Executive Profile Information Security and Risk Management
Results-driven IT executive with extensive information security and risk management experience leading people, cross-function teams, and technology practice areas in building complex enterprise technology solutions. C-level hands-on experience in IT governance, risk, security, and infrastructure management in international and multiple industry settings. Record of success leading strategic IT initiatives, creating robust enterprise architectures focusing on IT cost reduction, improving service quality, and enhancing business capabilities. Strong ability to provide strategic direction to senior management and business units on technology strategy and direction.
Led the company’s efforts in establishing and maintaining a corporate security program and an IT governance framework to provide assurance that information security, physical security, and business continuity / disaster recovery are aligned with business goals, objectives and regulatory obligations. Proven track record in building high performance teams and effective security architecture protecting confidential, private information and critical infrastructure from malicious exploitation.
Passion about the information security protection and assurance for enterprise infrastructure. Thrives in a senior security leadership role in an environment where information security is considered both essential and strategic.
Corporate Information Security Office and Information Security Program
- Founded the Corporate Information Security Office. Established the corporate information security program based on the ISO27001 principles for security management, risk management, and regulatory compliance.
- Led information technology governance process and functions ensuring standards, and policies are adhered.
- Translated and implemented client focused security requirements and audit across multiple business lines and industry verticals (i.e. Financial services, Insurance, Health Care).
- Provided a highly secured enterprise computing environment supporting 3,000+ employees in 60+ global offices and $850+ million in revenues.
Shared Service IT Organization
- Provided expert opinion and strategic analysis to senior management on IT trends, direction, and risks associated with emerging technology investments for an annual $16+ million IT capital budget.
- Transformed a silo IT organization structure into a shared service IT organization delivering infrastructure, field IT, architecture, and security services. Architected and implemented a self-service and consumption based IT operation platform and cost model. Reduced IT expense 20% over last three year saving over $6 million.
Security and Infrastructure Architecture
- Established sustainable enterprise infrastructure and security architecture, including guidelines, standards, design, resource requirements, ROI studies, and implementation plans.
- Architected and implemented a multi-zoned enterprise infrastructure with security controls, infrastructure management, and monitoring to support e-Business, extranet, VPN, messaging, and outsourcing functions.
- Developed an IAM framework that includes policies, processes and procedures that support account provisioning / de-provisioning, management of authentication information and account entitlement updates, and audit processes.
- Developed application security architecture, guideline, and practices supporting over $200 million client facing e-Business based B2B and B2C business.
Merger & Acquisition and Integration
- Led IT infrastructure and security teams in merger & acquisition due diligence for over $300 million business acquisitions and divestitures.
- Provided expert opinion, risk analysis, and integration plan associated with the business investments.
- Established strategic outsourcing plan and guideline. Negotiated and outsourced non-strategic components of IT functions (Data center operations, HelpDesk support). Achieved annualized $4 million saving.
- Architected and implemented an offshore development center (ODC) infrastructure through a VM and VDI based private cloud integrated with security controls, infrastructure management, and monitoring.
Confidential,New York, NY 1983 2011
Vice President, Infrastructure and Security, CISO (2008 2011)
Advanced steadily through a series of increasing responsible positions within a U.S.-based, global shareholder and marketing communications services provider across 3,000+ employees in 60+ global offices and $850+ million in revenues.
- Provide leadership for a team of 120 management and support personnel. Administer a $30+ million annual budget. Scope of accountabilities is expansive and includes planning and strategy, operations management, vendor negotiations, security and outsourcing. Application portfolio in excess of 250 applications supported in two data centers running 24x7x365.
- Responsible for leading an enterprise-wide information technology unit providing information security, compliance audit, infrastructure management, systems integration for business acquisitions and innovation aligned with business objectives.
- Reduced IT expense 20% over last three year saving over $6 million through targeted outsourcing, out-tasking, re-negotiations, consolidation, virtualization, standardization, re-engineering and re-alignment.
- Consolidated 10 data centers to 2 load-balanced data centers and outsourced non-strategic components of IT functions (Data center, HelpDesk support) resulting in agility, strategic alliances and annualized $4 million saving.
- Championed operational excellence through people, process and technology disciplines. Established technology architecture, asset management, technology life cycle management practices and application portfolio without head count increases.
