Erwin (Chris) Louis Carrow

Metro Atlanta, Georgia

ad4z38@r.postjobfree.com 770-***-**** (mobile);

http://www.linkedin.com/in/ecarrow

Skype: erwin.louis.carrow

Summary: Extensive strategic, tactical, and operational leadership for information technology and cybersecurity utilizing inventive and innovative approaches with aptitude, proficiency, and sub- ject matter expertise, experience, and skill. Develop IT and security solutions for governance, man- agement, compliance, assurance, forensics and operations with a holistic approach throughout an organization with specific and sustainable requirements that exceed line of business expectations. A born change agent. Unquenchable passion for security challenges -- produce creative problem solving with a win-win solution orientation. Results-driven professional that thrives in collaborative environments with colleagues motivated by accountability, integrity, and the pursuit of excellence. Respectfully challenge the status quo and provide continuous improvement and innovation in the outcomes produced.

Instrumental in implementing security controls / constraints / countermeasures to IT footprint for both traditional and cloud-based service environments. Implement and maintain efforts for global ISO/IEC 27001, NIST, COBIT, SAE16, SOX, SOC2-3, standards and certifications. Ensure com- pliance for GDPR, PII/HIPAA, SOX, CALEA and PCI-DSS requirements. Direct and drive information and information system objectives to align, sustain, improve, and in- novate information solutions, tools, communications and support for organizational objectives. Supported various constituents with information technology and support services, along with fiscal management of associated personnel and resources.

Conduct enterprise risk assessment and planning, perform information and information system au- dit programs and audits to assess risk management, compliance, policies, and strategic initiatives, evaluate internal information system controls, and provide management strategic, tactical, and oper- ational guidance for improving of operations.

Environments include current OS technologies and associated services, traditional and cloud-based infrastructures. Designing, purchasing, performance monitoring, fault tolerance strategies, trou- bleshooting, and disaster recovery of all network assets and applications. Related Experience

U.S. Bank / Elavon

Two Concourse Parkway, Suite 800, Atlanta GA 30328 – Nov 2015 to Present Role and responsibilities:

Cybersecurity Innovation, Research, and Development Lead - Vice President and Manager: Serve and support lines of business with cybersecurity innovation, research, and development to meet strategic short-term, mid-term, Erwin (Chris) Louis Carrow page 2

and long-term objectives. Activities include: creating, gathering, and developing new ideas into viable solutions; pro- vide dedicated innovative thought and effort with functional and operational autonomy to generate and quickly test ideas; drive new cybersecurity solutions to manage and mitigate risk; support, align and amplify growth, prosperity, and reputation of the cybersecurity services in partnership with lines of business; identify and promote disruptive cybersecurity technology to reduce risk and enhance customer security; and empower and enable line of business to introduce new opportunities, and improve the efficiency of the overall cybersecurity program. Mergers and Acquisitions Capability Manager - Vice President and Manager: Serve as the single point of engage- ment and escalation with technology and business line partners for information security, risks, and associated regula- tory and compliance requirements. Act as the primary relationship manager to business lines and aligned partners for U.S. Bank and Elavon in the USA and Europe. Engage and understand priorities, strategy and plans for the future, support delivery of business requirements, align and coordinate with information security operations, reduce risk, and minimize process / procedure friction for life-cycle of events. Conduct Mergers and Acquisitions for Elavon and US Bank.

