Qualifications for Chief Information Security Officer (CISO)

Security Management ￨ Trends Tracking ￨ Security Solutions ￨ Disaster Recovery ￨ SOX ￨ PCI ￨ HIPAA ￨ Audits

Project Management ￨ Short- / Long-Term Strategic Development ￨ Process Development ￨ Best Practices

IS Strategy / Roadmaps ￨ Risk Assessment / Management / Mitigation ￨ Process Optimization ￨ Investigations

Program Management ￨ Team Building ￨ Multimillion-Dollar Budgets ￨ Vendor Negotiations ￨ Client Relations

Highly Credentialed Executive who makes sound decisions to reflect positively on high-value Information Security operations to align with a company s vision, value, and goals. Top Performer who offers a record of business transformation via solutions-centric critical thinking for insightful, change-driven results. Visionary Professional who rises above IS challenges to achieve winning outcomes, including quickly adapting to evolving risk and threat scenarios, as well as independently resolving in-depth issues to boost success and promote services excellence. Proactive Communicator who develops synergistic relationships with cross-geographical decision-makers, local / remote teams, and vendors, and who leads by example and with integrity while delivering strategic, quantifiable risk reduction to optimize information protection efforts.

Career Highlights Include:

  Promoting advanced mobility, new technology, and logistical control initiatives.

  Structuring a top-performing team in fast-paced, deadline-driven IS environments.

  Optimizing crisis management and disaster recovery processes for seamless operations.

  Proactively monitoring compliance of IT systems per firm and industry security standards.

  Pioneering efforts to maximize security posture, business continuity, and user awareness.

  Developing and implementing core incident response and security processes and procedures.

  Continually mitigating risk by evaluating security trends and threats, risks, and vulnerabilities.

R1 RCM, Inc., Chicago, IL

(2015 Present)

Chief Security Officer ￨ Director of IT Security

Capitalize on the opportunity to lead forward-thinking Security Program operations, including managing IT security initiatives; coordinating and managing risk assessment processes, development, and implementation; and upholding comprehensive policies and procedural compliance. Ensure confidentiality, integrity, and access of electronic protected health information while monitoring program compliance and investigating and tracking incidents and breaches. Strategically steer oversight of security incidents involving Electronic Protected Health Information (ePHI), and ensure disaster recovery, business continuity, risk management, and access controls needs are addressed. Liaise among senior management, privacy officer, and corporate compliance officer to establish security program governance, and coordinate alignment between various security and privacy compliance programs (e.g. policies, practices, investigations). Develop and implement compliance monitoring of business associate agreements, and assist privacy officer with breach determination and notification processes per state and HIPAA rules. Collaborate with the U.S. Department of Health & Human Service s Office for Civil Rights, state regulators, legal entities, and organizations concerning officers in compliance reviews or investigations.

  Minimized risk via dynamic design of a critical and comprehensive IS program.

  Defined, developed, maintained, and implemented consistent policies and practices.

  Served as multi-department IS consultant for wide-ranging data security-related issues.

  Developed a synergistic cyber security culture, and drove beneficial behavioral changes.

  Established processes for investigating security incidents resulting from possible breaches.

  Evaluated security trends and threats, risks, and vulnerabilities and applied risk mitigation tools.

Yyyyyy x. yyyyyy, CISSP, GSEC, MSM, CRISC, CISM ￨ Page Two ￨ (xxx-xxx-xxxx

Whirlpool Global Headquarters, Benton Harbor, MI

(2013 2015)

Global Information Security Manager

Led targeted decision-making in the establishment, development, and oversight of an India-based global Information Security operations center. Trained, mentored, and managed a details-driven 6-member team of college graduates with <2 years experience. Directed comprehensive enterprise QRadar deployment equaling thousands of Windows servers, AIX servers, and Linux applications and servers, as well as hundreds of firewalls and devices. Coordinated and managed enterprise certificate renewal and verification processes and developed process flow and help desk workflows for malware response, vulnerability management, incident response, and security monitoring and response.

  Successfully managed global enterprise server certificate management systems.

  Ensured IS systems strict compliance with SOX, HIPAA, PCI, and other regulations.

Delta Dental of Michigan, Indiana & Ohio, Okemos, MI

(2008 2013)

Information Security Manager ￨ HIPAA Chief Security Officer ￨ DIACAP

Spearheaded information management initiatives for a multibillion-dollar healthcare corporation while serving as both HIPAA Chief Security Officer and DIACAP Information Assurance Officer. Cost-effectively managed $15 million in annual budget resources for complex Information Security efforts. Continually achieved ongoing certification of the Delta DENTAL FGP dental contract with Tricare Management, including initiating and maintaining NIST framework for Enterprise Security Program

  Expertly evaluated all new security technology, and conducted vulnerability assessments.

  Conceptualized an Information Security Center of Excellence for Renaissance Healthcare.

  Launched Information Security Office, including creating security architecture for IT platforms.

  Seamlessly maintained IS processes and security control standards for application development.

Perot Government Systems, City, State

(2007 2008)

DIACAP Engineer Contracted Position

Played a vital role in transitioning from DITSCAP to DIACAP for the United States Army TACOM, Warren, MI. Planned and coordinated Agent of the Certification Authority (ACA) for TACOM LCMC at the Detroit Arsenal.

