SUMMARY:

Experienced Information Security officer looking to find a leadership position that enables me to utilize my more than 20 years of experience in the creation and deployment of solutions protecting networks, systems and information assets for diverse companies and organizations. Qualifications include a Master’s degree in Information Security and Assurance; CISSP, GSEC and CISM designations. Detailed knowledge of security tools, technologies and best practices. Currently residing in London but in the process of relocating back to the New York metropolitan area.

PERSONAL SKILLS:

• 20+ years in IT and 7 years in Information Security in large financial and public companies.
• Experience of matrix management structures and remote management of staff.
• Excellent oral and written communication and presentation skills.
• Ability to talk in layman's terms about security
• Flexible, confident and personally motivated to succeed
• Excellent relationship and Stakeholder management skills up to CxO level.
• Leadership, development and team building (coaching/mentoring) skills

TECHNICAL SKILLS:

Security: SANS Top 20 Controls, FSA Data Security guidelines, UK Data Protection Act, ISO 27001/27002 , PCIDSS, NIST, Cobit, OWASP, Computer Forensics and Investigations, Incident Response, Symantec Endpoint Protection, Symantec Endpoint Encryption, Symantec Security Information Manager, Symantec Control Compliance Suite, Avecto Privilege Management, QualysGuard, Nessus, Seculert, Netclean, Portnox (NAC), Maltego, Counterpane, Splunk, Palo Alto, Junos Pulse, ISF IRAM, HMG IS1 and 2, Sender Policy Framework, EnCase,, Mandiant Web Historian, Microsoft Baseline Security Analyzer, Nessus, NMap, Wireshark, SNORT, RSA Archer, Zantaz Autonomy, FTK, Active Directory, Siteminder, SecurPass.

Networking: LAN, WAN, VPN, Proxies, Routers, TCP/IP

Programming Languages: Python, Perl, Java, SQL, C# and PHP

Databases: MS SQL 7 - 2005

Operating Systems: Windows NT 4 - 2012, Linux various flavours

Productivity: Mind Manager, MS Sharepoint, MS Office, MS Visio, MS Project

Applications: MS IIS 4-6, Websphere Application Server, Tomcat, SharePoint, Documentum, eRoom, Web Trends, Hyperion Dashboard/Scorecard/Essbase, MSSQL, Mercury Test Director, Peregrine Service Center, Windows NT and 2000, Hyperion (Essbase, Scorecard, Analyzer), MS Exchange 5.5, Veritas Backup Exec, Microsoft Systems Management Server, Microsoft RAS Server, Microsoft Project Central Server, Kronos Time Keeping Server, Novell Netware, Microsoft NT, MS Exchange 5.5, Attachmate Extra, BRAID SWIFT/Fax/Telex Messaging System, MS SNA Server 4.0, Arcserve.

WORK EXPERIENCE:

Head of Information Security Assurance

Confidential

Responsibilities:

• Currently interim Head of Information Security
• Collaborated with the Head of Information Security to define and manage Information Security Vision, Strategy, Budget (10M) and Roadmap for 2013/14 and 2014/15.
• Performed:
• Project Planning, Budgeting, Resource Planning and Oversight
• Vendor Evaluation, Selection and Relationship Management
• Security Metrics and Management Reporting
• Risk Mitigation and Management
• Decision making
• Key Information Security stakeholder involved in:
• Privatisation readiness
• IT Supplier Transformation - renegotiation of key IT contracts
• Get Safe IT Strategy initiative - preparation for migration to new suppliers
• Reorganised Assurance function consisting of Risk Assessment, Pen Testing and Vulnerability Management, Security Monitoring, Exception Handling and Incident Investigation
• Expanded Assurance programmes of work to assess critical infrastructure such as Active Directory, DNS, DHCP, network devices as well as expanding application assessment from Top 10 applications to top 40.
• Subject Matter Expert for PCI-DSS programme and key stakeholder on programme board.
• Built strong working relationships with other areas of IT, Risk Management, HR, Corporate Security and Legal.
• Managed the MSSP’s responsible for delivering security services to Confidential
• Owned the management of security events related to security threats and vulnerabilities
• Identified future threats and set effective strategies to mitigate them
• Represented Confidential in external Cyber Security forums
• Managed the relationship with key Cyber Security suppliers

Confidential

Director

Responsibilities:

