SUMMARY:

• Dynamic, innovative, and results - generating technology leader with 20 years of progressive experience and a proven capacity to build effective IT organizations. Comprehensive knowledge of enterprise systems including business, data, applications, technology, security, and audit.
• Hands on technologist as comfortable configuring firewalls or repairing databases as managing complex projects and problem solving.

PROFESSIONAL EXPERIENCE:

Confidential, St. Louis, MO

Associate Director Security Operations

• IT Security Leadership role two positions removed from the CISO in Big Four accounting firm
• Established new department at Confidential responsible for the coordination of all activities between the Security and Risk Department and the Technical Operations Department
• Implemented new Vulnerability Management Program providing visibility and remediation to all technical vulnerabilities within the firm
• Tied the output from the Qualys vulnerability platform to the Qlikview BI Visualization tool to provide better insight into vulnerabilities and assessment of risk
• Eliminated over 250,000 vulnerabilities in servers, applications, network devices, storage devices, and other technologies
• Eliminated 500+ externally facing vulnerabilities in firm systems within the first few months of employment, reducing the risk exposure of the firm

Confidential, Iowa City, IA

Information Security Operations Director

• Acting Information Security Operations Director during permanent recruitment activities
• Evaluated and provided report on the current security posture for the University of Iowa Health System including hospitals and physician clinics
• Audit IT security controls for compliance against internal policies, procedures, and government regulations

Confidential, St. Louis, MO

Sr. Director Information Security

• Successfully lead 5 years of SSAE16/SOC1 internal control audits by E&Y for a SAAS based, internally developed and hosted web application - coordinating evidence collection, tracking, and dissemination.
• Audit IT security controls for compliance against internal policies, procedures, government regulations, and customer contractual requirements.
• Conduct, support, or assist in governmental and customer reviews, internal corporate evaluations, or assessments of the overall effectiveness of the information security processes.
• Perform risk assessments and execute tests of data processing systems to ensure functioning of data processing activities and security measures.
• Perform annual organizational risk assessments as required by HIPAA.
• Perform monthly system access reviews to ensure appropriate distribution of elevated privileges and timely termination of user accounts.
• Lead the IT Architectural Review Board which appraised and approved all infrastructure designs.
• Provide security review and approval for all network and system changes across the organization.
• Develop emergency management plans for recovery decision making and communications, continuity of critical departmental processes, or temporary shut-down of non-critical departments.
• Develop computer security and emergency measures policies, procedures, and tests.
• Train users and promote security awareness to help improve security and to reduce risk to internal systems.
• Responsible for security response to customer RFP's which includes written response and hosting onsite visits by customer management and security teams.
• Identify, investigate, or resolve security incidents as part of the organizational Incident Response Plan.
• Implement and operate organizational security systems such as F5 Viprion with Web Application Firewall, Checkpoint Firewall clusters, ProofPoint Email Filters, Bluecoat Web Filters, MobileIron MDM, Tripwire File Integrity Monitoring, Symantec Endpoint Protection.
• Implementation of Symantec Managed Security Services for log aggregation and security event correlation.
• Lead patch management process to ensure all appropriate patches are deployed and reported timely
• Penetration testing of 10+ custom web applications by both external services (Trustwave) as well as internal testing. Coordinate the remediation of findings with the appropriate development teams.
• Instituted static source code scanning process with development teams, leveraging Veracode to find OWASP issues and train developers on remediation and prevention.

Confidential

MIS Technical Manager

• Engineered the conversion of an internal analytics application, designed to improve patient outcomes, to a commercial Software as a Service (SAAS) product. This became the cornerstone of Lumeris Population Management products sold to Accountable Care customers on a subscription basis.
• Responsible for the operation of the Lumeris ADSP web application including performance, availability, upgrades and overall security.
• Recruited, hired, trained and supervised staff and approved IT infrastructure staffing decisions.
• Met with Accountable Care customers onsite to respond to technical RFP’s and help sell the application to health insurance companies, hospital systems, and provider groups.
• Provided technical consulting services to Accountable Care customers focusing on system integration and data integrity.
• Responsible for the DevOps process including managing Microsoft TFS for code repository and deployment of code between development environments.
• Implemented CA Clarity PPM used for managing development resources, time tracking, and customer billing processes.
• Implemented Salesforce for lead generation and sales process management and integrated with support infrastructure.
• Responsible for the architecture and maintenance of the corporate LAN and WAN networks including MPLS, Gigabit Point to Point, and Internet VPN services leveraging Cisco routers and Nexus switches - including all supporting services such as DHCP and DNS.
• Responsible for the implementation and maintenance of corporate systems such as Microsoft Exchange, Lync, SharePoint, XMedius Fax Server.
• Responsible for the implementation and maintenance of corporate MS SQL servers supporting applications as well as data warehouse functions.
• Responsible for the implementation of operation of Cisco VOIP telephone system to support multiple call centers supporting the health plan.
• Overall the virtualization of the server environment leveraging VMWare on HP/Cisco UCS blades on a NetApp SAN.
• Implemented internal and external performance monitoring and alert systems to identify and respond to events timely, reducing any impact to customers.
• Implemented a BYOD (Bring Your Own Device) program leveraging MobileIron for employees to utilize their own personal devices for email management while maintaining security of network operations and customer data.
• Developed and updated project plans for information technology projects including information such as project objectives, technologies, systems, information specifications, schedules, funding and staffing.
• Provided architectural guidance to development teams on system performance, security, and infrastructure best practices.
• Met with executive management, business leads, supervisors, vendors, and others, to produce cooperation, resolve problems, and advance business objectives.
• Prepared project status reports by collecting, analyzing, and summarizing information and trends.

Confidential, St. Louis, MO

MIS Technical Manager

• Lead the teams responsible for the implementation and maintenance of systems and network services utilized by 20 different St. Louis physician offices.
• Managed critical systems including Electronic Medical Record system, PACS system, VOIP Telephone System and all back-office systems.
• Significantly improved system performance by overhauling the entire infrastructure.
• Implemented Citrix to deploy applications to the end-user desktop.
• Implemented Checkpoint Firewall System to increase network security, facilitate communications with business partners and allow end users remote access to key business systems.
• Implemented a Sectra PACS for two new company-owned radiology imaging centers.
• Replaced the database backend for Great Plains financial system, reducing the time required for key report generation from 24 hours to just under 5 minutes.
• Created a Data Warehouse to consolidate and increase availability of health care encounter and financial data from disparate systems.
• Developed resources for data security and control, strategic computing and disaster recovery.
• Consulted with users, management, vendors and technicians to assess computing needs and system requirements.

Confidential, St. Louis, MO

Senior System Administrator

• Maintained and administered computer networks and related computing environments including computer hardware, systems software, applications software, and all configurations supporting 14 Rosewood Care Center nursing homes in Missouri and Illinois.
• Performed diagnosis and troubleshooting to resolve hardware, software, or other network and system problems and replace defective components when necessary.
• Monitored network performance to determine whether adjustments need to be made.
• Maintained Microsoft SQL Server 7 and Exchange Server 5.5 in addition to 9 other Windows servers providing various functions.
• Consolidated separate Netware and Windows networks to reduce management costs.
• Maintained Great Plains Dynamics accounting software with Microsoft SQL 7 as the back-end.
• Developed company Internet presence and hosted on local servers.
• Perform data backups and recovery operations and served as technical support for end-users.