Summary

Responsible for the business unit vision, strategy and programs to ensure our client's information and data assets are protected, while driving continuous business value and cost containment. Responsibilities encompass all of the same as in the previous position.

Confidential

Sr. Manager, Information Security

• Lead the Global Information Security Program and group in strategy, risk mitigation and delivery for the global enterprise. Responsible for formulating and delivering strategies and programs to meet the ever growing security objectives, global threat mitigation, business driven data protection objectives, Privacy, SOX and HIPAA compliance, and LOB revenue drivers such as PCI . Work extensively with the lines of business formulating responses and strategy for PCI DSS compliance and client security requirements.
• Developed a Risk Management program and framework that interacts with the entire enterprise in order to present a holistic view of risk to the executive management team and the Board of Directors. Out of this is driven the next years' security priorities and remediation plans. Developed metrics framework for month over month reporting.
• Designed Security Strategy and Roadmaps for our key security areas, including authentication, authorization, perimeter security, Identity Management, Information Protection Assurance / Data Loss Prevention DLP , Risk and Compliance GRC , network security, Mobile Device Security, host based security, etc
• Design and validate Enterprise system architectures to meet Information Security principles, standards, baselines and best practices. Work with the lines of businesses to ensure new and existing systems meet and/or exceed Policies, security best practices and specialized publications. Work with the Audit organization developing strategies to mitigate risk, address audit issues, and designing compensating controls.
• Information Security consulting to the Enterprise Architecture group, and all lines of businesses for all key enterprise projects including Virtualization and Consolidation strategy, remote access, CRM, and all network enhancement and security projects.
• Responsible for the definition, vendor selection, purchase and implementation of all global data protection and information assurance projects, including global deployments of Symantec/Vontu Endpoint Security tools, Verdasys Digital Guardian, Fidelis network security assessments, Advanced Persistent Threat APT mitigation with tools such as FireEye , WebSense and SIEM upgrades, etc
• Program development and strategy design for high-profile security initiatives such as Data Leakage Prevention DLP , Endpoint Security, Unified Threat Management, etc... Design the capabilities maturity model CMM for the deployment of multi-year initiatives, internally selling these to the LOBs, risk executives, and the Board of Directors.
• Manage and sold a MM Identity Management program and set of initiatives, including the maturing and selection of provisioning and access re-certification tools.
• Developed organizational plans that brought multi-million dollar consolidation benefits to the organization, including tool consolidation initiatives and renegotiations saving hundreds of thousands on ongoing maintenance and CapEx.
• Responsible for many of the same functions as the last two positions.

Confidential

Information Security Risk Advisor BHC Program Manager

• Served as a key advisor in the formulation of a 200 million dollar corporate restructuring program transforming GMAC to a banking entity, Ally Bank. My focus was the development of a comprehensive Information Security program including the domestic and international operations for the largest new banking entity in the United States. Served to ensure that all information security programs and projects were appropriately designed to meet all of the new compliance requirements for the emerging Bank Holding Company, including FFIEC, SOX and GLBA, etc...
• Engaged in consulting, development, and project management for the Global Information Security and Risk projects including:
• Governance, Risk and Compliance GRC tool deployment, using Archer technologies Developed and implemented a comprehensive environment to track, report, and provide executive dashboards for standards and baseline compliance for the enterprise environment. Also included threat management and DLP incident management handling.
• Security Information and Event Management SIEM , using RSA Envision toolset.
• Data Loss Prevention DLP program covering all facets of network and host-based controls
• Threat Management - including processes to evaluate threats, triage, remediation and escalation paths
• Identity Management - including SSO, Provisioning, Authentication and authorization
• PCI Compliance program for the key Credit Card handling processes
• Managed all facets of stakeholder requirements, vendor management and product selection, financials, reporting, etc for multiple multi-million dollar projects.

Confidential

Lead Information Security Architect / Program Manager

• Senior Leadership in Information Security Program and strategy development to meet the evolving Financial Industry and Bancorp security requirements of one of the nation's largest Banks. Developed strategies and programs for high-profile security issues such as Data Leakage Prevention DLP , Endpoint Security, Unified Threat Management, Identity Management, etc... Design the capabilities maturity model CMM for the development and deployment of multi-million dollar multi-year initiatives, partnering with Risk and Compliance to sell the value of the programs to the Lines of Businesses, risk executives, and Senior Leadership.
• Design and validate Bancorp systems architectures to meet the Information Security principles, standards and best practices. Work with lines of businesses and IT Risk to ensure new and existing systems met and/or exceeded security policies, governance requirements and security best practices. Work extensively with the Risk organization developing governance strategies to mitigate risk, address audit issues, and designing compensating controls. Designed strategy and develop standards in the following areas: authentication, authorization, Demilitarization Zone DMZ , perimeter security, Data Loss Prevention, etc
• Information Security Strategy and governance planning. Analyze the governance landscape of new and existing regulations GLBA, CISP, PCI, etc as well as security frameworks Cobit, ISO 27002, etc and formulate corporate strategies for meeting security and risk mitigation objectives including the continuous maturing of existing processes. Worked with the lines of business formulating responses and strategy for CISP and PCI DSS compliance requirements.
• Serve as an Information Security consultant to the Enterprise Architecture group, and the lines of businesses for a multitude of programs including Branch network upgrade to MPLS, Virtualization and Consolidation strategy, remote access and all Internetworking related projects and operations functions. Security business consulting to the sourcing departments for potential outsourcing engagements including lockbox, multiple bankcard functions, etc...
• Program Manager of Identity Management initiatives, including the selecting of centralized identity repositories, active directory integration, and provisioning tools. Managing a team of PMs, contractors and vendors with a multi-million dollar budget, aggressive timelines, and continuous cost cutting scrutiny utilizing the PMI methodology.
• Actively involved in building and mentoring junior staff.