• Established Information Security Assurance function including Threat and Vulnerability Management, Technical Security Assurance, Data Security Assurance and Security Awareness.
• Established BAU Pen Testing starting with Top 10 Critical Apps as well as Vulnerability assessment programme of whole server estate.
• Established regular programme of work validating configuration of critical infrastructure such as firewalls, proxies, Active Directory, DNS and DHCP.
• Established a programme of work to assess the company’s compliance against the Data Protection Act.
• This included data classification and mapping activities.
• Established a programme of work providing security awareness throughout the company
• Initiated the following projects based on the CESG Top 10 and SANS Top 20 Controls:
• Security Information and Event Management System (SIEM) - Deployed SIEM, established Security Operations Centre and completed initial phase of monitoring 150 critical devices
• PCI-DSS Compliance - Requirements gathering and tactical remediation phase
• Network Access Control - Proof of Concept of Portnox Network Access Management
• Privilege Management - Proof of Concept of Avecto privilege management
• Firewall Management - Deployed internal and perimeter firewalls, Palo Alto Next Gen Internet Firewalls, User Access Control and Counterpane monitoring
• Security Awareness
• Collaborated with CISO to define and manage Information Security Vision, Strategy, Budget (approx. 8M) and Roadmap for 2011/12 and 2012/13.
• Performed: Project Planning, Budgeting, Resource Planning and Oversight, Vendor Evaluation, Selection and Relationship Management, Management Reporting, Risk Mitigation and Management, Decision making
• Managed external consultants to perform scoping of PCI-DSS programme and create detailed card data transaction flows. Shaped Phase 2 and 3 of PCI-DSS programme to define requirements and remediate environment.

Technical Security Project Manager

Confidential

Responsibilities:

• Information Security Manager advising business on various projects.
• Re-established the PCI programme board working with director and C level management
• Managed the feasibility and proof of concept for a SIEM system

Senior Security Consultant

Confidential

Responsibilities:

• Created and presented proposals to C level executives for various firms
• Proposals included Payment Card Industry Data Security Standard (PCIDSS) assessment and remediation, ISO 27001, FSA Data Security Guidelines, COBIT, Data Protection Act, 3rd party due diligence, Identity and Access Management, log management and SIEM.
• Performed assessment of Plus Market Group’s trading platform based on Cobit, ISO 27001 and FSA Data Security guidelines.
• Performed Data Centre assessment for LCH Clearnet.
• Performed audit and remediation of Chi-X Europe’s Information Security Management System based on ISO 27001, FSA Data Security Guidelines and Data Protection Act.
• Performed forensic analysis of Chi-X Europe’s systems relating to abuse of firm’s policies and potential market abuse.

Technical Security Project Manager

Confidential

Responsibilities:

• Information Security Manager advising business on various projects.
• Managed the successful implementation of Symantec Endpoint Encryption and Symantec Endpoint Protection to 27,000 desktops.
• Worked with Confidential CISO, Programme Manager and various business units to remediate issues in order to work towards PCI-DSS compliance.
• Assessed the PCI programme by performing a gap analysis against the PCI Data Security Standard.
• Re-scoped the PCI programme in order to address key areas not identified in the original programme
• Managed project to mitigate vulnerabilities on Confidential web portals
• Managed engagement with penetration testing firms to verify issues on portals were remediated. Decommissioned services that were not PCI compliant.

Regional IT Security Manager

Confidential

Responsibilities:

• Managed and trained new regional team based in London and Glasgow which coordinated all eDiscovery, CERT and Computer Investigations and Forensics cases for Europe, Middle East and Africa.
• Transformed regional Request for Data teams into globalized team.
• Team Building, Training, Promotion, and Succession Planning
• Local and Global Employee and Consultant/Offshore Managerial Experience
• Project Managed and implemented a self-service website for stakeholders to track and maintain cases in a centralized, secure and auditable management system thereby saving the company $150k/yr.
• Led migration of archive data from NAS to Cheap and Deep storage solution, saving the firm $40k/yr. in storage costs.
• Tripled EMEA volume for requests for data compared to previous years.
• Created and presented metrics to senior management and stakeholders to provide feedback on service and justify decisions.
• Created a centralized Knowledge Bank of global procedures and processes.
• Led several global projects to enhance or create tools to automate process.

Web and Application Services Manager

Confidential, New York

Responsibilities:

• Managed global team based in NYC, Halifax and Pune responsible for the deployment of all web and applications on corporate internet and intranet as well as delivery of BAU operations processes, including 24 x 7 Web Operations staff, reporting against incidents, vulnerability and patch management.

Lead Systems Administrator

Confidential, New York

Responsibilities:

• Managed systems and network of approximately 2000 users throughout the US in a multi domain NT enterprise environment.
• Coordinated rebuilding of organizational infrastructure after destruction of main company site at 5 WTC.

Network and Systems Administrator

Confidential, New York

Responsibilities:

• Managed systems and network of approximately 100 users and 40 clients in a multi-platform Netware/NT/UNIX environment.