SUMMARY:

Confidential is a leader, Director, Manager, Practitioner who possesses a specific set of skills as an Enterprise Security and Project Management Practitioner with Business Information Technology (Bus IT) and Security Consulting experience across Banking, Healthcare, Hospitality, Manufacturing, Retail, Software Development and US/International government spaces. A multifaceted professional, adjunct professor, and published author who applies his experience in Business, Information Security, Policy Development, Governance, Risk Management, Compliance and Physical Security with Project Management that drives the implementation of effective secure business solutions that add value and organizational efficiency.

EXPERTISE:

• Information Security & Privacy
• Program Management & Planning
• Infrastructure and Architecture
• NIST, FISMA and ISO, 27001 Series, BS 17799
• Risk Management
• ITIL Framework Management
• Enterprise Policy Framework, published author
• Project Management
• IT Operations Management
• Enterprise Security Awareness, Industry lecturer
• Vendor Management
• Process Improvement
• Regulatory Compliance, FISMA, HIPAA, PCI - DSS, SOX, Confidential, TJC-JCAHO, Safe Harbor, TG3, TR-39 Pin Pad
• Security System Integration
• Data Center Management
• Capital Planning
• Encryption Key Management
• Secure Data Management
• Security Administration
• Governance of Enterprise IT
• Policy Development
• Budget Tracking
• Contract Management

PROFESSIONAL EXPERIENCE:

Confidential, Indianapolis, IN

Risk Assessment Manager / Sr. Information Security Analyst / Advisor

Responsibilities:

• Identified Federal requirements (HIPAA Privacy/Security Rules, NIST 800 - 53, MARS-E, & IRS Pub 1075) Identified State requirements (e.g. IC 16-39, IC 4-1-10, 45 CFR Parts 160 & 164, 42 CFR Part II, etc.).
• Used requirements to facilitate the creation of the risk assessment approach and tools.
• Collaborate with Chief Privacy & Security Officer to develop the Risk Assessment phases and timelines.
• Develop detailed scoping plan including the identification of resources in a matrix environment.
• Identify and build a specific repository for Application Owners and leadership.
• Stand up meetings to gather responses to newly created Risk Assessment Questionnaire.
• Provide technical security guidance as needed.
• Created a governance and reporting structure to "C" level leadership.
• Facilitate meetings, with Business and Technical leaders in the organization.
• Developed and delivered optional remediation recommendations to address assessment findings.
• Assisted Owners in the creation of corrective action plans to mitigate risk items.
• Interfaces with SharePoint, and Archer for document retention and Governance, Risk and Compliance tracking and reporting.

Confidential, Henryville, IN

GRC Technical Consultant

Responsibilities:

• Assessing the organizations environment to receive the implementation of NIST's Cyber Security Framework (CSF).
• Planning the Program / Project approach for the implementation.
• Building program and project schedules and aligning with resources.
• Standing up project teams gathering requirements and meeting CSF requirements.
• Provide technical security guidance as needed.
• Built out governance and reporting to "C" level leadership.
• Facilitate meetings, with Business and Technical leaders in the organization.
• Interfaces with SharePoint, for document retention and Governance, Risk and Compliance tracking and reporting.

Confidential, Richmond, VA

Sr. Technical Security Consultant

Responsibilities:

• Testing the controls in 191 Enterprise applications impacted by Confidential compliance
• Testing Application Control Owner’s adherence to Confidential Integrated Requirements
• Reading, reviewing department level operating procedures against regulatory requirements
• Provide technical guidance to Control Owners and Business Leadership on Confidential Integrated Control requirements or FFIEC Security requirements.
• Provide technical guidance to Control Owners on remediation of observations and findings.
• Initiated the development of an on boarding guide for new IT Security Professionals to the team.
• Facilitate meetings, with Business and Technical leaders in the organization.
• Interfaces with SharePoint, Archer for document retention and Governance, Risk and Compliance tracking and reporting.
• HP Service Manager, Navigator and Microsoft suite of products for all work effort.

Confidential, Indianapolis, IN

IT Security Architect

Responsibilities:

• Reviews Contracts / Agreements, Security Provisions and Vendor Due Diligence
• Performs Risk Assessments, Remediation and policy exception request management.
• Responsible for Records Management Program Support
• Responsible for reviewing contracts for regulatory, legal or contractual security requirements or best practices and Service Level Agreements.
• Interfaces with Archer for Governance, Risk and Compliance reporting, policy exception management.
• Clarity is used for resource time reporting and all enterprise project accountability.

