Roll up the Sleeves Collaborative Leadership Highly Effective in Galvanizing Teams for Improved Performance

Accomplished Information Security, Compliance, and Governance leader with a solid track record of success in leading business transformation and cultivating cultures of excellence. Provides 20 years' Leadership/Managerial/Consulting experience in Business, IT, IT Security, IT Governance Risk Compliance GRC , and Operations supporting Fortune 500 companies, overseeing teams of up to 62 associates and budgets ranging 2-6M annually. Deeply experienced working with regulatory requirements SOX, HIPAA, Banking Regulations, GLBA, FFIEC Audit Handbook and industry-related security standards, PCI-DSS, NIST 800 series , FISMA, FIPS and frameworks such as ISO27001/27002/27005, COBIT, COSO, and conducting audit preparation for FDIC OCC audit examinations. Experienced and effective in working within a matrix environment with diverse team members.

Leadership Profile

• Patient and committed mentor in developing teams, successfully infusing cultures of excellence.
• Experienced in turning chaos into order and quickly turning around underperforming organizations.
• Excels in driving engagement and adoption across the enterprise leveraging a highly collaborative approach.
• Roll up the sleeves style of leadership that partners with executive leaders, business units, and IT teams to understand nuances and tailor working solutions that deliver immediate, positive impact.
• Cultivates fair, pay-for-performance working environments that deepen retention and engagement of IT/IS teams.
• Identifies gaps and develops plans to reduce deficiencies.

Leverages FFIEC, NIST and other best practice and process frameworks to drive continual process improvement.

• Broad information security project experience: policy development, internal/external audits, corporate IT governance, compliance testing and operational risk GRC , vendor management, security metrics reporting, awareness and training, incident response, and physical security.
• Audits: SSAE 16, Type 1 and 2 AT Section 101, SOC1, SOC2 and PCI-DSS Assessment.
• Conversant with a wide range of security protocols and Controls: data loss detection/prevention, Identity Access Management IAM , disaster recovery and business continuity plans, security information/event management, host-based integrity checking, end-point security, firewalls, etc.

Demonstrated broad-based strengths and accomplishments in:

• Strategic Tactical Planning
• Regulatory Compliance
• Awareness Training, Building Security Programs
• Business Impact Analysis
• Project Management
• Budgeting and Cost Control
• Operations Management
• Privacy Compliance
• Vendor Assessment/Mgmt.,
• E- Commerce Strategy Development
• IT Governance, Risk Compliance GRC
• Vulnerability Assessment Penetration testing
• Information Security IT Architecture Integration
• Framework, Policy Procedure Development

ISO/IEC 27001, 27002, 22301, BSIMM, HIPAA-HITECH, FFIEC, Fed RAMP, PCI-DSS, OWASP, SOX, COBIT, COSO, SSAE 16, GLBA, NIST, OpenSAMM, SCADA, Privacy.

PROFESSIONAL EXPERIENCE

Confidential

• Partner with the CEO, CIO and other senior leadership positions to establish and communicate a clear and compelling technology vision and roadmap.
• Demonstrated experience implementing an information security program end to end, from concept into business services and from architecture through to operations.
• Managing the risk, controls, privacy, security and other related compliance activities for all of the organization's information assets, products and services.
• Experience in the evaluation and implementation of industry-standard enterprise-wide information security technologies and concepts, including Data Loss Prevention, Security Event Management, GRC Tools, Threat and Vulnerability Management, Identity and Access Management, Application Security, Computer Forensics.
• Responsible for the effective execution of all Compliance Framework elements.
• Serve as key contact for all compliance matters and coordinate support across multiple compliance resources.
• Manage assessment and implementation of regulatory change, implement training and policies, conduct compliance monitoring and testing for key regulatory requirements, and drive timely identification and remediation of issues as necessary.
• Support activities with appropriate reporting and communication to key stakeholders, including regulatory agencies as appropriate.

Achievement highlights:

• Design/ implementation of organization's effort towards attaining HIPAA- HITECH, Safe Harbor compliance, ISO 27001, SSAE 16 Soc. 2 and FedRAMP certification and accreditation

Hands on leadership in mentoring, recruitment, retention, professional development and conduct regular performance appraisals.

• Architecting, Integrating with organizational process and monitoring risk management processes
• Leverage a wide range of security technologies including, but not limited to: SEIM, IDS/IPS, HIDS, malware analysis and protection, content filtering, logical access controls, identity and access management, BYOD, data loss prevention, and content filtering technologies.

Impacts:

• Research various threats to company and client security. Conduct investigations of security incidents.
• Advised business units of information security threats and mitigations.
• Evaluated frameworks to determine the best approach including COBIT, COSO and ISO27001
• Review and answered vendor and client security questionnaires.

Confidential

Senior IS Security Engineer

• Leading efforts to identify, develop, implement and maintain processes across the organization to reduce information and information technology IT risks.
• Oversees risk management and information-related governance, in alignment with the policies and procedures.
• Developing holistic architecture and security solution such as complete controls designed to protect the business while mapping key services to needed information systems
• Consistently recognized for meeting goals and expanded efficiency and security awareness.
• Perform vendor security assessment
• Identify potential risk, consult on mitigating or reducing risk
• Demonstrates Compliance influence and ensures accountability for Compliance elements of the Risk Framework, maintaining independent compliance oversight of business and vendor performance.
• Promotes the culture of Compliance and ensures the identification, escalation and timely mitigation of compliance risks.

