Summary

• Areas of Proven Leadership/Expertise in IT Procurement, Defense in Depth Architecture, Risk Management, IT/Audit Compliance, Helpdesk/NOC management, Networks and Telecommunications:
• Risk Assessment/Mitigation
• Policies Procedures
• Infrastructure/Architecture Review
• IT Audit /FFIEC/SOX Compliance
• Enterprise Risk Management
• Defense in Depth Security
• Security/Compliance Best Practices
• Network Management/Control
• Due Diligence
• Proactive Defense Planning
• RFP/RFI Preparation/Process
• Security Incident Management
• Legal/Regulatory ITU
• Service Level Management
• Budget/Financial Management
• ISP/Carrier Management
• Contract Negotiations
• Contingency/Disaster Planning
• Network Operations
• Strategic Planning
• Cost Reduction Programs

Employment History

Confidential

Vice President

Manage the operations of the largest bank in Michigan, with presence throughout four states, encompassing 222 sites. With a staff of six professionals:

Security, Compliance and Audit Related

• Developed and Implemented 802.1x, port authentication, throughout the enterprise eliminating the potential of non-authorized devices accessing the banks infrastructure
• Developed, implemented and maintained Defense in Depth layered security model creating zones of protection
• Developed, documented and implemented a Vulnerability Scanning Program, proactively identifying and mitigating risk
• Developed and implemented a IDS/IPS architecture, in support of proactively reducing the risk of an outside intrusion
• compromising critical applications and services
• Took the lead in the development and implementation of a corporate wide RASIC Framework, in order to document security related functions, responsibilities, stakeholders and mitigating actions
• Developed and implemented numerous IT Controls and processes, focusing on privileged access, change/release management, use of network sniffers, segregation of duties, and the use of remote control programs
• Developed a single repository for internal and external audit documentation, simplifying audit efforts
• Developed a privileged access matrix, outlining who, how and when internal critical components are accessed
• Implemented Cisco's NCS, in support of deploying and managing Wi-Fi at targeted bank locations, reducing the risk of rogue devices being installed or accessed
• Developed the enterprise Security Incident Management work-flow, incident remediation and escalation process
• Developed a Vulnerability Management Platform, that focused on how security events are detected, and acted upon
• Developed and implemented a security event escalation and notification process
• Implemented 24 x 7 x 365 proactive co-managed firewall/security management and monitoring with SecureWorks
• Developed a risk management matrix, including recommended remediation which identified potential security and operational risks
• Developed and implemented a high availability architecture for the Internet and their associated firewalls
• Created details diagrams, focusing on the enterprise-wide security posture
• Revised the corporate Patch Management process, outlining when and how patches and releases are deployed
• Authored and published numerous policies, standards, procedures and workflows, in support of regulatory compliance and documented best practices
• Served as critical point for internal and external auditors, when the Security posture was a focus on the audit
• Was an active member of the Change Advisory board, assessing every change to determine potential operational and security risks
• In support of DR and Business Continuity efforts: also linked to Audit and Compliance
• Developed, documented and implemented a critical device back-up process
• Rated all supported systems, in order to determine criticality and sequence of implementation during DR
• Developed and implemented a network recovery plan, if power should fail in the data center
• Developed network/device base-line configurations, enabling the bank to quickly deploy technology when devices failed
• Implemented several layers of redundancy and resiliency, eliminating single points of failure throughout the enterprise
• Created the DR technical recovery plan for the Telecommunications/Security areas, and assisted other areas in developing their tailored plans
• Developed a Service Delivery BCP Resource Management Plan, focusing on how efforts are managed, following the declaration of a disaster
• Created A Contingency Plan Matrix, focusing on identifying mission critical components, where redundancy exists, the risks associated with third party managed hardware and solutions, and time to recover
• Developed standards, for all supported hardware, software and services, including security configurations
• Developed a Pandemic Plan, which outlined, in the event a Pandemic is declared, how services will be managed
• Developed a DR support Matrix, outlining the sequence of events, which services are implemented, and prerequisites when a Disaster is declared

From an Operational Perspective:

• Responsible for voice, data, cellular and perimeter security/infrastructure services for the enterprise
• Managed a 7 Million annual budget reduced from 13 Million , by developing a detailed run rate
• Renegotiated AT T, Verizon, FIS and Siemens contracts saving 12 million over seven years
• Evaluated the Telecommunications industry by issuing an RFP. Selected the following converged technology for deployment saving the bank 5.2 Million over a 36 month contract term starting 2013 :
• IP telephony, replacing traditional TDM PBX/VM Systems
• SIP, providing enterprise-wide VoIP to 219 locations
• Cisco Call Manager, creating centralized call management/control, with a back-up located at our DR site
• QOS, enabling the bank to implement unified communications
• Replacing the Call Center technology, providing a scalable, feature-rich SIP solution
• Developed and implemented methodologies to track internal and external SLA's, reducing non-compliant services by 75 .
• Managed and successfully executed the integration of Citizens and Republic banks network and security infrastructure
• Managed centralized dispatching for site break-fix from Flint, servicing 222 sites.
• Reviewed and approved all change requests, prior to them being submitted to the Change Advisory Board, reducing the risk of production impact

