Key Accomplishments:- Identified security control points for Oracle monitoring of network infrastructure security, (Defined Security infrastructure, Server and Firewall Configuration metrics, acceptable / failure definitions matrix and Application Separation of Duties, Access violation attempts etc.) that was used to create the GRC Security operations dashboard. - Zero data breach events for all Security Architecture clients.- Achieved no material weaknesses for SOX clients, and automated 90% of SOX testing.- Created Information risk management process that included: • Risk analysis and management, identification of information risk• Information Security training and response program• Information Security Awareness program• Off-site access and use of ePHI from remote locations; • Storage of electronic Protected Health Information on portable devices and media; • Disposal of equipment containing electronic Protected Health Information; • Business associate agreements and contracts; • Data encryption; • Virus protection; • Technical safeguards in place to protect information assets and electronic Protected Health Information; and • Monitoring of access to electronic Protected Health Information.

Retired

I am a contributing member of the HIMSS Identity Management Task Force and of the HIMSS Risk Assessment Work Group. | Identity Driven Enterprise ( Information Security) Architecture [IDEAs] subject matter expert - Enterprise Architecture and Information Security

I developed a risk based entity wide strategy for the hospitals Information Security Compliance program - integrated with their EPIC EMR, including guidance for their HIPAA Security Rule, Privacy Rule and Breach Notification Rule Compliance efforts. - Created an action plan to achieve PCI 3.1 compliance.

Developed, implemented, and maintained an Enterprise-wide information security program that defined security infrastructure that supported the business strategic plan and goals. Provided the design of and leadership for IT Security, including prioritizing and leading security and compliance (PCI and HIPAA) initiatives and incident response program accros IT Operations, Applications, Firewall and data. Directed and coordinated IT security (engineers, technical staff, and external resources) in the performance of security functions and provided oversight of external resources and service providers. Subject matter expert on cyber-security risk assessment and risk management programs, [Contributing member of the HIMSS Information Risk Assessment Task Force], Security Architecture, Security Information Event Management (SIEM) and Data Leak Prevention (DLP) technologies.

Reported to the Board of Directors as their VP Information Security | Privacy Officer | Dean, College of Compliance and Regulation, Seacoast National University. Developed and implemented an enterprise-wide information security program and security infrastructure. Created an information security awareness program, annually revised corresponding strategic plan and goals. Provided the design of an information security strategy including prioritizing and leading security and compliance initiatives, and implemented the use of a portfolio of controls & safeguards. Directed and coordinated IT security operations (engineers, technical staff, and external resources) in the performance of security functions and provided oversight of external resources and service providers. Subject matter expert on e-commerce and cyber security risk assessment and risk management. Security Architecture, Security Information Event Management (SIEM) and Data Leak Prevention (DLP) technologies. Obtained Satisfactory or higher ratings from the regulators.

Created an enterprise-wide SAS70 II, /SOC2 Type II Information Security operations and Control design and process, including Information Risk Analysis and Assessment for this e-commerce PEO. Established a SOC2 control process that obtains unqualified opinions and a strong security posture.

Managing Director - IT Security | Audit ServicesManaging Director, IT Security and Audit Services (May 2003 – June 2006) Directed, planned, and managed all aspects of the IT Security and Audit practice for the New York and Florida office. Audit effort included Firewall Internet Vulnerability testing, COBIT based SOX 404 reviews for over 40 firms. Third Party Controls, SAS 70’s (Type II), IT General controls, / entity level control reviews. Managed a staff of fifteen to twenty (15 to 20) professionals. RACF, AS/400, Windows NT, Oracle GRC Migration. FFIEC Guidance expert, Achieved Regulatory compliance with FRB, FDIC, OCC for all clients.

VP | IT AuditorVice President and Project Manager, Year 2000 Project (Y2K) - February 1998 – April 2000Managed the Y2K project for the Bank. Liaison between Information Technology and Management to scope, and verify the functionality of the Bank’s computer systems for the Y2K transition. Managed multiple Bank departments (clients) needs and projects, integrating Y2K and regulatory concerns simultaneously.Vice President and Information Technology Auditor - December 1997 – January 1998Directed the Information Technology Audit program for bank operations in the Americas (North and South America), including annual audit scope, planning, staffing and presenting audit reports to the Audit Committee.

Senior IT AuditorTogether with the IT Audi team at Bank of Tokyo, we implemented a risk assessment methodology that was used to focus the Internal Audit department's efforts and address higher risk areas first, and as a basis for the annual audit planning effort.

Senior Technology AuditorResponsible for audits of front, middle and back operations, including derivative trading (CAPS, Floors, Swaps and Options), futures and options. Conducted Information Technology and Assurance audits of wire transfer and out-trading. Established data mining program using ACL

Assistant TreasurerAssistant Treasurer (formerly titled Information Technology Auditor Officer)Responsible for audits/reviews in private banking, futures/options, and third party software, (McCormick & Dodge) accounts payable, payroll, and general ledger. Performed additional third party reviews on mortgage-backed securities vendor, (Cantor Fitzgerald) and Global Custody, using Dyatron’s International Information Security Processing System

Senior IT AuditorManager EDP Auditing Created a global Technology Audit Department from scratch for NAVRESSO. Received a Citation for excellence from the GAO