• Dynamic Leader who offers a background in IT, InfoSec Management, Project Lifecycle Management, Team Building / Training, Business Process Optimization, and Business / IT Re-Engineering; contributes talent in Cost Reductions, Budget Control, Strategic Analysis / Planning, Risk Management, Time / Resource Management, and Executive Relations; and exhibits a proven ability to see the big picture at all times.
• Top Performer who boasts above-average career results, and can make decisions to reflect positively on operations in alignment with a company s vision, value, and goals to attain a significant competitive advantage with skills in Threat Intelligence & Analytics, Network Technology, and DR / BCP Governance.
• Excellent Communicator who builds and sustains synergistic relationships with C-level executives, business / operational staff, and regulatory agencies, and leads cross-functional technology teams by example and with integrity to fulfill mission-critical objectives while mitigating risk and optimizing compliance.
• Ambitious Self-Starter with SOX, GLBA, EU DPA, PCI, HIPAA, HITEC, and State Privacy Laws experience.

Chief Information Security Officer

  Capitalize on the opportunity to lead the corporate Information Security program, including establishing and maintaining the critical InfoSec program to ensure valuable information assets are adequately protected.

  Identify, evaluate, and report on InfoSec risks to meet compliance and regulatory requirements, and work with business units to initiate practices per defined policies / standards for InfoSec and risk management.

  Developed and implemented a comprehensive Information Security program in less than 7 months.

  Serve as process owner of ongoing activities related to availability, integrity, and confidentiality of customers, business partners, employees, and business information per internal InfoSec policies.

  Partner with executives to determine acceptable organizational risk levels and provide strategic security guidance, including evaluating and recommending procedural and technical controls.

Vice President Threat Intelligence & Analytics

  Strategically steered a top-performing Threat Analytics department with enterprise-wide responsibilities, including creating a program and continued strategy for on-boarding devices into a central SIEM for visibility, monitoring, escalation, remediation tracking, and big data analytics, as well as using correlation capabilities to identify associations between various disparate event sources allowing for enhanced anomaly detection.

  Handled penetration testing, ethical hacking, and application vulnerability assessments, as well as vulnerability management areas (e.g. patch management, server security compliance, database security compliance).

  Grew an on-boarding device program from monitoring 500 devices to 16,000+ in 2 years.

  Increased efficiency via automation of incident investigation logic to focus on true threats.

  Leveraged knowledge and insight of AOR to develop strategy proposals for future bank projects.

Senior Vice President ￨ Chief Information Security Officer (CISO)

Privacy Officer ￨ Enterprise Continuity Planning

  Utilized broad scope of industry knowledge toward directing a forward-thinking Information Security program, including establishing and maintaining the corporate InfoSec program; identifying, evaluating, and reporting risks to meet compliance and regulatory requirements; and providing governance for DR / BCP.

  Delivered governance for corporate Enterprise Continuity Planning (ECP) and DR initiatives.

  Honored as Information Security Executive of the Year (SE States Nominee) in 2008 and 2009.

  Consistently ensured alignment of corporate compliance for technical and operational processes with GLBA, HIPAA, and other federal regulatory requirements.

Yyyyyy x. yyyyyy ￨ Page Two ￨ (xxx-xxx-xxxx

Senior Vice President ￨ Chief Information Security Officer (CISO)

  Applied strong leadership talents toward defining strategy and vision for the continued development of InfoSec for the bank and its subsidiaries, including upholding security / risk posture by ensuring policy / standards development, security awareness, access control procedures, Incident Response, and risk mitigation.

  Contributed skill in managing system baseline security guidance, FFIEC / OTS and regulatory compliance, and staff development, and attained consistently superior results from external auditors per GLBA requirements.

  Led risk analysis, implementation design, and tuning strategy to develop a balance between business / customer impact and risk for FFIEC compliance for 2-factor access and data protection.

  Developed policies, standards, and procedures outlining a strategy to implement a corporate-wide Data Classification program, including partnering with business and IT department heads to perform data identification, classification, data ownership definitions, and risk assessments.

  Directed annual GLBA Security Risk Assessment of business processes, physical security, access control methodologies, and system availability architecture employed to access and protect customer information, and personally presented the resulting report to the Board of Directors.

  Co-chaired a monthly Privacy & Business Information Security (P/BISC) council attended by representatives from all areas of the business, as well as Information Technology associates.

Security Strategy Architect (2002 2006)

  Maximized operations performance by delivering a strategic vision for all security endeavors, including access control, system design, vulnerability assessment / remediation, incident response, forensics, and auditing, as well as developing policies and budgets and negotiating prices and building support models.

  Reviewed legislation for compliance with HIPAA, GLBA, and EU Data Protection Act, and addressed audits.

  Increased systems availability and reduced time / cost expenditures.

  Negotiated $20+ million in savings on enterprise-based security purchases.

  Improved team member capabilities by developing Security Awareness training.

  Mentored 60+ engineers and 4 managers on technologies, troubleshooting, and security.

  Developed an Information Systems Security Association (ISSA) chapter for the NW AR region.

Strategic Applications Manager Network Engineering (2000 2002)

  Drove network engineering success by directing a results-focused team of 15 staff in LAN and WAN design, implementation, and support for Home Offices; remote connectivity to vendors; and satellite connectivity to 3,500 stores and videoconference capabilities, including managing network device security.

  Cost-effectively managed a $15-million budget while coordinating all phases of project lifecycles.

  Led the team to achieve 99.998% systems availability.

  Developed customized training and career progression plans for team members.

  Captured $18+ million savings via smart contracts and service level agreement negotiations.

Manager File & Print Services (1999 2000)

  Recognized for job performance excellence with rapid selection to lead a team in building, implementing, maintaining, and monitoring all file storage and back-up methodologies for 3,500 stores, 135 remote sites, and 7 international Home Offices which was instrumental in achieving long-sought goals.

  Led the successful enterprise migration from Novell to Microsoft Active Directory.

  Increased availability and performance 45%, reversing a prior history of underperformance.

Master of Business Administration (Project Management) Aspen University

CISSP ￨ ISSAP ￨ CHSP