Dynamic and energetic hands on leader with a proven ability to direct quality programs, and deliver enterprise projects. Able to train, lead, and motivate effective cross-functional teams. Exceptional presentation and communication skills. A strategic planner adept at getting in the dirt, assessing the technology needs of the business and developing workable roadmaps for delivering creative solutions. Proven track record of positioning IT and Security as a business partner whose seat at the table is essential to driving winning objectives. Recognized as an organizational thought leader and subject matter expert. Demonstrated history of continuous improvement across the people, process, technology triad. An established proficiency in IT governance, policy creation, and standards implementation.
Having been the leading IT Security SME in the organization, I was tasked with creating its first IT Security Department and Program, and placed at its head. The primary duties of this role were as follows:
• Advise senior management on cost/benefit analysis of information security programs, policies, processes, systems, and elements
• Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel
• Manage departmental, interdepartmental, and enterprise projects through full life-cycle
• Communicate the value and promote the visibility of IT security throughout all levels of the organization
• Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance with regulatory bodies including: PCI-DSS, GLBA, FTC, and CFPB
• Lead and align IT priorities with the security strategy
• Monitor and evaluate the effectiveness of the enterprise’s security safeguards to ensure they provide the intended level of protection
• Author, implement and oversee IT and IT Security standards, guidelines, policies, processes, and best practices.
• Oversee the information security training and awareness program
• Track audit findings and recommendations to ensure appropriate mitigation actions are taken
• Establish, implement, and manage an effective cross-functional incident response team (IRT)
• Establish and maintain a secure SDLC practice in collaboration with in-house development
• Implement a standards-based (ITIL and COBIT) approach to IT service management