SUMMARY:

Highly motivated, innovative, and versatile global information security leader in “building” and “sustaining” new information security programs, teams, establishing information security foundations, and meeting regulatory requirements. Skilled at collaborating and building productive working relationships with clients, staff, business leaders, management, and senior management. Experienced in leading highly complex projects, developing information security policies/technical standards and procedures, assisting in IT technical architecture reviews for security process improvement, creating business impact analysis, and helping to lead disaster recovery planned efforts.

AREAS OF EXPERTISE:

• Information Security Program Creating & Maintaining
• Team Building & Mentoring
• Business Relationship Fostering (at all levels)
• Initiative & Complex Initiative Delivery
• Security Frameworks (NIST, ISO 27001/2, HIPAA, COBIT)
• Regulatory Landscapes (SOX, HIPAA, GLBA, PCI, FFIEC)

PROFESSIONAL EXPERIENCE:

Confidential, Minneapolis, MN

Senior Manager

Responsibilities:

• Assumed additional role as Deputy CISO after acquisition and during integration efforts with Sherwin - Williams, helping stabilize management format for Confidential ’s remote team.
• Led implementation and operationalization of 3 strategic information security network controls: intrusion management, SIEM/internal threat intelligence, and protocol and configuration management.
• Created enterprise incident response program, plan, and playbooks (runbooks), leading table top exercise for better understanding of response capabilities and risk gaps.
• Spearheaded multiple other global information security initiatives, such as external security assessments and remediation and implementation and operationalization of new vulnerability management program.
• Developed framework and operational capability for detecting and alerting on cyber threats, helping feed Security Operational Center (SOC).

Confidential, Minneapolis, MN

Business Information Security Manager

Responsibilities:

• Architected, managed, monitored, and responded to new security technologies and incidents by identifying and hiring additional information security talent.
• Enabled quicker response by directing implementation of new security controls that provided greater internal visibility.
• Detected and blocked unknown threats, such as new ransomware attacks, by leading artificial intelligence security solution implementation.
• Implemented risk register control solution that helped identify, document, and communicate enterprise security risks.

Confidential, St. Paul, MN

Manager

Responsibilities:

• Established effective strategic 3-year global security operation vision by using new information security program requirements in creating and conducting global enterprise-wide gap assessment.
• Advanced information security posture through implementation of multiple information security technologies.
• Enabled automated network and application access management provisioning and deprovisioning through implementation of first-ever automated identity management program.
• Led advanced cyber defense program creation with new SIEM and strategic SOCs.
• Directed creation of first global enterprise-wide information security awareness program that was recognized as “Best in the Twin Cities” by Minneapolis local FBI office.

Confidential, St. Paul, MN

Senior Security Consultant

Responsibilities:

• Assisted in accomplishing application rationalization and bundling software pilot project for multi-billion-dollar health insurance company.
• Ensured more structured client offering in 2008 - 2009 by helping in recreating new information security risk management foundation.
• Facilitated PCI compliance for international retailer by directing new information security foundation and governance posture creation and enhancement.
• Led PCI Requirement 12 and QSA monthly reporting.
• Provided QSA as evidence by identifying and developing many individualistic process documents.
• Helped national retailer write and document secure segmented firewall rules.
• Conducted SAS 70 Type 1 audit for national retailer on multiple IT infrastructure areas.

Confidential, Woodbury, MN

Director

Responsibilities:

• Centralized several fundamental information security functions, creating more effective and efficient security team.
• Supported compliance and aligned ISO 27001/27002 (17799:2005), COBIT (PCI), and general best practices by heading creation of corporate-wide Information Security Foundational program with written program framework, policies, and standards.
• Facilitated clear, long-term strategic security plan through enterprise-wide gap analysis of new information security program.
• Reported to steering committee and board of directors, communicating information security program posture and important risk items for critical information security decision making.

Confidential, St. Paul, MN

Manager

Responsibilities:

• Conducted effective risk analysis and ensured privacy and testing controls for securing sensitive information by maintaining compliance with multiple federal and state regulatory laws, such as Gramm-Leach-Bliley, CA SB 1386, Patriot Act, Sarbanes-Oxley, ISO 27002, and PCI.
• Identified risks, controls, and gaps on systems and applications that stored, transmitted, received, and modified sensitive and/or proprietary and financial information by ensuring risk assessments were conducted.
• Recognized by SEC auditor for “best process created within the Twin Cities” after leading process engineering for all application security, perimeter, and holistic network vulnerability assessments.
• Enhanced security culture through effective information security awareness program.
• Provided leadership weekly, monthly, quarterly, and yearly information security statistics for informed business decision making.