, Compliance and Privacy Law
- IT Security / Risk Assessment Mgmt.
- GRC System Design, Deployment & Mgmt.
- External Vendor hosted SAAS environment
- IT Service Management
- Consulted Confidential Management on the implementation of the RSA Archer eGRC System to track applications, servers, databases, network appliances and personnel, to ensure proper handling of HIPAA compliance assessments, Meaningful Use and related risk management processes, findings remediation and automation of workflow processes to capture efficiencies and hardening of the system.
- Directed the Oronite Global Risk Management Transformation Project, which was recognized by Chevron for saving over $3.5 million per year, enabling Chevron Management to track the risk management work of more than 35,000 employees and contractors, in real-time, assisting in managing Chevron’s risk portfolio for applications, databases, servers, infrastructure and SCADA systems.
- Created standards and processes to monitor critical data related to decommissioned systems and assets, for more than 200 IT applications, databases and server systems around the world, resulting in the savings of over $50 million in licensing fees and support expenses, and mitigation of risk due to outdated systems sitting in the production network.
- Managed the partnership between Chevron and Citibank’s Commercial Banking Application IT Group creating Citibank’s flagship enterprise online banking system, CitiDirect, which enabled Chevron to begin centralized management of all global cash movements throughout Confidential, and resulted in the decommissioning of more than 100 inefficient and outdated banking systems, around the world. Additionally, I was equally involved in the business and technical integration of global banking systems for JP Morgan Chase, Wells Fargo, Bank of America, CIBC, Royal Bank of Canada, Bank of China and several others, including the creation of internal controls and DR Plans to support each system.
TECHNICAL SKILLS:
Contingency Planning: Disaster Recovery Planning, Business Continuity, DR/BCP, Disaster Recovery Testing, Data Backup Policy Management, Data Retention Practices and Policy Management, Test Design and Execution, Contingency Planning Gap Remediation Management, SunGard/Strohl LDRPS. GRC BCP Controls, Citrix/Remote work contingency development
IT & Business Governance: Governance Oversight, Corporate Policy Development, IT Security Policy Development, Risk Analysis, Risk Mitigation, Compliance Standards Development, SWOT Development, GRC Metrics Design and Management. Encryption Standards, RSA Archer GRC System Design and Deployment, SAP GRC, Risk Mitigation Planning & Remediation Tracking, Data Retention Policy, Vendor Security Policy
Network Security: Firewall Rules Management, Intrusion Detection System (IDS) Implementation and Management, Intrusion Prevention System (IPS) Implementation and Management, Network Architecture and Segmentation Reviews, Network Vulnerability Review, Behavioral Analytics, Big Data Security
Identity Access Management: Privileged Access Management Systems (PAM) Implementation, TPAM, Federation Access Mgmt, LDAP, IAM, OAuth, Active Directory (AD), IAM Segregation of Duties (SOD) Reviews and Exception Mgmt. SAP Security, CyberArk, Quest, SailPoint
Mobile Security: Mobile Device Management (MDM), Mobile Security Reviews
Virtual/Cloud: SAAS, IAAS, PAAS, SAAS Security, Cloud Security Assessments, VMware WorkstationCloud, Citrix, Citrix Zendesk Deployments, Cisco WebEx and Meeting Place Implementation
SW/OS Specific: Microsoft Office (Word, Excel, Outlook, Visio, PowerPoint, Visio), MS Project, SharePoint Dev and Implementation, Unix/Linux administration, Windows Server 2008 R2, SQL Server 2008 R2 Administration, Maximo, Starlims, Celtis, SAP (MII), SAP R/3, SAP BW, SAP SRM (Supplier Management System), SAP Security, Crystal Reports, Oracle Financials, RSA Archer GRC, OpenPages, SAP GRC, VPN, Data Loss Prevention Systems (DLP) System Deployment, and Review, Legal Retention System Management, SunGard LDRPS, Qualysguard, TFS
PROFESSIONAL EXPERIENCE:
Confidential, San Francisco, CA
Manager, IT Security, Data Privacy & Risk
Responsibilities:
- Provide IT security, governance, risk and compliance consulting to a broad range of clients spanning all sectors of the economy, including some of the largest household and industrial brands in the world.
- Assess current state security, from governance to operations and network configurations, providing insight on best of class methodologies and processes to ensure that IT Security is in a pro-active state to support the Business, ensuring corporate and client data is properly secured in alignment with regulatory and industry requirements and standards.
