IT Risk Officer
- IT Security professional specializing in balancing the needs of the business with the risks and costs of security controls. Over thirteen years demonstrated experience in improving information security strategies and programs in regulated and agile business environments. A professional driven by the belief that business strategy and goals should drive technology selections, and that with a well implemented information risk management program those same technologies can improve market share, customer satisfaction, retention, increase sustainability and bring competitive advantage.
- CISSP, ITIL V3, PMP, IT Infrastructure/Design, Security Architecture, Process Improvement, Policy Design Implementation, Disaster Recovery
- Risk Management/Monitoring, Security Operations Integration, Vendor Management, Training and Awareness, HIPAA / PCI-DSS Compliance.
- Responsible for managing the IT security risks that may impact the interests, reputation and assets of the Atlas Copco organization, its employees, customers, and stakeholders.
- Planning, designing, implementing and continually improving an overall risk management program for the Atlas Copco Group using industry standards including ISO 27001, NIST 800-53, ISO/IEC 20000 Series ITIL , PCI-DSS, and GASSP.
- Provide risk consulting services to the Group Management, and Business areas to ensure they can evaluate risks for action. Evaluation involves comparing estimated risks with criteria established by the Atlas Copco organization such as costs, legal requirements and environmental factors, and evaluating the organization's previous handling of risks and determining the appropriate action.
- Design and implement process and policy to facilitate the business' transfer, mitigation or acceptance of IT risk as it relates to the enterprise, corporate governance, regulatory and operational risk, business continuity, information and market risk.
- Organize appropriate risk reporting.
- Providing support, education and training to staff to build risk awareness within the organization.
- Business Services IT is an internal service provider supporting multiple business areas, finance, accounting, IT/IS, HR, and purchasing needs with more than 30K users worldwide
- Managed global team of Information Risk Analysts.
- Member of the Atlas Copco Security Council providing oversight, direction and governance to Atlas Copco IT Security Policy.
- Ongoing improvement and implementation of cross-functional 5-year security roadmap utilizing business-defined strategies and requirements as the foundation for priorities.
- Transformed business services security from compliance-based security to comprehensive IT Risk Management strategy.
- Reduced the number of risks introduced with each new service and increased the business' ability to take appropriate risk through integration of security into existing and new processes.
- Effected cultural change with the introduction of ITIL v3 into Business Services as process owner for Continual Service Improvement and Co-Owner of the overall ITIL Program.
- Increased knowledge and transformed perception from security roadblock to risk partner through global security training and awareness campaign.
- Created a standard, systematic method to proactively address audit findings and globally implemented.
- Guided each service team to develop their own business-oriented security roadmap to seamlessly integrate security goals and reporting into their daily work and processes.
- Overhauled 100 locally managed decentralized antivirus solutions with a single, centralized global solution, providing high visibility to existing threats and resulting mitigation. Led 15-month effort through successful on-time and on-budget execution affecting 28K users in 135 countries.
- Continuously monitor changes in legislation and accreditation that may impact the business, making adjustments to polices, and procedures accordingly.
- Promoted 8 times during 12 year tenure based on exceptional performance and proven leadership abilities, culminating in responsibility for long term security strategy, direction of major technical projects, and implementation of all IT related Six Sigma process improvement opportunities. Developed 3-5 year roadmap focused on balance and flexibility to align business needs with potential costs and ensure solution compliance. Created standards to be enforced throughout lifecycle of solution development resulting in acceptance and support by the Corporate Information Security working group.
- Improved Incident Management and Problem Management Processes. Utilized DMAIC method to identify areas for improvement in the Incident, Vulnerability and Problem Management processes.
- Led implementation of critical Information Security Initiatives including desktop encryption WinPT , centralization of monitoring and reporting SenSage , deployment of Enterprise Security Manager Symantec ESM , and CheckPoint Firewalls, Management and Logging Servers. Managed third-party vendors in CITS application development, successfully delivered on-time and on-budget.
- Selected to represent Premier during examiner interviews for the National Baldridge Award for Excellence, which was successfully granted in 2007.
Directed a disparate team of Security Professionals in up to 60 simultaneous IT projects focusing on e-commerce, ERP, COTS, Oracle, SQL, Unix, Win2K, and NT implementation services. Acted as lead project manager for all Information Security Risk Initiatives including Enterprise-wide rollout of single-sign on and risk monitoring tools.