| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidate Candidate's Name
CHIEF INFORMATION SECURITY OFFICER
Street Address Weldon Rd.
Plain City, Ohio Street Address
EMAIL AVAILABLE
PHONE NUMBER AVAILABLE
Professional Summary
Chief Information Security Officer with 19 years of experience in defining IT & Security strategies. Expert in developing and driving
compliance, cybersecurity programs, and implementing technology solutions to enhance efficiency. Proven track record in
aligning IT and cyber risk strategies with business objectives and leading industry-leading security frameworks.
Employment History
Mar 2019 PRESENT
Chief Information Security Officer (CISO), Reyncon Security Columbus, OH
Responsible for providing strategic and operational leadership for the company s security management of data, technology,
processes, and risks, coordinating alignment across the enterprise. Establishes and sustains an IT and cyber risk strategy fit with
business objectives, implementing frameworks that integrate governance and risk compliance controls, requirements, oversight,
and validation into Information Technology operations and underscores vigilance across multiple Customers. Identifies training
opportunities to align Reyncon with the future needs of the Cyber Security market. Oversee the development of IT and security
programs to align companies with industry leading frameworks and build roadmaps to help them achieve compliance. Develops
and supports methods, tools, and metrics for managing IT and cyber risk, ensuring effective and evolving technological defenses,
monitors, reporting, and operational processes, including anchoring incident management. Directs resources, internal staff, and
external/outsourced Partners, that support the components of the strategic IT and cyber security framework, ensuring sustained
capability, development, and performance. Experience with IT-related laws and compliance mandates (e.g., Sarbanes Oxley 404,
CSA CCM, NIST CSF & RMF, CIS, ISO 27001, PCI DSS, CCPA, PIPEDA, HIPAA, and Personal Information Privacy).
Nov 2018 Present
Vice President (VP), Ohio River Valley Chapter of the Cloud Security Alliance, OH, IN, KY
orv-csa.org. The Cloud Security Alliance (CSA) is the world s leading organization dedicated to defining and raising awareness of
best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry
practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research,
education, certification, events and products. CSA s activities, knowledge and extensive network benefit the entire community
impacted by cloud from providers and customers, to governments, entrepreneurs and the assurance industry and provide a
forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem.
Dec 2020 Jun 2022 (Contract)
Chief Information Security Officer (CISO), Tribute Technology Middleton, WI
Defines and executes a long-term IT & Security strategy and governance program. Develops policies and procedures to align
company with compliance requirements. Partners with business leaders to implement processes and systems that drive efficiency
improvement, increased automation, enhanced adoption of digital analytics tools to introduce efficiencies and robust analytics to
end-users and drive growth. Worked with PCI auditors and Privacy experts to ensure processes, procedures and technical
controls meet current compliance requirements. Creates a data architecture and integration strategy as well as implementing
technology solutions to support business needs and improve efficiency and effectiveness. Drives cybersecurity program that
includes, Security operations, Security Strategy, Disaster Recovery, Business continuity and Compliance. Assesses infrastructure
transformation needs for growth in partnership with CTO. Creates an IT & Security integration playbook for M&A actions in
addition to leading and integrating technology stacks and organizations for acquisitions. Responsibility for IT-related laws and
compliance mandates (e.g., CIS, CSA CCM, PCI DSS, CCPA, PIPEDA, and Personal Information Privacy).
May 2018 Feb 2019
Director, IT Security & Compliance (CISO), DSW INC Columbus, OH
Leads the Compliance, Risk, IAM and Security teams responsible for DSW Inc companies. Responsible to develop and drive an
integrated IT & Security strategy, combining industry leading physical and digital security practices, and associate knowledge
capabilities, with cyber security elements such as data security practices, monitoring, response activities and predictive modeling
across the DSW Inc. companies. Coordinated with internal and external auditors to ensure processes, procedures and technical
controls meet current governance risk and compliance requirements. Team responsible for self-assessment and artifact
collection. Designs and implements enterprise security frameworks to meet compliance requirements. Responsible for identifying,
evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns
with and supports the risk posture of the enterprise. Proactively works with business units to implement practices that meet
defined policies and standards for information security. Experience with IT-related laws and compliance mandates (e.g., CIS, CSA
CCM, Sarbanes Oxley 404, PCI DSS, HIPAA, and Personal Information Privacy).
