- Featured in:
More Chief Information Security Officer Resumes
Use these Chief Information Security Officer samples as a guideline or visit our extensive library of customizable resume templates.
High Quality
The best examples from thousands of real-world resumes
Expert Approved
Handpicked by resume experts based on rigorous standards
Diverse Examples
Tailored for various backgrounds and experience levels
Additional Information Technology Resume Samples
Chief Information Security Officer Resume Samples
No results found
0-5 years of experience
Governed all county security policies, procedures, designs, networks, application deployments, and implementation of all facilities for [company name]. Established and implemented security program policies and standards for 40+ departments/agencies and over 900 locations. Collaborated with engineering and developers on security concerns for network and application projects. Presented Information Security topics for business-specific issues to senior leadership, department heads and the board of supervisors. Served as the County HIPAA Security Officer, establishing programs and evaluating compliance.
- Perform security audits and recommend/approve WAN/LAN architectural changes.
- Developed countywide WAN topology with firewalls and intrusion detection systems.
- Coordinated Business Impact Analysis, Disaster Recovery, and Business Continuity plans, programs, and testing.
- Investigated, gathered and documented inappropriate use and internal security incidents.
- Teamed with law enforcement in the investigation of network compromises that led to arrests and convictions.
0-5 years of experience
Overall responsibility for the IT strategy and performance improvement initiatives for an 8 branch / site locations for a Homecare and Hospice agency. Reduced IT costs by $1M while stabilizing application / network issues, securing mobile devices and implementing data back-up / recovery and disaster recovery plan.
- Developed an enterprise information security framework. Ensuring data integrity, confidentiality and availability of information as well as creating controls on how data is processed by the organization.
- Created a 1 to 2 year mobility and cloud migration roadmap ensuring collaboration an addressing short term business goals and long term total cost of ownership.
- Consolidated and re-designed Network and telecom for 8 locations in the Inland Counties
- Deployed a Mobility strategy that includes Windows Tablets, IOS and android devices. Increasing security through MDM solution and encompassing a BYOD policy
- Migrated to a Private Cloud EMR to address Disaster Recovery and back up compliance while increasing security and real time data reporting
- Successfully created a decision support team creating business intelligence reporting increasing productivity by 7% developing key performance indicators and increasing patient satisfaction by 2%.
0-5 years of experience
Led the building of new private cloud for a SaaS platform using the latest UCS and virtualization technology.
- Led automation of our systems to improve margins by 24% and reducing EBITA by 3 million on annual year over year for a 35 million dollar book of business. Produced 650,000 dollars of revenue towards the bottom line.
- Manage 5.8 million dollar annual budget.
- Led the redesign and outsourcing of our SaaS platform to leading edge open source standards
- Instituted a formal security program using HIGHTRUST as a framework to eliminate gaps in being compliant with HIPAA
- Drive innovation at all levels of the organization by delivering new technology.
0-5 years of experience
Provided day to day operations of enterprise security consulting, in the area of information asset management, risk and vulnerability management, audit and compliance, security awareness and training.
- Served as HIPAA Security Officer for (8) North Carolina Hybrid Agencies - interpreted regulations, wrote policies, developed and facilitated security training and managed compliance process.
- Developed training documentation for GLBA, SOX, AML and HIPAA compliance processes.
- Developed FISMA, ISO and NIST crosswalks and mapping.
- Provided guidance on developing, implementing and effectively managing security processes and programs (BCP, Incident Response Planning, Risk Management, Vulnerability Management, and Privacy)
- Led research and development of intrusion prevention models using a trusted framework and an anomaly approach.
0-5 years of experience
Overall responsibility for technology risk management, information protection, and security assurance of fourth largest Credit Union in US with assets over $6B
- Developed IT Security Governance structure to reduce risks in business processes, enhance information security, and comply with regulatory requirements
- Creation and deployment of Security Awareness Program, Computer Incident Response Team, and Disaster Recovery / Business Continuity Plans to safeguard the firm
- Developed methodologies to perform risk assessment, business impact analysis, and security assurance to improve systems and operational security
- Implemented aggressive anti-phishing program that resulted in average of 5 hours to take down fake websites and reduced number of occurrences from dozens per month to single digits
- Conducted Threat and Risk Assessments and IT Security reviews (30+) to assess business and technology risks within the current operating model
- Worked with business units to identify their perceived threats to the integrity, availability, and confidentiality of their information assets.
6-10 years of experience
Leverage proven expertise in IT Security, Networking and Networked Storage Technologies in delivery of comprehensive IT consulting services and solutions to diverse financial, healthcare, biotechnology, general business and government organizations. Provide additional leadership to client base in contract CIO, CTO and CISO roles. Serve as advisory member of Gerson Lehrman Group technology council and as an Executive Forum Member with Coleman Research Group.
- Conceptualized and implemented comprehensive International Banking system supporting 10 million customer account inquiries per day over off-site secured dial-up and kiosks; reduced costs 7.5X and increased number of simultaneous inquiries capacity by 1,000X.
- Bolstered major Credit Card Company's Data Center Security through in-depth analysis and implementation of PCI & ISO/IEC 17799 / 27000 Series Compliance; incorporated Business Continuity Plan and Disaster Recovery policies for heterogeneous Networked Storage Ecosystem.