  Successfully completed the U.S. Army s IASO Training for Senior Managers.

  Recognized as a Technical Expert and Group Leader for accreditation programs.

Master of Science in IT Project Management Colorado Technical University

Master of Science in Information Security Management Colorado Technical University

Bachelor of Science in Business University of Phoenix

GIAC Security Essentials Certification (GSEC #7136)

Certified Information Security Manager (CISM, #xxxxxx50)

Certified in Risk & Information Control (CRISC, #1106805)

Certified Information System Security Professional (CISSP, #112701)

Security Management ￨ Program Management

Bit9 Endpoint Protection ￨ Splunk Search & Reporting ￨ C&A Analyst

Symantec DLP ￨ Symantec End Point Security ￨ QRadar Operator ￨ Nexpose Vulnerability Scanning

Honorably Discharged United States Navy

Date

Company Name

Address

City/State/Zip Code

Dear__________________:

I am exploring a new career opportunity within a challenging [ Insert Job Title ] role, and I believe that I can make a positive contribution to your success.

As a highly credentialed IS executive, I can offer proven experience in High-Value IS Operations Management, Short- / Long-Term IS Strategy Development, Risk Mitigation / Management, Multi-Process Optimization, Project Management, Policy / Procedure Development, Program Development / Management, and Best Practices Methodologies. I am also highly skilled in Systems Compliance, Industry Security Standards, Trends Tracking, Multi-Team Building / Training, Multimillion-Dollar Budgeting, Contract Negotiations, and Client / Vendor Relations, and among other areas.

Currently, as the Chief Security Officer and Director of IT Security for R1 RCM, Inc., I successfully lead all facets of Security Program operations, including managing IT security initiatives; coordinating and managing risk assessment processes, development, and implementation; and upholding comprehensive policies and procedural compliance. Within this role, I collaborate with senior management to establish security program governance, and coordinate alignment between security and privacy compliance programs (e.g. policies, practices, investigations). I also develop and implement results-generating compliance monitoring of business associate agreements, and assist the company s privacy officer with breach determination and notification processes per state and HIPAA rules. Furthermore, I work with government and legal agencies to promote compliance; steer oversight of security incidents; and ensure seamless disaster recovery, business continuity, risk management, and access controls.

A sample of my accomplishments include:

  Serving as a multi-department IS consultant for diverse data security-related issues.

  Minimizing risk via dynamic design and development of a critical company IS program.

  Developing a synergistic cyber security culture, and driving beneficial behavioral changes.

  Establishing processes for investigating security incidents resulting from possible breaches.

  Evaluating security trends and threats, risks, and vulnerabilities and applying mitigation tools.

Please note that I attained an M.S. in IT Project Management and M.S. in IS Management from Colorado Technical University, as well as a B.S. in Business from the University of Phoenix. As aforementioned, I am highly credentialed and hold certifications in GIAC Security Essentials (GSEC), as an Information Security Manager (CISM), and in Risk & Information Control (CRISC), and as an Information System Security Professional (CISSP).

I am eager to discuss how my qualifications uniquely match your current and future needs, and look forward to interviewing with you soon.

Sincerely,

Yyyyyy x. yyyyyy, CISSP, GSEC, MSM, CRISC, CISM

Date

Company Name

Address

City/State/Zip Code

Dear__________________:

I would like to thank you for providing me with the opportunity to interview for the [ Insert Job Title ] position available within your company. Having gained a deeper insight into the job requirements, I am confident that you will find me to be an incredible asset toward achieving your goals.

As previously discussed, I am a highly accomplished and credentialed IS executive who offers proven experience in High-Value IS Operations Management, Short- / Long-Term IS Strategy Development, Risk Mitigation / Management, Multi-Process Optimization, Project Management, Policy / Procedure Development, Program Development / Management, and Best Practices Methodologies. I am also skilled in Systems Compliance, Industry Security Standards, Trends Tracking, Multi-Team Building / Training, Multimillion-Dollar Budgeting, Contract Negotiations, and Client / Vendor Relations, and among other areas.

Please recall that I attained an M.S. in IT Project Management and M.S. in IS Management from Colorado Technical University, as well as a B.S. in Business from the University of Phoenix. I hold certifications in GIAC Security Essentials (GSEC), as an Information Security Manager (CISM), and in Risk & Information Control (CRISC). I am also a Certified Information Systems Security Professional (CISSP).

Throughout my career, I have excelled in progressive global IS leadership, IT security operations, chief security officer, and engineering roles for high-profile R1 RCM, Inc., Whirlpool, Delta Dental, and Perot Government Systems where I demonstrated my myriad of talents toward minimizing risk via dynamically designed and developed IS programs, developing a synergistic cyber security culture, and serving as a multi-department IS consultant. I have also seamlessly established solutions-focused processes for investigating security incidents resulting from possible breaches, and aggressively evaluated security trends and threats, risks, and vulnerabilities while applying essential mitigation tools in an ever-evolving global IS environment. [ Suggestion! Address Here Any Relevant Skills / Qualifications / Achievements Discussed During Your Interview ] For the sum of these reasons, I am confident that I can attain success in a rewarding [ Insert Job Title ] role within your company.

I look forward to hearing a positive response from you, and thank you again for the personal interview.

Sincerely,

Yyyyyy x. yyyyyy, CISSP, GSEC, MSM, CRISC, CISM