chief information security officer ciso resume example with 20+ years of experience

Jessica Claire
Montgomery Street, San Francisco, CA 94105 609 Johnson Ave., 49204, Tulsa, OK
Home: (555) 432-1000 - Cell: - - : - -
Career Overview

More than 25 years' experience as an Information Technology (IT) professional with strong expertise in IT management, IT security management, and IT enterprise architecture. Demonstrated expertise in establishing and implementing large information security programs. Designed and implemented automated tool-based vulnerability management framework that continuously monitors and detects Cybersecurity threats and vulnerabilities. Performed evaluations and selections of IT security tools and successfully implemented IT security systems to protect the availability, integrity, and confidentiality of critical business information and information systems. Highly skilled, dedicated and enthusiastic team player with excellent leadership and communication skills.

  • Certified Information Systems Security Professional (CISSP) - 2002
  • Certified Information Security Manager (CISM) - 2005
  • Information Systems Security Management Professional (ISSMP) - 2005
  • Certified Federal Enterprise Architect - 2010
  • Governance, risk & compliance (GRC)
  • Project management
  • Information protection and analysis
  • Security information and event management (SIEM)
  • Risk assessment & compliance
  • Intrusion detection/prevention systems (IDS/IPS)
  • Application white listing
  • Data loss prevention (DLP)
  • Disaster recovery planning
  • Vulnerability management


  • Developed and implemented enterprise security strategy and framework that consists of strategically integrated elements of NIST risk management and Cybersecurity frameworks, SANS Critical Controls, ISO/IEC 27001/27002 and COBIT 5 for Information Security.

Strategy and Planning

  • Developed and communicated Acceptable Use policy, Mobile Device Management (MDM) and Bring Your Own Device (BYOD) policy, and many other security policies and standards to all users.
  • Established policies and procedures for system administrators to perform operating system and application patching.

Team Collaboration

  • Collaborated with large departments to establish enterprise security framework to accomplish common IT security objectives and leverage common tools to reduce costs.
  • Coordinated the activities of Information Security Officers to define and establish unified program-wide approach to address IT security issues and mitigate IT security risks.