Confidential

Director of Transitions

Senior level management of global network services delivery. Tightly collaborated with desk-side and help-desk services organization to provide comprehensive services to our clients. Strategic planning and development of outsourcing offerings, operations/corporate structure, and delivery teams. Implemented optimized service delivery according to ITIL framework, and drove efficiencies through the use of Six Sigma DMAIC methodology, operational excellence and best practices. Responsible to ensure SLAs and budgets are met. Budgeting and cost controls.

Confidential

• Technology Leader Network Infrastructure Security consulting
• Practice designer and project manager of the implementation of network security systems and internetworking services. Designed internetworks and security solutions using VPN, firewalls and other secure technologies to meet requirements for data confidentiality and security. Implemented solutions using Cisco PIX and Checkpoint firewalls, Cisco Caching engines, Content Service switches, etc. Engaged at all levels of business development and customer satisfaction. Performed systems and network auditing.
• Enterprise Network Infrastructure Project Manager and Sr. Technical lead of global LAN/WAN projects for the nations most prestigious company. Network Architecture design using Cisco and Nortel hardware: Cisco 6500/4000/3500 switches, 3600/7500 series routers, including highly complex and redundant systems. Also managed the migration and implementation of a global DNS/DHCP solution. Project Managed many internetworking projects for North American sites. Managed vendors to insure budget constraints and SLA's are met on Multi MM projects. Provide mentoring, careers guidance and educational plans to junior level staff.
• Responsible for major portions of the North American regional Network data center design and implementation. Server consolidation and SAN systems implementation in order to streamline and optimize computing resources at a central location. Designed network infrastructure to support critical business applications Siebel CRM, JD Edwards ERP SCM , ensuring reliability and redundancy. Performed base lining, performance monitoring, throughput analysis and capacity planning for critical business applications.

Confidential

• Team Leader- Global Infrastructure Outsourcing / Consultant
• Lead consultant and manager for Global Infrastructure Outsourcing for our Global clients.
• Provided technical expertise for many facets of the project, including workstation image and script development. Designed, prototyped and deployed server infrastructures for the world's largest chemicals conglomerate. Refined and validated the design of a global Windows domain structure including DHCP, WINS and capacity planning for 40,000 users. Design of global DNS architecture, consolidating Unix and NT based systems. Prepared delivery signoff documents, work breakdown structure WBS and other project management documentation. Conducted site infrastructure assessments and feasibility studies including bandwidth assessment and IP addressing scheme.
• Lead the enterprise rollout deployment coordinating with multiple teams and sites including client relations' management. Designed Novell to NT master migration and project deployment plans. Project leadership involved client negotiations for end-user project deployment schedules, ensuring project deadlines and deliverables, meeting customer satisfaction and IBM standards of excellence. Provided mentoring and guidance to team members.

Confidential

Network Systems Implementation Consultant

• Implementation leader for North American rollout of an enterprise solution consisting of a nationwide migration of Novell NetWare to Windows servers, implementation of an integrated Exchange Email environment, and global DNS and TCP/IP re-addressing. Also implemented an enterprise-wide Tivoli multi-platform management system.
• Each site included installation and configuration of Cisco routers, racks, UPSs, Catalyst series switches, supporting a fully manageable wide area network. Performed data migration and implemented network encryption hardware modules.
• Held a security clearance with the US Department of the Treasury.

Confidential

Western Region Manager

• Senior level management of a 1200 employee enterprise responsible for regional business development and service delivery. Drove the business pursuits and projects for one of the largest Telecommunications companies in Saudi Arabia. Built the largest service oriented high-end technical company, focusing on our vision of unsurpassed integrity and the Middle East's leader in customer support and satisfaction. Designed and implemented client development strategies and managed sales staff to ensure all regional business pursuits were being followed, and sales goals attained. Responsible for regional P L / financial management, contract negotiations and bid packages for our multinational clientele.
• LAN WAN Networking and design and consulting to some of the largest corporations in SA, including Mobil Oil, ARAMCO and other multinational clients and Gulf Region conglomerates.
• Project Management for numerous of Saudi ARAMCO projects and other multi-national clients. Projects included nationwide WAN implementation of Cisco routers, OS installs and migrations to a Windows platform. Responsible for multi-million dollar projects, ensuring no cost overruns, planning and balancing manpower requirements.