Areas of Expertise:

Technical Proficiencies / Standards: NIST, PCI DSS, PA DSS, HIPAA, HITECH, OCR, OCC, OIC, OWASP, ITIL, ISO 27001, ISO 27002, SSAE16, SAS-70, SOX, Cloud Computing, Virtualization, Windows, UNIX, Solaris, Linux, Imperva, HSM, Encryption, Dukpt, Cisco Routers, Cisco Switches, Cisco PIX ASA Firewalls, Checkpoint Firewalls, Palo Alto Firewalls, F5 load balancers, Tripwire, Arcsight, Splunk RSA EnVision SIEM, RSA Data Loss Prevention, BackTrack, Kali Linux, Metasploit Pro, Symantec Endpoint Protection Altiris, NIDS, HIDS, Nessus / McAfee / Foundstone, Qualys Rapid7 Vulnerability Scanners, Checkpoint, Skybox, Perl, Korn Shell, CSH, various Firewall Appliances.

Professional Experience

Confidential

Senior Manager

• Responsible for leading teams, over 40MP L, and delivering world class security compliance solutions to various clientacross the globe.
• Successfully lead large Information Security team efforts related to 400M divestiture of Top 10, 24B Bank Credit Card Issuer, which included discovery, planning analysis of existing environments and design integration of new standalone publicly traded entity.
• Effectively lead multi-million dollar engagement to assess and revitalize Top 3 Payment Processor with PCI DSS 3.0 security requirements.
• Created business model, marketing materials, documentation, sales approach technical response that contained a suite of products services specifically tailored to the Payment Processing Retail Industries for end to end security. This involved frameworks and solutions for technology components such as P2PE, tokenization, encryption, EMV, authorization/settlement environments and Point of Sale security.
• Model has produced over 35M in revenue during first two months of marketing.
• Lead efforts on several RFP's relating to information security managed service and compliance offerings topping 140M.
• Responded to and project managed various RFP's for complete outsourced solutions for State run Medicaid programs, Financial Services Information Security departments Governmental staff / project augmentation.

Confidential

Vice President

• Oversee all aspects of strategic planning including goals, metrics, budgeting organizational objectives.
• Create deliver successful Information Security and Compliance program that includes 3-5 year roadmap, various technology implementations, risk management, governance business continuity.
• Establish and maintain comprehensive audits for adherence to PCI DSS, PA DSS, SSAE16, NIST, ITIL and various other industry standards. Includes four separate PCI DSS compliance audits annually.
• Develop, implement and monitor enterprise security policies procedures as they relate to the parent organization as well as subsidiaries.
• Responsible for internal and external relationship management with various business leaders, the Board of Directors vendors of all organizations.
• Maintain daily security operations of the organization that includes layer 7 next generation firewalls, VPNs, IDS/IPS, data loss prevention, enterprise SIEM, spam filtering, antivirus malware protection, network application scanning, penetration testing, tripwire, centralized account management Imperva.
• Wrote the business plan for Executive Management to launch a new mobile M Terminal tablet 1stPayPOS P2PE payment platform which included researching competitors, creating map of competitive advantages identifying barriers to entry.
• Lead technology efforts to design and integrate mobile P2PE payments platform. This included researching mobile swipe readers from ID TECH, MagTek, FutureX and others. Gateway integration, encryption at the swipe, key injection, audit considerations and HSM decryption were all part of the scope.
• Completed over 90 specific projects in the first 12 months of service all of which were within budget thresholds.
• Revamped every single security tool enterprise wide in the first 12 months and expanded security tool footprint by over 300 .
• Reduced enterprise risk profile measurement from Moderate-High Risk to Low Risk in first 12 months.

Confidential

Information Security Officer Consultant

• Initiated and led system-wide information security self-assessment to determine maturity level following Gartner research recommendations.
• Responsible for compliance and information security of National Critical Infrastructure applications such as Debit Gateway, Pay,Gov, various IRS applications, various ACH Funds Transfer applications and other Governmental payment applications.
• Assisted with security compliance design of integrated Social Security System fraud checks balance applications for the U.S. Government.
• Established and launched long-term strategy to increase Capability Maturity Model CMM level to meet industry standards, best practices, and corporate vision / objectives.
• Facilitated and supported federal government audits, Attorney General audits, Treasury and Financial Management Service Audits, PCI Level 1 audits, National Critical Infrastructure audits, Government Accountability Office audits, SA A Certification Accreditation audits, and internal audits.
• Cultivated excellent professional relationships with Federal Reserve and Department of the Treasury personnel to drive expansion and improvement of security model and ensured alignment with NIST, PCI, OWASP, ITIL, and ISO 27001 / 27002 industry standards.
• Managed team in developing technical requirements / design baselines, program execution plans, technical risk assessments, scope / configuration management, schedules, and budgets.

Confidential

Security Officer Consultant

• Consulted with diverse clients to devise, introduce, and deploy extensive Vulnerability Management Program meeting Payment Card Industry Data Security Standards PCI DSS . Leveraged expertise to architect proven strategies to improve security operations with an emphasis on surpassing PCI DSS benchmarks.Acted as central point-of-contact for quarterly scans, remediation efforts, project support, and systems analysis. Managed and coordinated support for annual PCI audits. Selected Accomplishments:
• Drove measurable improvements to vulnerability scanning and technical environment reporting.
• Conducted enterprise-wide vulnerability scans and oversaw remediation process through implementation of patches and correction of configuration issues across multiple platforms.
• Defined security baselines for individual system usage requirements and led development and documentation of corporate security standards.
• Instrumental in assisting global corporation to achieve compliance tohighly complex security standards, including PCI DSS, ITIL, and SOX.
• Benchmarked several Information Security programs against ISO 27002, HIPAA, PCI, Sarbanes-Oxley and NIST industry standards to determine and remediate gaps.

Confidential

Acting Chief Security Officer / Chief Compliance Officer

• Recruited to develop Information Security, Risk Management, and Corporate Compliance programs for PEMCO and subsidiaries.Partnered with executive management to lead strategic planning for innovative fully compliant security programs and policies. Managed team in all aspects of program / policy development, maintenance, training, and enforcement directed response to security and fraud investigations. Created audit plans and internal controls to meet SAS-70 Type II and PCI Level 1 Payment Gateway audit requirements. Worked closely with Visa MasterCard to adhere to various standards for custom Fraud Management systems along with PEMCO Technologies' Issuing Bank policies / procedures.Ensured robust application security across all environments, including credit card payment systems and mainframes.Prepared regular reports on Risk Management and Compliance Program.Selected Accomplishments:
• Instrumental in evaluating recommending various virtualization, cloud computing, secure data center and cutting edge technologies with quick ROI and low total cost of ownership.
• Championed transition from reactive to advanced proactive approach to Information Security program.
• Designed and launched world-class enterprise Vulnerability Management Program for PEMCO and PEMCO Mutual Insurance Company.
• Delivered 60 Information Security and Compliance projects on time and under budget under an aggressive one-year timeframe.
• Completely prepared infrastructure, compliance and security of PEMCO technologies for acquisition.
• Worked actively with the Executive Management team to meet with several prospective buyers ultimately sold PEMCO Technologies to Jack Henry Associates.