SUMMARY:

• Over 15 years of information security and compliance experience with a combination of deep technical experience, coordination with executive management, and operational managerial experience. Integrity and persistence are the key values to my success and are what I will bring to your organization.
• Successfully led Sarbanes Oxley compliance effort for Confidential E&P, and Sappi Fine Paper
• Managed the initial successful PCI compliance effort for Confidential
• Led multiple organizations to strong audit and compliance performance by using a clearly documented acceptable risk model that allows work to continue while provably improving security
• Identified and led inter - company response to emerging SCADA security risks while at Confidential
• Recognized expert in risk management, segregation of duties and IT financial compliance
• Successfully built three IT security practices including organizational structures, RACI, processes, governance models, policies and technical architecture
• IT Executive Management
• Managed the design and integration of database and operational application areas while upgrading multiple business applications and shifting to software as a service for critical applications
• Led and managed the implementation of complete network redesigns including redundancy, performance and security improvements for multiple organizations
• Coordinated IT aspects of multiple multi-billion USD acquisitions and mergers
• Developed and coordinated training and communications for successful organizational restructuring
• CoBit, COSO, ITIL, ISO, Sarbanes Oxley, HIPAA GLBA, PCI, BCM (Business Continuity), SAP Security Mechanisms (this is both technical and business process)
• TCP/IP, MPLS, PKI, SSL/TLS, WiFi (802.11 Specifically security related), WEP, RIP, OSPF, IGRP, BGP, NAT (with multiple border routers), ATM, Frame Relay, IPX, Ethernet, NetBEUI, SNA over routers using DLSW, Token Ring, VLAN (802.1Q), DES encryption.

TECHNICAL SKILLS:

Specific Software: Blackrock, Bloomberg, SAP, Horizons, Clarity, Hyperion, Cognos, Nessus, ISS RealSecure, ISS security scanning software, QIP (VitallP) MOM, SCOM, VMWare, (DNS/DHCP management and integration), Netview, HP openview, MS Exchange, SMS, MS Office & XP Access databases (programming including SQL editing), Sybase, IIS, software, StoneBeat, nmap, Hping, Whisper, Various IDS.

Specific Hardware: Configuration and installation of Cisco 2500, 2900, 3600, 7200, & 5505 series routers, Juniper 8200 series network switches and Juniper Firewalls, NSM, Ironport Mail and Web Gateways; Much More

Operating Systems: JUNOS, Cisco lOS, Win NT 4, 2K &XP, Win 195/T98 Win 3.x, DOS, Novell.x, Novell 4.x, LINUX (Mandrake, Corel, Redhat, SUSE and others), SCO, DEC Unix, AIX, HP Unix.

STRENGTHS:

Security and risk management

Governance and compliance

SOx, PCI, Cobit, ITIL, ISO and general Integration with Audit

Organizational development

Penetration testing and vulnerability management

Incident response

Networking/routing

Distributed applications and architecture (clouds)

Organization operational improvements

Segregation of Duty

ID Management

EMPLOYMENT:

Confidential, Portsmouth, NH

PCI program Manager

Responsibilities:

• Directly responsible to executive steering committee for implementing, maintaining and proving compliance of Confidential credit card handling systems
• Managed the PCI program across all Liberty business units including over 57 projects and sub-projects project areas were segmentation, IDM, SoD, SDLC, Logging and Monitoring, FIM, Encryption/Tokenization, policies and standards
• Managed program timelines and budgets
• Coordinated project interdependencies resource allocation and timing
• Director of Data Services and Architecture - Confidential Investments
• Managed the IT operations and budget of Confidential investments data services (financial asset trading and financial management with operations independent of the rest of Confidential )
• External software as a service and vendors including Bloomberg, Moody's, Blackrock/Aladin, S&P, Tradeweb
• Vendor Relations vendor selection, verification, coordination with legal
• Architecture Ensure interoperability of all IT and information services
• Networking Juniper, Cisco, Ironport, Checkpoint
• Database administration - MS SQL (various versions) tied to multiple applications mostly financial and trading
• Desktop services Purchase, maintain, and manage all desktops and laptops and direct the helpdesk
• Security Risk Management, IT Audit/Compliance, All AV, User Provisioning, Internal verification
• Procurement - Managed all IT purchases within Confidential Investments, tracked and reported on spending patterns and managed depreciation of hardware
• Disaster Recovery Design, Operation and testing

Director Information Security Operations

Confidential

Responsibilities:

• Directed the Security Operations Department (runs and owns the budget for key security equipment) including:
• Firewalls (Juniper), Remote access including Dial in and VPNs for over 40K People, Mail Gateways (Ironport), Proxies (Bluecoat, Websense, Ironport and M86), AV (SEP 11)
• Developed DS Risk reporting structure responsible for segregation of duties, log aggregation, incident management, penetration testing, vulnerability assessments, risk assessment using FMEA, FAIR for clear identification and prioritization of risk versus opportunity, risk acceptance
• Created and Managed the Operational Oversight Department responsible for regulatory compliance (SOX, GLB, ISO 27002 etc.), controls assessment, Attestation, coordinating business and technical control overlaps

Confidential, Houston, Texas

Digital Security Risk Manager

Responsibilities:

• Exploration and Production Segment ($90B USD Revenue Segment)
• Responsible to the E&P segment for data confidentiality, integrity and availability, risk acceptance, mitigation or elimination, regulatory compliance (SOX, GLB, etc.), data protection of automated control systems (ACS, DCS, PLC’s, SCADA)
• Security team administration and personnel supervision and coordination
• Liaise with senior management and serve as intermediary between technical security subject matter experts and IT/Business leads
• Engaged with and coordinated Digital Security process of numerous large (more than 1 Bill USD) projects both within IT and within the business including
• SAP projects including SoD and financial controls
• Large scale fiber network infrastructure deployments
• Coordinated and lead teams to engage in dozens of less significant projects (More than 1 Million USD but less than 1 Bill USD)
• Team sizes ranged from 5 to 20 each up to 50 people in all
• Responded to incidents and issues
• Developed cross application SoD strategy
• Responded to significant engineering incidents and developed strategies to minimize impact and financial exposure in a very short period of time
• Sappi Fine PaperPortland Maine

Manager Operations

Confidential

Responsibilities:

• Successfully reduced budget to 7.5 Million USD over the course of 2 years due to significant company wide financial requirements
• Led Security to single moderate audit finding from an original 120 significant audit findings over the course of two years while simultaneously reducing operational budget
• As lead for global security
• Lead, directed and participated in various international security projects and endeavors
• Coordinated International Security Efforts
• Lead the Sarbanes Oxley Compliance group
• Successfully completed 2 SOX audits with D&T as the external Auditors without significant or material defects
• Lead the Global SAP Security and implementation process
• As chair of the global IT board
• Guided interregional joining of disparate business units
• Provided designs and business processes that resulted in significant savings to the Company
• Coordinated Global efforts at large scale application deployment
• Advised Executive management on Risk assessment and abatement