| 20,000+ Fresh Resumes Monthly | |
|
|
| | Click here or scroll down to respond to this candidatePat PostEMAIL AVAILABLE PHONE NUMBER AVAILABLEDirector of Information SecurityLS-ISAO, CISO, CISM, CEHAccomplished Director of Information Security with twenty-six years of progressive leadership and technical experience in worldwide organizations with offices located throughout the United States and internationally. I successfully established and administered global strategies and procedures for information security programs and functions. I have developed and implemented information security, cyber and incident response, and disaster recovery programs in accordance with organizational information security standards and best practices and adherence to various compliance and regulatory requirements Experienced in forecasting, directing, managing information security annual budgets and oversight and managing a staff of 12 security personnel.Disaster Recovery Managing and resolving information security incidents e-Discovery administration Client security posture questionnaires 3rd party annual assessment Hardening procedures Penetration testing File backup and restore Endpoint security Gap analysis Distributed computing Mainframe environment Physical security Systems analysis approach to information security Examining existing security postures to determine strategic initiatives that elevates information security programs to a level that is required to reflect industry best practices and adheres to regulatory controls.EXPERIENCERush Street Gaming, Chicago, Illinois 11/2023 04/2024 Manager Governance, Risk, and ComplianceAs an IT Security GRC Specialist responsible for developing and maintaining an effective information security GRC program. These responsibilities include developing and maintaining policies and standards; ensuring an effective vulnerability management program is in place, and ensuring a Third-Party Risk Management process is in place to manage relationships with security vendors. Also responsible for developing measurable metrics for executive reporting; Managed the security awareness program for all casino properties to ensure new and existing employees were informed on security best practices and relevant threats to the organization; keeping informed of new cyber security trends, technology, and cyber security regulations, to help develop and update security controls; conducting security risk assessments and compliance reviews.Coordinate the vulnerability management program to identify and prioritize cyber threats to the organization.Create and maintain a cybersecurity risk register to manage risks.Develop and maintain a security controls catalog and address gaps to continuously improve the security posture of the organization.Manage the security awareness and phishing programs for the enterprise.Establish a records retention schedule that is consistent across all properties.Establish a contract management process to ensure appropriate security language is included in third party agreements.Ensured the security program was aligned to the NIST CSF and met all SOX regulatory requirements,Implement a security exceptions process for deviations from approved policies and standards and vulnerability threats.Frost Bank, San Antonio, Texas 08/2019 08/2023 Manager Governance, Risk, and ComplianceAs an IT Security Manager - Governance, Risk, and Compliance, responsible for developing and maintaining an effective information security GRC program. These responsibilities include developing and maintaining policies and standards; establishing and maintaining IT Risk Management processes, metrics, and reporting processes to inform oversight committees and executive management; keeping informed of new cyber security trends, technology, and cyber security regulations, to help develop and update security controls; conducting security risk assessments and compliance reviews. Providing guidance and oversight to major project teams to manage risks and develop effective security controls. I am also responsible for leading and managing a team of security architects and analysts and partnering with Audit, IT, and business project teams to ensure compliance with security standards.Partner with various business units to manage risks.Build relationships with internal and external audit and banking regulators.Provide four security awareness training modules to ensure all bank employees are successfully trained in security awareness and planning long-term security awareness program direction.Coordinate and management of Information technology risk management committees.Assist other enterprise information security with managing and investigating incidents and investigations.Identified and tracked all security contractual obligations, resulting in detailed metrics reported and provided to bank leadership.Ensured the banks GRC efforts were managed to align with NIST 800-53 and aligned with SOX so that the bank was able to pass inspection with internal audit and external bank examiners.Managed and reduced the number of exceptions being reported and tracked.Capgemini, Chicago, Illinois 04/2018 08/2019 Senior Consultant, Information SecurityPositioned as the on-site CySIP Security Officer for a 2,000-person account team that provides information security services to one of the largest international retail food service providers. The position was responsible for responding to client deliverable needs in all aspects of information security, with a primary emphasis on security awareness and providing secure application development direction. Reviewed and selected application security testing tools for use on the global account.Developed secure coding guidelines.Tested and remediated the findings of various application security tests.Provided four security awareness training modules to ensure secure coding best practices were followed with an emphasis on adhering to OWASP top ten best practices. Also planned the long-term