Continuation of role in a part time status.

GDT’s Consulting and Advisory Services practice helps guide organizations through the process of developing a cohesive IT strategy that delivers relevancy and success. Our expert professionals and resources leverage strong OEM partnerships to provide valuable access to the industry’s best and brightest talent and technologies.Through collaboration, GDT helps customers develop next-level best practices that align IT decisions with business goals. Our expertise covers a broad set of technologies that provide a cohesive strategy to address data centers, the Cloud, branch networking, wireless, IoT, BYOD, as well as compliance and security requirements. GDT supports the continued success of our solutions through ongoing engagement, which includes regular business reviews and executive briefings that encompass all stages of the solution’s life cycle.We provide assessments, workshops, executive and technical briefings, adoption and education services, systems and application optimization, site surveys and knowledge transfer that supports our award-winning, end-to-end design, implementation and management of technology solutions.

Security Paradigms is a company dedicated to assisting its clients with regulatory compliance, risk management, and IT Governance complexities. Our consultants provide research services around regulatory compliance with GDPR, CCPA, state reporting requirements, ISO 27001 compliance, risk assessment and risk management programs, and other governance, risk, and compliance issues. Our professional papers assist executives across a broad spectrum of industries in their decision-making process surrounding Security spending by providing an objective risk-based model to justify security program model development and budgeting.

An executive management consultant, specializing in Governance, Risk, and Compliance consulting. Recent engagements have included:- Project management preparing clients for GDPR compliance- Project Leadership driving NIST SP800-171/DFARS compliance for a DoD Contractor- Project Management assisting clients with ISO 27001 compliance- Business Continuity Plan project management for international life insurance company, managing a team of approximately 20 consultants and client employees in completing an Enterprise Risk Assessment, Business Impact Analysis, Business Continuity Plan development at the corporate and departmental levels, and testing the resulting Plan.- Project Management for Policy Alignment with HIPAA/HITECH Compliance Requirements for Healthcare Services Provider- PCI Compliance Project Management for national financial services company, deploying P2PE PCI compliant solution- Strategic Security Plan review and realignment for global IT services organization - CISO positional justification and Strategic Plan development for a mid-size energy company- Security Project Management for a global clothing manufacturing and retail manufacturing firm- Policy/Process Development at a mid-tier consumer-protection insurance service provider- Interim CISO for major Texas research and teaching hospital system, with multiple geographically- diverse hospitals, clinics, and other facilities: evaluated the current Information Security program state, defined a Security Strategy, identified, prioritized, and developed project plans for major security initiatives and changes to policy and procedure, provided mentoring and coaching for new security analysts, a Security Manager, and Infrastructure Director; developed RFP for comprehensive HIPAA Risk Assessment for the hospital system.

Provide professional services around security, compliance, and privacy. Recently involved heavily in a Consumer Finance Protection Board (CFPB) pre-assessment at Think Finance, and currently working to lead the risk remediation efforts as a result of that and other assessments in the past three months. Provided transition mentorship to my replacement as Security Director.

- Provide direction and oversight for the security & compliance requirements.- Successful SOX preparation and remediation- Implementation of technology solutions such as Data Loss Prevention, Access Review automation- Physical Security Director- Offshore security review and management

Perform HIPAA/HITECH Compliance assessments for Covered Entities, including Texas Medical Center hospitals, smaller regional hospitals, medical practices, and Business Asscoates who must comply with HIPAA/HITECH requirements for their business relationships.Current PCI Qualified Security Assessor who has performed numerous assessments, including all levels of compliance.Strategic IT Policy Development and alignment with regulatory requirements such as PCI, GLBA, SOX, FFIEC, LSF, and others.Project Management and oversight for a variety of IT projects.Partner closely with Account Managers to provide technical and managerial expertise in creating sales opportunities and negotiating potential projects to successful sales closure.

