Jason Rusch Email & Phone Number

North Port, FL, US

• Lead organizations through the complexities of cyber governance and compliance. Assessing security postures, identifying vulnerabilities, and developing robust strategies to mitigate risks. I work closely with.
• Cyber Governance: Establishing and maintaining a comprehensive cybersecurity governance framework that aligns with industry best practices and regulatory requirements.
• Compliance Management: Ensuring adherence to key regulations such as GDPR, HIPAA, PCI DSS, and ISO 27001 through meticulous compliance readiness assessments and tailored action plans.
• Risk Management: Conducting thorough risk assessments to identify potential threats and vulnerabilities, and implementing effective risk mitigation strategies.
• Policy Development: Crafting and enforcing security policies and procedures that safeguard organizational data and systems.
• Incident Response: Leading incident response planning and execution to swiftly address and recover from security breaches.

AWS separation/re-organization, family and professional development.

Seattle, WA, US

• Provided executive leadership with strategic consulting on diverse cloud projects, ensuring alignment with organizational goals, industry standards and requirements.
• Designed controls to maintain security/compliance with regulatory frameworks, NIST, FedRAMP, CSA, HIPAA, SOC2, SOX 404, PIPEDA, CCPA, PCI-DSS.
• Performed comprehensive security assessments utilizing AWS Security Baselines, CIS Benchmarks, and CSA Cloud Controls Matrix (CCM).
• Directed high-impact projects such as data migration, analytics integration, and data modeling, improving operational efficiency and scalability.
• Spearheaded initiatives for continuous compliance with data privacy and legal teams, ensuring organizational readiness for audits and assessments.
• Designed cyber governance frameworks for clients that included R.A.C.I. methodologies and matrices. This allowed for the formal assignment of roles and responsibilities.

Teaneck, New Jersey, US

• Managed SOC 2 Type 2 annual attestation and program, program managed annual attestation and reporting to demonstrate internal controls, processing integrity and consistency.
• Project Manager of annual risk/control assessments aligned with ISO 27002:2013.
• Served as data governance lead, establishing and maintaining a comprehensive data catalog while ensuring data accuracy, integrity, and consistency across enterprise datasets.
• Provided (SME) guidance on PCI-DSS compliance and supported privacy initiatives, assessing alignment with CCPA/CPRA, GDPR, and other regulatory frameworks.
• Redesigned client data governance framework, including classifications, dictionary, and catalog, to improve structure, usability, and compliance for a primary client.
• Architected a SOC 2 controls monitoring program, enabling proactive identification of changes, control deficiencies, and process issues to enhance continuous compliance.

Seffner, FL, US

• Led the development and execution of a comprehensive Risk and PCI Compliance program, enhancing organizational security posture and regulatory adherence.
• Established a governance and control framework that aligned requirements with controls and risks, ensuring seamless integration with organizational objectives.
• Designed and implemented a dynamic risk register, effectively aligning it with compliance and IT security metrics to provide actionable insights for stakeholders.
• Architected enterprise vulnerability management program (NIST CSF).
• Led Rooms To Go to first PCI-DSS assessment & compliant SAQ/AOC.

New York, New York, US

• Spearheaded vulnerability control projects, developing "Corrective Action Plans" (CAPS).
• Performed analysis on CAPS data, presented KRI’s for Global Information Security Risk meetings.

East Syracuse, New York, US

• Supported the development and implementation of a customized IT governance framework, enhancing alignment between business objectives, compliance, and risk management.
• Collaborated with the SOC Team to develop and execute Information Risk Management (IRM) strategies, strengthening organizational resilience.
• Designed and implemented the companies first PCI compliance program.
• Partnered to align I.T. controls governance framework with ISO 27002:2013 standards.
• Authored security architecture and PCI compliance strategy for a successful POS-POI project.
• Successfully led BHN through its first PCI-DSS assessment & achieved a compliant ROC/AOC.