- Ensured privacy standards were met according to compliance and regulatory guidelines for major Biotechnology Firm throughout 7-year human trials and test subject's electronic Private Healthcare Information (ePHI).
- Conceived and led development of secure Data Center for major Vision Health Information Exchange (HIE); reduced amount and cost of data loss and personal data risk notification by over 80% and reduced data center insurance premiums by improving backup/disaster recovery readiness by 10X.
- Facilitated the exchange of business and technology resources between the United States of America and China through active role in Silicon Valley Information Business Alliance (http://www.sviba.org/); co-founder and past Chairman of the Board.
0-5 years of experience
Directed risk, compliance and security operations for an enterprise in U.S.A, Chile, New Zealand, and Antarctica that ensured appropriate security controls were in place to achieve the business goals and objectives.
- Agent of change - turned around a failing department and a strained relationship with the client within one year.
- Aligned information security strategies, services, investment decisions and delivery structures and processes with the strategic direction of the United States Antarctic Program (USAP).
- Fostered a change in culture that embraced new and challenging security requirements by improving communication and education.
- Directed the strategic process that established a mature Risk Management Program that included NIST and HIPPA regulatory requirements.
- Managed strategic vendor relationships for government agencies SPAWAR, NASA, & National Science Foundation
- Directed Security requirements, testing, and validation for over 23 projects amassing $300MM.
- Implemented an automated process to manage change management for all security related infrastructure and architecture changes.
- Established metrics and analytic reporting including Monitoring, Incident Response, and Log Management.
0-5 years of experience
Security leader positioned to define company's security-focused transformation as an IT service provider aligning with business goals and compliance drivers while balancing demanding workload with shared resources. Subject matter expert outside of the security organization providing guidance in data center security and facilities, contract development and negotiations, compliance consulting and product innovation. Viewed as a visionary for company security strategy and practices to meet SOC2, HIPAA, and expand security services.
- Successfully remedied organization to begin SSAE 16 SOC2 test period in less than 6 months to transition from SOC1
- Implemented new security policy based on ISO 27002 framework adopted company-wide
- Led charge defining IT and business processes and service catalog streamlining inefficiencies in workflow and customer positioning
0-5 years of experience
Managed information technology operations and management services including delivery of communications, programming and computing services. Implemented security program for agency including awareness training program. CISO role included documenting information security functions to include alignment of functional needs with security policies and practices across operational divisions. Experienced in IPS/[company name]. Responsible for overall data security and compliance for 39,000 employee environment. Implemented security awareness seminar program, made presentations to Agency Divisions and external partners.
- Developed and staffed an information resources security program, including over 17 new security policies and an operational user guide for HR training of new employees for FERPA, HIPAA, CJIS, and TAC202 compliance.
- Designed a new computing infrastructure solution protecting network and data from exposure or unauthorized access.
- Conducted security awareness training seminars, initiated Divisional InfoSec programs for compliance.
0-5 years of experience
Hired to deliver be the first CISO for city and enhance the IT Support team with threat management
- Developed city wide protection model for IT working closely with federal and state agencies
- Developed and implemented incident response procedures and metrics
- Created IT Security and Overall Disaster Recovery and Business Continuity Model
0-5 years of experience
- Lead efforts to pass 3 CMS SCA FIPS 199 security assessments for the RAC-D and PERM programs.
- Created HDI’s first Systems Security Plan and Disaster Recovery Plan and collaborated with the executive team on the contingency and business continuity plan.
- Helped HDI pass 5 ISO 9001:2008 and 5 SAS70 type II (SOC 1) audits.
- Designed and lead deployment of HDI’s 3 Tier DMZ security architecture.
- Directed creation of IT policies, procedures, and best security controls and practices.
- Created HDI’s centralized Active Directory security model
0-5 years of experience
Provided management for all team leads for all IT related program and projects
- Managed, implemented maintained $2 million of lab training equipment
- Implemented new life cycle and maintenance plans for 80% of accredited computers, audio and video systems in 6 months in order to become compliant with DISA standards, and Department of Army mission capable requirements. Provided IA inspection for STIGs compliance to evaluate the existence and effectiveness of NIST 800-53 security controls
- Supervised, mentored, managed, and trained personnel to support efforts for Risk Management System (RMS)
0-5 years of experience
Restructured the data security function. Developed an information security framework strategy, policies and standards to centralize security functions for all major platforms across the enterprise. In addition, implemented an information security awareness program. Implemented host and network IDS, secure remote access solution and an internet monitoring solution. Staff size = 14 Security Professionals.
- As a member of the Environmental Control Board (change management), ensured that security and BC/DR were all considered and addressed in all new and changed systems and if not recorded and tracked in a risk register.
- Wrote the security policy and working with SME's developed accompanying security standards.
- Planned and implemented - PKI-individual digital certificates initiative for our trading system.
0-5 years of experience
Led the information security function with the primary goal of continually enhancing the organization's security posture. Manage network security and standards, install new hardware and applications, enforce licensing agreements, and develop a storage management program for data protection, recovery management, and monitoring ease.
- Established a cost-analysis performance process on all hardware and software acquisitions. Saved over $250K in six months by utilizing internal resources to conduct a task previously performed by contractors.
- Enhanced organization's hardware, software, and security level based on extensive assessment of IT operating environment; and provided new IT staff capabilities to perform effective patch management.
