Brian W. Email & Phone Number

Accountable for developing and executing the company's IT security strategy, working closely with senior leadership to oversee the security infrastructure and maintain a strong, proactive security posture.Building a cybersecurity team and implementing cyber tools to proactively address security threats to the organization. This includes defining processes.

Irving, TX, US

• At Builders FirstSource, a Fortune 200 company, my tenure as Chief Information Security Officer is marked by the development and execution of a robust cybersecurity strategy that fortifies our information assets.
• Overall Security Strategy: Developing & maintaining a comprehensive Cybersecurity strategy that aligns with the organization's business risks & objectives. This strategy encompasses initiative-taking measures to.
• Program Implementation: Leading the implementation of Cybersecurity programs & initiatives across the organization. This involved building a security team from the ground up.►
• Governance & Compliance: Ensuring compliance with all relevant Cybersecurity regulations & standards. Works with both internal & external auditors for compliance validation.►
• Incident Handling: Developing & maintaining an incident response plan to effectively respond to Cybersecurity incidents when they occur and react quickly.►
• Strategic Thinking: Balancing strategic thinking with tactical execution. Developing a long-term vision for Cybersecurity while also managing operations & addressing immediate security concerns.►

Dallas, Texas, US

• Serve as the Information Security Officer managing a team of security professionals responsible for ensuring our information assets and technologies are adequately protected. As a trusted business advisor with.
• Led the Information Security & IT Risk functions: Anticipated new threats & actively working to prevent them from occurring. This involves hiring solid security professionals & evaluating the existing security program.
• Chairs the Information Security Steering committee: embedding security with C-level executives. This involves communicating with C-level Executives & supplying them with security metrics, updating them on the threat.
• Developed & implemented information security policies, standards & procedures: This formed the foundation for a robust cybersecurity program.►
• Managed real-time intrusion detection, vulnerability reporting, & incident response.►
• Managed all 3rd party reviews & Security Assessments.►

London, GB

• Responsible for the successful integration & ongoing maintenance of the Managed Security Services, a $1.25B fully outsourced IT transformation project to IBM. Created & maintained the information security strategy for.
• Responsible for assessing technology that supports information security, including BCP/DR, Governance, Endpoint Security, Compliance & Risk.►
• Managed IT compliance, contractual obligations, & regulatory compliance.►
• Maintained Governance controls & processes delivered by all third-party suppliers in relation to the security of the company’s information assets.►
• Managed the Incident Response plan which involved monitoring & managing the timely, tactical & strategic responses to risks & comply with legally admissible chain-of-custody process.►
• Managed ISO27001 & coordinated the adoption across all regions.►

New York, US

• GroupM is the largest media buying and planning company in the world. ►
• Defined, created and maintained the information security strategy and policy framework for the world’s largest media company. This involves deployment of an Information Security Governance structure that is robust.
• Managed the coordination and preparation of the company’s compliance with SOX worldwide. This includes streamlining IT operations to comply with internal policies and financial reporting guidelines, performing.
• Manage and plan internal audits at local offices. This involves managing Regional Compliance Officers and leading cross-functional teams in performing reviews and tests of IT internal controls to ensure existing IT.
• Manage and coordinate the rollout of ISO27002. This entails creating policies and controls and verifying an effective ISMS has been deployed across local offices►
• Ensure that the organization has in place an effective Incident Response plan consisting of policies and procedures that has been tested and communicated to all relevant parties►

Toronto, ON, CA

• ►
• Evaluate and design system-based and manual controls around IT infrastructure and application business processes. Advise clients with the implementation of IT controls for compliance with SOX 404 requirements►
• Review information security controls to help provide effective, efficient, and secure access to information within these applications based on industry standards (e.g. COBIT, COSO, PCAOB)►
• Clearly communicate information security and technology issues to various levels of clients and internal staff, on both a formal and informal basis

Amsterdam, NL

• ►
• Established and maintain an information security department which involved determining resources and software to secure the network & the accessibility, integrity and availability of information assets►
• Created Policies and Standards for newly created Information Security department regarding application security, security administration, Internet access, external connections and firewalls►
• Developed & implemented programs to assess & manage risk relating to business interruptions, vulnerability management, technical security breaches, & emerging regulatory issues (e.g., Basle II, Sarbanes-Oxley)►
• Reviewed current anti-virus definitions and patches, privileged accounts and the approval of change control regarding firewall changes and external connections. Conducted risk reviews of firewall policy►
• Evaluated various Internet Proxies and manage the setup & maintenance of the internet filtering (Websense & SmartFilter)►

New York, NY, US

• ►
• Managed group of Security Administrators across Barclays Capital departments in New York and other global/regional offices and create policies & standards for the company►
• Facilitated the adding of new/existing application systems onto an audit tracking program to monitor activity►
• Conducted annual reviews of all applications and procedures to assure the ongoing technical and administrative maintenance and operation of security administrative systems►
• Conducted Information Risk Management (IRM) audits on applications to detect possible weaknesses in application security and poor security administration►
• Identify and propose solutions to technically based IRM issues and concerns

Wayne, Pennsylvania, US

• ►
• Maintained data and security policies to meet the accounting, regulatory & risk management objectives of the firm. Managed Security Administration group to assure that segregation of duties functions were followed and.
• Handled the migration, verification and certification of data from a non-Y2K compliant system to a new Oracle based platform using various audit reports►
• Interfaced with internal business units to record & report bond insurance premiums, exposure and transaction information to produce accurate and timely information►
• Coordinated with clients, rating agencies, bond re-insurers and financial institutions to assure the flow of information to and from the company

New York, NY, US

• ►
• Managed Oracle database in five international/domestic locations for the industry leader in Crude, Petrochemicals, Metals and Electricity pricing services with an emphasis on Quality Assurance►
• Designed specs and managed programmers in the development of internal programs used to assure accuracy and timely data transmissions►
• Analyzed business process and made recommendations which entailed developing and documenting workflow in order to optimize processes within the company►
• Conducted security reviews to verify audit trails existed for database to prevent inadvertent modifications►
• Maintained information on Corporate and Municipal bonds to assure accuracy of data and provide tracking►