Boston, Massachusetts, United States
I get the job done…often where others have attempted and faltered. I thrive on tackling Information Technology challenges perceived to be very complex, with high degrees of uncertainty. I attribute my successes not only to my personal technical aptitude and skill of taking very intricate business obstacles and making them both simple and repeatable, but to my ability to recruit, build and guide some of the smartest, hard-working, energetic and fun people I know. The work we have been able to accomplish is impressive to me for both its scale and speed. Others would say that in addition to being a solid leader who encourages and pushes people to grow and develop with high technical expertise, I am extremely service driven and derive great satisfaction in providing essential IT solutions for the business. Some of my key IT management strengths include: • Championing the development and implementation of enterprise, global Identity and Directory initiatives • Leading diverse, multicultural and geographically dispersed IT teams • Defining IT strategy and managing IT operations • Elevating Information Security, Quality Compliance, System Capability and Performance
Lead identification and resolution of information risk for national bank with 650+ branches and $60B in deposits. Create and implement policies and standards; complete incident and vulnerability reviews that elevate cybersecurity, compliance, Governance, Governance Risk Compliance, Identity and Access Management. • Developed and implemented GRC framework, tool, and processes. • Improved fulfillment of regulatory obligations—authored Information Risk Policy, Standards, Procedures and Guidelines that boosted areas, such as identity and access following intensive research into FFIEC guidance (e.g. IT Exam Handbook, Authentication in Internet Banking Environment (AIBE)), federal regulations (e.g., GLBA, SOX), state regulations concerning data privacy and industry standards (e.g. NIST, COBIT, ISO). • Supported Consumer Banking Business with isolation and implementation of controls required for compliancy with Gramm-Leach-Bliley Act (GLBA); remedies identified, executed, and successfully tested for compliance. • Spearheaded program of projects to address identity and access management concerns raised by the OCC in a Matter Requiring Attention (MRA). Scope included on-boarding, off-boarding, privileged access, access request/reviews/certifications, separation of duties (SoD), least privilege, etc • Completed control reviews and attestations of 200+ applications using SailPoint’s IdentityIQ solution; created complimentary risk-based processes and procedures related to Sarbanes-Oxley Act (SOX) compliance. • Investigated and oversaw the risk management of high-priority incidents that threatened business operations; • Built Active Directory tools to compile computer/user inventory and investigate access vulnerabilities. • Initiated Payment Card Industry-Data Security Standard (PCI-DSS) compliance project; identified needs and resources; authored and provided PCI-DSS awareness training.
Manage strategic identity and enterprise directories systems, process and procedure development to ensure FDA and SOX compliance across 30 corporates entities in support of 120K+ employees, 30K+ contractors and 50K physicians, R&D, and clinician partners. Lead 12 direct reports, 3 full-time contractors, offshore operations, and four program/project managers; administer a €4M+ contracting and maintenance budget. Collaborate across enterprise with executive stakeholders to ensure organizational alignment and meet business objectives. Ensure quality through testing, establish metrics and employ best practices and established methodologies. Identify and assess identity and directory innovations for corporate application viability. Develop content and materials used for end-user education. • Chaired governance board that identified business needs, researched best practices and crafted policies, SOPs, and services for consistent password management; secured endorsement of CTO; project is scheduled to rollout Q1 2014 and deliver €400K in annual savings. • Developed a three-year enterprise program to decrease run costs by €4M by fourth year and provide business value quickly and continually throughout the program life by focusing on many short-term, discrete projects built on common integration strategy. Validated system with electronic signature; developed baseline KPIs to ensure consistent and cost-effective program roll-out. • Delivered savings by decreasing Help Desk support calls and increased user satisfaction through implementation of Identity Federation, which was recognized by KuppingerCole as 2012’s European Identity Award, “Best Cloud Security Project”. • Presented “Service centric approach to Identity and Access” at SailPoint Meeting, Gartner Identity & Access Management Summit 2012, London, U.K., March 2012.
Led establishment and consolidation of a cohesive directory discipline strategy for organization, formerly managed by many groups within organization. Managed team of 12 in U.S., France, U.K., Germany, and Netherlands in expatriate role at corporate headquarters in Paris, France. • Championed development and implementation of standards, services, processes, architecture and governance through cross-cultural team leadership. • Built trust with business entities in environment accustomed to de-centralized IT support. • Elevated security and system performance; decreased query time by cleaning up obsolete account information. • Consolidated all compliance and directory services; increased system performance, allowed for 15 min. vs. several month timeframe for replication of data and enabled organization to reallocate resources. • Built rapid merger and acquisition service to enable company to quickly operate and collaborate with new companies. • Led effort to increase business collaboration and reduce costs by consolidating directory environments and support teams. Consolidated 10+ teams into 1 and streamlined directory environments from 30+ to 15.
Recruited to lead infrastructure monitoring, a global group of 11 employees and dedicated contractors charged with building architecture of global system for Aventis. • Established global integrated architecture with external systems monitoring within 7 months of commencing project; after several predecessors had attempted and failed to attain the objective. • Integrated two companies following acquisition. • Instituted a service-oriented process model to application teams that ensured a comprehensive understanding of processes and implementation. • Presented "Customizing Any Monitor without Touching the Code," at NetIQ Global User Conference, NetConnect, May 2005.
Developed network architecture and led security efforts for 6+ business entities, including Philip Morris’s and Kraft’s N.A. and International Divisions. Collaborated with architects and businesses to design plans, white papers, budgets and proposals. • Consolidated Internet access into one global service. • Provided single VPN service for all countries and associates. • Supported PMMC’s first Wide Area Network MPLS program.