Business Information Security Officer - Vice President and Manager: Serve as the single point of engagement and escalation with technology and business line partners for information security and associated regulatory and compli- ance requirements. Act as the primary relationship manager to business lines and aligned partners for Elavon in the USA and Europe. Engage and understand priorities, strategy and plans for the future, support delivery of business requirements, align and coordinate with information security, reduce risk, and minimize process / procedure friction for life-cycle of events. Conduct Mergers and Acquisitions for Elavon and US Bank. A senior leader in information security and relationship manager, which works across the INFOSEC organization to ensure consistency and collaboration exists within teams. Provides the decision or perspective of the information se- curity organization, delegated to speak on behalf of the CISO, and charged with internal coordination across the or- ganization to ensure consistent and thorough responses. Principle Information Technology Security Architect: Provide leadership on definition of security architecture; to include development and implementation of effective security administration processes for all platforms, environ- ments, systems specifically related to the PCI-DSS environment and supporting technologies. Ensure alignment of Information Security initiatives and services with business and technology systems and processes using common ar- chitectural reference models and tools such as TOGAF and SABSA. Support the Information Security Risk Manage- ment through the development, enhancement of the GRC tool and framework for information security risk manage- ment for ISO\IEC 27001:2013, ISO 27005, Octave Allegro, ISO\IEC 31000, FAIR, NIST Cybersecurity Framework. Participate in the consumption, analysis, and prioritization of information security issues and findings from multiple sources. Facilitate in depth risk assessments using a variety of methodologies and practices. Vonage Essentials / Vonage Business Solutions / Vonage Holdings 3200 Windy Hill Road, Suite 200 East, Atlanta GA 30339 – Nov 2014 to Oct 2015 Role and responsibilities:

Senior Information Technology Security and Compliance Manager: Developed long-term strategic security solu- tions and the establishment governance, compliance and operations for IT security strategy throughout the organiza- tion to implement and support operational requirements. Instrumental in implementing and maintaining IT security and compliance controls and constraints to advance digital footprint for both traditional and cloud-based service in- frastructure environments with a focus upon open source solutions and the Amazon IaaS, PaaS and SaaS cloud-base service offerings. Ensure implementation and maintenance efforts for becoming and sustaining information security so as to achieve ISO/IEC 27001, SOX, SSAE16, SOC2-3, CALEA, and PCI-DSS certifications. Ensure compliance for PII, HIPAA, HITECH, Omnibus, and other privacy related regulatory requirements. Critical objectives and tasks include:

Identify architect, implement, manage and support IT governance, assurance, compliance, operations, forensics, audit, change management and the SDLC application development efforts and process for information and information system security throughout the Vonage Business Solutions (VBS) infrastructure architecture. Establish a security and compliance framework for a telecommunication SMB corporate entity. Vendor and project manager for security and compliance contractual agreements. Select controls for both physical and cloud environments, assessment work, con- tract review, and exploit testing for development and vulnerability management. In addition, developed and docu- mented a security framework with a plan to implement all required controls to enhance security. Worked with deploy- ment, architecture, and production teams throughout the SDLC to production to ensure applications and cloud-based solutions and practices meet industry standards and provide effective security to manage and mitigate risk. Conducted static and dynamic applications vulnerability testing/security awareness for developers and supported public facing Erwin (Chris) Louis Carrow page 3

web presence. Have conducted assurance penetration testing with various commercial and open source tools e.g., BASH and python scripting, Veracode, Fortify, Checkmarx, Nexpose, Metasploit, WebInspect, AppScan, aircrack, nmap, wireshark, and Kali Linux suite of tools. Coordinate with legal, at as security and compliance liaison with senior leadership and other internal entities to ensure the VBS Security and Compliance Office (SCO) supports corporate risk and compliance interdependencies.

Recall Corporation Global (procured by Iron Mountain), 180 Technology Parkway N.W., Norcross Ga. 30092 - Sept 2013 to Nov 2014. Role and responsibilities:

Senior Information Technology Security Manager : Established the governance, compliance and operations for IT security strategy and operations throughout the Recall global organization. Instrumental in implementing IT security controls and constraints to assist Recall in advancing their digital footprint for both traditional and cloud-based ser- vice infrastructure environments. Implement and maintain efforts for becoming the first SMB information manage- ment company to achieve global ISO/IEC 2700, SOC2, and PCI-DSS certifications. Ensures regionally compliance for PII, HIPAA and other privacy related regulatory requirements. Manages and supports IT governance, assurance, compliance, operations, forensics and audit efforts for information and information system security throughout the Recall global infrastructure architecture.