Confidential

Director Technology Risk Management Services Practice

• Acting as the practice manager, with CISA's, CIA's, CISSP's reporting directly to me, and as a billable consultant:
• Assisted in the creation and growth of the Technology Risk Management Practice throughout Michigan
• As a technical infrastructure SME/resource:
• Assessed HMC's infrastructure for vulnerabilities
• Developed/deployed a corporate-wide Information Security Policy
• Set the framework for future infrastructure IT SOX Compliance
• Created a risk management model, which was presented to our customers
• Identified and hired the required technical/audit team members
• Meet with clients to develop the business, and to monitor audit/project deliverables
• Developed a Business Continuity Risk Matrix, which was presented to existing and potential customers
• In an internal IT audit capacity, conducted audits for General Motors in Detroit. Working for the Director of Internal IT Audit:
• Audited GM's 50 billion dollar outsourcing RFP process
• Assessed standardized work processes and their design, which govern how IT services are managed on a global basis
• Evaluated the effectiveness of the two major families of evaluation criteria utilized to formalize and assess suppliers bidding on 48 independent RFP's
• Conducted a Data Center audit, for GMAC evaluating security, incident, problem and change management, managed by IBM
• Assessed the integrity of the supplier selection program recommending critical changes to further proactively mitigate risk
• Assessed the supplier transition plans for risk, and mitigating those risks prior to the transition taking place
• Prepared an orientation program and document, to prepare auditors for conducting IT and SOX audits for GM
• Conducted HMC internal training for conducting effective IT audits General Motors globally
• Remediated SOX exceptions by creating an Information Security Policy, 24 IT policies and narratives for a publishing company, enabling them to comply with year 2 SOX 404 compliance requirements
• Performed Quality Assurance, reviewing and evaluating the SOX controls and testing performed by field auditors

Confidential

• Manager, Infrastructure and Data Security Recently appointed to this newly created position. Scope encompasses several key areas:
• With a staff of six 6 security administrators, manage global security for production systems and application access
• Reviewed and assessed risks and vulnerabilities for ArvinMeritor's global infrastructure
• Meet with suppliers, internal and external customers to determine secure methodology for connecting to both trusted and non-trusted entities
• Identify, evaluate and implement technology to protect the perimeter
• Chaired a cross functional group task force to monitor/correct ongoing security threats
• Developed, implemented and updated security policies, standards and procedures
• Evaluated/recommended changes/enhancements to ArvinMeritor's global voice and data networks
• Review and address legal regulatory issues that affect data integrity
• Chair a weekly security audit conference to review potential or known security issues
• Meet with internal/external IT auditors to ensure Sarbanes-Oxley security compliance
• Manager Architecture and Strategy -
• This function was created to accomplish the following business objectives:
• Dedicate an internal resource for integrating the acquired infrastructure of Dana Corp
• Support divestitures, with regards to IT infrastructure, legal regulatory, and security
• To provide global direction in the following areas:
• Firewall and Perimeter Security
• Mobile/Wireless Computing
• Security Related IT Controls
• 3rd Party Connectivity
• IT Service Level Agreements
• Corporate-wide Change Control
• Take a leadership role in the Architecture Review, Incident Management and Change Control Committees.

Manager

Confidential

• With a staff of seven 7 , managed global voice, local area networks, perimeter security, remote access, audio conferencing and a wide area network services with presence in 85 cities and 42 countries.
• Managed 4.8 Million annual budget
• Reduced the number of network failures by 75 by implementing network resiliency
• Implemented a network management platform, monitoring the pulse of the global WAN
• Designed and implemented a high availability Internet solution utilizing StoneBeat
• Outsourced Router Management, providing 24 x 7 x 365 proactive network monitoring

• Renegotiated corporate contracts reducing the global budget by 23.8 million
• Issued a Global WAN R.F.I. and identified the next generation network platform
• Planned and executed the relocation of the network corporate hub/data center

Confidential

Director of Information Systems - Operations

• With a staff of eight 8 , managed two help desks, a hardware repair, break-fix area, procurement, voice and a domestic Frame Relay network.
• Managed the on-line operation of 155 sites, consisting of local and wide area networks
• Managed a 4 million annual voice/data budget. Reduced operating expenses by 28
• Managed the headquarters local area network/infrastructure
• Performed a detailed network audit, identified and implemented diversity, redundancy and resiliency reducing down time by 21
• Evaluated business needs and implemented a corporate wide electronic mail system for 1600 users
• Evaluated MCI invoices, identifying billing errors totaling 520,000.00
• Conducted internal security audits, identifying and resolving security vulnerabilities
• Evaluated grid power failures and installed a UPS and back-up generator
• Maintained 99.98 uptime during publishing production season

Examples of other relevant employment includes:

Confidential

Telecommunications Manager Managing the day-to-day operations/support for 500 customers

Confidential

Various capacities, including designing/implementing their first global NOC and deploying their global network

Confidential

Managing the provisioning and day-to-day operations of their global network