Security Manager
Resume:
Tim O’Neil
*********@***.***
Seminole, FL 33777
CAREER OBJECTIVE: TO OBTAIN A MANGERIAL LEVEL POSITION IN
INFORMATION SECURITY IN THE GREATER TAMPA BAY AREA
CAREER SUMMARY:
• Designed and implemented Information Security Programs at 4 separate companies
• Over 10 years experiences at the managerial level in the field of Information Security
• Comprehensive knowledge and understanding of IT security certification and
accreditation requirements
• Extensive experience with PCI, EU Data Privacy Law, ISO27002, SOX, HIPAA,
HITECH, SAS70 and DoD Certification and Accreditation and COBIT methodology
• IT Program Manager for Sarbanes Oxley Audit Compliance for a major international
company
• Developed a Business Continuity Plan / Disaster Recovery Plans for the corporate
headquarters and over 18 subsidiary companies
• Experienced in leading projects and cross functional teams.
PROFESSIONAL EXPERIENCE:
CIGNA, Bloomfield CT Sept. 2007 to
Aug. 2010
Information Protection Manager
• Worked with a diverse team of global sourcing, information technology and insurance
business executives to implement cost effective and secure business process and software
development outsourcing strategies
• Audited the security and information protection standards of vendors engaged in
providing services to CIGNA.
• Reviewed the security of applications used in the company’s business processes s in
support of health care specific privacy regulations such as HIPAA, HITECH, PCI
HCC INSURANCE HOLDINGS INC., Houston, TX Nov. 2003 to
May 2007
Director of Information Security
• IT Controls SOX Program Manager As such, developed and implemented procedures and
standards to meet or exceed SOX Audit Requirements including development of application
and network security controls, implementing system monitoring, investigation, end user
awareness, physical controls, internal review and documenting procedures in support of
COBIT based SOX Control Objectives
• Developed and implemented a secure software development methodology
• Evaluated and implemented new application security technologies such as Visual
SourceSafe (VSS) and Fortify
• Designed the network security infrastructure including the deployment of a Qualys
vulnerability scanner and a Sourcefire IDS/IPS
• Presented information security awareness training to every employee in the company of
2000 employees, developed web enabled Information Security Awareness Training
• Implemented, monitored and maintained an IDS / IPS System composed of Sourcefire
with Real Time Network Awareness and SNORT,
• Installed, tested and employed vulnerability scanning tools such as QualysGuard, GFI,
Retina, ISS and Nessus
• Implemented security technology to automate IT controls, including the implementation
of an automatic scanning solution and an intrusion prevention system (IPS) in support of
SOX objectives
• Served as the IT representative on an interdepartmental (HR, Legal, IT) HIPAA
compliance project Recommended changes to the security of systems hosting PHI and
supporting policies
• Developed a Corporate Business Continuity Plan for an international company comprised
of 15 subsidiaries and approximately 1500 employees based in the United States and Europe
• Served as the leader of a C Level Incident Response Coordinating Committee charges
with the responsibility to respond to events the business
• Negotiated with security vendors by narrowly defining scope of work estimates and
obtaining competing bids
• Set up automated vulnerability scanning of internal and external systems
• Designed and implemented a web based Information Security Awareness Training
Program
• Performed computer forensic analysis with Encase and Forensic Tool Kit
AIRLINES REPORTING CORPORATION, Louisville, KY March 2002 to
Nov. 2003
Information Security Manager
• Information Security Lead for the main datacenter for all major U.S. based airlines
• Successfully lead a part time Computer Security Incident Response Team in responding
to one significant Denial of Service Attack, two major RPC worm attacks and investigations
of numerous lesser incidents
• Installed, tested and employed vulnerability scanning tools such as Retina, ISS Security
Scanner and Nessus
• Recommended remunerative strategies to strengthen the network structure against
hacking attempts saving the company approximately $100,000 in outside fees
• Developed four other security related company policies; Data Classification, Remote
Access, Email Usage and Strategic Information Security
• Implemented a secure email gateway solution at the network perimeter to protect the
email infrastructure
LAM RESEARCH, Fremont, CA Jan. 2001 to
March 2002
Information Security Manager
• Installed an Intrusion Detection and Analysis System
• Wrote and implemented various information security policies
• Developed and implemented Information Security Awareness Training
• Implemented an encryption solution
• Developed requirements and drafted RFPs for a network security audit
PCS NETWORKS, Emeryville, CA June 2000 to
Jan. 2001
Network Engineer
• Developed scopes of work for the proposed deployment of technologies, bill of materials
and network diagrams
• Developed a business continuity plan for the headquarters of a multi-national corporation
• Performed network security, patch and asset audits
• Made technical presentations to clients
LEVI STRAUSS & CO., San Francisco, CA Aug. 1993 to
May 1998
Director of Investigations Brand Protection & Corporate Security
• Conducted theft and trademark anti-counterfeit investigations worldwide
• Investigated internal and external theft
• Planned supply chain security
US ARMY 1984 to 1993
Commissioned Officer
• US Army Military Police Corps with additional specialty in Systems Automation and
Civil Affairs
EDUCATION:
• Masters of Business Administration in Technology Management, University of Phoenix,
2006
• Bachelors Degree in Criminal Justice, Northeastern University, Boston MA, 1984
• Certificate in Computer Systems Support, Empire College, Santa Rosa, CA 1999
OTHER
• Current TS/SCI Security Clearance
• SANS GSEC / GHIC Certifications
• US ARMY SA/NM Security Course Certification
Contact this candidate