- Utilize the most advanced tools for improving security by tracking new developments in rapidly changing information security field and threat landscape.
- Develop, train, and mentor Data Base and System Administrators, Help Desk Support staff, and Developers by utilizing best practices to maximize individual strengths and equip them with the necessary skills to excel.
- Implement tools to aid in the analysis, discovery, and organizational control of user access and behavior across a complex network environment.
0-5 years of experience
Responsible for City-wide Information Security compliance. Tasked with the creation of an Information Security program and policies to insure security of City information assets, as well as constituent data housed on City systems. Responsible for all facets of Information Security. Act as primary interface with City agencies for Information Security awareness, education, and incident response. Provide primary support to Inspector General and outside law enforcement agencies in support of investigation and electronic discovery efforts.
- Established Information Security Group and staffed to meet the needs of the City.
- Continuing work to implement a security framework and security policies City-wide.
- Responsible for CJIS 5.0 procedure implementation for better sharing of sensitive information by collaborating with Police, CJIS and pertinent agencies.
- Implemented processes for handling investigation requests and subpoena response.
- Implemented multiple technologies to help insure the security of systems and data.
- Facilitated the design and implementation of a new network perimeter to replace aging technology and increase security and functionality at the same time.
6-10 years of experience
Led the definition, implementation and institutionalization of Walz information security program, which enabled and supported Walz 500+% revenue growth over 6 years by ensuring reliable, audit able and secure B2B operational transactions with the most regulated clients in the country, including Top 5 banks, Top 20 mortgage servicers, healthcare, and several premier auto finance companies, law firms and government agencies and financial institutions that are themselves audited by the OCC, DOJ, FDIC, OTS, GSEs and several other regulatory bodies.
- Led the vision, architecture, engineering, implementation, maintenance and support of Walz's production data centers, QA, development and corporate back office infrastructure and systems. Greatly reduced Data Center technology debt by designing, configuring and implementing FlexPod private cloud technology platforms while working closely with technology partners Cisco, NetApp, VMware and Cloupia, etc. Performed an enterprise Data Center application, database and systems migration to FlexPod which enabled and sustained Business Operations SLAs at greater than 99.998% throughout their multi-year high-growth cycles while reducing cabling complexity, improving virtualization efficiency, enabling virtualization security, greatly improving systems management efficiency and cutting data center footprint requirements by > 50% and meeting all compliance and audit requirements.
- Authored and developed the policies, procedures and training curriculum on Information Security and GLBA, HIPAA data privacy and data handling requirements. Developed the Technical Operations & Support division as business volumes increased and trained division management and staff on technical operations and support.
- Establish and test comprehensive business continuity and data recovery procedures and develop cost-effective IT budgets, recruit, train, supervise, evaluate and motivate personnel.
0-5 years of experience
A Fortune 1000 technology services/solutions company with 8K employees that offers a broad array of technical service solutions to federal, law enforcement, and military customers worldwide
- Directed a team of seven senior-level ISSOs responsible for all information and system security and privacy on a 160M contract supporting and collaborating with other system and specialty engineers within the Office of Technology Innovation and Acquisition (OTIA) and throughout Customs and Border Protection (CBP)
- Surpassed Continuous Diagnostic Monitoring (CDM) expectations through maintenance of high FISMA scorecard marks and associated remediation efforts as required by the DHS Performance Plan, resulting in a 50% increase in CDM score during the first six months of rollout
- Supported full lifecycle activities to include asset management, CM, contractual input, Exhibit 300 reports, Government Accountability Office (GAO) inquiries, Office of Inspector General (OIG) IT audits, Network/Security Operations Center (NOC/SOC) governance, RM, security awareness workshops, security-related product research, selection, and customization, source selection activities, Standard Operating Procedure (SOP) development, system disposition, and Technical Reference Model (TRM) inclusion for all systems
0-5 years of experience
Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the university.
- Work with internal divisions and technical groups in the development and implementation of security strategies that will be designed to provide a high level of security over physical facilities and data processing while preserving and enhancing facility and system usability.
- Establish and monitor formal certification programs regarding enterprise security standards relating to the planned acquisition and/or procurement of new applications or technologies.
- Detect, report, contain and mitigate incidents that impair adequate data and infrastructure security.
- Develop, maintain and oversee campus-wide IT security programs.
- Authored security polices, standards, and procedures to align with university business goals to include Remote Access, Incident Management, Email, and Vulnerability Management.
- Initiated the Security and Awareness Training program
- Implemented vulnerability management system using beyondtrust Retina
0-5 years of experience
Managed four senior technical managers and nine systems and network engineers. Responsibilities included interviewing, hiring & terminations and guiding the career development of direct reports and their reports. Also conducting performance evaluations of direct reports and providing executive input on salary levels training and compensation of technology staff
- Corporate responsibilities included managing the information security budget of $3.7M, selecting security technologies and services in support of the security program and allocating funds to adequately meet the company's security program objectives
- Provided leadership to the security team in conducting an extensive internal NIST 800-53 rev. 3 gap analysis, assessing several hundred discrete security controls across the company's global SaaS, cloud computing infrastructure to provide transparency and decision support in preparation for process reengineering, technology procurement and personnel acquisition
- Implemented a program and road-map to address the critical need to acquire the Federal Information Security Management Act (FISMA) Certification & Accreditation Moderate level pursuant to the compliance requirements of a US Govt. contract valued at over $100M.