- Provide guidance to organizations where their IT organization is not able to efficiently support the speed of the business, resulting in outsourcing data management to professional management services using SAAS, PAAS, IAAS cloud infrastructures.
- Create comprehensive GRC and SIEM Management programs and control frameworks, aligning with ISO2700x, FFIEC, GLBA, NIST, SOX, EU Safe Harbor, and HIPAA/HITECH requirements, including creating corporate policies, corporate standards and documenting internal controls and the creation of the Business Continuity / Disaster Recovery Programs.
Confidential, Palo Alto, CA
Program Manager
Responsibilities:
- Chief Security, Governance Risk and Compliance Consultant to San Francisco Bay Area / Silicon Valley based B2B financial startups based on the use of SAAS based cloud solutions.
- Assess security configurations related to SAAS applications, servers, databases and internal control logging including monitoring related to DLP, firewalls, SIEM Management systems, and Privileged Access Management.
- Create comprehensive GRC and SIEM Management programs, aligning with ISO27001 & 27002, FFIEC, GLBA, NIST, SOX and SSAE16 SOC 1 & 2 requirements, including creating corporate policies, corporate standards and documenting internal controls and the creation of the Business Continuity / Disaster Recovery Programs. Assessed data security by reviewing app, Db, server and infrastructure security configs.
- Executive Management Consultant on IT Security, Governance, and Risk Management practices and capabilities, allowing my clients to dramatically expand their business opportunities, including partnering with the largest banks in the world.
- Project Manager responsible for overall direction of the creation and streamlining of existing processes enabling clients to expand their clientele and gather traction as financial startups while ensuring compliance with financial regulations. Over the past two months, one client has added more than five thousand paying customers.
- Managing the day to day business process requirements to conduct business as a small business in the State of California as Product Manager, Client Acquisitions and backend office management.
Confidential
Project Manager
Responsibilities:
- Managed and performed risk assessments of internal and external vendor system implementations, including vulnerability testing reviews, threat and impact assessments, and security architecture reviews, SSAE-16 reviews, ensuring alignment with PCI-DSS, FFIEC, SOX, ISO 27001 & ISO 27002, as well as Visa's corporate policies, and Visa’s technical security requirements.
- Advisor to the Risk Management Process Team for streamlining risk management processes to ensure that compliance and risk management processes project go live dates were met, and that operational and technology risk was identified, graded, remediated or accepted, using the RSA Archer eGRC tool and MS SharePoint collaboration.
- Partnered and championed opportunities with the Visa Legal, IT Security, Vendor Management, and Vendor Risk Groups to develop governance processes and new contracts for onboarding new external vendors, ensuring compliance with Visa’s corporate policies and ensuring risk is mitigated to credit card holders. .
Confidential, Pleasanton, CA
Lead Business Consultant - IT Compliance - Project Manager
Responsibilities:
- Consulted Management to ensure Kaiser’s 2,000+ IT Infrastructure systems continued to comply with HIPAA, Meaningful Use, ePHI, and other governmental mandates, as required by Health and Human Services, and in alignment with NIST framework for the HIPAA Mandate
- Project Manager for multiple enterprise regulatory assessments of IT infrastructure, network and application systems.
- Senior Advisor to KP Leadership on the implementation of the RSA Archer eGRC tool to ensure proper handling of HIPAA assessments, resulting in what is to be one of the world’s largest RSA Archer implementations. Designed and configured Archer GRC, including apps, iViews and system integration.
- Performed risk assessments of IT Infrastructure systems, including applications, servers, databases, network devices, and their related configuration settings, supporting all areas of Confidential .
Confidential - San Ramon, CA
Program Manager
Responsibilities:
- Principal Project Manager, Program Manager and Product Manager responsible for ensuring that multiple compliance projects spanning worldwide operations were completed on time and under budget.
- Performed IT security reviews, risk assessments, business impact assessments, BCP/DR plan creation and testing, IT General Control reviews of applications, servers, databases, network devices, and SCADA systems to ensure compliance with Chevron IT Security Policy, and alignment with applicable security frameworks for each of twelve international locations.
- Directed and managed all aspects of the Information Risk Management Program Transformation Project for all of Chevron Oronite, which included twelve international operating units, impacting more than 1,000 employees and contractors, and more than 4,000 systems.
- Guided Executive Management in centralizing the support services and the standardization of risk management practices of more 2,000 additional applications, servers, and databases located around the world. Provided Risk Advisements on the buildup of the Gonfreville, France Oronite Data Center.
- Project Manager and Risk Management SME for Oronite France’s IT Risk Transformation Project. This project resulted in a massive transformation of risk management practices for applications, servers and databases.
