Managing Director of Global Information Security, Global Information Security Division, 2007 - Present
" Responsible for formulation of IT protection strategy and leading change;
" Devising / executing strategies, managing programs, projects, budgets, and teams for Information Security; Data Protection; IT Risk Management; Compliance; Asset Protection and Facilities Security for corporate headquarters and multiple corporate subdivisions domestically and internationally;
" Administering and controlling $5+ million capital and expense budget;
" Overall Responsible for development of global strategic security and risk plans; identifying IT applications and supporting business initiatives with a major focus on business processes.
FANNIE MAE Corporation, Washington, D.C. (nations leading congressionally chartered secondary market mortgage buyer), 2006 2007
Senior Information Technology Security Risk Manager, Corporate Enterprise Risk Group
" Senior IT Security Assurance/Risk Manager, implementing and supporting Information Security Operational Risk and Compliance programs throughout the enterprise. Developing IT process documentation, and certifying processes for Operational Risk and Sarbanes-Oxley compliance. Change agent - facilitating and influencing the corporate compliance culture, and ensuring integration with overall corporate programs.
" Developed real-world, hands-on experience in secure software development through direct involvement in design of risk management document database and web testing methodologies.
" Provided Technical consult for Security/Compliance audits across multiple platforms, including: Unix command line sudo; Resource Access Management (RAM) framework; Analysis of application and transport layer protocols: LDAP, TACACS+, Syslog, TCP/UDP, SSL, IPSEC, SSH, BGP and EIGRP and other application layer protocols; BMC Remedy IT Service Management Suite (Change Mgt., Configuration Mgt. and SDLC); Web Application Resource protection for J2EE applications; Oracle Database 9i & 10g; Sybase; Checkpoint Firewalls via Checkpoint Provider-1 Console; ISS Real Secure IDS; MS Active Directory; BEA Weblogic; MS Active Directory; MS Windows server 2003; Mainframe Security ACF2; OS400; server consolidation via virtualization (VM).
" Provided review and consult to network teams on regulatory compliance of environment. Compliance reviews were of management of backend Internet traffic infrastructure (DNS (BIND v8.4.6, traffic load balancing (checkpoint Cluster XL), Proxy caching (Bluecoat SG).
" Applied expertise from multiple previous S-Ox engagements and security risk assessments.
" Provided pre-implementation risk review audit of virtualization via VMWare.
" Utilized multiple tools for completion of work including: Nessus, Bindview, MS Project Server 2003; BMC Remedy IT Service Management for change and configuration management; Access 2000 database, Oracle forms & Reports; Crystal Reports ver. 8; Archer Policy Compliance software; SQL via SQL plus.
CENDANT CORPORATION, Denver, CO (leading provider of travel and real estate worldwide) 2001-2006
Senior Manager, Information Security Compliance, Global Security Group 2003 - 2006
" Lead initiatives to ensure data protection and compliance needs are identified, documented and fulfilled for Fortune 500 Company with 87,000+ employees worldwide.
" Built business case, acquired budget and managed vendor relationships for Sarbanes-Oxley, Cybertrust, PCI and external customer driven audits.
" Provided Technical consult for Security/Compliance audits across multiple platforms, including: UNIX platforms (SUN/Solaris, HP-UX, IBM AIX); Unix command line sudo; Mainframe OSs z/OS (OS 390); CICS, VM, and VSE and Security via RACF and ACF2; Cisco & Nortel Routers and Switches and Cisco PIX firewalls; analysis application and transport layer protocols: LDAP, TACACS+, Syslog, TCP/UDP, SSL, IPSEC, SSH and other application layer protocols; Databases - Oracle Database 8i & 9i, Sybase, IDS and DB2; SAP R/3 Basis; Real Secure IDS; MS Active Directory; Application audits of PeopleSoft and Oracle HR; Oracle and SAP R/3 financials.
" Developed and managed Risk control framework, and insured regular operations compliance of supported business
" Managed multiple Payment Card Industry (PCI) reviews for external customer units.
" Coordinated SAS 70 Type II audit of data center.
" Utilized multiple tools for completion of work including: Nessus, Secheck, MS project 2002; Access 2000 database, oracle forms, CyberArk Digital Vaults, Symantec Policy compliance manager, Archer policy compliance software; IBM ClearQuest change management system; Deloitte Risk and Control Management System (RCTS); Network Monitoring via: IBM Tivoli Access Manager for Network monitoring, HP Openview network Node Manager; capacity planning and analysis via Concord trend analysis.
