An information security professional with expertise in the identification of security needs based on business goals and
implementation of a security strategy to mitigate risk, and increase productivity while aligning information technology resources
to business objectives. Proven ability at developing a security strategy framework aligning to regulatory and audit requirements
while participating with and presenting to executives and key stakeholders. Demonstrated capacity to
implement innovative security programs that drive awareness, decrease exposure, and strengthen the organization. Knowledge
of IT service management processes and solutions delivery.
ENTERPRISE SECURITY ARCHITECT01/2010 to CurrentWausau Financial SystemsMosinee, WI
Established the comprehensive information security program (CISP) to mitigate risks in a manner that is tightly aligned to
business objectives while bringing the company in compliance with GLBA, HIPPA, PCI and FFIEC requirements.
Conducts security and compliance risk assessments and aligns necessary controls, policies and procedures to
cost-effectively protect information assets from intentional and unintentional modification, disclosure or destruction.
Leads and manages a team of Information Security Analysts.
Established an IT Governance, Risk & Compliance (GRC) system on a single, unified platform for compliance
management activities including risk management and security, IT governance and audit operations allowing the company
to gain visibility into the risk management and compliance efforts across the organization providing a risk-based
Participates on all internal audits and customer security compliance assessments, as well as FFIEC
Created and leads the WFS Security & Compliance Committee responsible for planning and implementing security and
compliance practices including audit remediation requirements to ensure the confidentiality, integrity and availability of
Established the Wausau Financial Systems (WFS) Business Continuity Program (BCP) ensuring participation from all
departments to complete Business Impact Assessments and Department Recovery Plans and coordinating BCP testing
schedules and companywide communication plans.
Leads the Information Security Awareness program providing training that changes behaviors and reduces risk while
ensuring compliance by using a framework based on the Critical Security Controls.
Performs internal information security risk assessments and serves as the incident response manager and liaison to the
internal auditor for information security processes.
Develops all corporate security policies and procedures, including those for end users, IT administration and legal
Interacts and presents to customers on RFP requests in winning new business and ongoing compliance requirements.
Performs enterprise vulnerability assessments including scanning and remediation planning.
Manages the Security Incident Event Management and Data Loss Prevention infrastructure.
01/2006 to 01/2010NETWORK SECURITY ADMINISTRATOR Wausau Financial SystemsMosinee, WI
Authored and implemented information security policies, procedures, standards and guidelines across all computing
Provided safeguards to internal information systems by identifying potential security threats and determined causes of
security violations and recommended corrective actions on time and on budget.
Designed and implemented a Secure FTP solution for corporate file transfer.
Established vulnerability management systems and remediation processes.
Created encryption policy and technical solutions to protect company mobile computing devices including laptops and
Assisted with managing all network hardware and equipment, including routers, switches and firewalls.
Designed security control solutions based on security GAP assessment remediation.
ADVISORY TECHNICAL SUPPORT SPECIALIST07/1998 to 01/2006Wausau Financial SystemsMosinee, WI
Developed designed and installed secure system solutions to meet the needs of many fortune organizations, including
Wells Fargo, New York Mellon, US Bank, Citigroup, JP Morgan Chase, and Wachovia.
As a senior level professional services consultant worked with project managers to implement premier payments systems
into complex customer environments.
Provided network and systems support for the Professional Services department.
Determined optimum network connectivity and configuration between systems and customer networks.
Researched and diagnosed problems related to hardware, operating systems and networks.
Attended in-office and on-site pre-installation meetings.
PC SPECIALIST10/1996 to 07/1998Graebel CompaniesWausau, WI
Education and Training
Associate of Science: CIS Programmer/Analyst1996North Central Technical CollegeWausau, WICIS Programmer/Analyst
International Information Systems Security Certification Consortium - (ISC2)
Information Systems Audit and Control Association - (ISACA)
Shared Assessments - Third Party Risk Assurance
FS-ISAC - Financial Services Information Sharing and Analysis Center
International Council of Electronic Commerce Consultants - (EC-Council)
Certified Information Security Professional (CISSP #94416)
Certified Information Security Manager (CISM #1218748)
Certified Information Systems Auditor (CISA #1080562)
HealthCare Information Security and Privacy Practitioner (HCISPP #94416)
Certified Third Party Risk Professional (CTPRP ID 06-2015-360)
Certified Ethical Hacker (CEH #ECC924575)