Information Security Officer with more than [Number] years in information security, compliance and risk management.
Risk mitigation and management
Mitigation plan development
Business process improvement
Project cost planning
01/2005 to Current
Information Security and Risk ManagementAllison Transmission, Inc. – Indianapolis, IN The IS&S Security Manager role is to provide vision and leadership for developing and supporting security initiatives, providing leadership, strategic, and management directions. This individual directs the planning and implementation of IT security defenses against breaches and vulnerability issues. This individual is also responsible for ensuring the auditing of internal IT controls, directing the administration of security policies, activities, and standards.
Enterprise-level responsibility for all data/information security policies, standards, evaluations, roles, and corporate awareness.
Responsible for the development and implementation of a security strategy designed to provide a high level of security over ATI Information Systems and Technology Resources while preserving and enhancing facility and system usability.
·Work closely with corporate leadership, audit, and legal counsel to understand corporate requirements related to security and regulatory compliance, and to map those requirements to current security projects.
·Develop, implement, and manage the overall enterprise process for security strategy and associated architecture and engineering standards.
Oversee the continuous monitoring and protection of Information Systems and Technology Resources. Evaluate suspected security breaches and recommend corrective actions.
·Serve as the enterprise focal point for security incident response planning and execution.
·Define and implement an ongoing ATI IS&S Risk Assessment program, which will define, identify, and classify critical assets, assess threats and vulnerabilities regarding those assets, and implement safeguard recommendations.
·Assist in the review of applications and/or technology resources during the development or acquisitions process to (a) assure compliance with corporate security policies and directions and (b) assist in the overall integration process regarding ATI's own technology environment.
·Oversee the development of, and be the enterprise champion of, a corporate security awareness and training program.
·Oversee enforcement of policies, procedures, and associated plans for system security administration and user system access based on industry-standard best practices.
·Develop, track, and control the IS&S Security operating and capital budgets.
·Ensure IS&S security policies and practices are in accordance with legal and regulatory controls.
·Promote and oversee strategic IT security relationships between internal and external resources including vendors, and partner organizations.
·Remain informed on trends and issues in the security industry, including current and emerging technologies and prices. Advise, counsel, and educate management teams on their relative importance and financial impact.
·Assess and communicate any IT security risks associated with new solutions or practices deployed by the company.
·Initiates, facilitates, and promotes activities to create information security awareness within the ATI Organization and provides training and oversight in accordance with established information security policies and procedures.
·Supports the ATI Security Manager to coordinate activities of and participates in ATI meetings related to information security.
Create and maintain the enterprise's security documents (policies, standards, baselines, guidelines and procedures.
Supervise the design and execution of ATI IS&S security audits. ·
Engage in ongoing communications with peers in the IS&S Organization and various business groups to ensure enterprise wide understanding of IT Security goals, to solicit feedback and to foster co-operation.
·Review existing documentation of IT controls, business processes, policies, procedures, and management reports for effectiveness and sustainability. ·
Conduct gap analysis via testing and recommend specific actions to fix gaps in processes and/or process management.
·Design IS&S Internal audit programs to ensure ongoing evaluation and validation of IT control effectiveness.
Manage remediation plans for any gaps reported in audits or recommended process improvements.
·Responsible for day-to-day operations of the Information Security and Identity Management Program
·Responsible for assisting with the development of IT policies, procedures and controls
·Responsible for Identity Management Environment and initiatives utilizing Courion Enterprise Identity Management Suite
·Provide technical expertise to IT Project Managers, and Application and Infrastructure Teams by participating in project initiatives assisting with IT security and Identity Management technical deliverables
·Review technical project deliverables as they affect IT Security or Identity Management architecture
·Assist with regular ongoing end user support, security and identity management administration
·Directly develop, coordinate and disseminate security and identity management training and awareness programs
·Manage Data Center Physical Access Security
·Responsible for the implementation and management of the ATI Enterprise Privileged Account Management (Password Vault) solution.
·Manage bi-annual Access Control and ITAR compliance attestations processes and procedures as well as execution of those processes and procedures
·Provide vendor oversight and leadership in an IT outsourced environment where outsourced resources perform various roles including security administration and consulting
·Manage IT Service Provider resources responsible for managing Identity Management Solutions
·Act as the IT Plant/Facilities Security Team Liaison
·Ensure compliance with all legal, regulatory, and corporate policy requirements
01/2001 to 03/2005
Global Operations ManagerRemy International – Anderson, IN Managed a $8MM IT Operations budget. Responsibiities included managing the IT Help Desk, Teir II Support, Windows Technical Support, Unix Technical Support, Database Administrators, and overall Data Center Operations.
Responsible for producing $1M annual savings through leading operational projects and contract negotiations with outsourced vendors. Managed Data Center outsourcing relationship.
Developed and implemented IT General Controls to ensure Sarbanes Oxley compliance for IT Operations. Including security and access control policies and procedures.
Developed and Implemented Global Change Control Processes to ensure delivery of 99.5% (SLA) System and Application availability and Sarbanes Oxley Compliance. Leader of Change Control Approval Board.
Developed and Implemented internal audits to ensure security, access, change management, and Sarbanes Oxley requirements were being met.
IT Lead for External Audits surrounding Information Technology and Finance. Responsible for corporatemanagement response and remediation when necessary.
01/1999 to 01/2001
Information Systems ManagerPowerTrain Division of Remy International – Franklin, IN Implemented and managed an Information Technology department responsible for supporting eight business locations throughout the United States and Canada.
Successfully managed $3M budget used to deploy resources and systems necessary to support the business organization.
Project lead for deployment of new network infrastructure and design including Microsoft Exchange, EDI, and QAD ERP application implementation.
01/1996 to 01/1999
Directory of Information TechnologyHamilton Displays – Indianapolis, IN Responsible for designing, implementing, and supporting the Information Technology infrastructure and systems for the organization.
Managed projects for ABS Accounting System, Microsoft Exchange, and corporate web strategy and deployment.
Provided support for network infrastructure, application servers, and desktop systems.
01/1993 to 01/1996
Technical Support ManagerAmerican Legion National Headquarters – Indianapolis, IN
01/1993 to 01/1994
Network SpecialistAmerican Legion National Headquarters – Indianapolis, IN Ameri
01/1990 to 01/1993
Systems Analyst/Planner SchedulerDepartment of Public Works – Indianapolis, IN
01/1990 to 12/1990
AnalystApplied Research International – Virginia Beach, VA
01/1986 to 01/1990
Electronics TechnicanUnited States Air Force
Bachelor of Science: Business Administration Indiana State Univerity - Terre Haute, IN
Bachelor of Science: Management Information Systems Indiana State University - Terre Haute, IN