Project Management

  • Managed the implementation of Enterprise IT Security Framework “Quick Wins” Road Map based on SANS Critical Controls “First Five” controls.
  • Managed IT Certification & Accreditation (C&A) program implementing automated tools to realize efficiencies and significant cost savings for C&A process, including developing IT security plans and processes.
  • Managed IT asset management and configuration management project implementing VmWare vCenter Configuration Manager (VCM) tool, defining enterprise IT inventory processes (using ITIL), automating system patching capability and significantly improving IT configuration management.
  • Managed Pooled Workstations project implementing a virtual pooled engineering workstation environment (blade workstations in the Engineering Data Center) that enables remote connectivity from standard computers to perform processor and graphic intensive engineering analysis (i.e., ProE, MathCad, MathLab…). Realized cost savings due to the reduction of high-performance engineering workstations from 500 to 200.
Work Experience
09/2012 to 01/2014
Chief Information Security Officer (CISO) Bechtel Las Vegas, NV,
  • Developed and implemented Enterprise Security Program that includes 22 departments and 22,000 employees.
  • Developed Executive Order 1-48, Information Technology Security, to provide consistent policies regarding information technology (IT) security and roles and responsibilities of personnel using and maintaining computer resources, electronic communications and Internet access in performance of job function.
  • Developed City of Houston administrative procedure for IT Security Program, to prescribe roles, responsibilities, and conditions that promote security throughout IT system life cycle and set ground rules under which City of Houston operates to safeguard information and information systems.
  • Developed administrative procedure for the Appropriate Use of Computing Devices and Other IT Resources to establish policy for appropriate and inappropriate use of computing devices (including employee owned devices) that connect to IT resources.
  • Developed IT security handbooks to provide detailed information and guidance regarding the processes to meet IT security program requirements.
  • Developed and implemented web-based Cybersecurity Awareness Training Program for all employees.
  • Developed and implemented automated tool-based vulnerability management framework.
  • Led effort to conduct IT security risk assessments and develop security plans for departments.
  • Led evaluation, selection and implementation of the following tools: governance, risk & compliance (GRC), security information and event management (SIEM), automated vulnerability management, automated penetration testing, application whitelisting, data loss prevention (DLP), intrusion detection system/intrusion prevention system (IDS/IPS), web filtering, malware defense systems for endpoints and network perimeter, and mobile device management.
11/1987 to 09/2012
Computer Security Officer / IT Manager Salinas Valley Memorial Healthcare System Salinas, CA,
  • Management of IT Program, including IT Security Program, for Engineering Directorate that includes 9 Divisions with 900 Civil Service employees and 2500 Contractor employees.
  • Established management control and communications processes to ensure IT Security Program is implemented consistent with current policies.
  • Managed and implemented Agency certification and accreditation process for all IT systems.
  • Ensured development and approval of IT security plans and procedures, continuity of operations plans and procedures, and information security baselines and controls.
  • Conducted IT security audits to ensure effective implementation of security controls.
  • Ensured development and implementation of risk analysis processes and procedures for IT systems.
  • Defined risk mitigation strategies and reported significant changes to senior management.
  • Promoted accountability of Division Chiefs in managing information security risks.
  • Ensured vulnerability and threat assessments were performed to evaluate the effectiveness of existing security controls.
  • Developed and implemented processes to enable detection, identification, and analysis of IT security threats and vulnerabilities.
  • Developed and implemented Information Security Training and Awareness Program.
  • Established and maintained effective Information Resource Management program, including the development of strategic IT plan.
  • Managed 10 million dollar IT budget that included commercial IT systems and services, IT security projects, and in-house IT systems.
  • Managed IT service functions, including end user services and devices (computer workstations and mobile computing devices).
  • Established management and communication processes to ensure effective IT program that enables the mission and fosters conflict resolution.
  • Managed and implemented IT requirements, standards, and business processes.
  • Managed Capital Planning and Investment Control (CPIC) Process
  • Analyzed Federal, Agency, and Center IT requirements to determine impacts and developed effective implementation strategies for compliance.
  • Developed service level agreements, including appropriate performance metrics.
04/2006 to 05/2008
Information Technology Security Manager NASA Constellation Program City, STATE,
  • Established and implemented IT security program ensuring the security of all programmatic information residing on systems that were distributed across ten NASA Centers. These systems were an integral part of five major projects: Crew Exploration Vehicle, Crew Launch Vehicle, Mission Ops, Ground Ops, and Lunar Robotics
  • Developed program IT security governance document that includes effective approach to internal and external integration and communication to accomplish IT security objectives.
  • Established and validated security requirements that include physical, command and control, communications and information security requirements.
  • Coordinated activities of Information Security Officers to define and establish unified program-wide approach to address IT security issues and mitigate IT security risks.
  • Established IT security planning processes, including continuity of operations and disaster recovery planning, risk analysis methodologies, and test methodologies for contingency plans and security controls.
  • Interfaced with senior management on policy interpretation and presented recommendations for approval. Coordinated with other Mission Directorates, Programs, and Projects to ensure consistent application and implementation of standards.
  • Established a management control and communications process to ensure IT Security Program was implemented consistent with the NASA Centers, the Exploration Systems Mission Directorate (ESMD), and the Agency security strategies and policies.
  • Provided leadership to IT security team and contractor community for resolution of IT security issues and implementation of process improvements from lessons learned.
Education and Training
Expected in to to
Master's Degree: Engineering Administration
George Washington University - Washington, DC
Expected in to to
BS: Mathematics/Physics
Morehouse College - Atlanta, GA

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

Your data is safe with us

Any information uploaded, such as a resume, or input by the user is owned solely by the user, not LiveCareer. For further information, please visit our Terms of Use.

Resume Overview

School Attended

  • George Washington University
  • Morehouse College

Job Titles Held:

  • Chief Information Security Officer (CISO)
  • Computer Security Officer / IT Manager
  • Information Technology Security Manager


  • Master's Degree
  • BS

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

*As seen in:As seen in: