Formalize, manage and grow information security and IT controls best practices across the enterprise.Key Responsibilities:Manage a team of six technical staff responsible for information security and compliance, networks, systems operations and IT service management (ITSM).

Ensured the protection of customer and company information as Manager of a team responsible for developing and implementing programs, audits, and processes to maintain information security.Key Responsibilities: Managed and mentored a team of Senior Information Security and Compliance Analysts responsible for the following three programs:Risk Management:Included identification, ranking, prioritization and coordination of mitigation of cybersecurity risk to digital data across Alaska's enterprise.Third Party Risk Assessment:Included evaluation of third party controls to determine the cybersecurity risk level associated with Alaska's digital data while under the control of a third party.Vulnerability Management:Included evaluation, prioritization and coordination of remediation of technical vulnerabilities discovered through vulnerability scanning and other means.I and my team developed and continuously improved the methodologies for each of these programs as part of an overall ISO 27001 Information Security Management System (ISMS). PCI DSS, OWASP and NIST were all influential in the development of these methodologies.All programs included management reporting against metrics established by the team and agreed with senior management. Cybersecurity risk reporting received Board level review.I and my team extensively supported PCI DSS and other compliance requirements as an integral part of these programs.

Ensured the protection of customer and company information by developing and implementing programs, audits, and processes to maintain information security.Provided Program Management leadership, oversight and continuous improvement for Alaska's Vulnerability Management and Third Party Risk Assessment programs until quickly promoted to Manager, Information Security Programs with direct reports responsible for these and the emerging Risk Management program.Key Responsibilities: Develop, manage and continuously improve programs and projects relating to protecting customer and company information.Develop, manage and continuously improve internal and 3rd party information security/risk assessments.Create, modify and implement policy, standards and procedures relating to information security and risk assessments.Support security awareness training and campaigns for the organization.Provide requirements, solutions and recommendations to enhance the organization’s security posture.Develop, manage and improve security incident response plans and processes in case of a security breach or incident.Collect and manage program metrics and communicate to senior management the status of the program.Deliver findings and recommendations from assessments.Track and manage remediation of findings identified.Monitor trends in information technology and security that could have an impact on the security of the organization’s products, processes, infrastructure, or customers.

Ensured IT created and maintained robust disaster recovery, business continuity and emergency response capabilities to support overall Service Continuity, including appropriate plans that were tested and continuously improved on a regular basis. Lead and managed Aircraft Emergency Preparedness staffing, planning and exercises for Information Technology's support of the overall business during a possible aircraft emergency. Assisted the business in crisis management as a member of the enterprise Crisis Management team.Key Responsibilities:Develop, manage and continuously improve IT disaster recovery, IT business continuity, and IT emergency response plans including associated documents and artifacts. Oversee execution of IT disaster recovery, IT business continuity and IT emergency response plans in the event of an incident.Collaborate with corporate privacy and security, business continuity, emergency response and facilities groups to develop and execute plans.Consult Alaska Air Group divisions, IT departments and project resources on related processes and procedures.Oversee testing of all plans and communicate to senior management the status of the program and exercise results. Track and manage remediation of all issues identified.Review, evaluate and assign disaster recovery objectives for new business applications.Ensure business process, business partners, systems, and data dependencies are documented.Manage and administer disaster recovery/business continuity tool.

Specializing in: ITIL® Training and ImplementationTechnology Assessment and StrategyDisaster Recovery / Business Continuity PlanningBusiness and Technology Process ImprovementTechnology Team ManagementProject Quality Assurance

Directly managed a Director and other senior technical staff, with the balance of managers, technical staff, and administrative staff reporting to me through them.Overall responsibility for .com site receiving up to 2 MM visits per month. Accountable for technology budgeting, processes, reporting, disaster recovery, security (including PCI compliance), web application development (- 9/24/2010), application testing and deployment, technical support, outsourced services, and internal technology operations including our datacenter and other infrastructure supporting the site, 24 X 7.Collaborated with company owners, senior managers, legal counsel, and various other team members across multiple departments.

Responsible for Technology Operations team members, budgeting, processes, disaster recovery, security, datacenter, and other infrastructure supporting a 2 MM visits per month .com site, 24 X 7.Managed a Manager and several Operations Infrastructure technical staff directly, with additional indirect reports in Technical Support and Data Management reporting up to me through them.

Performed project quality assurance for the UW Medical Center ORCA Project, meeting weekly with UWMC staff and providing monthly formal reviews of project management practices and artifacts, including ratings on current performance and recommendations for improvement.Led and managed an Information Technology Disaster Recovery Planning project for the New Mexico Taxation and Revenue Department. Documented the relative priority of critical business applications. Identified risks and threats to critical applications and developed an overall recovery strategy to guide NM TRD activities in the case of a disaster.Facilitated executive level ITIL® awareness sessions, and delivered (instructed) many executions of the ITIL® Essentials (Foundations) training program to public and private sector clients, as well as to internal Sierra Systems staff.Managed the implementation of HP OpenView Service Desk software and Alignability Process Model (APM) software, a set of field-proven processes designed to conform to ITIL® best practice, for a Washington State agency.Performed an Oracle security audit as part of an overall IT audit for a northwest medical research firm. Reviewed documentation including policies, plans and configuration standards and made recommendations in accordance with IT and Oracle best practices for security.Provided consulting and business management oversight on matters of network security, business continuity/disaster recovery, email, and multiple operating systems. Managed multiple projects, including task planning, status reporting, and development of work breakdown structures.

Directed all aspects of WDIG 24 X 7 Technical Operations Control Center (12 technical staff), which was responsible for supporting the infrastructure of the Walt Disney Internet Group to ensure the maximum availability and quality for .com sites including the Disney Store Online (e-commerce), Disney, ESPN, ABC, ABCNews, Movies and more, (domestic and international).Key contributor to the implementation of formal service management processes into the WDIG organization, enhancing the availability, stability, manageability, and security of mission critical applications, servers, and networks.Incident Management and Change Management process owner.Responsible for management reporting related to service availability of critical customer facing systems. Provided dependable, clear and useful information to Sr. Management and internal clients (ESPN, ABC, Disney, and others).Managed and provided transparency for Control Center 24 hour scheduling.Directly managed, evaluated, developed, mentored and promoted a team of highly skilled individuals with diverse backgrounds, personalities and temperaments.Member of WDIG Security Council.

Managed WDIG Messaging Systems Group (2 System Administrators) responsible for all outbound Guest email systems (opt-in) and all list servers supporting ESPN, ABC, Disney, and others.Established company-wide standards for OS security hardening for Solaris and Linux.Primary operating systems integrated and supported: Solaris, Linux, Windows 2000, Windows NT.

Managed 7 field engineers / consultants.Key Architect/Engineer for Windows NT 4.0 and Exchange 5.5 enterprise spanning multiple states.Regular network troubleshooting, maintenance, repair, and design for multiple clients.Deployed and managed firewall and VPN systems from multiple vendors.Performed bank network security audits and remediation, as well as bank network security design and implementation.Primary operating systems integrated and supported: , Windows 2000, Windows NT 4.0 & 3.51, Windows 98 & 95, Unix, Windows for Workgroups, Cisco, NetWare.