Confidential, Louisville, KY

Application Engineering - Technology Manager

Responsibilities:

• Manages on average 10-18 CCP/GCP projects <100k to >1.5M with multiple production dates.
• Managed a team of 28 personnel both on and offshore, associates / contractors using clarity.
• Responsible for reviewing contracts and managing contract deliverables against SLA’s.
• Responsible for all areas of Project Management, Scope, Time, and Cost are deemed most critical.
• Designed, developed and delivered software enhancements on an enterprise level.
• Maintained enterprise level project plans using clarity, tracking spreadsheets, for deliverables.
• Generated weekly status reports, budget reports for Sr. Leadership.
• Tracked and addressed Risks and Issues, keeping leadership apprised of status.
• Facilitated project team discussions and led team through conclusions.
• Interface with SharePoint, Clarity, Version 1, BME, MS Project, Visio, Excel, PowerPoint and Word.
• Selected for the integration and implementation of SalesForce.com - a $54M dollar multi-year program and new Enterprise Customer Relationship Management Software (CRMS) solution to replace CCP/GCP. Led Team in the integration of the first 23 of 100+ backend services / systems.
• First release and successful implementation of Salesforce CRM was September 2014.

Confidential, Troy, MI

Security Practitioner

Responsibilities:

• Security Practitioner and Project Manager for Policies & Procedures refresh project.
• Assisted the contracted QSA conducting the PCI-DSS Assessment.
• Led the remediation effort for the 764 findings found during the Assessment.
• Developed, and tracked progress, via SharePoint, Archer, Clarity, as well as MS Project and Excel.
• Provided high level visual documentation via, MS Visio and detailed documentation using MSWord.
• Consultant to Business and IT Department Leads on best security practices.
• Provided PCI-DS specific security guidance and understanding to business leaders, department leads, and assigned program / project managers.
• Developing enterprise level project plans and tracking spreadsheets for program deliverables
• Designed, developed and delivered weekly status reports for Program and Sr. Leadership
• Facilitating project team discussions and collection of deliverables.
• Fully remediated all 764 findings that were identified through the PCI-DSS Assessment.

Confidential, Louisville, KY

Program / Project Manager

Responsibilities:

• Led teams in requirements, design, development and delivery of solutions on time and under budget.
• Interface with SharePoint, Archer, and Clarity for tracking of all project deliverables.
• Used daily MS Project, Visio, Excel and Word for creation of all project deliverables.
• Program # 28702 PCI-DSS Assessment & Remediation, Confidential ’s Enterprise Information Security (EIS) Compliance Program, consisting of 43 individual subprojects.
• Program # 27129 - Software Development - Financial Systems - Corporate Systems Data Mart. This program consists of 22 Major Features - with 41 individual subprojects.
• Project # 29576 Health Advocates - Confidential Partnership to support a Whole Health initiative.
• Project # 28723 Confidential Vitality Project - enhancement modifications to EDW / CSD Tables.
• Project # 27784 Project for Confidential 1 Premium in South Florida.

Confidential, Dobson, NC

Director of Strategy & Technology, Security Practitioner

Responsibilities:

• Led the development of ISO 27000 series Framework to include; Information Security Policy, Standards and Procedures for a Telecommunications Company located in North Carolina
• Developed an integration plan for the company in support of PCI-DSS requirements.
• Provided technical leadership in developing an Enterprise Risk Assessment and Business Impact Analysis to meet PCI-DSS requirements for a Data Hosting company in Charlotte, North Carolina.
• Advisor and consultant to company leadership to improve their compliance to regulatory requirements and protect sensitive proprietary information.
• Executive guidance and technical expertise in conducting an exhaustive review of a Federal Agencies Information Security Policies and Policy Framework in preparation for Certification and Accreditation and InfoSec Reporting requirements under FISMA.

Confidential, Mooresville, NC

InfoSec Manager, Security Practitioner

Responsibilities:

• Managed a Security Administration Team responsible for provisioning account access for some 253,000+ users.
• Hands on guidance and team development to improve processes and time.
• Responsible for contracts administration, managing negotiation and deliverables against SLA.
• Manager and primary practitioner/author for developing an Enterprise Framework for Information Security Policies, Standards, Procedures.
• Manager for the creation, development, and delivery of Confidential 's Information Security Awareness Training Program.
• Manager and practitioner for developing Confidential ’s Security Risk Management Program.
• Led the creation, development and deployment of Risk Assessments, Third Party Vendors/Partners, Contract and Statement of Work (SOW) reviews, SOX, PCI-DSS, HIPAA and Privacy compliance validation.
• Manager-PCI-DSS and Encryption Key Manager for Confidential ’s 40,000+ Pin-Pad devices for all 1706 stores internationally.
• PM for ITIL v3 training and certification to Confidential ’s Information Security Group and other IT departments.
• PM for the installation of RSA’s Archer software suite, for five (5) of nine (9) modules.