Senior Manager in the Global Architecture and Core Technologies Group, Security Specialization.Sarbanes-Oxley compliance assessment engagement management for numerous corporations, including health care, financial, and energy sector. Managed multiple simultaneous Business Continuance Planning for both corporate and government clientsDeveloped numerous Statements of Work and responses to Request for Proposal requests for consulting services for a range of clients, and developed engagement opportunities with clients in person.

Vice President of Information Security for all AmeriCredit locations in US and Canada. Managed an evolving Information Security environment as we migrated towards a more interactive presence, while maintaining and improving security technical infrastructure for perimeter and network security. Led security team efforts in internal audit cooperation, fraud examination, and other functions. Developed corporate policy using ISO 17799 Standards, developed and/or aligned security programs to comply with the Gramm-Leach-Bliley, Sarbanes-Oxley, and other Federal/state legislative and executive requirements.. Worked with Information Technology and Project Management to implement project standards for security into overall project management methodologyManaged annual budget in excess of $1MM dollarsProvided executive management and corporate governance teams regular assessments of existing security practices versus regulatory requirementsBegan the development of the fraud and forensics technology skills in the Information Security team, utilizing EnCase technology.

Developed an integrated approach to managing security in the NonStop eBusiness Solutions (NSeB) arena for Compaq Computer Corporation to market on a global scalePerformed testing and evaluation of security products to support the NSeB program for Compaq, including Microsoft, Check Point, Axent Technologies, Trend Micro, StoneSoft, RADWare, Intel, Cisco, and ISS product linesDeveloped and published a range of technical papers on Compaq ActiveAnswers regarding solutions which support NSeB, including performance and operational papers on firewalls, VPN technology, and wireless technologiesProvided technical consultation on Compaq solutions relating to NSeB for Compaq worldwide, including France, Germany, Canada, and the United States, including Rooms To Go, Office Depot, the Swedish National Identification and Banking Identity System (iD2 PKI Solutions implementation), U.S. Department of Agriculture, the German Integrated Retail Delivery System (iRD), and Air Products and Services.

Initial role for Business Continuity within Dynegy. Performed BIAs for company, developed models for recovery inclusing trading floor recovery. Worked with both US and UK based offices to develop emergency communications plan. Created initial plan for UK recovery.

Manager for Information Security Program Development and Implementation for global organization, and Special Project Manager for Year 2000 validation program. I created and managed the Worldwide Security Technical Leadership Group that develops and reviews world standards for IT Security at Air Liquide. During this time, I developed security constructs for Air Liquide Germany GmbH using SAP/R3 security architecture, reviewed governmental and corporate requirements to establish best practices for individual environments with the Air Liquide corporate structure. I also attained a level of specialization in American and French legal requirements for implementation of encryption and trans-border security models. I also developed network security strategies consistent with the global Air Liquide direction, managed U.S. and European budgets for Information Technology Security, provided security consultation, inspection, and evaluation for Air Liquide sites worldwide, wrote the first comprehensive global Information Technology Security policies/procedures, and managed mainframe (CA-Top Secret and IBM RACF) and networked PC security (Novell NetWare).

I was responsible for daily oversight of a team of 5 analysts of varying levels. Primary responsibilities included:• Mainframe (CA-ACF2 and IBM RACF) security management• DEC VAX/VMS Security Administration• Fortran, COBOL, PL/I, and VMS DCL command programming• Dialback solution (Defender 5000)• Novell NetWare security managementIn addition, I developed an integrated software solution tool across all platforms (feeding data to the VAX on a daily basis) that integrated all access control rules into a common database. This allowed a security analyst to pull up all access for an individual based on their employee id number, as well as initiate a complete deletion of all access across all computing platforms. Languages utilized included COBOL, PL/I, C++, VAX DCL, and Assembler.

Programming for major projects, including corporate management systems, banking systems (Hogan software), and extensoive software modification to the AA&Co Oil and Gas Accounting system for the IBM S/34 computer. Security consulting for mainframe and VAX systems, as well as security reviews for technology centers in Austin, including callback security implementations.