- Communicated with all ranks of personnel, educating business and IT personnel on risk fundamentals, ensuring the workforce had a baseline understanding of risk and information security.
- Created the vision, strategy and managed all facets of the global implementation of Oronite’s Global Information Risk Management GRC system, including staff selection and development, further automating internal control processes saving the company more than $40 million, and establishing this system as a corporate standard.
- ed for creating the Oronite GRC system, that was built using the agile methodology, and in alignment with SOX, COBIT, COSO, ISO 27001 and 27002 Standards, HITECH, HIPAA, EU Data Privacy Regulations, and others. The entire global implementation cost less than $1,000,000.
- Created the Management Metrics Program, including automating reporting workflows, enabling the Management Teams at the global and field location levels to see real-time risk health indicators and status updates.
- Hired, directed and mentored the Global Solutions Group - Information Risk Management Team consisting of 5 direct reports, including providing guidance to an additional 24 contractor resources, based in Europe, Asia, The Americas, and India.
- Maintained all internal and external Compliance Requirements for more than 2,000 IT Systems ensuring compliance with SOX, HIPAA, HITECH, EU Data Privacy Act, and Chevron Corporate Policy.
Confidential - San Francisco, CA
Sr. Compliance Analyst
Responsibilities:
- Oversaw the review of all SOX controls within the Supply Chain organization, reducing the number of tested controls by 95% and an annualized savings of more than $750,000.
- Directed the SC Audit Team in performing User Acceptance Testing driving the transformation of how new IT systems were on-boarded, resulting in faster implementations with higher quality results.
- Performed SAP Compliance Reviews, including SAP (Security, SCM, BW, and GRC).
- Conducted risk assessments, gap analysis, business and IT process documentation, and the creation of risk mitigating internal controls, in alignment with corporate standards, policies, NERC and NIST.
- Compliance Advisor for a major SAP ERP implementation supporting Supply Chain and Business +Warehousing, ensuring compliance with Federal and State laws pertaining to a regulated utility.
- Consulted on the implementation of IBM’s Openpages for GRC tracking related to SOX testing.
- Consulted PG&E Management on IT Disaster Recovery and IT Business Continuity Processes with the implementation of the SunGard/Strohl LDRPS online Disaster Recovery/Business Continuity Tool.
- Created BCP/DR Plans for utility headquarters and groups supporting critical infrastructure.
- Received in 1st Responder for high rise buildings, covering fires, medical incidents and earthquake response management.
Confidential - San Ramon, CA
Treasury Security Analyst
Responsibilities:
- Chief advisor to the VP- Corporate Treasurer for Information Protection requirements for all banking and user system implementations; responsible for educating the Management on data and IT system security.
- Managed over 1000 financial audits, and rectified over $1MM in payment errors.
- Implemented mandatory SOX control enhancements in 2002 for all Treasury and financial systems.
- Consulted on the implementation of more than ten major banking systems, representing the largest banks in the world, allowing Chevron to better manage cash positions and investment movements.
- Consulted Management on the implementation of Disaster Recovery and Business Continuity Planning, including the implementation of satellite phone systems and hot sites and testing of DR/BCP plans for regional and global banking operations.
- Treasury BCP/DR response team member.
- Project Manager to develop technical documentation for the Disaster Recovery response for all IT systems including banking systems involving response with banks, primarily in New York and London.
Confidential - Pleasant Hill, CA
New Business Acquisitions Assistant
Responsibilities:
- Collaborated daily with clients, investors, domestic marketing operations, corporate legal team members and project managers throughout the enterprise.
- Oversaw regulatory documentation and requirements including permits, licenses and corporate approvals, ensuring accuracy.
- Performed contract reviews with Corporate Investors.
Confidential - Concord, CA
General Accountant
Responsibilities:
- Managed the General Accounting Desk for review of all accounting transactions related to Chevron operations throughout Japan, Singapore, Thailand, and Australia.
- Managed Australia LNG billing to power utilities customers throughout the Pacific Rim.
- Oversaw payroll and billing of resources to the various Joint Ventures throughout Confidential .
Confidential, Jacksonville, FL
Aviation Maintenance Support Supervisor
Responsibilities:
- Desert Storm/Gulf War Veteran, supervising a team of 20 as directed by the Commander in Chief.
- Ensured that the squadron’s fleet of aircraft was ready for service 24x7x365.
- Attached to Carrier Air Wing Seven aboard the USS Dwight D. Eisenhower (CVN-69) and USS George Washington (CVN-73).
