Yyyyyy x. yyyyyy

Xxxxxx, XXXXXX xxxxxx ￨ (xxx-xxx-xxxx ￨ abc@xyz.com

Dynamic IS / Cybersecurity Expert who makes sound security-focused decisions to rexxxxxxect positively on multi-site operations initiatives in alignment with a company s vision, value, and goals. Integral Leader who offers a proven record of solutions-centric critical thinking for insightful, change-driven results and threat / risk mitigation. Visionary Professional who quickly resolves complex IT challenges and adapts to evolving scenarios to reach high productivity levels and ensure seamless business processes. Ambitious Self-Starter who offers a background in independently achieving winning outcomes due to superior attention-to-detail. Excellent Communicator who develops solid relationships with C-level decision-makers, board members, stakeholders, IT teams, end users, and clients.

Career Highlights Include:

  Negotiating >50% MSRP software solutions to lock in multi-year cost savings.

  Creating forward-thinking risk-based IS road maps for consumer presentation.

  Initiating innovative security architectures using fiscally responsible technologies.

  Establishing formal policies / procedure patch mandates and asset hardening guidelines.

  Leading an aggressive VM program for 100% asset discovery and vulnerability assessments.

  Implementing real-time integrated threat response solutions for rapid detection and response.

  Developing 100% on-time performance reviews and training plans aligned with fiscal year goals.

  Designing robust Data Loss Prevention programs using state-of-the-art technologies and training.

  Consistently producing accurate metrics-based security dashboards and SecOps review materials.

  Building highly qualified, top-notch InfoSec team members with 100% favorable 360-degree feedback.

  Initiating SAST / DAST policies / procedures in collaboration with DEV / QA integrated into formal SDLC.

  Streamlining legal declaration processes for satisfying investigative requirements with zero court losses.

Program Manager Information Security (Acting Director Since 2008)

Capitalize on the opportunity to author a 3-year Enterprise Security Road Map while introducing a new Enterprise Data Loss Prevention program transcending IT-boundaries and increasing exposure / awareness to business stakeholders. Develop sound business cases to support budget and resource requirements while managing a $500,000 budget. Lead multiple risk-based vulnerability assessments against network perimeter and web-facing applications inclusive of remediation planning. Extend monitoring and reporting of firewall and rule-base changes, monitoring and auditing of production UNIX and Oracle database administrator changes, and physical security monitoring (e.g. CCTV) capabilities and review. Coordinate data loss breach investigations with legal, HR, and internal audit teams for proper resolution.

  Coordinated and led high-risk forensic investigations.

  Introduced a new formal Vulnerability Management program.

  Consistently avoided disclosure of material or significant SOX Act IT findings.

  Authored and / or revised numerous policy decisions related policies / procedures.

  Collaborated with business teams toward 2 consecutive unqualified SAS 70 opinions.

  Enhanced monitoring of various critical Active Directory / Exchange change and security events.

  Coordinated Technical Surveillance Countermeasures (TSCM) bug sweep of a corporate facility.

  Chaired an IT Security Steering Committee of executive-level representatives from each functional area.

Information Technology Audit ￨ Compliance

Optimized risk reduction by promoting a risk-based approach to overhaul prior and current initiatives and eliminate nominal control-coverage testing procedures. Refined access management policies / procedures to quickly revoke terminated employee and contractor access. Planned and coordinated key SOX initiatives and compliance strategies.

Yyyyyy x. yyyyyy ￨ Page Two ￨ (xxx-xxx-xxxx

Information Technology Audit ￨ Compliance

  Achieved full reliance on a SOX testing work product for the first time in 3 years.

  Led IT team to adopt numerous testing approaches based on personally developed design.

  Consistently received highest Very Satisfied rating from IT teams per independent audit surveys.

  Evaluated current ITGC SOX Act compliance strategy within first 6 months and initiated significant enhancements to improve testing efficiency and control effectiveness, as well as reduce total testing effort.

  Improved reliance on financial-system processing integrity via data analysis techniques, including reducing testing efforts for a key application control from 4 hours / per resource to <2 hours of mine and DBA time.

Manager Technology Risk Services

Strategically steered team-led initiatives to conduct diverse security-related assessments for a prominent Xxxxxx financial institution, including AS/400 (midrange) logical security, program change control review, network architecture reviews, and multiple web-based application reviews. Developed, reviewed, and performed gap analysis while addressing and remedying IS policies / procedures per enterprise, regulatory, and / or leading practice compliance.

  Drove core project success by recruiting, mentoring, and managing junior Technology Risk team members.

  Served as Project Manager on multiple engagements for prominent Xxxxxx clients with $500+ million in revenues, including leading efforts to achieve Sarbanes-Oxley Act of 2002 compliance with respect to the documentation, testing, and remediation of both general computer controls and application-level controls.

