SUMMARY:

IT professional with strong leadership, planning, and program management skills to set direction, develop policy, and execute against strategy. Risk - based approach ensures that corporate assets, intellectual property, and computer systems are adequately protected. Partner with internal and external stakeholders to ensure cost-effective compliance management.

AREAS OF EXPERTISE:

• Global Security Experience
• Policy Development
• Incident Response Management & Investigations
• Application Security
• HIPAA, Sarbanes-Oxley Compliance
• Attack and Penetration Testing
• Security Awareness and Education
• Disaster Recovery and Business Continuity
• Access Provisioning
• Network Security Architecture
• Computer Forensics
• Quality Assurance Testing

PROFESSIONAL EXPERIENCE:

Confidential, Louisville, KY

Director, Information Security and Compliance

Responsibilities:

• Planned and managed SAP security, network, and Active Directory integrations for locations in Mexico and Australia.
• Implemented an enterprise single sign-on and federated identity management solution.
• Implemented a managed services solution for intrusion prevention and detection monitoring (IDS/IPS) and firewall management.
• Improved customer responsiveness for 500 requests per month by 200%.
• Reduced the cost of managing Sarbanes-Oxley for IT over a three year period by decreasing the internal time needed to perform control work by 500%. Correspondingly, external audit billable hours were reduced by 34%, resulting in professional fee savings of $90,000.
• Partnered with Confidential to standardize the hiring process and introduced targeted selection tools.

Confidential, Louisville, KY

Director, Strategic Consultancy

Responsibilities:

• Designed new processes around enterprise IT Project Portfolio Management utilizing new tools which assessed cost/benefit, ensured alignment with corporate objectives, and tracked budgets and progress against plan. Process supported 1000+ projects totaling $80 million in IT spend.
• Developed a corporate-wide business continuity program, from risk assessment to plan development. Scope included three service centers, market offices, and all Louisville locations.

Director, IT Audit Consulting

Confidential

Responsibilities:

• Managed a technical staff of 6 focusing on mission critical systems and processes to ensure a secure computing environment.
• Developed and executed an annual IT audit plan based on risk, alignment with strategic objectives, and requests from the Confidential and senior management.
• Facilitated departmental strategic planning with customer involvement positioning internal audit to become a resource for risk management, governance, and innovation.
• Planned, managed, and executed security, penetration, and vulnerability tests designed to ensure secure systems and verify compliance with impending HIPAA, ERISA, and SOX regulations. Developed remediation plans and monitored progress.
• Developed and delivered Board presentation material.
• Coordinated SAS70 engagements and Department of Insurance activity.
• Provided tools and training to move internal audit methodology to a risk and data-driven approach.
• Standardized the hiring process and introduced targeted selection tools.

Confidential, Louisville, KY

Chief Information Officer

Responsibilities:

• Planned, managed, and executed a $1.1M project to build, develop, test, and maintain an e-commerce site.
• Created a Quality Assurance test team.
• Renegotiated telecommunications contracts for a 30% savings.
• Developed policies and procedures regarding change management and release schedules to support rapid application development.
• Facilitated organizational strategic planning, process discovery, and process re-engineering initiatives using Total Quality Tools.

Confidential, Louisville, KY

Director, Information Security & Process Improvement

Responsibilities:

• Acted as program manager for a $3 million dollar initiative, responsible for a staff of 20 programmers, QA testers, and support personnel. Project scope included vendor compliance, a 3,400 node telecommunications network, and remediation/testing of all applications and system platforms. Received industry Excellence Award for the successful completion of this complex project.
• Worked with internal clients and mission critical vendors to provide control consultation in the areas of information security and application development. Developed and delivered control updates to the Audit Committee of the Confidential . Analyzed critical business processes using total quality tools to recommend and implement improved solutions.

Confidential, Louisville, KY

Senior Information Systems Auditor

Responsibilities:

• Improved operational effectiveness by planning and executing the annual audit plan based on a risk assessment methodology.
• Utilized project management methodology and results-oriented approach to complete assigned projects with emphasis on security administration, business continuity, and disaster recovery. Involved in operational consulting and special projects, i.e. acquisitions, system conversions, business process redesign, and investigations. Member of the IT Steering Committee.