Head of Information Security for WebMD, the leading provider of health information and services to consumers and healthcare professionals, with more than 20 years' experience with financial data management and the application of innovative technologies to solve business needs. Responsible for planning, analyzing and implementing technology and security solutions for the company, its customers and clients.

CORE COMPETENCIES

• Risk Management
• Process re-engineering
• P L Management
• Disaster Recovery
• Network Systems Security
• Vendor Relationships Management
• Systems Design
• Change Management
• Business Process Outsourcing
• Strategic Business Planning
• Technology Development

Hands-on experience with the following: Active Directory, GPO's, TCP/IP, WINS, DNS, CISCO, ASA, PIX, ACL's, Symantec A/V, AVAYA, Siemens, Nortel, RSA, System Hardening, Patch Management, Exchange, SMTP, Nessus, WebSense, PGP, LAN, WAN, Datacenter management, Terminal Servers, WSUS, Syslog, SNMP, Tripwire, SSL/TLS, Citrix, IIS, Apache, SQL, PHP, Oracle, Drupal, Rightfax, Linux, VMWare, Whitehat, Qualys

PROFESSIONAL EXPERIENCE

Confidential

Senior Director, Information Security

Head of Information Security CISO for WebMD and all WebMD web properties. Responsibilities include:

• Responsible for developing corporate security policies, technical and compliance standards.
• Validate risk appetite and tolerance with senior leadership and key stakeholders to ensure alignment.
• Responsible for the development and delivery of an education and training program on security, privacy and risk management.
• Develop and implement a comprehensive strategic risk assessment program targeting information security and privacy that ensures the confidentiality, integrity and availability of information across the enterprise.
• Provide guidance on adherence to legal and regulatory requirements such as - ISO 27001, COBIT, COSO, HIPAA, HITECH, SOX and FISMA.
• Manage security and information technology requirements within both Agile and Waterfall methodologies for both website and mobile application development efforts.
• Conduct periodic/annual security audits for all web properties, locations, vendors and service providers to identify areas of concern.
• Head up cyber incident response team.
• Created and implemented corporate-wide Emergency Response Plan.
• Act as primary contact for external auditors, agencies, customers and law enforcement representing WebMD on all security matters.

Confidential

Director of Global Systems, Security Compliance

Responsible for management of the Global Systems and Security functions within Global Technology Operations. Manage teams in the US, UK, Ireland, Western Europe and the Philippines. In addition serve as a member of the Senior Executive Team for US operations. Responsibilities include:

• Directed activities of Systems Administration, Local IT Services, Desktop Support and Security and Compliance.

• Responsible for the development and operation of all systems, infrastructure and information technology solutions globally including physical, virtualized and cloud computing.
• Provide guidance and direction on adherence to security guidelines and regulations - ISO 27001, HIPAA and PCI-DSS.
• Manage security and information technology requirements and oversee customer relationships.
• Develop and direct remediation plans to address security and technology issues.
• Advise Senior Management Team on IT Security and technology solutions and opportunities.

Confidential

Director of Global Security Systems

Serve as the Chief Security Officer responsible for the planning, analysis and implementation of security and technology solutions in direct support of business objectives world-wide. RMS is the world's leading supplier of receivable management services with over 35 locations worldwide. It provides outsourced receivables management and call center technologies for many Fortune 500 companies. I report to the Chief Information Officer and my responsibilities include:

• Provide guidance and direction on adherence to security guidelines and regulations. RMS provides outsourced receivables management for many Fortune 500 clients and as such must adhere to regulations such as: SOX, GLB, ISO/IEC 17799, HIPAA and PCI-DSS .
• Manage security and information technology requirements and oversee customer relationships.
• Create security road map and site hosting for customer web access.
• Review contracts and statements of work for customers in consultation with Operations, Compliance, and Legal to ensure RMS can deliver to the expectations set forth by the customer.
• Oversee firewall changes and give final approval on all security policy exceptions.
• Manage the company's relationship with local/federal and Payment Card authorities.
• Raise awareness of the importance of security in the workplace and enhance RMS's security leadership position.

Key Achievements:

• Initiated and directed the successful effort to certify RMS under the Cardholder Information Security Program CISP , also referred to as Payment Card Industry PCI Data Security Standard.
• Developed and implemented comprehensive, effective policies and procedures to address all aspects of systems and physical security and to insure the confidentiality, integrity and availability of RMS information.
• Established a Computer Security Incident Response Team CSIRT to handle security related incidents.
• Instituted standard configuration, system hardening, data retention and disposal procedures.

Confidential

Oversaw long-range strategic planning, vendor relationships, and systems development and integration related to business support systems and security, reporting to the CIO. Responsibilities included:

• Developed and implemented infrastructure for the following areas: Desktop Support, Messaging Exchange 2003 , Active Directory, Anti-virus, Patch Management, Asset Management, Web-filtering, Intrusion Analysis, and Forensics for over 2,500 desktop and server class machines.
• Overseeing all back office systems and processes during the spin-off from D B: Implemented Oracle 11i 10.5.8 Financials, Human Resources, General Ledger, Accounts Payable, Fixed Assets, Accounts Receivables, Payroll and Purchasing. This project was assigned to me with just 4 weeks to go before the divestiture. I identified all critical elements necessary for payroll processing and developed an action plan involving all vendors including Healthcare and 401k providers to ensure RMS made its first payroll without any issues. As a result, I was selected by the Executive Board as a President's Council Winner.

Key Achievements:

• Having identified various issues with patching, I developed and implemented a fully automated company-wide patching system that enabled installation of patches within 48 hours of release from Microsoft. This new process greatly reduced time spend on virus and spyware remediation and allowed for testing and centralized reporting.
• In conjunction with Human Resources completed efficiencies in Account Management handling resulting in a more secure environment. Prior to the changes a large percentage of all active system accounts were owned by terminated associates and new associates waited days to weeks for their domain accounts to be created. The process was streamlined by using standard workflow methodology that resulted in all accounts being created/disabled within 24 hours of entering into the HR information system.
• Deployed Enterprise Spam Filter which significantly reduced incoming email load.

Confidential

Finance Project Director

• Reporting to the divisional CFO, I was responsible for all aspects of corporate reporting and day-to-day fiscal management of the major debt collection division: RMS. My role also involved growing a new product line Deduction Management Services , modeling compensation plans, and budgeting/forecasting for sales, expenses, staffing, cash flow and capital for the RMS division.

Project Coordinator - Finance

Senior Accountant

Confidential

Financial Analyst