- Led PCI-DSS 2.0 audit preparation activities and guided the CIO in implementing supporting technology and effective security control processes within the development and operation environments. This effort led to successful recertification of PCI-DSS 2.0 Tier 1, which is a mandatory requirement, for the company's Internet SaaS platform which processes over $1B customer transactions world-wide.
- Reengineered information security business processes globally including IS technology vendor & services procurement, DDOS response and mitigation, PCI-DSS, ISO 27002 and NIST/FISMA compliance programs. This resulted in greatly improving program efficiency, reflecting an immediate cost savings of $580K and projected future savings of $1.5M over three years
- Implemented a risk-based governance, risk and compliance information security management model by realigning each discrete security discipline such as incident management, threat & vulnerability management, monitoring, logging and analysis with internationally accepted best practices. This, in addition to implementing a reporting mechanism to give the rest of executive management timely visibility into the status of security controls and risks for enhanced business decision support
- Researched and provided a blueprint of complementing technologies, including, Security Information & Event Monitoring (SIEM), Information Security Management System (ISMS) and identity Management System to provide a real-time internal Security Operations Center (SOC) capability and customer facing Security Portal with feature sub-set functionality
- Conducted the global security awareness training for company officers, executives and managers and revised the awareness program to include an online Learning Management System delivery component for anywhere, anytime information security policy education and employee training verification
0-5 years of experience
Led the creation of an in-house developed, anti-fraud capability responsible for eliminating online business fraud from September 2010 until my departure
- Established an Access Management program creating 5 man years of productivity saves
- Established state of the art Threat and Vulnerability Management process
- Established Vendor Security processes using industry best practices, remediating regulator audit issues
- Established Software Security program that includes embedding controls into the SDLC saving costs and improving overall quality
- Established a risk assessment methodology simple enough for anyone in the company to use, with standard enterprise metrics allowing different risk types to be aggregated for total enterprise risk.
- Established a Data Loss Protection program spanning electronic and paper based data loss
- Successfully led the company through an end to end review of new security program with the FFIEC with zero findings
0-5 years of experience
Provide global information security leadership for a Fortune 100 company with locations in more than 150 countries, $12 billion in annual revenues and 20 million global clients. Collaborate with senior leaders in both IT and the Business throughout the organization to develop information security program including strategy, policy and priorities. Implemented and run program to identify, track and mitigate risk based on enterprise business plans and risk tolerance. Established multifunctional risk working group to support Aon's Cloud strategy and migrations. Ensure compliance with global, national, and local regulations. Manage vendor/supplier relationships for outsourced enterprise-level security services. Support Aon's business by working directly with clients during the pre/post-sale and audit stages.
- Drive enterprise compliance with HIPAA, SOX and PCI-DSS.
- Instituted a data loss prevention program that includes monitoring data in motion, encryption for mobile devices and governance processes.
- Developed and manage risk program for Aon's merger and acquisition activity.
- Manage security incidents and forensic activity.
- Developed and launched a cybersecurity program which also includes a vulnerability management and application security testing program.
- Play a lead security role in complex projects, including migration to a global active directory, migration to a global WAN, and large data center migrations.
- Manage security assessments and governance of third party providers.
- Achieved over $600,000 in annual savings through security architecture changes.
0-5 years of experience
Directly and indirectly managed information security professionals in various teams within a Corporate Information Security (CIS) organization. Line management responsibilities for the Cyber Analysis and Response Team (CART) and the Strategy, Policy, and Planning (SPP) Team. Provided mission, administrative guidance, and tasking. Supported plans for education, career development, mentoring, and team building.
- Ensured that the Office of the CISO was well organized and optimally functioning. Provided oversight and direction to the Security Engineering Team, the Test and Evaluation Team, the Strategy, Policy, and Plans Team, the Cyber Analysis and Response Team, and the Threat Monitoring Team within the Security Operations Center (SOC).
- Co-managed the department's budget, procurement, and training of information security staff members.
- Advised the CISO on technical topics and Battelle operations.
- Acted as a liaison with the Cyber Innovations Unit (CIU) and established collaboration channels to support troubleshooting, technical endeavors, and advanced cybersecurity business opportunities.
- Managed vendor and contractor relations, in alignment with CISO goals and priorities
- Maintained industry-facing awareness and managed a self-directed professional improvement program for staff (monitored progress for individually selected goals; assisted with goal selection to ensure they are appropriate and relevant, etc.)
- Assumed the CISO duties and responsibilities when the CISO was absent
- Reviewed and approved formal reports to be published by the information security organization
- Prepared and presented written and oral reports to CxO-level leadership, as required to support CISO endeavors
- Served as technical interaction point with external agencies such as law enforcement (e.g. FBI)
0-5 years of experience
Responsible for leading statewide Information Security efforts, setting IT Security strategy,
leading IT security governance program, and developing policies, standards, and procedures that
provide IT security controls.