- Architected and implemented an offshore development infrastructure through a VM and VDI based private cloud integrated with security controls, infrastructure management and monitoring. The VM cloud provided a self-service and consumption based operating platform and the VDI cloud provided persistent and on-demand virtual desktop for on premise and mobile computing.
Vice President, Chief Information Security Officer (2002 2008)
Responsible for the establishment of the Company’s information security office, corporate information security program and practices. Served as the chairperson of the Corporate Information Security Steering Committee.
- Architected and implemented an information security framework which consists of the Corporate Information Security Office, policy, standards, guideline, process and procedures based on ISO27001 principles.
- Directed and designed the Company’s IT infrastructure, security architecture and roadmap as the foundation of the security and operation controls.
- Developed and implemented business process re-engineering model resulting in IT Governance Board which manages and prioritizes all IT projects. Established standards for security, architecture, technology life cycle and risk management.
- Directed and designed a formal security review and audit practice to support regulatory requirements (i.e. GLBA, HIPAA, SOX, PCI DSS and EU Privacy) and client obligation for multiple industry verticals (i.e. Financial services, Insurance, Health Care).
- Developed an IAM framework that includes policies, governance, processes and procedures that support account provisioning / de-provisioning, management of authentication information and account entitlement updates, and audit processes. Implemented a SIEM system to augment the process and procedures based IAM implementation.
- Developed and implemented a formal information security awareness program, incident response, forensic and investigation process and procedure.
- Developed and implemented a risk management framework which consists of vendor evaluation practice, client security questionnaire response, client security audit and DRP/BCP.
Sr. Director, Chief Architect (2000 2002)
Responsible for the design, development and implementation of the Company’s first e-Business application (iDoc). The iDoc system has provided the roadmap to new B2B business opportunities.
- Established the software engineering practice to enable the implementation of the web based n-tier application architecture. Designed and implemented the Company’s first ePresentment system for electronic personalized statement delivery.
- Architected and implemented a physically / logically segregated multi-zoned enterprise infrastructure with security controls, infrastructure management and monitoring to support e-Business, Extranet, Internet, VPN, Messaging, Glass House and Outsourcing functions.
Director (1997 2000)
Designed and expanded the Company’s enterprise-wide IT infrastructure to support the typesetting operation outsourcing and Enterprise Resource Planning system (ERP).
- Architected and implemented a thin client based Business Process Outsourcing (BPO) infrastructure. The thin client based architecture has provided scalability as well as a tight security and operation control.
- Introduced and architected a UNIX based IT infrastructure platform to support the PeopleSoft Finance system and the Company’s proprietary estimate, pricing and costing systems.
- Designed and implemented the Company’s Microsoft network architecture to support 4+ business units and 2000+ users worldwide.
Manager (1986 1997)
Designed, developed and implemented the Company’s enterprise-wide IT infrastructure to support the Company’s manufacturing operation and the Company’s proprietary print management system.
- Designed and consolidated the Company’s IT infrastructure from 8+ distributed data centers to 2 load-balanced data centers. The consolidated IT infrastructure platform has provided the flexibility and resilience to support 200+ users 7x24 operation.
- Designed and implemented the Company’s Disaster Recovery Plan (DRP) to provide the continue processing for the Company’s 500+ millions business.
- Designed and developed the Company’s proprietary personalized statement processing application by expanding the established typesetting technology platform. The statement processing application has enabled the Company to explore the on-demand digital printing business opportunity.
- Designed and developed the Company’s proprietary Production Control and Tracking system (PCAT) as the core of the print management system. The PCAT system provided the shop floor data collection capability to track the labor and machine utilization. It also provided the foundation for quality control and waste management.
Sr. System Analyst (1983 1986)
Responsible for the design, development and implementation of the Company’s proprietary typesetting system (BITS). The BITS system has transformed the Company’s 200 years hot type operation to a computerized cold type operation.
- Led a team of 20+ IT professionals to complete the implementation of the BITS system to the Company’s 8+ regional data centers. Met the targeted functionality, schedule, operation and financial goals.
- Directed and designed the BITS system based on the Digital Equipment Corp. VAX/VMS operating system with the extensive use of clustering, inter-process and shared services technologies.
- Directed and engineered the IT standard operating process and procedure to support 8+ VAX/VMX clusters and 200+ typesetting production users.
Education and Training
MS, Computer Science
BS, Electrical Physics
Certificate, Certified Information Systems Security Professional (CISSP)
Certificate, Certified in Risk and Information Systems Control (CRISC)