Summary

Technically sound and well-qualified cyber security professional who can translate a company's business objectives into a sound set of information security risk management practices necessary for the protection and safeguard of information and data assets. Proven capability for helping an organization bridge the gap between the demands of the business and the needs to secure information, protect data, and comply with applicable data security laws and regulations.

EXPERIENCE

Confidential

SR. Vice President

• Providing strategy and leadership for Global's Information Security Risk Management program. The focus of this updated role is twofold. 1 Provide a more holistic approach to information security risk management that takes into account the constant changes that occur within the IT ecosystem, threat landscape, and our business environment 2 Improve our 5 core areas of risk mitigation, which include policy, compliance, technology, process/procedures, and education. Along with my team of 6 engineers/analysts, we secure the IT systems, people, and data that drive Global's business.
• Some recent accomplishments include:
• Deployment of an internal IT audit program
• Cloud assurance framework for evaluating and addressing information security and assurance for SaaS offerings
• Improvements in Global's Awareness Program, focusing on the human attack vector
• Strategical and tactical improvements to IT's Change Management process
• Identity and Access Management solution

Confidential

Vice President Information Security Compliance

• Accomplishments and responsibilities include:
• Design and execution of Global's IT Information Security Risk Management Program, which includes a Risk Management Framework that addresses several key areas of IT information security risk:
• Compliance SOX, PCI, and Mass. Regs - PII
• Business Continuity and IT Disaster Recovery
• Ongoing Risk Assessment and Analysis
• Incident and Fault Management
• Policy and Procedures
• Culture and Awareness
• Information Security Management
• IT General Controls
• Data Privacy and Protection
• External Service Provider Management
• Internal Compliance Auditing
• IT Operations Management
• RM Framework built using ISO27005 and Cobit5 as guidelines
• Governing Global's Information Security Program
• Ongoing program to develop controls for mitigating identified risks
• Continual improvement of Global's Enterprise Information Security Architecture
• Establishing the technology and standards for information security and data privacy
• Championing information security awareness across all of Global's business units
• IT Steering Committee member
• FBI InfraGuard member
• Report directly to the CIO
• Leading a team of 4 engineers analysts

Confidential

Information Systems Security Officer ISSO

• IT Security Risk Management and Compliance responsibilities include:
• Massachusetts Data Privacy Regulations 201 CMR 17.00 compliance program development and management
• PCI compliance program management
• IT infrastructure risk management
• Sarbanes Oxley 404 compliance
• Ensure new controls properly address risks and threats
• Evaluate existing controls for completeness and adequacy
• IT Security Risk Management accomplishments include
• Vulnerability/ Threat assessment and management program
• Deployment of SEIM technology
• Deployment of next generation Anti-Malware technology
• Risk / Threat analysis program Ongoing threat landscape evaluation and management
• Development of Information Technology Acceptable Use Policies
• Deployment of laptop disk encryption and device management
• Design and deployment of a complex IPS/IDS architecture
• Development of an Incident Response Management program
• IT Security Management Framework development
• Built on a framework that combines both ISO 27001 and NIST 800-53
• Shared responsibility for enterprise LAN WAN networking
• Report directly to the CIO

Confidential

Director Networks Security

• Responsible for all facets of Information Security and IP Networking for Global's Enterprise
• Development and execution of our Personal Information Protection and Data Privacy Compliance Program - Massachusetts Data Privacy Regulations 201 CMR 17.00
• Design and implementation of a complex, multi-tiered, Information Security Architecture that includes Perimeter Security Firewalls, Multi-layered Intrusion Detection/Prevention, Vulnerability Analysis Management, Security Event Management, IPSEC-VPN's, Two-factor authentication, Secure WiFi , Radius Authentication, LDAP Authentication, Digital Certificates, Incident Response, Policies Procedures, Secure Email, Multi-Tiered Anti-Virus, Secure IM, PC Device Control and Disk Encryption
• IT Security Policy Development
• Sarbanes Oxley 404 compliance team member
• Vulnerability/Threat analysis and management
• The complete re-design and roll out of the LAN/WAN
• Interface with Senior Management and various Department Heads with regards to Networking and Security strategies and planning
• Day-to-day administration/management of all Networking and Information Security technologies
• IT Business Recovery design and implementation, including DR Site build out
• Deployed an Incident Management Program
• Designed and deployed network performance and SLA management architecture

Confidential

Director - Security eServices

• Development of the Information Security Consulting Practice Genuity eServices
• Pre-sales support, including customer-facing visits, project scoping, RFP responses and SOW / proposal generation
• Technical InfoSec consulting services delivery, when a high level of expertise and experience is required
• Assist with the business development requirements where needed, which includes demand generation activities such as public speaking engagements
• Presentation of our consulting services and solutions to our customers and prospects
• Manager of the InfoSec Consulting staff 4 direct reports

Confidential

Principal Consultant Information Security Practice

• Pre-sales support for the InfoSec Practice, including RFP responses, Technical SOW / proposal generation and closing of sales opportunities
• Customer satisfaction along with the development and nurturing of customer relationships
• Tactical delivery of our Information Security consulting services, including Information Security assessments, audits and vulnerability analysis
• Public speaking engagements
• Manager of the Boston based InfoSec Consulting staff 4 direct reports

TECHNOLOGY EXPERIENCE

• Various technology experiences including, but not limited to:
• Routing /Switching/Wireless
• Security Architecture Design
• Security Policy Development
• Network Security
• Security Event and Information Management SEIM
• Authentication Authorization
• Anti-Malware and Endpoint Control
• Data Encryption
• Vulnerability Assessment and Management
• Intrusion Prevention and Detection IPS
• Identity and Access Management IAM
• Vulnerability Assessment and Management
• Mobile Device Management MDM
• Data Loss Prevention DLP
• Incident Response