CHET LOVELAND

**** ***********-**** **.

Goochland, VA. 23063

804-***-****

acbq2r@r.postjobfree.com

SUMMARY

Skilled and accomplished global information security and privacy

officer that partners with business lines to make informed risk based

decisions and execute on those decisions. Provide direct adherence to PCI,

SOX, HIPAA, Safe Harbor and Works Council internationally for continued

compliance. Proven leadership regarding privacy and security governance,

risk, compliance, process and technologies. Investigate, design and

implement cost effective and business supported policies, procedures,

processes and guidelines. Deep experience in all aspects of privacy,

cyber security, cloud, SaaS, mobile, ethical hacking, Industrial Control

Systems (ICS) and social media security. Manage and motivate highly

skilled and technical staff. Perform investigations, eDiscovery, and

litigation support and provide expertise to global Legal groups on

information technology, privacy, cloud, and security. Presented many times

at Gartner, Northwest CISO, Cloud Computing conference and many

international webinars. Managed a security budget of over 2 million.

PROFESSIONAL CERTIFICATIONS AND GOVERNMENT CLEARENCE

CISSP, GIAC (GSNA), ITIL, CISA, CISM, Zinger-Miller (Achieve Global)

Trainer, Federal Government SECRET Clearance (Expired in 2010)

1 PROFESSIONAL EXPERIENCE

MEADWESTVACO - Richmond, VA 2006 -

Present

1 Global Information Security and Privacy Officer

MeadWestvaco is a seven billion fortune 500 packaging company with 23,000

employees in 30 countries.

I have directed the global information security and privacy of the

information technology environment including SAP, JD Edwards and other

global applications for all national and international locations. Executed

on SOX, COBIT, ISO 17799, PCI DSS, and C-TPAT compliance for distributed

and mainframe operations. Including strategic support through gap and

complex analysis, studies, examinations and tactical implementation of

security principles, practices, standards, policies, procedures,

documentation, risk management, project management and audit compliance.

Developed, maintained, communicating, and executed international and

enterprise wide information security and privacy policies, standards,

procedures, guidelines, security awareness and audit compliance monitoring.

Manage highly technical staff responsible for ensuring appropriate security

and privacy controls exist and enforced globally. Provide security,

privacy, and infrastructure leadership in transitioning MeadWestvaco from a

national paper company to an international packaging solutions company.

Provided oversight, consulting and execution in planning, development

design, and execution of security tools and security access methods needed

to protect the computing environment to MeadWestvaco and other service

providers serving as the focal point for MeadWestvaco's global security and

privacy practices. Direct efforts to address global security and privacy

incidents and investigations including ethical hacking using industry

tools. Work with business units to determine need for change in security

design, additional controls and or privacy and implementation based on

security violations, incidents and exceptions. Lead confidential global

security investigations, partnering with business units, Human Resources,

and Legal. Recognize and identify potential areas where security and access

control risks may exist and implement/change policies and procedures as

needed. Significantly reduced information exposure on two terabytes of

data. Implemented tokenized credit card processes for PCI compliance and

provide cyber security risk analysis for global business unites, SaaS, and

cloud email system which reduced 10 disparate email systems to one.

PEARSON government SOLUTIONS - Richmond, VA 2005 -

2006

2 Information Security Officer

Pearson (now Vangent) is a leading global provider of information

management and strategic business process outsourcing services, serving the

Federal government, as well as commercial, education, and healthcare

organizations.

Managed HIPAA and FISMA compliance for the distributed and mainframe

operations that are contracted by the Centers for Medicare/Medicaid (CMS)

for contracts over ten billion dollars and key personnel on CMS contact

center contract award of 440 million. This includes strategic support

through gap and complex analysis, studies, examinations and implementation

of security principles, practices, standards, policies, procedures,

documentation, risk management, project management and audit compliance.

Executed on compliance to Federal and State Information Security

requirement for over ten programs under the ownership of Department of

Health and Human Services. This included strategic direction and counsel,

hands-on security analysis, studies and examinations of security policies,

procedures, documentation, implementation, compliance and audit

requirements and project management to ensure defense-in-depth for the

Pearson Government Solutions infrastructure. Ensured the implementation of

the necessary controls, tools, and procedures to cost-effectively protect

information assets from intentional or unintentional and unauthorized

modifications, disclosure, or destruction by performing risk analysis and

recommending potential security solutions/configurations and using NIST 800

series as the baseline. Developed security requirements and recommends

solutions for new technology projects and changes to current program

environments and applications. Achieved the execution of intrusion

detection and monitoring as well as penetration studies to meet the

business function requirements and regulatory demands. Execution of

compliance in the programs including information security awareness

programs, document security performance metrics, and communicating security

strategies and writing Government System Security Plans. Advises the

individual Government programs on current and future strategic security

requirements, direction, and improvement opportunities and participates in

project teams to ensure new applications and systems comply with

established security regulations, policies, and standards. Directed

program Risk Assessments and System Security Plans as well as the Disaster

Recovery and Business Continuity Plans. Point-of-contact internally and

externally for DR/BC plans on the programs.

FEDERAL RESERVE INFORMATION TECHNOLOGY - Richmond, VA

2000 -2005

1 Information Security Manager

The Federal Reserve is a quasi-Governmental entity responsible for the

monetary system of the United States.

Led the information security of distributed and mainframe operations

including gap and complex analysis, studies, examinations and

implementation of security principles, practices, standards, policies,

procedures, documentation, risk management, project management and audit

for the U.S Central Bank with over 1.5 Trillion dollars transferred

electronically per day. Directed staff of 16 full-time personnel and

hourly contractors that support the organization's information security

needs. Managed a security budget of over $2.02 million.

Direct senior information security staff on complex gap and security

analysis, studies and examinations of security policies, procedures,

documentation, implementation, budget, compliance and audit requirements

and project management to ensure defense-in-depth for the Federal Reserve

System. Transitioned the Federal Reserve Information Technology (FRIT)

organization from a risk avers organization to a risk management

organization. Developing and updating information security principles,

practices and standards. Trained over 700 staff in risk management and

asset vulnerability assessment and security risk mitigation. Implemented

a centralized information security support from 12 organizations into two.

This reduced 30 staff nation wide. Managed the selection, negotiated the

purchase, and implementation of information security tools to augment the

information security posture of the Federal Reserve System. Liaison to

external audit engagements by the Governmental Accountability Office (GAO)

and PriceWaterhouseCoopers (PWC) for Sarbanes-Oxley, COSO and FISMA for

achieved compliance to government regulations.

FEDERAL RESERVE AUTOMATION SERVICES - Richmond, VA 1994 -

2000

Senior Account Manager

Bridged the gaps between information technology and business application

development and distributed and mainframe computer support. This involves

translating business requirement into the defined information technology

framework.

Provided customer support for the San Francisco, St. Louis, Minneapolis

Reserve Banks, Board of Governors and the Home Mortgage Disclosure Act

(HMDA) government application; built capabilities through program

development, process development and strengthened relationships with

customers. Served as project manager for both the Internet U.S. Treasury

Offset Program and the U.S. Postal Service Postal Money Order image project

to move these applications from the mainframe to the distributed platform.

Led a high priority project for FRB San Francisco involving moving check

processing from the 12th District to FRIT to meet year 2000 check

application compliance issues.

EDUCATION

1 UNIVERSITY OF UTAH Salt Lake City, Utah

Masters of Microcomputers Certificate

2

Contact this candidate