Critical objectives and tasks include:

Creates and achieves operational, tactical, and strategic objectives that improve the corporate global IT security pos- ture, minimize and mitigate risk, and support key business goals and objectives. Supports large complex projects and other initiatives to ensure technical relevancy and secure posture to service and support governance, operations, com- pliance and forensic requirements. Ensures business services technology and functionality enforces security policy compliance across all digital service lines. Presents complex compliance and security concepts and solutions, across all functional units, management, executives, and other constituents’ security related business requirements. Ensures timely delivery of security services with demonstrable accountability to business units for all security related trou- bleshooting, incident response, and problem resolution in accordance with agreed upon Service Levels covering Re- call’s standard hardware, software platforms and approved application portfolio, outsourced SOC services. Skill sets include:

Subject matter expertise includes a variety of security technologies in support of Windows/Linux OS, switching, rout- ing, firewall, IDS/IPS, NAC, SIEM, event logging, SFTP, packet inspection (signature and anomaly based), proxies, SSO solutions (SAML), token authentication and session encryption, multi-factor authentication technologies, web application security, database application security, identity and access management controls, monitoring and measuring of events, vulnerability life-cycle management tools (Rapid7, Nessus, and various Open Source toolsets); in order to facilitate various infrastructure architecture security requirements for risk mitigation and regulatory compliance. These skill sets also include: DMZs design and architecture constructs, data encryption (at rest and in transmission), Data Loss Prevention, Mobile Device Management, integrity and change management monitoring and administration, RSA solutions, deployment of MPLS, IPSec, remote access technologies (VPNs, Site to Site VPN tunnels, SSL/VPN), DNS (DNSSEC, TSIG) and PKI Certificate of Authority services. Strategic goals and outcomes include:

Manage a team of highly skilled security engineers and administrators. Administrate and exchange with resources re- sponsible for developing and maintaining customer-centric service and support focus that provides a global high-per- forming operations to consistently secure information and information system. Construct, plan, prioritize, and exe- cute various project designs, diagrams, documentation, budgeting, and resolution requirements. Maintain relevancy regarding current security threat vectors, malware techniques and actively support appropriate countermeasures, con- figurations and constituency awareness.

Construct and communicate IT security policy to support governance, compliance, and forensic requirements and initiatives. Support the maintenance and deployment of new security solutions in multiple data centers. Drive consis- tent IT security service management processes in each region globally. Analyze trends and recommend changes to current practices to achieve greater cost efficiency or improved customer satisfaction. Measure assigned objectives, standards, expectations, and outcomes against key performance indicators, so as to ensure constituent satisfaction globally per region. Own issue resolution / incident response throughout life-cycle of events. Monitor and measure for security event, unresolved issues and requests, and ensure prompt effective resolution and constituent support. Manage IT security capital expenditures. Create and monitor security service catalog and operations support levels and metrics. Ensure Recall Information Technology Security Office (RITSO) governance, management, and roles and re- sponsibilities align with other IT operational entities and assist in optimizing resource allocation globally. Erwin (Chris) Louis Carrow page 4

Albany State University, University System of Georgia 504 College Drive, Albany Ga. 31705 - Mar 2012 to Sept 2013. Role and responsibilities:

Vice President of Information Technology Services and Chief Information Officer: Defined, directed and and re- sponsible for all information and information system objectives to align, sustain, improve, and innovate information solutions, tools, communications and support for higher education institutional objectives. Strategic context and mis- sion is to lead, manage and administrate staff at various levels of responsibility (personnel population: 4200+ stu- dents, 600+ faculty and staff, and 30+ direct report personnel), demonstrate skills in strategic planning, enterprise risk management (ERM), fiscal management, communications, inventory, planning and logistics, physical and information- al security management.

Critical objectives and tasks include:

Advise and assist the president and other senior executives on IT acquisition and management; develop, maintain, and facilitate implementation of a sound, secure, and integrated IT architecture in support of academic and business re- quirements; promote effective and efficient design and operation of all major information resource management

(IRM) processes for the institution, including improvements to academic and business work processes; assess re- quirements for personnel regarding knowledge and skills needed to achieve established performance goals; develop throughout the institution strategies and plans for personnel reorganization, hiring, and training in support of an ef- fective and efficient IT governance; and represent the institution’s information technology innovations and integration interest when engaging with the industry, the local community, and other state and municipal agencies. Strategic goals and outcomes include:

