SUMMARY:

Serve in a leadership position with a Cyber Security focused company that can leverage my 29 years of Technology, Security, Risk, Compliance and Privacy experience to accomplish goals and initiatives.

RELATED WORK EXPERIENCE:

Confidential

Director of Risk and Compliance, Privacy Officer

Responsibilities:

• Present Develop, train and disseminate security, compliance and risk policies throughout organization for new employee onboarding and annual employee recertification.
• Oversee quarterly/annual external audits and HIPAA compliance testing.
• Collaborate with Leadership Team to facilitate IT risk management and compliance processes, monitor for deficiencies and opportunities for improvement to ensure proper security and compliance practices are in place.
• Periodically work with organization stakeholders to test effectiveness of security controls.
• Create Legal engagement process to address privacy issues timely and create agreement management process for legal documents, organize and educate business contacts on proper agreement execution.
• Lead company’s risk management program and conduct annual reviews.
• Address 3rd party audits and conduct maturity assessments for Confidential ’s customers to determine risk of doing business before committing engineering and support resources.
• Review vendors annually and verify if they are compliant with Confidential ’s policies and determine if company should research a replacement vendor.
• Conduct quarterly security steering committee meetings to communicate security and risk activities to leadership and identify any impacts to business direction.

Confidential

Enterprise Information Security Architect

Responsibilities:

• Contributed to design of consumerization program for mobile computing strategy with Confidential and Confidential solutions.
• Present recommended solutions to executive leadership that included several options and value proposition and risk associated with each solution.
• Mentored newly hired security architects, risk advisors, network and enterprise IT on security architecture purpose and policy.
• Participated in architecture review board meetings as a voting member.
• Conduct review of vendor products and provide recommendations for solutions that included security and integration recommendations.
• Maintained a security architecture portfolio consisting of 50 new, in process and final review projects.
• Provided oversight to company expansion in China market for period of 5 years.
• Aligned security to the business to empower operations teams to provide compliant

Confidential

Director of IT, Chief Information Security Officer

Responsibilities:

• Engineered data center redesign plan and implemented scaleable technology, redundancyvirtualization and encrypted centralized backup and SAN storage solutions.
• Coordinate annual security assessment with third party vendors and mitigate any identified vulnerabilities. First audit following infrastructure changes yielded only minimal low risk findings.
• Recruited, hired, cross - trained and manage technical support staff of five people in the following roles: help desk, network and system administration, security and audit.
• Developed and deployed telecommuter solutions to expand remote user base from 30 users to 200+ using IP telephony, SSL-VPN solutions and data encryption.
• Developed telecommuter training program and established audit procedures to measure telecommuters’ compliance with corporate policies.
• Researched and implemented company wide internal instant messaging solution.
• Play critical role on mergers and acquisitions team performing due diligence to ultimately determine systems stability, security and data integrity ensuring feasibility of company acquisition. Due diligence includes: infrastructure assessment, applications review, software licensing audit, account administration, security audit of access controls and potential risks, interviewing IT staff for information regarding data transmission and delivery methods, assessing portability of environment to accommodate migration to corporate environment, assess data backup strategy, identify all resources including internet, DNS, voice, domain registration and other vendor related services.
• Participated in change advisory board, which reviews and approves all system and infrastructure changes.
• Assisted in annual budget review process and forecasting for security and architecture projects that enabled business growth and streamlining of acquisition activities.
• Worked with auditors to complete 3rd party reviews and addressed policy and process gaps identified in those reviews.

Confidential

Information Security Architect

Responsibilities:

• Worked with software vendor to develop IDS and wireless modules to be used with the Information Security Dashboard.
• Coordinated efforts with support staff to provide resources that vendor needed to complete project.
• Migrated information security website to a new platform, revised and maintained content.
• Participated in service accounts project to identify, categorize and standardize service accounts currently used within the organization.
• Created a naming standard for new service accounts and repository for managing the accounts.
• Performed external vulnerability scans on perimeter devices and external facing servers. Ran internal vulnerability scans on DMZ servers weekly.
• Scanned internal phone numbers to detect rogue or incorrectly configured modems, logged findings and generated help desk tickets to investigate devices.
• Developed a process for monitoring patch management progress within the organizations. Utilized in-house tools to measure patching compliance with Information Security standard for Servers, workstations, network devices, databases and etc. Wrote risk assessment for out of compliance conditions and submitted to affected area and upper level management.

Confidential

IT Consultant

Responsibilities:

• Setup VPN access for remote users and site to site VPN appliance connectivity.
• Perform security analysis of network infrastructure and IT processes, providing corrective actions to clients to mitigate security risks and vulnerabilities.
• Assist clients in addressing compliance issues (SOX and HIPPA) found during vulnerability assessment.
• Windows NT, 2000 to 2003 Server, Exchange 2003, ISA Server migration and DR planning.

• Rebuild regional office networks (frame relay) and configure high speed Internet access to corporate headquarters using Cisco switches and routers.
• Project manager for Central Ohio ISSA web site development.
• Consolidate and maintain support of multi-domain environment during corporate Active Directory migration for a large automotive manufacturer.
• Daily network administration of Windows 200X, ERP system and Citrix XP environment.
• Administer/configure EMC SAN storage, Cisco PIX and VPN concentrator, business resumption planning, incident response and penetration testing.
• Revise Information Security Policy and Standards, perform project risk assessment, certification and accreditation, and create process workflows for fortune 25 company.

Confidential

Senior Network Administrator

Responsibilities:

• Designed, implemented and maintained LAN and WAN network configuration.
• Maintained internal phone switch and performed all database updates/changes.
• Migrated NT 4.0 Environment to Windows 2000 for all desktops and servers.
• Migrated Exchange 5.5 to Exchange 2000 and performed all email support and security.
• Migrated from MS Proxy 2.0 to MS ISA Server and performed updates and support.
• Implemented Cisco Routers with checkpoint redundant firewalls (Nokia boxes), performed intrusion detection and information security.
• Successfully implemented a live full disaster recovery transition to co-location within one day with no down time and no subsequent operating problems.