SUMMARY:

• A self - motivated and resourceful professional identified as top talent and high potential with a background in organizational leadership, security strategy, audit, technology, human resources, and continuous improvement. Special expertise with ISMS, ISO 27001/2, SOC2, FERPA, HIPAA, HITRUST, PCI compliance, audit, data loss prevention, project management, data analytics, and business intelligence.
• Recognized by executives, peers, clients, and staff to have exceptional communication skills. A continuous learner looking for ways to associate individual and team responsibilities with overall organizational goals, objectives, and strategies.

PROFESSIONAL EXPERIENCE:

Confidential, Coralville, Iowa

Chief Information Security Officer

Responsibilities:

• Accountable for the development, implementation, management, and execution of internal and external (via virtual Chief Information Security Officer - vCISO) enterprise wide security strategies and programs
• Responsible for leading executives through implementing an information security program intended for the mitigation and reduction of security, IT, business, operational, financial, and reputational risks
• Develop strategic roadmaps for security priorities in addition to implementing roadmap with evidence of risk reduction
• Establish and manage risk management programs to plan, identify, assess, classify, and respond to threats and vulnerabilities in a prioritized and efficient manner
• Provide business thought leadership on change management, operations, efficiency, product development, and R & D
• Organize, oversee, and maintain operational excellence with tracking, metrics, and formal project management in operations
• Oversee and create product and service time estimates, pricing, ROI, and tracking for all customer engagements
• Responsible for developing a competitive business advantage for customers by highlighting security controls and responding to new business opportunities detailing the security strategy
• Champion and lead the maturity of Security Policies, Enterprise Risk Management, Disaster Recovery, and Incident Response
• Establish a security culture through and awareness programs designed to reduce the risks
• Establish policies that promote company culture and vision
• Lead, manage, mentor and develop direct and in-direct employees of the company to maximize performance and dedication
• Consistently performing direct sales in addition to assistance with closing open sales opportunities

Confidential, Iowa City, Iowa

Global Information Security and Privacy Officer

Responsibilities:

• Information Security and Privacy Officer accountable for over 4,000 internal employees and over 50 million global customers or students in schools (preschool, K-12, university) or clinical settings (private practice, hospital/medical, corrections, clinics)
• Collaborate and coordinate security activities across the company, including corporate legal, contracts, technology, engineering, program teams, internal/external auditors, human resources, operations, facilities, and customers
• Develop and present a monthly executive report for the CISO, CIO, CEO, Presidents, and executive leadership identifying highlights, lowlights, risks, budget, resources, key takeaways, and projects
• Create, monitor, and justify line items for the overall security budget of $22 million
• Lead the day-to-day delivery of information security and Information Security Management System (ISMS)
• Provide assurance, compliance, risk, and auditing for policy, regulations, contractual obligations, breach investigations, security attestations inclusive of ISO-270001/2, SSAE-16, SOC2, FERPA, HIPAA, HITECH, and PCI
• Develop and implement security policies, IT risk roadmap and a formal process around risk mitigation

Confidential

HR Solutions and Technology Executive

Responsibilities:

• Selected by the CIO to deliver technology expertise and leadership to the Human Resources function for problem areas and forecast future opportunities for improvements
• Oversaw and lead the transformation project of a global HR information business analytics data warehouse for workforce planning, organization reporting, and business intelligence (BI)
• Delivered business intelligence and analytics dashboards for executive dashboards using Google App Scripting

Confidential, North Liberty, Iowa

Data Security and Privacy Manager

Responsibilities:

• Managed the global planning, strategy, design, implementation, and administration of a data identification program utilizing the Symantec/Vontu Data Loss Prevention (DLP) solution for the enterprise of 40,000 users worldwide
• Created and managed a culture changing initiative for data identification, data ownership, data classification, and implementing sensitive data controls such as SFTP and encryption
• Developed, published, and maintained an Information Security Policy, Procedures, and Guidelines based off the ISO-27002 framework for general information security for the Assessment and Information group business units
• Created an IT security risk management framework for assessing and remediating security risks
• Developed and refreshed ongoing security materials to address specific security issues, such as compliance with applicable regulatory standards (PCI, FERPA, HIPAA, HITECH) and security issues unique to the business
• Assisted with business continuity/disaster recovery program implementation and compliance

Confidential, Cedar Rapids, Iowa

Corporate IT Auditor

Responsibilities:

• Performed consolidated systems security reviews, vulnerability assessments, and IT audits of the network, mainframe, workstations, UNIX, Oracle, physical, DR/BCP, IDS, firewall, and SDLC
• Review and audit HIPAA security regulations, privacy regulations, COBIT, COSO, and ISO 17799 security frameworks, Sarbanes-Oxley (SOX) legislation compliance, and general computing controls (GCC)

Adjunct Professor

Confidential, Cedar Rapids, Iowa

Responsibilities:

• Teach MBA university credit courses Technology Management, Global Communications, Business Strategy, Business Modeling, Negotiations and Conflict Resolution, Human Capital, Problem Solving, and Capstone Seminar/Thesis