Jan 2016 Apr 2018
Sr. Manager, Global Information Security (CISO), Cooper Tire & Rubber Company Findlay, OH
Manages global cyber security functions, responsible for establishing and maintaining a corporate-wide information security
management program to ensure that information assets are adequately protected. Responsible for identifying, evaluating, and
reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and
supports the risk posture of the enterprise. Coordinated with internal and external auditors to ensure processes and procedures
meet current governance risk and compliance requirements. Team responsible for self-assessment and artifact collection.
Designs and implements enterprise network security infrastructure including Firewall and IDS/IPS security and remote access
services. Proactively works with business units to implement practices that meet defined policies and standards for information
security. Process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business
partner, employee, and business information in compliance with the organization's information security policies. Responsibility for
IT-related laws and compliance mandates (e.g., Sarbanes Oxley 404, ISO 27001, SOC 2, CIS, GDPR, PCI DSS, HIPAA, and
Personal Information Privacy).
Nov 2012 Dec 2015
Manager, Global Information Security Operations, Scotts Miracle-Gro, Marysville, OH
Leverage s information security frameworks, practices, and principles in creating and implementing metrics to measure and drive
high performance, referencing such frameworks. Manages network security, web security, anti-virus/anti-malware, data loss
prevention, identity & access management, application security, threat and vulnerability management, security event monitoring,
and incident management. Responsible for both design and implementation of enterprise network infrastructure including
perimeter security and remote access services. Proficient in system analysis and integration for an enterprise network. Develops
use cases, evaluating alternative solutions, cost justification, recommended solutions, and comprehensive deployment plans.
Proficient in change, problem and incident management principles and procedures. Worked with internal and external auditors to
ensure technical controls meet current governance risk and compliance requirements. Team responsible for self-assessment and
artifact collection. Working knowledge of IT-related laws and compliance mandates. Solid analytical, problem solving and
conceptual skills to identify and deliver high performing solutions. Strong verbal and written communication skills, with an ability to
express complex technical concepts in understandable business terms. Proficient in project management principles, and ability to
deliver high-quality solutions on time and within budget with proper resources. Solid interpersonal skills with the ability to work on
cross-functional project teams and to foster team commitment to tasks as well as collaborate with Business partners. Experience
with IT-related laws and compliance mandates (e.g., ISO 27001, CIS, Sarbanes Oxley 404, PCI DSS, and Personal Information
Privacy).
Nov 2007 Nov 2012
IT Director, Vehicle Research and Test Center, U.S. DOT, East Liberty, OH
Plans, develops, implements, and maintains programs, policies, and procedures to support the IT infrastructure. Manages the
configuration, integration, and operation of software, hardware, and Local Area Networks; coordinates, plans, and delivers End-
User computer support services. Manages IT project activities and resources to achieve project objectives and milestones;
develops innovative solutions to resolve problems in existing systems. Responsible for the operation, analyses and support of data
and information systems; conducting file maintenance; data queries, analyses, and reports; feasibility studies; cost/benefit
analyses; planning; implementation; management of end user support; operation; and maintenance of systems and software. Plans
and conducts security accreditation reviews for installed systems or networks and recommends new or revised security measures
and countermeasures based on results of accreditation reviews. Coordinated with DOT and OIG auditors to ensure processes and
procedures meet current governance risk and compliance requirements. Team responsible for self-assessment and artifact
collection. Creates, updates, and tests organization s contingency and disaster recovery plans to respond to new security
requirements or changes in the IT architecture. Investigates and reports on all security and privacy incidents; ensures proper
computer forensics procedures are followed. Establishes risk-management procedures and ensures that risk-management
techniques are applied to all new and modified IT applications. Plans, coordinates, and delivers an IT security awareness-training
program for end users at all levels in the organization. Responsibility for IT-related laws and compliance mandates (e.g., NIST and
Personal Information Privacy). Clearance: High Risk, Sensitive.
