Knoxville, Tennessee, United States
Technology, security, risk management and privacy leader with compelling record of success in mid-size and large complex global organizations in the cloud, financial, and healthcare industries. Transformational leader in building relationships with business partners and striking balance between business needs and security requirements to maximize results, reduce risk, and resolve regulatory and compliance issues. Excellent interpersonal skills in communicating key information to customers, suppliers, and employees at all levels. Proven partner in effectively and efficiently developing innovative high quality solutions to resolve business issues and manage risk. When not working on security challenges, I love to focus on family, cooking and travel. Past speaking engagements: - Information Systems Audit and Control Association (ISACA) - Information Systems Security Association (ISSA) - DHS/SRI Infosec Technology Transition Council (ITTC) - Secure World - MyTechnologyLawyer Radio Show Articles: http://www.csoonline.com/article/3049374/security/survey-with-all-eyes-on-security-talent-shortage-sends-salaries-sky-high.html
Deliver the following advisory services for SaaS (Cloud), banking and healthcare clients: • Executive technology and security advisor for early-stage SaaS (Cloud) companies and non-profits. • CISO/CSO for companies requiring temporary or part-time security leadership. • Security and technical advisor to venture capital (VC) and value added reseller (VAR) firms. • Serve as information security subject matter expert for executive leadership. • Develop annual strategic plans and supporting project roadmaps. • Collaborate and coordinate with internal resources to execute the security plan. Perform assessments with clients in the following areas: • Information security strategy • Information security governance • Information security program development and management • Information security risk management
Responsibilities included: cloud security architecture; customer engagement; security operations and monitoring; incident management and response; application and product security; quality management; audit and compliance; vendor management; and managing a global team in US, Canada and India. • Implemented go-to-market security and compliance intake process via Salesforce which enabled dashboard measurement of SLAs and highlighted 60% reduction in turnaround time for customer/sales requests. • Integrated global information security functions of two acquired companies within 6 months to eliminate redundancies, streamline responsibilities and improve efficiencies in delivery of information security services without impacting both business and cloud customers. • Delivered web-based security awareness training to all global employees, leveraging Saba’s LMS and achieved 95% compliance within 30 days. • Revamped application security program by implementing static and dynamic application testing as part of SDLC, leveraging different third-party penetration testing partners and delivering developer training that helped improve overall quality of security testing efforts via reduced repeat vulnerabilities. • Built out new global security operations team (SOC) in Canada and India within 6 months, that is responsible for expanding and optimizing the vulnerability management program, automating application security scanning, tuning global SIEM to reduce false positives and producing regular security metrics reports highlighting effectiveness of Saba’s security programs. • Consolidated three separate SOC 2 audit engagements with different audit periods into a single audit engagement with no findings and achieved the publication of three separate audit reports within 30 days of the end of the audit period with no exceptions. • Revamped quality management program to comply with 21 CFR Part 11 requirements within 6 months resulting in 100% customer audit satisfaction.
Responsibilities included: leading global information security, governance, application security, risk management, and compliance teams; partnering with cloud operations, IT, product engineering, HR, and legal to influence decision-making, reduce risk, and effect change; and effecting governance with senior management, audit committee, and board. • Completed enterprise security risk assessment based on NIST cybersecurity framework within four weeks to help shape security strategy and roadmap. • Launched vulnerability management program that resulted in 60% reduction of vulnerabilities in less than three months. • Expanded coverage of SSAE 16/SOC 2 audit to include AICPA Trust Services confidentiality and availability principles to provide additional assurances to customers while adding only a trivial number of new controls.
Responsibilities included: leading global information security, application security, risk management, compliance, privacy, and internal audit teams; partnering with cloud operations, IT, product engineering, HR, and legal to influence decision-making, reduce risk and effect change; effecting governance with senior management, audit committee and board; managing call center fraud; and interface with global Fortune 500 enterprises before and after they become a client. • Reorganized separate teams under single organization to eliminate redundancies, streamline responsibilities and improve efficiencies in delivery of services. • Established dedicated budget and cost center for information security and justified augmentation of staff from 13 to 26 in 15 months, to address and effectively manage newly identified security risks. • Increased effectiveness of security governance through continuous communication and guidance via newly created cross functional security risk council. • Completed 92% more internal audits within 12 months of taking over function compared with audits in previous year with same number of headcount. • Developed application security dashboard that resulted in more senior management visibility and reduction of security related vulnerabilities, additional budget for third-party penetration tests, and stronger commitment to application security as part of SDLC.
Responsibilities included: leading Autonomy’s internal security program (physical, logical, and product); leading compliance program; interfacing with global enterprises before and after they become a customer; partnering with cloud operations, IT, networking, engineering, HR, and legal to influence decision-making, reducing risk and effecting change; reviewing RFPs; and negotiating customer agreements. • Rebuilt neglected security program in nine months and developed cohesive security strategy resulting in unqualified SAS 70 Type 2 audit opinion with no exceptions. • Improved identity access management system through several innovative recommendations achieving over 3,000 hours of productivity improvement in first year. • Streamlined customer assessment process improving efficiency of completion time by 33%. • Implemented vulnerability management solution which provided immediate visibility of security vulnerabilities and achieved corrective action for 100% of the identified external vulnerabilities within four months. • Refined and aligned security policies and standards with ISO 27001 and PCI to facilitate more efficient audits and ensure compliance with best practices.