Establish a “balanced score card” approach for critical resources and infrastructure to secure and safeguard the insti- tution’s information and information systems to provide consistent and predictable application and communication services (this would include development of metrics, collect data, and analyze it relative to financial, internal academ- ic/business process, constituency needs, and value benefit versus the needed resource optimization and risk mitiga- tion). Implement and sustain a cost effective and relevant IT Cloud environment to support the institution and local communities’ extended service capability, economic growth and pedagogical mobility, flexibility and significance. De- velop and implement strategic planning and management systems to support all academic and business information business intelligence requirements and map results to USG and institution’s strategic objectives. University System of Georgia, Board of Regents

270 Washington St. SW, Atlanta Ga. 30334 - Nov 2009 to Mar 2012. Role and responsibilities:

Director of Information Technology Auditing - performed the IT Audit function and to purposely provide assurance or identify and assists in the mitigate information and information system risk throughout the University System of Georgia. Support creation of the quarterly audit risk assessment and plan for the Office of Internal Audit and Com- pliance (OIAC). Assessed risk and assurance for USG IT value chain management (VCM) exposures for enterprise resource planning (ERP), supply chain management (SCM), and customer relationship management (CRM) systems. Recommended modifications to audit strategies to enable alignment and achievement of USG enterprise risk man- agement (ERM) objectives. Communicate IT risk and/or assurance issues to the Associate Vice Chancellor for Inter- nal Audit for corrective action. Directly managed and mentored staff, assists in the prioritization and allocation of internal personnel, budgeted resources, and balanced skill competencies and capabilities to ensure successful comple- tion of assurance engagements. Coordinates, communicates, and schedules audit/consulting engagements with insti- tution presidents. Directs, manages, and executes onsite institution engagements and creation of assurance report for Board of Regents, chancellor, and institution presidents. Ensures state and federal compliance and regulatory re- quirements are identified and assessed for USG information and information systems. Develops audit engagement programs and grant funding proposals. Assist in the development of USG IT policy, standards, procedures, and best practices. Managed OIAC office website content to ensure communications were effective. Investigated IT related incidents to include information and information technology systems hacking and malicious attacks. Direct, train, and oversee periodic training of all USG auditors. USG functional and technical lead for Wolters Kluwer’s CCH Team- mate ERP application suite. Advisor for CCH Teammate suite to other audit education and industry corporations and users. USG IT audit representative to interface to various groups, e.g., USG CIOs, Committee on Information Tech- nology (CIT), IT Audit committee, Security Advisory Group, and Risk Management Committee. Act as liaison and advisor regarding information and information technology systems issues, assurance, and best practices for controls to support internal and external agencies e.g., USG Vice Chancellor for Information Technology Support /Chief In- formation Officer, USG Chief Data Officer, USG Chief Information Security officer other USG senior leaders (vice- Erwin (Chris) Louis Carrow page 5

chancellors, presidents, vice-presidents, etc.), State IT Audit Director, Georgia Bureau of Investigations, State of Georgia Chief Information Security Officer, and other law enforcement agencies. Google – Southern Polytechnic State University

Mid-town Atlanta, Ga. – Nov 2010 to Dec 2012

Role and responsibilities:

Contracted Instructor for Southern Polytechnic State University providing training to Google corporate employees. Advances Google system administrators’ & technicians’ knowledge and ability to conduct technical duties utilizing the Linux operating system, research associated challenges and present observations in a professional, clear and concise manner to both technical and non-technical audiences. Upon completion, students are able to successfully install, con- figure, and/or maintain Linux systems, and basic virtual machine instances. Perform basic system administration of the Linux operating systems and effectively communicate with other system administers and / or developers regarding the operational functionality and status of any Linux based operating system. Training encompasses industry standard Red Hat Certified System Administrator (RHCSA) and Red Hat Certified Engineer (RHCE) certification objectives. Training conducted from the Google Mid-Town Atlanta facility to 30-40 internationally dispersed cliental /students via video conferencing.