May 2006 Oct 2007
Chief Information Security Officer (CISO), VA Medical Center, U.S. Department of Veteran Affairs, Indianapolis, IN
Served as the VA Medical Center Information Security Officer. Planed, developed, implemented, and maintained programs,
policies, and procedures to protect the availability, integrity and confidentiality of systems, networks, and data. Designed, acquired,
modified, evaluated, and used software intended to ensure that automated systems are secure from unauthorized use, viral
infection, and other problems that would compromise sensitivity, confidentiality, or privacy of data. Evaluates new security
authentication technologies: public key infrastructure certificates, secure cards, and biometrics. Planned and conducted security
accreditation reviews for installed systems or networks and recommends new or revised security measures and countermeasures
based on results of accreditation reviews. Created, updated, and tested organization s contingency and disaster recovery plans to
respond to new security requirements or changes in the IT architecture. Coordinated with VA and OIG auditors to ensure
processes and procedures meet current governance risk and compliance requirements. Team responsible for self-assessment
and artifact collection. Investigated and reported on all security, privacy, and HIPAA incidents; ensuring proper computer forensics
procedures are followed. Established risk-management procedures and ensures that risk-management techniques are applied to
all new and modified IT applications. Planed, coordinated, and delivered an IT security awareness-training program for end users
at all levels in the organization. Provided guidance on cyber security issues, ensuring compliance with federal information
security laws and regulations. Interpreted policies, standards, and guidelines and applied them to the operational environment.
Conducted analysis and recommended resolutions for complex issues affecting cyber security. Responsibility for IT-related laws
and compliance mandates (e.g., FISMA, NIST, HIPAA, and Personal Information Privacy). Clearance: High Risk, Sensitive.
Oct 2005 May 2006
Information Assurance Network Officer (IANO), Enlisted Record & Evaluation Center, U.S. Army, Indianapolis, IN
Information Assurance Network Officer (IANO) for the command-wide Army Information Assurance Program, U.S. Army Enlisted
Records and Evaluation Center. Duties included: implementation and monitoring of network security initiatives and requirements
(including policies, procedures, and systems security equipment); IA vulnerability management program (IAVMP) (analysis and
reporting, issue resolution. Administered IA programs (IAVMP, risk management, IA assessment, and compliance monitoring),
implemented and administered elements of the command network security. Reviewed policies, procedures and plans from
command and higher headquarters; provided guidance regarding policies and procedures; provided technical, analytical and
advisory functions pertinent to the development and review of local IT policies. Coordinated with Army and OIG auditors to ensure
processes and procedures meet current governance risk and compliance requirements. Team responsible for self-assessment
and artifact collection. Managed Department of Defense Information Technology Security Certification and Accreditation Program
(DITSCAP) for U.S. Army Enlisted Records and Evaluation Center. Provided short- and long-range planning (including strategic
planning), and associated processes; and conducts reviews (including data collection and reporting) of potential threats and
performs risk assessments of identified vulnerabilities to network resources and architectures. Installed, operated, monitored,
troubleshot, and modified the following security software: Virus Scanners, Vulnerability scanners and Web inspector.
Responsibility for IT-related laws and compliance mandates (e.g., FISMA, NIST and Personal Information Privacy). Clearance:
Secret
Jan 1981 Jun 2003
United States Air Force
EDUCATION
MAR 2014
MBA, Jones International University
Information Security Management - Cyber Security, GPA 4.0
JUN 2003
Bachelor s Degree, University of Maryland University College
Information Systems Management, GPA 3.7
SKILLS
CISSP - Certified Information System Security Professional PMP - Project Management Professional
CCSK+ - Certificate of Cloud Security Knowledge CCSK+ - CSA Certified Instructor
COTR - Contracting Officer Technical Representative CHSP - Certified HIPAA Security Professional
MCSE+S - Microsoft Certified System Engineer: SECURITY MCSE+M - Microsoft Certified System Engineer: MESSAGING
MCDBA - Microsoft Certified Database Administrator Comp TIA A+, Network+, Security+, ITF+
U.S. Army, Information Assurance Security Officer Department of Veterans Affairs Cyber Security Practitioner
|