security awareness program direction.Coordinated the tracking of over 700 application assets into the CMDB.Assisted the client on several occasions in managing and investigation of incidents and investigations.Identified and tracked all security contractual obligations, resulting in a detailed metrics report that was provided to the client.Proven Method, Chicago, Illinois 01/2018 04/2018 Senior Consultant, Information SecurityPositioned as the security subject matter expert for a large Canadian based utility company. The position was responsible for responding to client deliverable needs in all aspects of information security and growing the security practice by providing NIST and Role Based Access Control (RBAC) assessment and strategy recommendations.Implemented a NIST assessment methodology utilizing the NIST Risk Management Framework that was successfully executed.Conducted gap assessments for client, particularly in the security policy areas. Created and restructured security policies and standards for the client.Conducted a RBAC assessment and delivered a transformation strategy for the client to adhere to best practices.Performed a GDPR readiness assessment for a large global electronics organization resulting in the identification of improvements needed to ensure compliance.ITPeopleNetwork, Aurora, Illinois 09/2017 01/2018 Managing Director, Information SecurityPositioned as the managing director of information security for ITPeopleNetwork (ITPN). The position was responsible for responding to client deliverable needs in all aspects of information security and growing the security practice by providing the right resources to our clients at the right price.Implemented a client security assessment methodology utilizing the NIST Risk Management Framework that I successfully executed at a large California based healthcare organization.Conducted gap assessments for clients, particularly in the security policy areas. Created and restructured security policies and standards for the client.Performed an NIST, PCI, HIPPA, and SOX controls Gap assessment for the healthcare client.fProvided and executed third-party security assessment process which allowed the client to identify risk and improve their overall security posture and adhering to the NIST framework. In addition, this assessment provided the client with a complete analysis of how they would be graded if they were audited against other security frameworks, including PCI, ISO27001, and HIPPA.Conducted a security assessment of the clients vulnerability management capability and identified major gaps and provided a roadmap for improvement.Provided a roadmap and recommendations for the client to implement a Governance, Risk, and Compliance tool.Matrix Consulting, Chicago, Illinois 06/2017 09/2017 Consultant, Information SecurityConsulted with clients to promote governance, risk, and compliance functions within the clients organization.Designed and implemented a security awareness program for an 18,000-seat environment.Integrated the security awareness on-line security awareness tool with the corporate learning management system.Reviewed, evaluated, and streamlined the internet gateway change request process to ensure accountability across all IT functional areas.Evaluated, revised, updated, and implemented privacy and acceptable use policies to reflect current state and best practices.Consulted with incident response and SOC efforts to ensure best practices were followed.Kirkland & Ellis LLP, Chicago, Illinois 11/2008 01/2017 Director, Information SecurityAs the firms Information Security Director, I was responsible for the direction of the firms internal information security program for eight years. I developed and executed an information security strategy that grew the firms information security program from 2 staff and 3 technologies to a staff of 12 supporting over 20 security technologies and processes. Performed as the thought leader and the decision maker for the firm and navigated dozens of client security posture questionnaires from healthcare, pharmaceutical, finance and technology sectors that provided requirements to appropriately build the program. Directed the research, selection, and implementation of a global security awareness program. Directed the implementation of a threat intelligence platform that integrated with the firms SIEM, IDS/IPS and other monitoring tools.Implemented a risk assessment methodology to ensure that all new technologies or process proposed to enter the firms global environment be adequately assessed for security vulnerabilities prior to approval and implementation, which ensured security controls and risks were identified. Maintained a risk registry of all risks identified as well as a process to fix or mitigate all risks.Directed the implementation of technical solutions to reduce malware infections which resulted in a substantial reduction of workstation and laptop rebuilds by 90%.Researched and implemented a security awareness tool that requires each member of the firm to be trained on an annual basis and resulted in a very noticeable level of security awareness.Created and maintained a 3-year Information Security strategy which resulted in the development and implementation of a secure global infrastructure designed to protect against all matters of threat to firm resources and data.Developed and executed an identity protection offering that protected key members of the firms identities on an ongoing basis which reduced malicious impacts of high-level targets at the firm.Positioned and directed the firms efforts to achieve ISO 27001 certification over an 18-month period which alleviated security concerns of the firm clients.Selected and directed the firms 3rd party annual assessment and remediation efforts which improved the overall security posture and met client requirements and regulatory requirements.Directed various departments in the response of client security questionnaires and negotiated