We provide IT Staff Augmentation Services!

Delete This

Summary

Respected, accomplished Certified Information Systems Security Professional CISSP and Certified Information Systems Auditor CISA with significant, results-proven experience directing Information Security programs. Leverages technology expertise across multiple platforms to optimize security. Functional expertise in Information Security, Disaster Recovery, Sarbanes-Oxley, cyber security and IT risk. Exceptional analytic, consulting and engagement capabilities. Ability to collaborate with other senior functional and technical leadership, to define information security strategy, architecture, budget and implementation benchmarks.

Experience

Confidential

Responsibilities

  • Manage five professional staff focused on Governance Risk and Compliance, Security Operations, IT Risk Management, Vulnerability Management, Security Awareness and Education.
  • Manage vendor relationships, contract negotiation and monitor service delivery to ensure security posture is enforced.
  • Drive security resource management and architecture review for all major initiatives.
  • Perform gap and risk assessment of security controls and policy requirements.
  • Oversee enhancements to the security program based on corporate initiatives and policy requirements.
  • Define Secure Software Development Life Cycle framework for internal applications.
  • Manage Information Security Program for a global organization.
  • Key Contributions
  • Defined the organizational plan, including asset management, risk and compliance assessments and security controls gap analysis to identify opportunities to address risk. Focus on applications with regulatory compliance requirements and/or business critical.
  • Aligned Global Specialty with enterprise security tools and leveraged common capabilities to eliminate discrete spend.

Confidential

Responsibilities

  • Managed six professional staff responsible for Information Security, Fraud, Internal Audit and Compliance.
  • Represented Information Security in all merger and acquisition activities, and serve as the primary point of contact between the business and Information Security.
  • Developed and motivated employees to perform above and beyond normal performance requirements. Challenged employees to grow non-technical skills by focusing on areas of business communication and project management.
  • Responsible for department capital and human resource annual budget.
  • Key Contributions
  • Created Security Awareness education materials for delivery via company's Learning Management System.
  • Managed a matrixed team to support activities related to an FFIEC Discovery Review.
  • Coached Internal Auditor in delivery of the company's first Audit Report.

Confidential

Responsibilities

  • Created a University-wide Information Security organization, integrated ten professional staff from two schools and two Central Administration IT groups, aligned function with the University's mission and implemented a service catalog to delivery security services to the entire University community.
  • Implemented a new collaborative IT Security Governance structure with representation across the University to rewrite the Information Security Policy.
  • Established a Cyber Security Center to centralize security event detection and response including a security roadmap, architecture, product acquisition and implementation, process and staff development.
  • Established the Information Security function at Harvard University, Faculty of Arts and Sciences including hired staff, defined process and implemented technology.
  • Created the security roadmap and architecture to protect, detect incidents, correct issues and educate the FAS community.
  • Key Contributions
  • Negotiated two school-wide antivirus subscriptions that reduced expense by 180,000.
  • Developed a PC on a stick platform to run desktop images on an encrypted USB flash drive, which was adopted by the FAS Registrar's Office for use by more than 100 staff.

Confidential

Responsibilities

  • Created an Information Security organization hired, managed and developed eight professional staff, created a security roadmap and architecture, acquired security solutions and drove implementation, and defined processes that were repeatable, sustainable and measurable.
  • Managed SOX 404 for IT organization including defining and testing IT General Controls for Year One reporting.
  • Met with customers during pre-sales and annual compliance assessments, to present the Information Security Program and answer questions.
  • Key Contributions
  • Championed a Six Sigma Black Belt initiative to improve Fraud Investigation that resulted in a 14 million loss reduction.
  • Wrote the company's Information Security Policy and supporting standards.

Confidential

Responsibilities

  • Managed four professional staff responsible for user access, data administration and monitoring for z/OS, iSeries and Windows platforms.
  • Defined Information Security Policies and Standards.
  • Performed gap assessment of security controls to Policy and defined security roadmap to remediate issues.
  • Key Contributions
  • Reduced expense for remote access by 100,000.
  • Encrypted laptops for sales force to protect NPPI data and Intellectual Property.

Hire Now