Louisville, Kentucky, US

• Directed PCI compliance program, implemented a compliance governance management structure incorporating three distinct tiers: "Assessment Management," "Continuous Monitoring," and "Control Risk & Deficiency.
• Supported governance projects to align HITRUST Common Security Framework with existing HIPAA controls and requirements.
• Co-managed (TVM) vulnerability scanning program, partnered with key stakeholders to develop remediation action plans.
• Successfully led Humana through first PCI-DSS assessment & achieved a compliant ROC/AOC.

Davie, FL, US

• Managed and designed HRC’s first PCI compliance program.
• Provided technical oversight for internal audits and annual financial audits of IT controls, ensuring alignment with regulatory and organizational requirements.
• Led the development of the organization’s first formal (GRC) framework, incorporating elements from ISO 27002 and NIST standards.
• Facilitated coordination among various IT teams to support control initiatives and IT risk management projects, fostering collaboration and process improvement.
• Successfully led HRC’s through its first PCI-DSS assessment & achieved a compliant ROC/AOC.

Burbank, CA, US

• Co-led the development and first PCI-DSS compliance program and assessment for TWD.
• Performed as internal PCI lead, SME and project manager, coordinate efforts with external QSA.
• Successfully co-led Walt Disney through its first PCI-DSS assessment & compliant ROC/AOC.

Princeton, NJ, US

• Developed and aligned PCI-DSS compliance program with existing governance and controls frameworks.
• Performed internal self PCI-DSS assessment and authrored SAQ-D.

Tampa, Florida, US

• Led and developed the Sarbanes-Oxley (SOX) 404 compliance program, including the design, implementation of IT General Controls (ITGCs) and annual attestation.
• Developed an enterprise IT governance framework based on ISO 27002and authored Management Information Systems (MIS) policies and procedures.
• Updated/aligned risk/vulnerability control frameworks with I.T. governance framework.

• Manage I.T. security systems including anti-virus, internet proxies, firewalls, Active Directory security.
• Performed SOX 404 readiness review with control deficiency mitigation strategies.

US

• I.T. server systems administrator (Linux, SunOS, Windows), anti-virus, and IDS management.
• Security and risk management/assessments, for internal and external clients.

Stamford, Connecticut, US

• Desktop/Network support engineer, cyber security subject material expert (SME).
• Successfully lead customer support team for ISP network conversion of 300,000 @Home customers.
• Constructed leading cable modem support and troubleshooting website.
• Acting support team supervisor.
• Employee of the month out of 300 support technicians.

Towson, MD, US

• Support SunOS 2x/Solaris, Redhat Linux, MS Exchange/Active Directory (IAM) and end point anti-virus.

Washington, DC, US

Positions & Roles· Intelligence Communications Specialist· Damage Control (Firefighter)· Boatswain Mate Apprentice Acknowledgements · National Defense and Sea Service Medal (Persian Gulf, Operation Desert Storm)· Southwest Asia Medal (w/ Campaign Star, Operation Desert Storm)· Letter of recommendation (Red Sea, Operation Desert Storm)· Sea Service Ribbon.

Computer Science (Data Communications)

Isa Certification, Payment Card Industry Professional (Pci-Isa)

Cgeit Certification, Enterprise I.T. Governance (Cobit 5)

Gnsa Certification, Giac Systems And Network Auditor (Gnsa)

Itil Certification, Itilv3 Foundations

Training, Risk Assessment Program And Execution

Certification Sans Mgt:525, Project Management For Information Security

Cobit 4.0 Certification, Cobit 4.0 Expert

Pmi, Project Management For Information Technology

Training, Sans Mgt: 421 Leadership And Management Competencies

Training, Practical Guide To Controls For It Professionals (Coso, Iso 27002, Cobit)

Training, Nist Sp-800-53

Training, Microsoft Sql 2005 Security In Depth

Certification, Ecommerce Architect & Design