technical mitigating steps to ensure client satisfaction. This included the negotiation of compensating or mitigating controls to ensure the security posture was acceptable for financial and healthcare sector clients requirements via PCI, HIPPA and other regulatory controls.Grew the team organizationally to adhere to best practices and ensured segregation of duties by successfully separating the operational duties of information security and organized that function appropriately.Directed the development and implementation of hardening procedures for the firms servers, network, workstation (desktops and laptops), and mobile devices resulting in an operationally secure configuration for personnel travel to high-risk locations.Support the internal practices for litigation hold, matter transfer and e-Discovery which streamlined process for collection of client matters reducing e-Discovery storage costs by 40%.Directed the selection and implementation of a threat intelligence platform that integrated with the firms incident response program.DOW CHEMICAL, Midland, Michigan 11/2002 11/2008 Senior Security Technologist / Security Subject Matter ExpertInformation Security: Responsible for providing technologies, projects, and services to defend the Dow Chemical Company (Dow) environment from cyber threats. Lead the global security implementation of two generations of workstations distributed to all employees in the Dow environment. Responsible for the risk assessment of all security components at the desktop platform. Primary person responsible for designing a secure eDiscovery collection process.Designed and implemented an e-Discovery program in support of litigation efforts for the Dow which ensured chain of custody and reduced costs.Conducted electronic investigations concerning fraud and legal issues which ensured Dow adhered to chain of custody requirements.Planned and executed vulnerability assessments to perform on critical business systems in Dow which identified vulnerabilities in critical systems and planned their remediation.Continually provided various levels of security expertise during the risk assessment process invoked at the project level which improved the security posture of critical systems in the environment.Ensured anti-virus technologies and ensured vender relations were effective throughout Dow.Coordinated the development and implementation of a team of individuals responsible for monitoring, assessing, and applying the various security and system patches throughout the Dow network infrastructure.ANDERSEN, Chicago, Illinois 07/1999 11/2002 Firm Wide Information Security, DirectorInformation Security: Responsible for providing technologies, projects, and services to defend the Andersen environment from threats. Developed tools and techniques for security assessment, penetration testing and compliance with standards in the Andersen environment. Served as the source of status and knowledge of the firm's internal exposure to risk and requisite disaster recovery plans, treating risk holistically.Developed and managed the evolution of the overall Security Architecture for implementation and compliance by teams globally.Developed Intrusion Detection, Anti-Virus, Encryption, VPN, Personal Firewall, Gateway firewalls and varying solutions for integration into the firm's environment and desktops.Managed the security policies, standards and guidelines related to technology risks. Provided a structured Risk Management approach for technology risks to Andersen. Provided technologies, projects, and services to defend the Andersen environment from threats.Provided investigatory and forensic services for internal investigations, as well as those involving other areas of the firm. Interfaced with external sources and law enforcement, as necessary.ANDERSEN CONSULTING, Chicago, Illinois 09/1994 07/1999 Operations Engineering Practice, ManagerTechnical security consultant responsible for assessing the security efforts for healthcare and carrier-based clients, making immediate improvements, and defining a long-term security strategy.Determining immediate action items, or quick fixes, that the client could implement to directly impact the current level of security. Identified 35 specific improvements.Delivering a presentation accompanied by security strategy white paper that identified the clients state of security and provided direction for short and long-term security strategies.Researching and selecting tools of security technology that would systematically enforce access control standards in the clients cross platform environment. Justified the tools expense through reduction of existing operating costs.Providing the client with security best practices in the form of policies, procedures, standards, and guidelines to position them to implement the correct technologies.Conducted security training for the client which significantly raised the overall level of security awareness.SPIEGEL, INC. Downers Grove, Illinois 09/1988 09/1994 Computer Security CoordinatorPrimary individual implemented and administrated various informational security programs throughout the mainframe, LAN, and workstation environments. Programs implemented included centralization and decentralization of security responsibilities throughout the corporation, implemented virus prevention controls throughout the corporate LAN environment and installation and maintenance of a corporate-wide workstation security package.ACADEMIC PROFILENorthern Michigan University, Marquette, MichiganBachelor of Science in Criminal Justice and Security Administration April 1988Keller Graduate School of Management, Chicago, IllinoisCurrently pursuing Master of Business Administration with an estimated completion date of Spring 2025Certifications: Certified Information Security Manager (CISM) credential in 2003 Certified Ethical Hacker (CEH) credential 2006,LS-ISAO Threat intelligence committee member 2015 presentCISO Coalition Governing Body, 2011 present |