- Chaired statewide governance committee for IT Security policy and strategy
- Lead statewide IT services risk assessment and oversight program
- Lead implementation of new program to minimize IT security risks related to PCI Data
- Lead deployment of vulnerability management and continuous monitoring programs
- Served on conference board for East Tennessee CyberSecurity Summit
0-5 years of experience
Provide vision and executive leadership for developing and implementing clinical and financial information technology initiatives. Lead IT strategic and operational planning to achieve goals by fostering innovation, prioritizing IT initiatives, and coordinating the evaluation, deployment, and management of current and future IT systems across the organization.
- IT Department head facilitating application development, clinical IT operations, organizational and control for HIPAA security implementation standards
- Executive project stakeholder for multiple clinical IT implementation across multiple corporate locations
- Collaboration with multiple acute health centers for the North Texas Health Information Exchange
- Committee chair for multiple executive, clinical, compliance, and financial boards
- Manage a $3.2M annual operational budget with $1.8M in vendor maintenance fees for the clinical, operations, and practice management system, and capital budgets of $2.7M
- Administer IT assets with an estimated value of $8.5M
10+ years of experience
Senior technology executive for emergency medicine practice management company whose 500 physicians treat 800,000 patients annually. Spearheaded technology initiatives which increased business value and propelled the company from startup, through high-growth, to eventual acquisition in 2014. Recruited and guided a team of talented IT professionals with expertise in IT Infrastructure, Application Development, Data Integration, and Customer Support.
- Business Process Automation & Optimization: Automated the complex, mission-critical processes used to run this business (physician recruiting, contracting, credentialing, enrollment, scheduling, and payroll); increased the speed, reliability, and control of these processes, while reducing their costs.
- Enterprise Applications: Selected and implemented Oracle's PeopleSoft Staffing, Finance, HRMS, and Portal solutions as company's principal technology platform.
- Cross-Functional Collaboration & Software Development: Led cross-functional teams which achieved productivity gains, reduced errors, and delivered a competitive advantage by enhancing & expanding PeopleSoft to satisfy unique business requirements and to industrialize core business processes.
- Customer Relationship Management (CRM): Developed an integrated CRM platform to provide a 360 degree view of customers & physicians and ensure employees always have up-to-date information.
- Customer-Focused Extranet: Architected physician and customer extranet to enable 24x7 self-service, facilitate bidirectional interaction, and deliver timely, relevant content. Consistently achieved 97+% satisfaction ratings from constituents while reducing the cost of servicing customer requests.
- Business Intelligence: Enhanced the visibility of key metrics and empowered managers to make intelligent, informed decisions by creating Microsoft SQL Server and PowerPivot based business intelligence applications, reports, forecasts, and dashboards.
- Technology Modernization: Virtualized the server environment (VMWare) and constructed a robust (99.99% availability) computing infrastructure based on Microsoft, Cisco, and NetApp technologies.
- Cloud Services: Reduced expenses by 20%, enhanced functionality, and improved user experience by migrating to cloud-based applications for Exchange, sales force automation, and physician scheduling.
- Information Assurance: Championed information security programs which fostered a culture of security. Enforced security and regulatory (HIPAA) compliance, conducted risk assessments and remediation, and developed disaster recovery plans.
- Leadership: A consistent, disciplined leader with a coaching management style who fosters trust and respect. Able to spark creativity, foster accountability, and maximize employee successes.
0-5 years of experience
Assisted with the management of the IS Security Department
- Assisted with the development and implementation of the information security program for UTPA
- Developed and maintained the disaster recovery plan
- Conducted risk assessments on proposed new information systems
- Assisted with internal and external audits and compliance reviews
- Marketed IT security to campus community
- Educated the campus community on IT security issues
- Provided support and consultation for clients across campus in IT security
- Participated in the Information Technology Planning Committee
0-5 years of experience
Responsible for the ongoing management of information security policies, procedures, and technical systems in order to maintain the confidentiality, integrity, and availability of all organizational healthcare information systems.
- Responsible for implementing, managing, and enforcing information security directives as mandated by HIPAA as well as SOX.
- Ensured the ongoing integration of information security with business strategies and requirements.
- Ensured that the access control, disaster recover, business continuity, incident response, and risk management needs of the organization were properly addressed.
- Led information security awareness and training initiatives to educate workforce about information risks.
- Performed ongoing information risk assessments and audits to ensure that information systems were adequately protected and met HIPAA certification requirements.
- Worked with vendors, outside consultants, and other third parties to improve information security within the organization.
- Led an incident response team to contain, investigate, and prevent future computer security breaches.
6-10 years of experience
Responsible for the management and direction of the Global Information Risk and Security activities for [company name]. Hired to build a global Information Security presence for a company where a fragmented, decentralized approach existed before.
- Developed and executes a global information security risk assessment for [company name].
- Developed and implemented an on-going global Information Security Awareness program.
- Coordinate security issues with all business units, including executive management. Formed the Global Technology Risk Management Council, consisting of members from the US, Europe, and Asia.
- Responsible for contact and support to US and international regulators and auditors including global IT Sox compliance and PCI programs.
- Leading the IT E-Discovery efforts, teaming with corporate legal to develop sound and compliant practices. Leads or coordinates forensic investigations as required.
- Active Security clearance
10+ years of experience
Validated network security requirements, local area network administrator.
- Company Security Officer for network.
- Intrusion with the emphasis in risk analysis and countermeasures.
- Managed Windows NT environment serving over 200 clients.