Senior Network Program Manager/Senior Network Engineer, Network Engineering group, Cendant Telecommunications Group, 2001 - 2003
" Responsible for integrating state-of-the-art Cisco technologies and equipment. Built network integration technical approaches, developed requirements and executed project plans.
" Conducted internal security/IT compliance audits, security assessments and initiated business continuity planning ($10 million cost avoidance).
" Managed Configuration, installation and maintenance of Cisco PIX Firewalls.
" Managed VPN migrations, migration of X.25 and MATIP to TCP/IP protocols, extranet switch/IOS upgrades and reconfiguration of data communications subsystems for VPN connectivity of customer premise equipment to Cisco VPN 3000 concentrators.
" Launched Project Management Office and completed all projects on time/within budget.
" Managed the designed, implementation, test and documentation of VoIP technical solutions based on customer's needs.
" Developed written Installation Process and Procedures for WAN and VoIP conversions.
" Coordinated configuration and testing of Session Initiation Protocol (SIP) based equipment from Polycom, Lucent, and Cisco equipment as well as Cisco VoIP Deployment/Support. Testing performed using Spirent Abacus 5000 and Empirix Hammer ST test sets.
" Coordinated installation, configuration, and maintenance of routers, switches concentrators, firewalls and dialback hubs from Cisco, Nortel and Juniper using RIP, OSPF, MPLS and BGP4 protocols.
" Managed customer site administration to include, but not be limited to, weekly/monthly reports, logs, service ordering and equipment delivery.
" Managed MS .Net E-Commerce implementation for network managed services.
UNITED STATES ARMY RESERVES, 96th REGIONAL SUPPORT COMMAND (96TH RSC), 1994-2005
Director, Logistics Information Systems / Supply Chain Management and Compliance
" Coordinated DoD Information Technology Security Certification and Accreditation Process (DITSCAP)
" Managed 8 direct reports and a team of 30, while determining budgets, timelines, and directed efforts of multiple data management and Information Systems personnel.
MCI / COMSYS INFORMATION TECHNOLOGY SERVICES, Denver, CO (leading IT staffing and solutions company), 2000 - 2001
Consultant, Network Analysis/Project Management, Global Network Development Group
" Selected to support sales/service desktop applications group during engagement with telecom giant.
" Responsible for troubleshooting networks for connectivity issues, and configuring
" Monitored T-1/T-3 lines, and worked with field Technicians to migrate upgrade and resolve site issues.
" Used Siebel to track 3rd party tickets for documentation and problem resolution.
" Provided technical review and training to remote users during implementation SAP's R/3 4.6b Basis and mySAP.com applications.
" Provided requirements for data warehouse buildout and reports extraction using Cognos BI software.
" Project-managed 5 successful market entries. Implemented various modules of JD Edwards Enterprise Software.
BELL & HOWELL, Schaumburg, IL (leader in production mail and document processing), 1999 - 2000
Senior Manager, Software Solutions Sales / Systems Analysis
" Planned, coordinated and oversaw implementation/maintenance of Electronic Billing and Presentment software solutions.
" Provided implementation support for TransFormer is a print-image and data manipulation tool.
Additional: ARSENAL TECHNOLOGIES, Senior Security Architect, 2006-2007; REGIS UNIVERSITY, Network Security / Database Administrator, 2002-2003; CALIFORNIA CASUALTY MANAGEMENT COMPANY, Business Systems Consultant, 1998 - 1999; NORWEST CORPORATION, Financial Analyst / Business Banking Representative, 1995 - 1997; NEW ENGLAND CORPORATION, Financial Services Consultant,1994 - 1995; UNITED STATES ARMY, Major, Directorate of Force Modernization, (Active) 1985 - 1994, (Reserves) 1994 - July 2005.
Organization Membership(s): Information Systems Audit and Control Association (ISCA); Institute of Internal Auditors (IIA); Institute of Management Accounts (IMA); Robert Morris Associates (RMA); Project Management Institute (PMI); Institute of Electrical and Electronics Engineers (IEEE); Information Systems Security Association (ISSA).