Senior Information Systems Auditor

Consulted with CIO and Data Security Officer regarding IT risk areas. Led application reviews for a multitude of both clinical and non-clinical systems, including operating system (logical) security audits. Employed data analysis techniques to test and validate the adequacy of interface / transmission controls to recovery high-volume charges.

  Developed a new 3-year audit plan based on risk ranking after IT risk assessment.

  Successfully performed pre- and post-implementation reviews of PeopleSoft modules.

  Actively participated in the development of a resourceful Computer Incident Response Team.

  Served as an Information Security Council member tasked with designing valuable IS safeguards.

  Recovered $800,000 in gross charges after system implementation by software vendor and implementer.

Senior Consultant Technology Risk Consulting Andersen LLP, Orlando, XXXXXX 2001 2002

Operational Systems Risk Management PricewaterhouseCoopers LLP, Orlando, XXXXXX 1999 2001

Bachelor of Science in Business Administration (Decision & Information Sciences ￨ 3.7 GPA) University of Xxxxxx

Certified Information Systems Security Professional (CISSP) No. xxxxxx (Since 2003)

Certified Information Systems Auditor (CISA) No. 0227711 (Since 2002)

Certified Governance of Enterprise IT (CGEIT) No. xxxxxx490

Member, FBI / DHS InfraGard Program Tampa Chapter

Languages: C ￨ COBOL ￨ HTML ￨ SQL ￨ VBA

Networking: Networking (TCP/IP, LAN, WAN) ￨ WLAN 802.11

Internet: Security (Firewalls, Routers, Policies & Procedures)

Platforms / OS: AS/400 (OS/400) ￨ MVS (OS/390) ￨ UNIX (AIX, SUN, HP-UX) ￨ Microsoft Windows

Software: Symantec ￨ Vontu DLP Suite ￨ Endpoint ￨ Brightmail ￨ Rapid7 s Nexpose VM ￨ Websense

Quest (NetPro) AD and Exchange Auditing ￨ Courion Identity Management ￨ HP OpenView

Security Expressions ￨ ISS￨ ACL 9.0 ￨ Visio ￨ MS Office ￨ Oracle/PeopleSoft ￨ JD Edwards ￨ Lawson

Yyyyyy x. yyyyyy

Xxxxxx, XXXXXX xxxxxx ￨ (xxx-xxx-xxxx ￨ abc@xyz.com

Date

Hiring Agent Name

Company Name

Address

City/State/Zip Code

Dear__________________:

I am exploring a new career opportunity within a challenging [ Insert Job Title ] role, and I believe that I can make a positive contribution to your success.

To acquaint you with my background, I can offer proven experience in Information Security / Cybersecurity, Enterprise Security Road Maps, Data Loss Prevention, Cloud Security Incident Response, Risk / Threat Assessments, and Vulnerability / Threat Management. I am also well-versed in Multi-Project Management, Team Building / Training, Best Practice Methodologies, Audit Processes, Regulatory Compliance (i.e. SOX, ISO2700), Due Diligence, Cost-Reducing Initiatives, Negotiations, and Vendor Relations, among other areas.

As Program Manager of Information Security and Acting Director for TriNet (f/k/a Gevity), I successfully authored a 3-year Enterprise Security Road Map while introducing a new Enterprise Data Loss Prevention program transcending IT-boundaries and increasing exposure / awareness to business stakeholders.

Within this role, I develop sound business cases to support budget and resource requirements while managing a $500,000 budget, and lead multiple risk-based vulnerability assessments against network perimeter and web-facing applications inclusive of remediation planning. I also coordinate multi-party data loss breach investigations, and extend monitoring and reporting of firewall and rule-base changes, UNIX and Oracle database administrator changes, and physical security monitoring (e.g. CCTV) capabilities and review.

A sample of my accomplishments include:

  Introducing a new formal Vulnerability Management program.

  Consistently avoiding disclosure of material or significant SOX Act IT findings.

  Collaborating with business teams toward 2 consecutive unqualified SAS 70 opinions.

  Enhancing monitoring of various critical Active Directory / Exchange change and security events.

  Coordinating Technical Surveillance Countermeasures (TSCM) bug sweep of a corporate facility.

  Chairing an IT Security Steering Committee of executive-level representatives from each functional area.

To complement this experience, please note that I earned a Bachelor of Science in Business Administration (Decision & Information Sciences, 3.7 GPA) from the University of Xxxxxx. I am recognized as a CISSP and CISA, and hold certified credentials in Governance of Enterprise IT.

As this is just an example of my abilities, please refer to my enclosed resume for additional experience in IT audit, technology risk services, information systems, and consulting leadership roles.

I am eager to discuss how my qualifications uniquely match your current and future needs, and look forward to interviewing with you soon.

Sincerely,

Yyyyyy x. yyyyyy