PROFESSIONAL SUMMARY

• Confidential has over 15 years IT experience including a track record of success as an Information Security Officer, Project Manager and Consultant. His background encompasses a variety of highly regulated industry verticals including retail, government, financial services, and health care. Mr. Wallace has traveled throughout the United States servicing large companies, government agencies, and health care systems.
• Confidential has demonstrated an ability to build information security programs that drive strategic business objectives along with excellent facilitation, team building, and communications skills. His full-cycle project leadership experience includes managing teams as large as 16FTEs and eight figure project budgets. Mr. Wallace has authored white papers and delivered presentations at industry conferences. He was a project manager on an initiative that was named to the 2004 Infoworld Magazine list of top 100 IT projects. He can deliver publication quality writing, a CxO level presentation presence and a refined understanding of financial metrics as they apply to information technology investments.
• His area of expertise is in the assessment, design and implementation of security architectures to support compliance with Information Security directives such as ISO 17799/27000, NERC-CIP, PCI-DSS, HIPAA, and NIST 800 Series. He offers working experience planning, designing and implementing Information Security Management Systems. His implemented recommendations have consistently passed the rigors of audit and regulatory examinations. Mr. Wallace holds a Bachelors Degree in Accounting and a Masters Degree in Information Systems. In addition to his academic credentials he has earned technical certifications in Information Security, Project Management, ITIL and Accounting.

TECHNICAL SKILLS

INDEPENDENT CONSULTING PROJECT EXPERIENCE

Information Security Project Manager to Wholesale Travel Holding Company Apple Leisure Group

Confidential

Engaged by a large wholesale travel organization to lead a Symantec Endpoint Protection SEP v12 implementation initiative. Responsibilities included solution design and delivery, technical engagement management including strategy development, business process assessments, organizational design and client acceptance. Drove the development of business and technical requirements and focused the operational integration of the solution to meet those requirements. Worked with extended on- and off-site teams to develop the endpoint security infrastructure and the deployment of desktop/server anti-virus and workstation firewall functionality. Defined and created a SEP security policy, drove the development of deployment packages, executed a pilot against success criteria/test plan and completed production deployment on both workstation endpoints and servers. Advised the client on the deployment strategy of leveraging Altiris for workstation endpoint packages. Lead root cause analysis and troubleshooting activities during the production deployment and functioned as a liaison between the ALG and Symantec support. Tracked and reported on issues, anomalies and problems and escalated through proper channels.

Confidential

Tasked by a top 5 bank-owned automobile lender with leading an upgrade of the entire CA IdM/RCM/SiteMinder technology stack, design of processes relating to centralized authorization and automated continuing business need review, the implementation of related point solutions and the remediation of audit findings related to access management. Responsible for managing a 4MM budget, communication, schedule, people and the C-Level status cadence for six individual projects. Specific project objectives included upgrading CA Identity Minder from V12.5 SP6 to V12.6 SP1, CA Role Compliance Manager V12.5 SP3 to CA Governance Minder V12.5 SP7 and CA Siteminder V12.5 SP2 to SP3. Lead a cross functional team of internal and external resources to integrate 30 business critical applications with the new IdM stack and an externally hosted automated entitlement attestation service. Additionally the program included the implementation of the Cyber-Ark Password Vault solution, establishing a RACF test environment, enabling BlueCoat anti-virus scanning at the proxies and implementing an RSA two factor authentication solution for trusted 3rd parties.

Confidential

Selected by the world's largest first-tier aerostructures manufacturer to lead the implementation of a redundant Tivoli Access Manager Enterprise Single Sign on TAMESSO environment. The objective of this initiative was to deploy a local SSO environment to support the migration of business critical internal and external web applications from a Spirit data center in Wichita to an IBM data center in Raleigh. The initiative included leading a team of IBM consultants and client employees while reporting and statusing to an enterprise level program supporting the data center migration. Tasks and accomplishments included architecting a two zone SSO environment, provisioning the hardware and Lpars, building the system including Citrix Netscalers and WebSEALs, testing and troubleshooting of the platform, navigating a highly prescriptive change control process, and changing the DNS aliases in the web application hosting environment to point to the new TAMESSO platform. This project was identified as being on the critical path for the entire data center move program.

Confidential

Appointed by a large automobile manufacturer to lead an assessment and reengineering of processes relating to the protection of intellectual property and data loss prevention DLP technologies. The initiative focused on role based access to the DLP tool, detection and response rule tuning, rationalization of detection rules, management reporting, incident response, remediation and investigation processes. Lead the upgrade from Symantec/Vontu V10 to V11 and the integration of incident detection and investigation processes between the client's investigation tracking system and the Symantec Workflow product. Performed initial planning for the rollout of the DLP tool to geographies and businesses outside North America.

Confidential

Engaged by an 800M pre-IPO regional grocery chain to lead the implementation two security point solutions as part of a larger PCI-DSS and SoX compliance effort. The first initiative involved the implementation of the Tripwire Enterprise file integrity monitoring/IPS tool. Working with a team of 3rd party consultants and client employees the project included configuring devices at both the data center and store locations, installing the Tripwire console, building and loading monitoring rules, developing procedures, packaging and deploying agents to target devices. The second initiative focused on the implementation of Arc sight Enterprise Security Manager SIEM solution. Leading a team of 3rd party consultants and client employees the project tasks included racking and building host servers, configuring appliances, building a custom connector to the client's POS controller, installing the console, configuring 8 different standard connectors and implementing the PCI compliance package. Created a plan and processes for a volunteer fire department CSIRT to manage the response to incidents detected by the new technologies.

Confidential

Appointed by the world's leading manufacturer of infant formula to lead an initiative to develop a plan and procedures that would enable a cold data center site in Rochester, NY to take over processing in the event of a disaster impacting a primary data center in Southbury, CT. The project included working with teams from 3rd party outsourcing vendors and Mead Johnson to gather requirements, assess the current environment, and develop a solution in accordance with FDA guidelines that would provide for failover processing inside of a two hour recovery time objective RTO and the return of processing to the primary site once the site is stabilized. Deliverables included a discovery document containing as is logical network architecture, network configurations and inventory with business and technical requirements, a design document containing planned recovery site logical network architecture, planned network configurations and inventory, documented business and technical requirements for the recovery site in test mode and in disaster mode and identification of impacted network elements and systems during test/disaster modes and a DR procedures document containing scope, impact, exclusions and risks of systems involved in test/disaster events, identification of all documentation to be used/incorporated into test/disaster events, summary of sequential steps that need to be taken to execute successful test/disaster cutover and a list of expected system test procedures to accompany sequential steps.