Achievement highlights:

• Developed the Company's first Security Awareness Program, including the initial enterprise-wide Security Awareness Training.
• Established a tracking and monitoring system to ensure deployment and completion of training across the organization achieved 98 completion within an ambitious 2.5-month timeline.
• Accelerated business user learning and new practice engagement and adoption by crafting highly relevant training materials, simplifying the steps needed to become and remain compliant.
• Tapped to aid in development of the Company's first standardized enterprise governance program, taking on a compliance consulting analyst role to ensure full compliance across organization
  • Developed the Company's first Compliance Testing Program in collaboration with PWC and Deloitte.
  • Participated on teams as the security expert for governance interaction with a third-party IT vendor, testing of disaster-recovery corporate plans, and the creation of an information security risk mitigation plan.
  • Participated in the Company's Sarbanes-Oxley SOX 404 IT compliance and attestation efforts, by planning and performing control's testing, and reporting of SOX IT audit findings to all key stakeholders.
• Hand-picked by the Chief Information Security Officer CISO to develop Company's first standardized Enterprise Information Security Policy and Awareness Programs. Collaborated with CISO and key stakeholders Technical, Legal, and Human Resources to create and maintain the policy, procedures, standards and security baseline's requirements.
• Partnered closely with the President of each Line of Business LoB , CISO and Legal to create IT Security Policy and directives for adoption by the ADS Board for their approval.
• Conducted IT Compliance Controls Testing, reported findings and worked with key stakeholders to resolved issues to ensure compliance.
• Worked closely with each LoB Information Security Officer ISO to create Baseline Requirements for 3 distinctly different LoBs Retail, Pharmacy and .com and their business function groups.
• Infused a highly collaborative approach working with each LoB to better understand unique requirements.

Confidential

Application Security Consultant Contract

• Evaluate information security products and provide guidance as to their strengths and weaknesses as security tool candidates
• Performed security risk assessment and recommend measures to deal with identified risks across many differing aspects of IT systems.
• Led the team that redesigned the security work activities with GUI applications, resulting in better performance.

Confidential

• Documented security policies and procedures created by the Information Security Committee.
• Initiated, facilitated, and promoted activities to create information security awareness within the organization.
• Maintains the IT Security, Policy, and Compliance Team's policies, and procedures and the annual updates.
• Balancing business strategy with appropriate controls. Works with the Compliance senior leadership to develop, implement and communicate Corporate Compliance's mission, goals and strategies.
• Proactively manages the relationships with regulatory agencies external, consultants and other internal risk management groups.
• Responsible for strategic and tactical planning of Security, Compliance and Regulatory Reporting dedicated to PCI, SOX, FDIC, GLBA, NIST and FFEIC requirements.

Achievement highlights:

• Galvanized team's efforts, working 24 x 7 to meet aggressive delivery goals successfully developed new security program and securing full corporate board approval within eight months.
• Ensured adherence to policies and standards to legal and regulatory requirements SOX, HIPAA, GLBA, Banking Regulations, and industry-related standards, PCI DSS by conducting extensive research utilizing FFIEC IT Information Security Handbook, National Institute of Standards and Technology NIST , SANS, ISC2, ISACA resources. Efficiently re-engineered strategic planning and servicing operations to enhance performance and improve customer satisfaction by 30 .

Successfully completed SAS/70 type 2 audits on time, without any findings or management comments required

Introduced change management policies and procedures for infrastructure changes reducing the number of unscheduled or unplanned outages by 75

Successfully turned around an underperforming division that had been struggling with growing pains and unable to meet SLA performance requirements for 3 years.

Transformed chaos into an order by establishing much-needed structure, policy, and repeatable processes.

Improved SLA down times by 25 while increasing efficiencies by 35 . Efficiencies were gained as the operational staff absorbed a third more work without increasing headcount or overtime.

Listened to the floor to better understand each functional group needs gaps and nuances. Carefully tailored and developed effective policies and procedures that are still in use today, 10 years later.

Built trust with teams, instilling a partnership approach. This approach proved to be invaluable in fostering true engagement and commitment to organization's goals and mission.

• Cultivated fair pay-for-performance cultures. Attained payroll budget efficiencies in as little as 18 months and provided ten employees with 20 increases without impacting the pay or merit increases for other team members.

Confidential

• Developed project plans, gathered system and data requirements, determined specifications and identified, documented and validated business requirements.
• Developed testing plans and lead the testing process for system enhancements and UAT.
• Acted as Advisor to management on process systems and redundancy elimination.

Confidential

• Assisted in the administration of hospital-wide quality management and performance improvement initiatives in the areas of Utilization Review Risk and Quality Management and Performance Improvement.
• Consistently reduced or eliminated cost or schedule overruns, ensuring projects were completed to specifications while achieving significant savings.
• Coordinated the execution and validation of Business Unit requirements, Quality Assurance, Compliance- HIPPA, and JCAHO.

Confidential

• Performed network QA test executed system analysis and troubleshooting in order to resolve problems with servers, workstations, and other network devices.
• Administered servers and server clusters managed system back-up, database and restored protocols.
• Planned IT network infrastructure with clients to ensure that the systems are tailored and comply with their requirements and needs.
• Managed data security for a 14-state region spanning 30 Multiple Virtual Systems MVS - currently known as zOS environments, including the provisioning of UserIDs for 36,000 users and the management of system SETROPs settings and dataset profiles for 15 separate RACF databases.