- Performed performance evaluations on 150 personnel
0-5 years of experience
Managed and controlled a $40 million annual IT operating budget
- Led a group of 30 professionals for the functional areas of: information security; IT governance; business continuity planning; vendor management and budget and control
- Worked with Munich Re to form a global information security framework and security
- Global responsibility to build and maintain a Business Continuity program: Risk Assessment; Business Impact Analysis; Alternative Strategies and the Master
- Responsible to QA the SAP for Insurance implementation
- Responsible to author and negotiate SLA's for a multi-million dollar IT mainframe operations outsource contract with IBM Global Services
0-5 years of experience
Supervised all administrative functions for a large Enterprise Cybersecurity Office including hiring, budget, annual appraisals/raises/bonuses, and employee disciplinary functions
- Oversaw the expansion of the Federal staff by 100% including the conversion of 30 contractor staff to FTE
- Oversaw the solicitation, and award of 2 large staff augmentation contracts for the office
- Led the effort to hold the Annual TSA Cybersecurity Summit, which brought in Transportation Security Stakeholders from across the US together for a 2 day information sharing conference
- Maintained a green rating on the Annual DHS Cybersecurity Scorecard
- Led an audit of several TSA sites located overseas
- Began a secure coding initiative agency wide which led to a large reduction in vulnerabilities in finished, production ready code
- Led the rollout of a nationwide Cybersecurity Awareness Training program including the development of a high quality animated awareness video
- Led the development of a Privileged Access Audit Program
0-5 years of experience
Establish an information security program by collaborating with executive management to developed security control system that met regulatory requirements for our banking partners. Responsible for significantly reducing information audit costs, through intelligent design, and adherence to leading frameworks and regulatory guidance. Developed and managed the incident response process for information security issues and breaches. Key security architecture developed through carefully crafted compliant policies and controls. Develop specialized training programs for educating employees in the importance of sound security & risk practices.
- Provided Board and Executive reporting on budget impacts on programs, forecasted long-term funding requirements while directing outside consultants, as appropriate, for independent attestation of security audits directed.
- Created, maintained, and executed corporate 'Business Continuity Plan' and associated annual testing as well as the security and awareness programs.
- Directed internal audits/reviews (SOX, GLBA, PCI, and FFIEC) while completing a SAS 70 II attestations that incorporated regulated requirements (SOX, FFIEC, and PCI-DSS), utilizing COBIT, without exceptions.
0-5 years of experience
Responsibilities include IT security, risk and compliance strategies, especially in the context of Bank Holding Company transformation efforts, Disaster Recovery and Enterprise Project Management.
- Developed strategic technology plan to meet Bank Holding Company regulatory requirements.
- Managed compliance and risk profile in support of FFIEC and GLBA requirements by implementing IT governance process to analyze, define, and implement technology policies.
- Leadership and oversight of information security, regulatory and risk management.
0-5 years of experience
Accountability for information security and technology risk management for the entire corporation.
- Creation of a corporate-wide information security program based on the ISO
- Responsible for security technology, policies, and architecture.
- Manage Payment Card Industry level one compliance and certification.
- Assure compliance with SOX, HIPPA, and government health mandates.
0-5 years of experience
Orchestrated development of IT security policy, strategy, and roadmap following joint venture. Launched multi-year security roadmap and controls.
- Led an award-winning infrastructure transformation/network consolidation project, securing $1.65M in annual savings for company (OPEX) and $1.2M in initial CAPEX. Consolidated 40 enterprise domains into single forest, decreasing serves by 27%, reducing help desk tickets by 50%, cutting support costs by 20%, boosting bandwidth by 300%, reducing domains by 95%, and reducing domain administrators by 85%.
- Deployed new federated organization (prior global reorganization efforts had failed).
- Improved staff retention by 25% via exceptional leadership and communication practices.
0-5 years of experience
Participation in a network security auditing project
- Helped to plan and perform network scans
- Proposed action plans to remediate vulnerabilities identified
- Followed corrections application
- Helped to prepare intrusion tests (methodology and planning)
- Contributed to project report writing
- Updated the network security policy
- Interacted with various contacts within brands
0-5 years of experience
- Developed an information security and IT compliance programs for health system consisting of 3 hospitals and 40 outpatient facilities
- Established an Information Security Steering Committee and served on IT strategic planning committee, corporate compliance committee, and enterprise risk committee
- Guided the development of a project management office and an ITIL based service desk to aid in better resource management and customer service
- Provide regular briefings on the state of security to the Board of Directors and senior leadership
- Developed a risk management framework use to prioritize IT risk mitigation and budgeting
- Oversaw implementation of governance, risk and compliance (GRC) management platform to monitor compliance with regulations and standards such as HIPAA/HITECH, PCI, FACTA, NIST, ITIL, COBIT
- Spearheaded identity and access management (IAM) program to streamline user account creation, termination and moves on systems throughout the enterprise
- Initiated deployment of network access control (NAC) solution to identify and authorize all devices that attach to enterprise and monitor for compliance
- Represented Lakeland on Michigan Healthcare Cybersecurity Council
0-5 years of experience
Head of technology reporting to the CEO of this privately held information company. [company name]'s primary business is measuring and consulting on Customer Satisfaction.
- Responsible for building/deploying [company name] software products utilized in over 11 countries.
