SUMMARY

• Accomplished, outcome - driven Information Security Leader with more than 12 years of demonstrated leadership expertise across all aspects of security disciplines: information security, cyber-risk and vulnerability assessments, threat modeling and analysis, and security intelligence.
• Proven record of success in providing strategic direction and oversight for enterprise information security and IT risk and compliance policies, principles, procedures, and practices.
• Repeated success in leading cross-functional teams of IT experts, senior management, and key stakeholders in identifying corporate IT policy improvement opportunities, evaluating technical risk assessments, and orchestrating security-related initiatives across all risk categories; operational, compliance, information technology, and financial.
• Steering development and deployment of top-level information security programs and systems in domestic and international contexts.

AREAS OF EXPERTISE

• Information Security Architecture/Management
• Asset Management
• Data Classification
• Information Security Policy
• Client Engagement
• FISMA Compliance
• NIST Security Frameworks
• Information Governance
• Policy Development
• Operations Excellence
• Program Management
• Data Security Analysis (Data in Transit, Data in Motion, Data at Rest)
• Cyber Threat Analysis
• Cloud Security Data Loss Prevention
• Network Analysis
• Information Risk Auditing

PROFESSIONAL EXPERIENCE

Confidential, Charlotte, NC

Owner / Chief Security Engineer

Responsibilities:

• Architected and oversaw delivery of company-wide designs for 15 projects varying in size from 10k to $12M.
• Managed teams of specialized engineers to design, deliver complex technical solutions to business partner requirements.
• Defined and established team structure, roles, responsibilities, and process improvements after CIO realignment created independent teams from the former MRDB organization.
• Leading organization-wide transformation efforts to improve service delivery from Define through Control by realigning tasks and resources where appropriate.
• Improved delivery to business partners by proactively managing the delivery process from inception to turnover.
• Responsible for leading deployment of initiatives and ensuring they are built as designed by the enterprise architects.
• Escalation and resolution of technical and/or project roadblocks in technology deployment.

Confidential, Chicago, IL

Security Manager / Architect

Responsibilities:

• Spearheaded build-up of information security service offerings and regulatory compliance solutions.
• Successfully drove enterprise-wide business growth, secured $5M client engagement for Fortune 500 organization.
• Conducted security baseline audit review of Sage Software's security processes and policies.
• Presented findings to executive leadership.
• Directed configuration management infrastructure and disaster recovery procedures.
• Analyzed audit results and proposed solutions to validate security controls and ensure compliance with ISO/ 27002/27001.
• Led information security project for Center for Disease Control (HSPD12) aimed at improving operational performance, identifying and mitigating critical data security risks, while enhancing integrity of control system and processes.
• Served as Security Manager / Architect for LPL Financial.
• Created executive level DLP presentation, designed data loss prevention architecture, infrastructure implementation, and developed and implemented KPI’s reporting metrics.
• Mentored team members and provided training in best use of (DLP) technologies.

Confidential, Atlanta, GA

Security Architect

Responsibilities:

• Steered design and implementation of cross-functional security architecture for major client organizations across various sectors, including retail, automotive, and healthcare.
• Managed a 30-member staff team and deployed Confidential for state government agencies, using McAfee Anti-Virus, Symantec DLP, and EMC (RSA) DLP, NitroSecurity software/hardware.
• Designed and deployed identity and access management solutions for AEP Corporation using Oracle toolsets (OIM, OID, OAM, OVD).
• Conducted application security testing (black box, white box, and gray box), using tools WebInspect, Nessus, Core Impact, Qualys, and ArcSight.
• Ensured all compliance controls were in line with NERC CIP regulations.
• Orchestrated implementation of SABSA security architecture framework based on Cisco NAC security for Sony Pictures Entertainment.
• Designed end-to-end encryption for file, email, database, wireless, and whole disc applications (introducing security products like PointSec, EyeRetina, and PGP).
• Coordinated risk assessments and audits for Zurich Financial Services across various international sites; Spain, Switzerland, Malaysia, Singapore, and Thailand. Optimized recommended data Confidential based on local requirements, regulatory compliance, and regional risk profiles.
• Authored development of strategic road map for security service offering for client Zurich Financial Services both domestically and internationally, delivering $6M in IT cost savings over 2 years.

Confidential, Los Angeles, CA

Senior Security Architect

Responsibilities:

• Led design, development, and implementation of wide range of security systems for various customers.
• Directed full-cycle project management, ensured all sales and revenue targets were met or exceeded.
• Managed a 20-member staff team.
• Architected and managed 3 Cisco (MARS)/NAC appliances and 12 security IDS/IPS sensors for Confidential .
• Created security incident management solution and deployed Cisco Agent Management Consoles, policy activation, and security event tuning between data center locations in Los Angeles and Denver.
• Led analysis and audit of all token authentication infrastructure for ABN/AMRO ( Confidential Bank).
• Ensured encryption solutions were in compliance with company policies, regulatory directives, and best practices.
• Delivered comprehensive Confidential for clients, with focus on policy and procedures, disaster recovery, business continuity planning, security incident program development, application security framework, and data loss prevention.

Confidential, El Segundo, CA

Senior Security Consultant

Responsibilities:

• Oversaw identity management strategy development and deployment for clients across several industry verticals, including government, entertainment, insurance, and financial services.
• Identified optimal products for clients and led implementation process, including Oracle, Tivioli, BMC Patrol, Computer Associates, and Aveska.
• Directed 38 technicians.
• Led data-loss prevention projects on global scale.
• Worked on-site in Indonesia, Malaysia, Singapore, and Thailand.

Confidential, Washington, DC

ITS Architect / Engineer

Responsibilities:

• Directed all security event monitoring and management.
• Led key projects for IBM clients, developing and implementing wireless security strategies and network access control solutions, as well as providing government compliance services.
• Conducted large-scale application penetration testing staff size 17.
• Wrote and developed playbooks that are currently being published in IBM RedBook series on Security Infrastructure, Technology Leadership, Risk Management, and Project Management for IAM.