Paige Easley

*** **** **** **

Columbia, SC *9223

310-***-****

abicya@r.postjobfree.com

Summary of Experience

Over 30 years experience in of IT and over 20 years of IT Security

experience. I have created and implemented strategic plans and the

operational frameworks necessary to create the security programs necessary

to meet the company's needs, along with addressing compliance and audit

issues involving security for multi billion dollar international companies.

Other areas of expertise include; SDLC, networking, applications,

Operating Systems, databases, QA, access and identity management to include

role definitions and segregation of duties

Significant Positions Held:

VP and CISO, Risk and Reliability Division, IndyMac Bank

VP IT Audit and Fraud, Wells Fargo Bank

CISO, Palmetto GBA (Medicare Company)

Partner, LP Risk Services (IT Security & Compliance firm)

Education and Technical Certifications

M.B.A., TECHNOLOGY MANAGEMENT UNIVERSITY OF PHOENIX, 2002

B.A., MANAGEMENT ST. MARY'S COLLEGE, 1994

Certified Information System Auditor (CISA)

Certified Information System Security Professional (CISSP)

Certified Information Security Manager (CISM)

Certified in the Governance of Enterprise IT (CGEIT)

Certified in Risk and Information Systems Control (CRISC)

U.S. Army, Command and General Staff College

Employment Experience

PALMETTO GBA (A MEDICARE COMPANY) 2008 TO PRESENT

Chief Information Security Officer

. Responsible for the day-to-day security requirements for Palmetto GBA,

including access (identity management/provisioning), firewalls, IDS,

encryption, and incident response.

. Responsible for the security of Palmetto infrastructure, applications and

services both internally and those attached to Palmetto from external

sources.

. Responsible for the strategic plan for the IT Division

. Responsible for Incident Management and Response

. Responsible for Identity and Access Management for over 100 applications

. Manage and update the corporate training for security, compliance, rules

of behavoir and privacy

. IDS (host and network), firewalls, Virus responsibility for the company

. Role based accesses implementation and segregation of duties.

. Identity Management.

. Conduct a review is prior of any new systems, application, devices etc

prior to being put into production to ensure that all security and

compliance requirements are meet

. Conduct monthly vulnerability assessments and patch management

. Responsible for the Disaster Recovery and Business Continuity plans to

ensure that Palmetto can meet its contractual obligations

. Responsible for ensuring that all audit and regulatory requirements

(FISMA, HIPAA, HITECH, NIST 800-53, etc) are meet and effective

. Physical access and two factor authentication

LP Risk Services Inc. 2004 to 2008

Partner IT Auditing Services (Major Clients: Intel, Pacific Health Systems,

Thermo Electron)

. Provide security reviews (penetration tests, etc.) for national and

internal companies

. Provide guidance and attestation services to companies in the area of

SOX, FFIEC, PCI, HIPAA, OTS, OCC, SAS70 and IT compliance.

. Identity Access Management Programs.

. Role based accesses implementation and segregation of duties

. Identity Management.

. Perform security reviews of architecture to include settings, policies,

procedures and effectiveness of the architecture.

. Work with companies to ensure that their ERP systems (Oracle, SAP) are

secure and that they will pass regular and compliance audits.

. Conduct reviews of process improvements such as ITIL, ISO, COBIT/COSO to

ensure that the correct control set is in place.

. Create automated solutions to reduce cost, error rate and time it takes

to complete an audit/compliance control.

. Review privacy polices to ensure that the company limits it legal

exposure.

. Manage audit staffs for multi-national corporations to ensure timely

completing of risk based audits.

. Perform audits in Europe, Asia as well as North America for clients

requiring knowledge of privacy laws and different audit frameworks world

wide.

IndyMac Bank 2000 to 2004

Vice President and CISO, Risk & Reliability Division

. Created and managed the Risk and Reliability Division, composed of the

following departments:

o IT and corporate security (virus, firewalls, IDS, etc)

o Security help desk

o Release management

o QA

o IT policies and procedures

o Business continuity program (business resumption, disaster recovery and

emergency response)

o IT compliance and audit and regulatory relationships.

. Oversaw an annual personnel budget of $4 million and staffing of 55.

. In conjunction with this role I was responsible for determining new data

center requirements, finding a new data center location, developing the

new infrastructure for the data center to include redundancy, high

availability and new tape backup systems and getting senior management

approval and funding for this $11.5 million project.

Bank of America 1998 to 2000

Audit Consultant

. Responsible for writing new audit plans and documenting audit work for

both internal and external audit review to include federal regulatory

agencies.

. Review of all controls, both procedural and automatic for new

applications and technology to ensure that they were appropriate and

comprehensive.

. Wrote and conducted audits on projects involving Secure Electronic

Transaction (SET), Firewalls, PKI, Proxy Servers, Smart Cards, SSL3,

Encryption and E-commerce.

. Monitored and evaluated all Disaster Recovery plans and test. Responsible

for reviewing and testing IBM MVS security and disaster recovery plans.

Sun Diamond Growers 1993 to 1997

Manager IT Audit

. Responsible for managing, auditing, consulting and project leadership of

a variety IS projects for Sun-Maid Raisins, Sunsweet Prunes, Diamond

Walnuts, Valley Figs, and Oregon Hazelnuts.

. Developed and implemented all audit programs for a variety of computer

systems and applications, including; UNIX, Sybase, Novell 3.x & 4.x,

Windows applications, UNISYS mainframe, VMS and Client/Server

applications.

. All audit documentation had to meet Internal Audit Association standards.

Project manager for the installation of the companies first LAN using

Novell NDS.

Wells Fargo Bank 1988 to 1993

Vice President IT Audit/Fraud

. Managed the IT audit program for all of Wells Fargo Bank. Have a

department of 10 IT auditors

. Managed the internal fraud program. This program was designed to

indentify employee's who either committed fraud against the company or

violated code of conduct.

U.S. Army Reserves 1972 to Present

Automation Manager

. Managing a MicroVAX/VMS computer center and Microsoft NT LAN. Installed

and maintained a mobile IBM mainframe.

. Responsible for designing, procuring, and installing all data processing

equipment for the 91st Division. Past assignments have included fielding

of mobile IBM mainframes and PC LAN systems and creating disaster

recovery plans for all army data centers in the Pacific. Obtained the

rank of Lieutenant Colonel.

Professional Accomplishments

. CERTIFIED INFORMATION SYSTEM AUDITOR (CISA)

. Certified Information System Security Professional (CISSP)

. Certified in the Governance of Enterprise IT (CGEIT)

. U.S. Army, Command and General Staff College

Platforms: UNIX, AIX, IBM Mainframe, VMS, NT

Networking: Secure Electronic Transaction (SET), Firewalls, PKI, Proxy

Servers, Smart Cards, SSL3, Encryption and E-commerce, Novell, Active

Directory

ERP: Oracle, SAP, Lawson, MAS 500, Hyperion, Timberline

Databases: IMS, Oracle, Sybase, MS SQL, Access, IDMS, VSAM

Standards: SOX, ISO, HIPPA, SAS70, PCI

Frameworks: COBIT/COSO, ITIL, EU Privacy, Safe Harbor Act, California

Privacy laws

Programming: COBOL, databases, ERP development, Software development

Contact this candidate