Senior Information Security and IT Risk Management leader with several years of experience in both consulting and private industry. I always work to ensure Information Security and IT Risk become value propositions for the business. Building successful relationships with the business is a critical success factor. I enjoy managing and mentoring staff and have been very successful in building highly effective teams. Areas of Expertise are the management and implementation of Information Security, IT Risk, Security Consulting, Security Architecture, Security Infrastructure, Database Administration, Electronic Messaging, and Networking. Background includes the building and management of security organizations and programs and the creation of extensive security policies and standards for major corporations. Extensive experience in security technology including firewall rule management, vulnerability assessment tools and processes, Intrusion Detection, Log Management, AntiVirus and Malware Detection, Desktop Encryption, Cloud Security Architecture, Role Based Access Management and Enforcement, Vendor Risk Management, Data Privacy, Remote Access and Mobile Device Security and controls. Have managed and participated in numerous external, internal and regulatory security audits and assessments, numerous risk assessments, managed regulatory compliance (PCI, CA Privacy- SB 1386, HIPAA, Sarbanes-Oxley), Access Management Program and Technology Implementation, designed Information Security organizations, developed new security consulting organizations, and made security presentations to industry organizations and conferences including CISO Council, MISTI, ISSA, ISACA, HTCIA, NCMA, BCBS and IIA. Worked with numerous companies in the Financial, Insurance, Healthcare, Advertising, Technology Manufacturing, and Retail industries on their Information Security and Risk programs.
Specialties: Managing Corporate Information Security Programs. Unique knowledge of numerous aspects of IT organizations, capabilities and business interaction. Worked Closely to ensure business alignment and support. Ensuring staff are well focused, given necessary tools and education and provided opportunity to excel in their positions. Managed and implemented GRC Programs, Access Management, Vulnerability Assessment, Disk Encryption, Intrusion Detection, Password Sync. and Data Protection technologies.
Edit your Comment