- Implemented agile software development (Scrum) which resulted in dramatically improved productivity and company satisfaction.
- Established and managed offshore software development to supplement internal team.
- Established Quality Assurance processes and implemented automated testing.
- Responsible for 7x24 data center hosting solutions for worldwide customers.
- Achieved HIPAA, Safe Harbor and SSAE 16 certifications.
- Established Disaster Recovery site which had a data refresh of every 2 hours.
- Responsible for internal Information Technology including Phone Systems, MIS, Data Center and Desktops.
0-5 years of experience
Managed all Air Force Office of Special Investigations Security Programs and served as Air Force
Office of Special Investigations Command Information Systems Security Manager (ISSM).
- Wrote regulations and policies regarding security-clearance requirements for access to the Air Force
- Served as a Certified Computer Forensics Examiner, responding to Automated Information Systems
- Performed certification testing, managed Information Assurance and completed overall compliance
0-5 years of experience
Functioned as a strong technology leader and trusted advisor at the Navy Engineering Logistics Office, and advised senior leadership on enterprise (global presence) wide information security issues.
- Drove collaboration externally and internally with various departments, and provided expenditure and budget oversight with regards to Information Assurance and Cyber risk management requirements
- Performed a pivotal role in the technology risk management and performed security risk assessments, while handling information security incidents and providing information assurance awareness training
- Successfully managed the Command IA Program to include Cyber Network Defense, and protected guest systems, encompassing Navy/Marine Corps Intranet or NMCI, Joint Worldwide Intelligence Communications System or JWICS
- Safeguarded complex Service Oriented Architectures and Networks, through certifications and accreditations of all systems and appliances according to National Security Directives
- Remained compliant with the Federal Information Security Management Act (FISMA)
0-5 years of experience
A non-profit commercial health plan selling on and off the KY State-based Exchange
- Executive Consultant in establishing a start-up health plan for all technical, business and operational and data management and information systems security areas including member enrollment and eligibility, developing coverage, benefits and plan products including procedure and diagnosis codes, claims processing with rules definition, billing and premium, provider-physician and hospital contracting, credentialing, provider reimbursement methodologies, finance, revenue and payments, clinical care, medical management and authorizations and coverage guideline policies, broker/agent operations, EDI, IT Integration, IVR scripting, Microsoft SharePoint and C-Suite data management and reporting, and all Kentucky Dept of Insurance product and benefit filings including SERFF and HIOS.
- Chief Information Security Officer. Expert knowledge with HIPAA, HITECH, CMS, PII, ISO/IEC 27001 and NIST Security requirements. Author/Owner of the Security Plan, Business Continuity/Disaster Recovery Plan. Performed security and privacy training to corporate employees.
- Quality Management Officer for quality planning, quality assurance, quality control, and continuous quality improvement for all health plan operations. Established the QM structure including policies, procedures and processes, audit and monitoring reports, and corrective action plan structure based on the ISO 9001:2008 standards.
- ICD-10 and PPACA expert to ensure all enterprise and BPO systems are established with accurate code set mapping, revenue and reimbursement risk mitigation strategies are established, establish education program, documentation, data conversion and dual coding mapping strategy, and reporting needs.
- Strategist and implementation manager for KYHC to integrate and participate on Kentucky's Health Insurance Exchange/Marketplace.
- Develop the Enterprise Data Management Strategy. Business and Technology requirements identified in order to receive and send State-based Exchange/Marketplace and Federal data in order to do executive dashboard reporting, benefits and plan management, enrollment-claims-clinical health informatics and reporting, quality management reporting for performance and operational (e.g. NCQA, HEDIS, CAHPS, ISO 9001:2008, etc.).
- Partner with senior management and author of policies, procedures and processes for Technology and Operations PMO, EDI processes, and Web functionality, Provider, Clinical Care, Mental and Behavioral Health, and PBM Integration.
- Executive Account Owner for Business Process Outsourced Vendors and Strategic Partners (e.g. KY State-based Exchange, CGI, ProCare, MHNet/Coventry, Healthation/Aldera, NIC/KI, Altruista, Optum, AgentLink) to ensure all end-to-end requirements, configuration, security, risk management, data exchanges, interfaces, reporting, plan benefits and rates, clinical coverage guidelines, policies and procedures, and process workflows are established and implemented for Go-Live.
6-10 years of experience
- Integral member of the IT Leadership across multiple markets. Collaborated with the Board of Directors and C-level executives, among others to strengthen confidentiality, integrity, and availability of customer data, as well as performance of banking applications and systems through the implementation, management of key information security controls and process.
- Instituted cost-efficient solutions that optimized information security processes, controls, vendor management, customer compliance management, physical security, and risk management controls
- Defined security/risk management strategies, policies, and vision. Led all aspects of security and business resiliency initiatives.
- Focused on meeting current and future corporate objectives through development of on-target solutions. Stewarded budgets. Maximized available resources. Built high-performing, cross-functional team. Spearheaded planning to establish Corporate Protection Program, which involved development of policies, standards, practices, controls, and measures
0-5 years of experience
Responsible for establishing, implementing, monitoring, and enforcing information security standards and policies for company.
