CHET LOVELAND
Goochland, VA. 23063
acbq2r@r.postjobfree.com
SUMMARY
Skilled and accomplished global information security and privacy
officer that partners with business lines to make informed risk based
decisions and execute on those decisions. Provide direct adherence to PCI,
SOX, HIPAA, Safe Harbor and Works Council internationally for continued
compliance. Proven leadership regarding privacy and security governance,
risk, compliance, process and technologies. Investigate, design and
implement cost effective and business supported policies, procedures,
processes and guidelines. Deep experience in all aspects of privacy,
cyber security, cloud, SaaS, mobile, ethical hacking, Industrial Control
Systems (ICS) and social media security. Manage and motivate highly
skilled and technical staff. Perform investigations, eDiscovery, and
litigation support and provide expertise to global Legal groups on
information technology, privacy, cloud, and security. Presented many times
at Gartner, Northwest CISO, Cloud Computing conference and many
international webinars. Managed a security budget of over 2 million.
PROFESSIONAL CERTIFICATIONS AND GOVERNMENT CLEARENCE
CISSP, GIAC (GSNA), ITIL, CISA, CISM, Zinger-Miller (Achieve Global)
Trainer, Federal Government SECRET Clearance (Expired in 2010)
1 PROFESSIONAL EXPERIENCE
MEADWESTVACO - Richmond, VA 2006 -
Present
1 Global Information Security and Privacy Officer
MeadWestvaco is a seven billion fortune 500 packaging company with 23,000
employees in 30 countries.
I have directed the global information security and privacy of the
information technology environment including SAP, JD Edwards and other
global applications for all national and international locations. Executed
on SOX, COBIT, ISO 17799, PCI DSS, and C-TPAT compliance for distributed
and mainframe operations. Including strategic support through gap and
complex analysis, studies, examinations and tactical implementation of
security principles, practices, standards, policies, procedures,
documentation, risk management, project management and audit compliance.
Developed, maintained, communicating, and executed international and
enterprise wide information security and privacy policies, standards,
procedures, guidelines, security awareness and audit compliance monitoring.
Manage highly technical staff responsible for ensuring appropriate security
and privacy controls exist and enforced globally. Provide security,
privacy, and infrastructure leadership in transitioning MeadWestvaco from a
national paper company to an international packaging solutions company.
Provided oversight, consulting and execution in planning, development
design, and execution of security tools and security access methods needed
to protect the computing environment to MeadWestvaco and other service
providers serving as the focal point for MeadWestvaco's global security and
privacy practices. Direct efforts to address global security and privacy
incidents and investigations including ethical hacking using industry
tools. Work with business units to determine need for change in security
design, additional controls and or privacy and implementation based on
security violations, incidents and exceptions. Lead confidential global
security investigations, partnering with business units, Human Resources,
and Legal. Recognize and identify potential areas where security and access
control risks may exist and implement/change policies and procedures as
needed. Significantly reduced information exposure on two terabytes of
data. Implemented tokenized credit card processes for PCI compliance and
provide cyber security risk analysis for global business unites, SaaS, and
cloud email system which reduced 10 disparate email systems to one.
PEARSON government SOLUTIONS - Richmond, VA 2005 -
2006
2 Information Security Officer
Pearson (now Vangent) is a leading global provider of information
management and strategic business process outsourcing services, serving the
Federal government, as well as commercial, education, and healthcare
organizations.
Managed HIPAA and FISMA compliance for the distributed and mainframe
operations that are contracted by the Centers for Medicare/Medicaid (CMS)
for contracts over ten billion dollars and key personnel on CMS contact
center contract award of 440 million. This includes strategic support
through gap and complex analysis, studies, examinations and implementation
of security principles, practices, standards, policies, procedures,
documentation, risk management, project management and audit compliance.
Executed on compliance to Federal and State Information Security
requirement for over ten programs under the ownership of Department of
Health and Human Services. This included strategic direction and counsel,
hands-on security analysis, studies and examinations of security policies,
procedures, documentation, implementation, compliance and audit
requirements and project management to ensure defense-in-depth for the
Pearson Government Solutions infrastructure. Ensured the implementation of
the necessary controls, tools, and procedures to cost-effectively protect
information assets from intentional or unintentional and unauthorized
modifications, disclosure, or destruction by performing risk analysis and
recommending potential security solutions/configurations and using NIST 800
series as the baseline. Developed security requirements and recommends
solutions for new technology projects and changes to current program
environments and applications. Achieved the execution of intrusion
detection and monitoring as well as penetration studies to meet the
business function requirements and regulatory demands. Execution of
compliance in the programs including information security awareness
programs, document security performance metrics, and communicating security
strategies and writing Government System Security Plans. Advises the
individual Government programs on current and future strategic security
requirements, direction, and improvement opportunities and participates in
project teams to ensure new applications and systems comply with
established security regulations, policies, and standards. Directed
program Risk Assessments and System Security Plans as well as the Disaster
Recovery and Business Continuity Plans. Point-of-contact internally and
externally for DR/BC plans on the programs.
FEDERAL RESERVE INFORMATION TECHNOLOGY - Richmond, VA
2000 -2005
1 Information Security Manager
The Federal Reserve is a quasi-Governmental entity responsible for the
monetary system of the United States.
Led the information security of distributed and mainframe operations
including gap and complex analysis, studies, examinations and
implementation of security principles, practices, standards, policies,
procedures, documentation, risk management, project management and audit
for the U.S Central Bank with over 1.5 Trillion dollars transferred
electronically per day. Directed staff of 16 full-time personnel and
hourly contractors that support the organization's information security
needs. Managed a security budget of over $2.02 million.
Direct senior information security staff on complex gap and security
analysis, studies and examinations of security policies, procedures,
documentation, implementation, budget, compliance and audit requirements
and project management to ensure defense-in-depth for the Federal Reserve
System. Transitioned the Federal Reserve Information Technology (FRIT)
organization from a risk avers organization to a risk management
organization. Developing and updating information security principles,
practices and standards. Trained over 700 staff in risk management and
asset vulnerability assessment and security risk mitigation. Implemented
a centralized information security support from 12 organizations into two.
This reduced 30 staff nation wide. Managed the selection, negotiated the
purchase, and implementation of information security tools to augment the
information security posture of the Federal Reserve System. Liaison to
external audit engagements by the Governmental Accountability Office (GAO)
and PriceWaterhouseCoopers (PWC) for Sarbanes-Oxley, COSO and FISMA for
achieved compliance to government regulations.
FEDERAL RESERVE AUTOMATION SERVICES - Richmond, VA 1994 -
2000
Senior Account Manager
Bridged the gaps between information technology and business application
development and distributed and mainframe computer support. This involves
translating business requirement into the defined information technology
framework.
Provided customer support for the San Francisco, St. Louis, Minneapolis
Reserve Banks, Board of Governors and the Home Mortgage Disclosure Act
(HMDA) government application; built capabilities through program
development, process development and strengthened relationships with
customers. Served as project manager for both the Internet U.S. Treasury
Offset Program and the U.S. Postal Service Postal Money Order image project
to move these applications from the mainframe to the distributed platform.
Led a high priority project for FRB San Francisco involving moving check
processing from the 12th District to FRIT to meet year 2000 check
application compliance issues.
EDUCATION
1 UNIVERSITY OF UTAH Salt Lake City, Utah
Masters of Microcomputers Certificate
2