Tim Morrison Email & Phone Number

Boise, Idaho, US

Apple Valley, MN, US

San Francisco, California, US

• Manage the Information Security Policy Management (ISPM) Security Baseline team to facilitate the creation and maintenance of security baselines, provide policy guidance for security baselines, and assist partners in.
• Supported the closure of high priority issues through the publication of security baselines and working with partners to overcome challenges
• Developed 3-year strategic roadmap focused on continuous improvement of the team
• Directed documentation efforts to create security baseline process narrative, operating procedures, and training materials which resulted in a sustainable repeatable process
• Oversaw the timely completion of annual reviews for over 300 security baselines for multiple technologies
• Worked with product owners, subject matter experts, and information security to ensure security baselines for products and technologies were appropriately documented

San Francisco, California, US

• Identified, wrote business requirements, and implemented enhancements to internal GRC tool that saved the testing teams hundreds of data entry hours
• Developed and delivered 8 custom modules of GRC tool training to IT COSO team members
• Establish resource scheduling process for a mix of onshore and offshore testers which minimized unproductive time to under 10% of available testing time
• Managed completeness and accuracy of COSO significant application matrix (400+ apps) and responsible for publishing of SAM on quarterly basis
• Collaborated with all levels across the IT COSO team to identify process improvements and cost savings to ensure we operate efficiently and effectively.
• Directed the development of ITGC scoping database to improve reporting and demonstrate appropriate coverage for COSO applications and assets

San Francisco, California, US

• Oversaw a team of IT risk professionals focused on IT General and IT Application control assurance and quality assurance work.
• Directed quality assurance reviews of testing work papers, test plan documenting, and IT control maintenance activities for SOX404 Compliance for over 800 technology general and application controls.
• Partnered with key risk team members across Wells Fargo risk first and second lines to facilitate improvements in risk management activities
• Orchestrated the hiring, coaching, and development of team members.
• Collaborated with teams in technology, information security, and corporate property management to accomplish Northern Operations Center (NOC) data center walkthrough as part of IT SOX Audit.
• Aligned objectives with Issue Management department, providing credible challenge for control design issues & deficiencies, vetting potential issues, and gaining understanding of Issue Management Policy.

Minneapolis, MN, US

• Hired as subject matter expert in information security and third party risk management for vendor security assessment teams.
• Headed a team of 4 analysts in conducting security & privacy assessments for third parties with a focus on security policies, procedures, and information security program.
• Re-established Risk Based Vendor Onsite Program for Critical Vendors.
• Identified 30 business critical vendors and proposed criteria for performing data center assessments, walkthroughs, physical security, and security program assessment.
• Examined third parties to ensure information security controls focused on vulnerability assessment and remediation.
• Organized and facilitated analyst training for the onsite program and proper execution of the program

US

- Managed a team of 5 (five) Security Incident Analysts responsible for delivering and managing SIEM outputs - Improved security controls on Palo Alto, Checkpoint, and Cisco Intrusion Prevention (IPS) platforms- Led initiatives to improve the security of outbound Internet access utilizing Palo Alto firewall controls- Directed work on proactive security.

Minnesota, 55077, US

• Fulfilled a dream of extended travel for 1 year by visiting 14 countries
• Trekked Mt. Kilimanjaro, Africa’s highest Mountain
• Trekked Inca trail in Peru
• Spent 6 weeks learning how to speak Mandarin Chinese
• Experienced multiple cultures including Asia, South America, the Middle East, and Africa
• Tried new activities including skydiving and bungee jumping

US

- Provide subject matter expertise related to Third Party risk management Information Security issues to business, procurement, and Information Risk Management leadership- Responded to and provided advice regarding information security incidents at third parties- Led a team of 4 offshore contractors conducting risk assessments for American Recovery and.

- Led efforts to streamline, develop, and enhance third party risk management methodology - Refined Risk analysis and stratification methodology- Conducted remote and on-site Third Party reviews based on ISO27001 framework

GB

GB

Bachelor Of Science (Bs), Finance, General

Bachelor'S Degree, Management Information Systems, General