SUMMARY

• Internal & External Audits / Policy & Procedure Development / Team Recruitment & Leadership
• Seasoned and results - oriented technology executive with distinguished career developing information security and information technology programs for top global companies and government entities.
• Extensive and in-depth knowledge of complex security and regulatory requirements governing sensitive company data.
• Leverage combination of technical aptitude and business acumen to develop long-range plans guiding IT / IS strategy, infrastructure, compliance, policies / procedures, and operations.

TECHNICAL SKILLS

Affiliations & Activities: Leading Member of Payment Card Industry Participating Organization PCI Security Standards Council Member, Gartner Member, ISSA CISO Executive Group Member & Speaking Committee Member, ISACA Presenter, Sarbanes-Oxley Symposiums Member, CIO Executive Council Member, Payments Processing Information Processing Council (PPISC) / FS-ISAC Board Member, USENIX Systems Administrator Exam Development Committee, Harvard University

Technical Proficiencies / Standards: NIST, PCI DSS, PA DSS, HIPAA, HITECH, OCR, OCC, OIC, OWASP, ITIL, ISO 27001, ISO 27002, SSAE16, SAS-70, SOX, Cloud Computing, Virtualization, Windows, UNIX, Solaris, Linux, Imperva, HSM, Encryption, Dukpt, Cisco Routers, Cisco Switches, Cisco PIX & ASA Firewalls, Checkpoint Firewalls, Palo Alto Firewalls, F5 load balancers, Tripwire, Arcsight, Splunk & RSA EnVision SIEM, RSA Data Loss Prevention, BackTrack, Kali Linux, Metasploit Pro, Symantec Endpoint Protection & Altiris, NIDS, HIDS, Nessus / McAfee / Foundstone, Qualys & Rapid7 Vulnerability Scanners, Checkpoint, Skybox, Perl, Korn Shell, CSH, various Firewall Appliances.

PROFESSIONAL EXPERIENCE

Confidential, Dallas, TX

Senior Manager, Information Security Strategy

Responsibilities:

• Responsible for leading teams, over $40M P&L, and delivering world class security & compliance solutions to various client across the globe.
• Successfully lead large Information Security team & efforts related to $400M divestiture of Top 10, $24B Bank & Credit Card Issuer, which included discovery, planning & analysis of existing environments and design & integration of new standalone publicly traded entity.
• Effectively lead multi-million dollar engagement to assess and revitalize Top 3 Payment Processor with PCI DSS 3.0 security requirements.
• Created business model, marketing materials, documentation, sales approach & technical response that contained a suite of products & services specifically tailored to the Payment Processing & Retail Industries for end to end security. dis involved frameworks and solutions for technology components such as P2PE, tokenization, encryption, EMV, authorization/settlement environments and Point of Sale security.
• Model has produced over $35M in revenue during first two months of marketing.
• Lead efforts on several RFP’s relating to information security managed service and compliance offerings topping $140M.
• Responded to and project managed various RFP’s for complete outsourced solutions for State run Medicaid programs, Financial Services Information Security departments & Governmental staff / project augmentation.

Confidential - Fort Worth, TX

Vice President of Information Security

Responsibilities:

• Oversee all aspects of strategic planning including goals, metrics, budgeting & organizational objectives.
• Create & deliver successful Information Security and Compliance program that includes 3-5 year roadmap, various technology implementations, risk management, governance & business continuity.
• Establish and maintain comprehensive audits for adherence to PCI DSS, PA DSS, SSAE16, NIST, ITIL and various other industry standards. Includes four separate PCI DSS compliance audits annually.
• Develop, implement and monitor enterprise security policies & procedures as they relate to the parent organization as well as subsidiaries.
• Responsible for internal and external relationship management with various business leaders, the Board of Directors & vendors of all organizations.
• Maintain daily security operations of the organization that includes layer 7 next generation firewalls, VPNs, IDS/IPS, data loss prevention, enterprise SIEM, spam filtering, antivirus & malware protection, network & application scanning, penetration testing, tripwire, centralized account management & Imperva.
• Wrote the business plan for Executive Management to launch a new mobile (M+Terminal) & tablet (1stPayPOS) P2PE payment platform which included researching competitors, creating map of competitive advantages & identifying barriers to entry.
• Lead technology efforts to design and integrate mobile P2PE payments platform. dis included researching mobile swipe readers from ID TECH, MagTek, FutureX and others. Gateway integration, encryption at the swipe, key injection, audit considerations and HSM decryption were all part of the scope.
• Completed over 90 specific projects in the first 12 months of service all of which were within budget thresholds.
• Revamped every single security tool enterprise wide in the first 12 months and expanded security tool footprint by over 300%.
• Reduced enterprise risk profile measurement from “Moderate-High Risk” to “Low Risk” in first 12 months.

Confidential - Dallas, TX

Information Security Officer Consultant

Responsibilities:

• Initiated and led system-wide information security self-assessment to determine maturity level following Gartner research recommendations.
• Responsible for compliance and information security of National Critical Infrastructure applications such as Debit Gateway, Pay,Gov, various IRS applications, various ACH & Funds Transfer applications and other Governmental payment applications.
• Assisted with security & compliance design of integrated Social Security System fraud checks & balance applications for the U.S. Government.
• Established and launched long-term strategy to increase Capability Maturity Model (CMM) level to meet industry standards, best practices, and corporate vision / objectives.
• Facilitated and supported federal government audits, Attorney General audits, Treasury and Financial Management Service Audits, PCI Level 1 audits, National Critical Infrastructure audits, Government Accountability Office audits, SA&A Certification & Accreditation audits, and internal audits.
• Cultivated excellent professional relationships with Federal Reserve and Department of the Treasury personnel to drive expansion and improvement of security model and ensured alignment with NIST, PCI, OWASP, ITIL, and ISO 27001 / 27002 industry standards.
• Managed team in developing technical requirements / design baselines, program execution plans, technical risk assessments, scope / configuration management, schedules, and budgets.

Confidential, Fort Worth, TX

Partner & Chief Information Security Officer Consultant

Responsibilities:

• Drove measurable improvements to vulnerability scanning and technical environment reporting.
• Conducted enterprise-wide vulnerability scans and oversaw remediation process through implementation of patches and correction of configuration issues across multiple platforms.
• Defined security baselines for individual system usage requirements and led development and documentation of corporate security standards.
• Instrumental in assisting global corporation to achieve compliance to highly complex security standards, including PCI DSS, ITIL, and SOX.
• Benchmarked several Information Security programs against ISO 27002, HIPAA, PCI, Sarbanes-Oxley and NIST industry standards to determine and remediate gaps.

Confidential, Seattle, WA

Acting Chief Security Officer / Chief Compliance Officer

Responsibilities:

• Instrumental in evaluating & recommending various virtualization, cloud computing, secure data center and cutting edge technologies with quick ROI and low total cost of ownership.
• Championed transition from reactive to advanced proactive approach to Information Security program.
• Designed and launched world-class enterprise Vulnerability Management Program for PEMCO and PEMCO Mutual Insurance Company.
• Delivered 60+ Information Security and Compliance projects on time and under budget under an aggressive one-year timeframe.
• Completely prepared infrastructure, compliance and security of PEMCO technologies for acquisition.
• Worked actively with the Executive Management team to meet with several prospective buyers & ultimately sold PEMCO Technologies to Jack Henry & Associates.