ENTERPRISE SECURITY PROFESSIONAL

SECURITY TECHNOLOGY . ARCHITECTURE AND GOVERNANCE . COMPLIANCE POLICY

• Senior information security and risk management professional. Career incorporates successful track record across corporate and consulting roles, securing IT assets for numerous Fortune 1000 companies.
• Areas of expertise include analyzing and providing cyber security, information risk and regulatory compliance requirements to protect corporate data assets, business opportunities and maximize revenue in alignment with corporate goals and initiatives.

• Wyndham Worldwide is the world's largest hospitality firm generating 5 billion in revenue annual. Wyndham has resorts, hotels and timeshares spanning across six continents.
• Member of the Wyndham Worldwide information security risk management group. Interface with CIO, CTO and staff within the various business units Wyndham Corporate, Wyndham Exchange Rentals RCI , Wyndham Vacation Ownership WVO Wyndham Hotel Group WHG .
• Responsible for numerous areas of global information security, privacy and risk management Accountable for aspects of the information security and privacy lifecycles
• Created corporate-wide cloud security strategy and directive documentation, leading initiative for deployment of cloud services across the 4 corporate business units. This cloud security framework enables decision makers to know what security, privacy and risk criteria to use when selecting a SaaS, IaaS or PaaS provider.
• Launched information security vendor risk management process. Developed assessments to ensure that third-party firms that have access to Wyndham data maintain adequate security and privacy control to secure Wyndham data they will store, process or transmit.
• Instituted requirements for use of the application security module in the RSA Archer product. Lead initiative to perform risk assessments of applications across 4 business units.
• Performed internal PCI DSS compliance assessments. Performed duties as internal PCI ISA for assessments during 2011-2012
• Created process for encryption standards, including approved algorithms, standards, protocols and other key management functions.
• Review application and network vulnerability scan reports. Analyze output for risk management, with determination for risk acceptance or remediation.
• Worked with legal group for DLP software rollout, to ensure controls were in place that data monitoring was not in violation of EU Data Protection Directives.
• Perform privacy impact assessments PIA to identify and reduce privacy risks new applications may introduce. PIA used to reduce risks though accident misuse of customer PII.
• Review the output of Qualys WAS scanning reports for application vulnerabilities. Work with application owners to assess the vulnerabilities and create action plan for remediation.

Confidential

Senior Security Consultant

• British Telecom Professional Services is a 5 billion provider of worldwide services and solutions that help enterprises effectively use technology to drive business growth. Helped clients with their security, privacy and risk management requirements.
• For a year-long project for the CISO of a New York energy company, assisting in the development of a comprehensive information security program. Included security assessments, reviews against policy compliance and project management and participation in the corporate smart grid security group.
• Member of the NIST Smart Grid Interoperability Panel for the Cyber Security Working Group. Scope of the group is to address the cyber security and privacy aspects of the SG Interoperability Framework.
• For a health insurance company, lead their PCI assessment as the PCI QSA. Reviewed infrastructure, assisted them in creation of the PCI SAQ, wrote ROC and remediation plan for PCI compliance.
• For an international bank, reviewed 18 of the bank's most critical application for security and regulatory compliance. Interviewed application owners and BISO's and wrote-up application security risk assessment for each application, detailing specific organizational and application risks and vulnerabilities.
• For a diversified health care benefits company, performed evaluation of the encryption adherence encryption deployment, maintenance and tracking to the 'American Recovery and Reinvestment Act ARRA ', and determined if their current Windows Storage meets ARRA/HITECH requirements.
• For a publisher of computer and video games, created a security framework and assisted in the design of a Security and Risk Assessment methodology that allowed them to evaluate the controls, designs, privacy and management practices for services that they outsource to third parties.
• For the world's largest motion picture exhibitor, as the PCI QSA designed incident response plan for PCI compliance and created short-term and long-term remediation plans for PCI compliance
• For an international auction house, develop comprehensive set of information security and privacy policies. Collaborated with various departments IT, IS audit, legal, HR, COO Office for consensus.
• For a major airline, assisted in an encryption key-management architecture design and roll-out.
• For Microsoft, wrote a white paper on security, and acted a security and privacy subject matter expert in the development of their MCSE and MCP security certification examinations.
• For the managed security services department of a large international telecommunications company, wrote 20 DLP Desktop Level Processes and created best practices for managed security operations.
• Spoke at the 2007 2011 RSA US and Europe information security conferences

Confidential

Director - Security Technology Implementation

• AXA Equitable is one of the largest insurance companies with total assets over 533 billion.
• Managed information security technology implementation group. The group's primary purpose is to both bring new security and privacy technologies into the organization and to stabilize and put processes in place to globally support these initiatives.
• Member of the Corporate Global Security Council and Corporate Information Security Forum for strategic security projects and initiatives. Included in these projects is budgeting and financial planning for cost effective deployment.
• Provides strategic guidance to CISO and executive management in information security, privacy and regulatory issues.

• ThruPoint now Acuative is an IT services and best-of-breed technology solutions professional services firm
• Worked with the CISO and senior IT leaders to determine acceptable levels of risk for organizations
• Assisted in the design and created a Brokerage Global SOC Security Operations Center assisted in their HIPAA security and privacy remediation compliance efforts for large health care provider.

RELATED EXPERTISE

Certifications - CISSP, CISA, CGEIT, CISM, CRISC, SMSP

Cloud Security Alliance CSA - Founding member and member of CSA advisory board Information Shield - Security Policy Panel of Experts member

THOUGHT LEADERSHIP

Recent conference presentations and webinars

• Terminating Cloud Services
• Webinars - Getting and Staying Compliant with PCI DSS, Information Security and Social Networks, Effective Data Destruction Practices

Recent articles

• Amazon Web Services Security: It Takes a Village securitycurrent.com Money transfers, creative scammers, and fraud - CSO
• Some Observations on Klout Scores Infosec Island

Recent press quotes

• Five reasons IT pros are not ready for SDN investment TechTarget Pay up for talent Is there a security salary disconnect CSO
• Managing IT security in an always-connected, app-driven world CA Technologies Blog

Professional affiliations

ISACA, ASIS, Technology Managers Forum, NY/NJ Electronic Crimes Task Force, NY/NJ InfraGard