SUMMARY:

• Over thirteen (13) years working in information security and risk management positions
• Experience managing communications on security/privacy programs to senior executives, business partners, auditors, and regulators
• Experience working in financial services, high technology, and academic/university environments
• Demonstrated experience performing IT risk reviews (internal and external business partners)
• Developed and administrated an Information Security Program for several retail business groups
• Developed a security and awareness program to instruct associates on policies, standards, guidelines, and best practices
• ed s in security, auditing, IT governance, and fraud examination from several professional organizations
• Knowledgeable in all aspects of physical, systems and data security
• Developed program to manage access/provisioning across brokerage systems and to provide for periodic access verification
• Developed and managed risk and control review strategy for businesses based on current environment and emerging trends
• Served as evangelist for risk management vision to businesses and business partners
• Served on cross - functional enterprise teams ( corporate security, IT, audit, records management) to develop cost-effective control holistic strategies to manage identified risks
• Developed customized risk analysis methodologies to identify risk landscape areas and built/revised risk mitigation programs to reduce these risk to appropriate level
• Experience developing and implementing policies, standards, guidelines, and procedures
• Served as hands on team leader and contributor on information security initiatives, including security administration initiatives, data rights and privacy management projects, and vendor security reviews
• Strong interpersonal communication and presentation skills working with executives, analysts, and clients
• Recognized speaker on best business practices in compliance best practices and information security

TECHNICAL SKILLS:

Technology and Tools: IT Governance and strategic security management Vendor management and negotiation Aligning and balancing IT and business requirements Budgeting Negotiation Mentoring and coaching Corporate Governance Strategic and tactical planning Information Security Program Management IT Security Operations and Administration Policy and Standard Development Business Continuity Planning Security Awareness Outsourcing Risk Management Project Management Staff Development Secure Application Development Penetration Testing Intrusion Detection and Incident Management Security Architecture Forensics and investigations Network and System security Database Security Massachusetts Privacy Laws IT Regulatory & Audit Mgt. (SEC, SOX, SAS 70, HIPAA/ JCAHO, SB 1386 & other state security laws) ISO 17799/ 27001 Compliance IT Auditing Vendor Security Reviews Electronic Records Management FISMA/ NIST - 800 Programming: Java, C/C++, VB, JavaScript, Perl, COBOL DB: Oracle, SQL Server, DB2, SQL O/S: Windows, UNIX, MVS (RACF/ Top Secret) Firewall/ Intrusion Detection Anti-Virus/ Spam & Content Filtering Data Warehouses

PROFESSIONAL EXPERIENCE:

Vice President/ Information Security

Confidential, Boston, MA

Responsibilities:

• Defined and managed a comprehensive Information Security program that meets or exceeds all corporate directives while also addressing the distinct needs of business groups
• Responsible for outsourced projects information security
• Performed external party risk assessments
• Established guidelines for transmission of sensitive data to external parties
• Periodically performs risk evaluations on application and business areas to determine if any significant change in risk levels have occurred and reports results to executive management
• Interacted with executive/senior staff to in corporate information security as part of the overall business model
• Responsible for implementation of access auditing system
• Responsible for information security awareness program
• Responsible for electronic records management initiative
• Developed and implemented a methodology for evaluating new applications and third-party provided applications for potential areas of risk
• Provided counsel and support in the development, implementation and monitoring of appropriate risk management and information security policies, procedures and internal controls designed to minimize information security risks
• Managed the secure application development and secure quality assurance programs
• Served as a visible spokesperson on the subject matter of information system security within the business unit
• Assured accountability by data owners and other stakeholders by including them in the evaluations and decision making process when evaluating potential risks and countermeasures

Senior Applications Support Manager

Confidential, Boston, MA

Responsibilities:

• Served as Information Security Officer for several businesses
• Implemented external party risk assessment model
• Directed a team which spans multiple platform environments and database management systems which provides development & support services to critical retail marketing systems (Budget: $1.5 million)
• Provided application support for CRM system
• Oversaw code remediation and testing for critical CRM application for Year 2000 efforts
• Developed and implemented change management services for CRM infrastructure
• Worked with the business to proactively seek out opportunities to enhance existing applications to meet changing marketplace requirements and/or improve usability
• Provided application infrastructure design and project management services on IT development projects
• Led re-engineering project for the prospect management system (supports 8K users) to provide B2B for CRM infrastructure
• Managed a joint initiative to achieve enterprise architecture to support to Gramm-Leach-Bliley compliance
• Worked jointly with other critical marketing applications to provide a common user interface
• Provided development and support services for critical client/server business applications

Project Manager: Data Security Systems

Confidential, Boston, MA

Responsibilities:

• Provided project management and technical assistance on technical security infrastructure initiatives, including an Internet security initiative

Senior Consultant

Confidential, Marlborough, MA

Responsibilities:

• Served as liaison to other software vendors
• Coordinated the correction of software defects and functional enhancements with research & development
• Identified and supervised the remediation of critical software defects on major product release
• Assisted in revision of customer manuals which reduced call volumes by 25%
• Identified and corrected database parameter issues with net result of averaged 35% performance improvement