University System of Georgia, Board of Regents,

270 Washington St. SW, Atlanta Ga. 30334 - Mar 2007 to Nov 2009. Role and responsibilities:

IT Audit Director and Auditor II, independently performed information system audit programs, project manage- ment, and lead audits of colleges and universities for the University Systems of Georgia. Assesses risk management; ensures Federal, State, Board of Regents and local compliance of policies, procedures, operational guidelines, and strategic initiatives. Evaluates USG and third party information system controls; and provide management with doc- umented recommendations for improving and securing of IT related operations. Competencies and capabilities:

• Performance of duties include: briefing university and college Presidents, Vice Presidents, CFOs, CBOs, CIOs and CISOs on security audit risk and compliance issues. Research and investigate key security and compliance issues or problems. Mentor financial auditors on information systems audit fundamentals. Design, implement, and support departmental audit applications. Mentor and train entry-level information systems auditors, and in- terface with Board of Regents officers and staff to complete special projects and initiatives.

• Audited database environments: Oracle 9.X-11X; Microsoft SQL, MySQL, Access 2003-7; which included Banner, PeopleSoft, BlackBaud Raizer’s Edge, and various other transactional database management systems and middleware platforms.

• Certifications include: MCP+I, MCSE, CQS, CCNA, CCAI, CCNP, CCSP, INFOSEC, CISSP, LCP, LCI, OR- ACLE Master for DBA, and Lean Six Sigma Greenbelt. Current certification objectives are CISM.

• Achievements: Audit –In-Charge for: USG Enterprise-wide Enterprise Resource Planning (ERP) audits (e.g., USG123 Data Marts, PeachNet); system office audits, research institution audits; and various other 4- year and 2- year university and college audits. Designed, coordinated, and implemented Wolters Kluwer’s CCH TeamMate ERP audit application suite to support 59 USG auditors and 35 university system campuses with audit life cycle process tools for consistency and continuity of audit work papers and reporting. Chattahoochee Technical College

980 South Cobb Drive Marietta, Ga. 30060 - Jan 99 to Mar 07. Role and responsibilities:

Instructor and Senior System Administrator / Engineer for computer communications networking security, database administration and network engineering. Primary task consisted of network management, data administration, and instruction to train students in industry standards for networking, security, and database administration. Competencies and capabilities:

• Networking environments particulars: technologies Ethernet, Token Ring, Wireless, Analogue and Digital Telephony and Broadband; all current OS technologies (Windows, Novell, Linux / UNIX) and associated services

(DNS, SMTP, POP, DHCP, File and Print sharing, X500 directory services); CISCO routing [RIP, EIGRP, ISIS, OSPF

(NSSA, Totally NSSA, Stub and Totally Stubby, Virtual links), BGP (internal and external – primarily single honed environ- ment)], QOS, HRSP, Redistribution, Policies, Load Balancing, Multicasting ( PIM SM and DM, IGMP 1-2v), NAT, PAT, SNMP 1-3v, and IP version 6, switching [VTP, STP - IEEE (802.1Q, LACP, RSTP, MST) CISCO (ISL, PAgP, PVST+), CGMP, IGMP, QOS, and 802.11 a-g and 802.1x application integration], remote access [Frame Relay, HDLC, PPP (encapsulation, compression MLP fragmentation and interleaving), modem, Basic and Primary ISDN, various con- Erwin (Chris) Louis Carrow page 6

nection types (Point-to-point, Point-to-multipoint, NBMA), Traffic Shaping - QOS ]; CISCOWorks; security [Firewall appli- ances; ASA5500 series, IOS, PIX / Proxy /OS - software based (Windows/Linux) and various commercial applications Fire- wall and Intrusion Detection Systems” VPN, IPS/IDS]; and Voice over IP and analogue technologies integration, Video multicasting and Wireless.

• Database environments: Oracle 8.X-10X; Microsoft SQL, MySQL, Access 97-XP, and 2003. Designed, imple- mented, and administered various database management systems to support a multi-tiered instructional environ- ment.

• Administration for: designing, purchasing, performance monitoring, fault tolerance strategies, troubleshooting, and disaster recovery of all classroom network assets and applications.