- Responsible for creation and maintenance of company-wide information security strategies
- Lead on-going security risk assessments and status reporting efforts for all company clients
- Advise and collaborate with Sybersense executives and staff for in support of customer-focused programs
- Provided guidance and recommendations to clients and company on prioritization of investments and projects that mitigate risks, strengthen defenses
- Act as the primary company control point during follow-up on significant information security incidents, oversee development of response plans, and provide timely update reporting.
- Advise the management team on risk issues that are related to information security and recommend actions in support of Sybersense's wider risk management programs.
- Well-versed in regulations and standards related to risk management and security, including Sarbanes-Oxley, HIPAA, ARRA/HITECH, NIST, DoD, ISO 27001 and 2, and the Payment Card Industry Data Security Standard.
- Ability to clearly communicate security and risk management concepts to non-technical audiences.
- Align practical risk mitigation with business objectives and foster a risk-conscious corporate culture.
0-5 years of experience
Construction and migration to new primary corporate data center
- Integration of ITIL support model and training
- Completed $30MM offshore project and contract in India
- Support of 3000 corporate servers & 120,000 desktops
- First Chief Information Security Officer in company history
- Turn-up and management of broadband facilities to 8,000 corporate offices
- Implementation of disaster recovery for online and e-file systems using SAN replication
- New product development of VoiceXML tax front-end
- 253 employees & $44MM operational budget
- Implementation and support for 14,000 retail locations
0-5 years of experience
Directing all information assurance activities for the Agency.
- Defining and executing Security Strategy and three-year plan aligned with agency and department strategic imperatives.
- Leading the Ongoing Authorization and Continuous Diagnostics and Mitigation implementations; efforts transforming FISMA into an effective and efficient security program.
- Serving as the Information Technology Risk Executive and Authorizing Official, setting a balanced approach to security compliance.
- Collaborating with fellow DHS and US Government CISOs to strengthen and mature the security posture of the federal government.
- Leading a large and diverse team in all aspects of information security, risk management, incident reporting and response, and awareness for approximately 36,000 employees and contractors.
- Advises agency leadership and management committees on security and regulatory compliance matters.
- Clearly communicates security and risk management concepts to non-technical audiences.
- Aligns practical risk mitigation with agency objectives and fosters a risk-conscious corporate culture.
- Holds a Top Secret/SCI security clearance.
0-5 years of experience
Perform social engineering testing
- Assist with organizational and regulatory compliance audits
- Conduct security awareness training for employees, including curriculum development
- Evaluate systems for security posture, including performing vulnerability assessments and penetration testing
- Perform physical site evaluations for 14 branches
- Advise senior level officers and management with information current security concerns and integration of new technologies and software
- Conduct vendor review and vendor management, including review of SSAE16 reports and writing responses
- Research and recommend security related products
- Policy and procedure development
0-5 years of experience
Providing guidance, direction and technical oversight to management on Information Security Events.
- Evaluate the effectiveness of the implementation and operation of information Security.
- Approve the technical aspects of all activities of information security defenses.
- Ensure Cyber Security program is coordinated with other site plans.
- Ensure appointment of Contingency Planning Coordinator.
- Approves cyber incident response.
- Responsible for analyzing audit findings and assisting operation resources in identifying corrective actions plans and ensuring effective resolution of issues.
- Responsible for reviewing data calls from external agencies before submittal.
- Responsible for developing the Cyber Security Plan.
- Responsible for integrating Continuous Monitoring with C&A efforts.
0-5 years of experience
- Construction and migration to new primary corporate data center
- Integration of ITIL support model and training
- Completed $30MM offshore project and contract in India
- Support of 3000 corporate servers & 120,000 desktops
- First Chief Information Security Officer in company history
- Turn-up and management of broadband facilities to 8,000 corporate offices
- Implementation of disaster recovery for online and e-file systems using SAN replication
- New product development of VoiceXML tax front-end
- 253 employees & $44MM operational budget
- Implementation and support for 14,000 retail locations
0-5 years of experience
Senior agency information security officer in charge of the [company name]'s (SSA) Information Security Program reporting to the Office of the CIO. SSA is one of the largest federal government programs in existence with an annual IT budget in excess of 1 billion dollars, over 1,300 field offices, and over 103,000 workstations. Nearly every American possesses a social security number and pays into the social security system with the social security number of an individual being one of the most important identity and privacy pieces of information to be protected. SSA also conducts Medicare/Medicaid functions and has IT systems processing medical data. The IT Security budget for the agency is approximately 70+ million annually.
- Principal manager responsible for the strategic vision of information security covering areas of privacy security, organizational COOP/DR, access control and oversight, network and systems security, and data governance.
- As the director of Office of IT Security Policy, responsibilities encompassed all organizational Information Security policies in accordance with FISMA. Directed comprehensive update of organizational security policies with input and buy-in from all component activities.
- Principal coordinator for all organizational information security issues as chairman of the SSA Security Coordination Board.
- Agency certification agent for all Certification and Accreditation packages under the FISMA C&A program. SSA's FISMA C&A program is one of the few programs in government receiving the grade of excellent. Principal FISMA coordinator and chairman of FISMA Functional Work Group.
- Voting member of the Architectural Review Board that provides oversight of all IT enterprise architecture. Successfully drove the deployment and acquisition of encryption software for coverage of all laptops within SSA.
Information Technology Cover Letter Examples