• Languages include: Linux BASH, PERL, Python, Ruby scripting; various web / XML design/integration products; .Net -Visual Basic; C, SQL-PLSQL and various scripting applications.

• Achievements: Novell Beta tester for various products, orchestrating and administering the Oracle Academic Initiative Academy providing the Atlanta corporate industry with many qualified and certified DBA’s and data administrators, SAIR/GNU LINUX Academy, submission and coaching of “Cyber Defense” team for Regional Competitions, Program Manager, Administrator and Certified Instructor for CISCO Regional Academy offerings for the CCNP, CCNA, CCSP, Wireless, VoIP curriculum. Introduced and managed the CISCO Academy locally and grew the schools resources to perform as a “Regional Academy” for Northwestern Georgia. Chattahoochee Technical College through my efforts CTC became responsible for training all instructors for the area supported

“Local Academies.”

US Army (Active) and Air Force (Reserve) military duty; FT Jackson, SC. – Robins ARB, Warner Robins, GA. Aug 87 to Mar 2016. Role and responsibilities:

Lead, manage and administration of staff at various levels of responsibility (30-200 personnel), demonstrated skills of fiscal management, communication, inventory, planning and logistics, physical and informational security manage- ment, counseled senior leadership (Field Grade and General Officer) and strategic deployment and support of mili- tary personnel and assets. Stationed in Germany (2 tours), South Carolina, and Georgia. Competencies and capabilities:

• Positions of responsibility: Non-Commissioned and Commissioned Officer; Platoon Leader, Maintenance Of- ficer, Headquarters Executive Officer, Division Protocol Officer, Company Commander, Senior Protestant Chap- lain, Wing Chaplain, along with various extra duties to include “physical” and “information” security manage- ment.

• Credentials include: certified Crisis Intervention Stress Management (CISM) counselor, completed active duty Army 1992 in the grade of Captain / O-3; current active reserve commission station at the 78h Air Base Wing at Robins Air Force Base in the grade of Lt. Col. / O-5; active US Military “Secret” security clearance.

• Achievements: Administrated and managed resources in excess of 18 million dollars. Planned and executed var- ious live firing ranges and field exercises. Forecast and maintained a budget in excess of 1 million dollars. Coor- dinated training requirements at the platoon and company level for Battalion and Division support. Supported Division Command staff with managerial administration and technical support. Planned, organized, and led vari- ous public events. Organized and supported implementation of 8th Infantry Division event in excess of 1500 in attendance to include foreign and domestic dignitaries. Instituted and implemented an annual base-wide “Black Heritage Worship Celebration” event and multiple “National Day of Prayer” with renowned local and national speakers e.g., the former Governor Roy Barnes. Both series of events included all branches of the military ser- vice. Regularly manage, administrate, counsel, preach, train, and advise – often speak publicly to motivate and encourage various groups of people ranging from 5 to 1000 in number. Have supervised personnel ranging from 3 to 200.

Chattahoochee Technical College

980 South Cobb Drive Marietta, Ga. 30060 - Jun 97 to Jan 99. Role and responsibilities:

Network Engineer, Adjunct Instructor, project management, and staff and faculty support - serviced, supported, administered, trained, and maintained all computer desktop, databases, and network server systems. Competencies and capabilities:

• Networking environments include: Cabletron / Enterasys, CISCO, and 3COM technologies for routing and switching, Ethernet and Token Ring a 1000 + systems DOS, Windows 3.1, 95, NT, UNIX, and Novell 4.11. Supported website content management system.

• Database environments: Oracle 7-8.X; Microsoft SQL, Access 97, and Banner.

• Achievements: Support the network development and technologies for administration of Information Systems located on 4 campuses. Supported various equipment and software associated with the implementation and oper- Erwin (Chris) Louis Carrow page 7

ations of enterprise telecommunications systems. Multimedia distribution and display system for video confer- encing equipment based on H.320 and H.323 and CISCO standards. Education

Kennesaw State University, Kennesaw, Ga. - Jan 06 to May 09. Graduated, Master of Science in Information Systems with an emphasis in Information Security- GPA 4.0. CISCO Training, Florida

Contact this candidate