Paige Easley
Columbia, SC *9223
abicya@r.postjobfree.com
Summary of Experience
Over 30 years experience in of IT and over 20 years of IT Security
experience. I have created and implemented strategic plans and the
operational frameworks necessary to create the security programs necessary
to meet the company's needs, along with addressing compliance and audit
issues involving security for multi billion dollar international companies.
Other areas of expertise include; SDLC, networking, applications,
Operating Systems, databases, QA, access and identity management to include
role definitions and segregation of duties
Significant Positions Held:
VP and CISO, Risk and Reliability Division, IndyMac Bank
VP IT Audit and Fraud, Wells Fargo Bank
CISO, Palmetto GBA (Medicare Company)
Partner, LP Risk Services (IT Security & Compliance firm)
Education and Technical Certifications
M.B.A., TECHNOLOGY MANAGEMENT UNIVERSITY OF PHOENIX, 2002
B.A., MANAGEMENT ST. MARY'S COLLEGE, 1994
Certified Information System Auditor (CISA)
Certified Information System Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified in the Governance of Enterprise IT (CGEIT)
Certified in Risk and Information Systems Control (CRISC)
U.S. Army, Command and General Staff College
Employment Experience
PALMETTO GBA (A MEDICARE COMPANY) 2008 TO PRESENT
Chief Information Security Officer
. Responsible for the day-to-day security requirements for Palmetto GBA,
including access (identity management/provisioning), firewalls, IDS,
encryption, and incident response.
. Responsible for the security of Palmetto infrastructure, applications and
services both internally and those attached to Palmetto from external
sources.
. Responsible for the strategic plan for the IT Division
. Responsible for Incident Management and Response
. Responsible for Identity and Access Management for over 100 applications
. Manage and update the corporate training for security, compliance, rules
of behavoir and privacy
. IDS (host and network), firewalls, Virus responsibility for the company
. Role based accesses implementation and segregation of duties.
. Identity Management.
. Conduct a review is prior of any new systems, application, devices etc
prior to being put into production to ensure that all security and
compliance requirements are meet
. Conduct monthly vulnerability assessments and patch management
. Responsible for the Disaster Recovery and Business Continuity plans to
ensure that Palmetto can meet its contractual obligations
. Responsible for ensuring that all audit and regulatory requirements
(FISMA, HIPAA, HITECH, NIST 800-53, etc) are meet and effective
. Physical access and two factor authentication
LP Risk Services Inc. 2004 to 2008
Partner IT Auditing Services (Major Clients: Intel, Pacific Health Systems,
Thermo Electron)
. Provide security reviews (penetration tests, etc.) for national and
internal companies
. Provide guidance and attestation services to companies in the area of
SOX, FFIEC, PCI, HIPAA, OTS, OCC, SAS70 and IT compliance.
. Identity Access Management Programs.
. Role based accesses implementation and segregation of duties
. Identity Management.
. Perform security reviews of architecture to include settings, policies,
procedures and effectiveness of the architecture.
. Work with companies to ensure that their ERP systems (Oracle, SAP) are
secure and that they will pass regular and compliance audits.
. Conduct reviews of process improvements such as ITIL, ISO, COBIT/COSO to
ensure that the correct control set is in place.
. Create automated solutions to reduce cost, error rate and time it takes
to complete an audit/compliance control.
. Review privacy polices to ensure that the company limits it legal
exposure.
. Manage audit staffs for multi-national corporations to ensure timely
completing of risk based audits.
. Perform audits in Europe, Asia as well as North America for clients
requiring knowledge of privacy laws and different audit frameworks world
wide.
IndyMac Bank 2000 to 2004
Vice President and CISO, Risk & Reliability Division
. Created and managed the Risk and Reliability Division, composed of the
following departments:
o IT and corporate security (virus, firewalls, IDS, etc)
o Security help desk
o Release management
o QA
o IT policies and procedures
o Business continuity program (business resumption, disaster recovery and
emergency response)
o IT compliance and audit and regulatory relationships.
. Oversaw an annual personnel budget of $4 million and staffing of 55.
. In conjunction with this role I was responsible for determining new data
center requirements, finding a new data center location, developing the
new infrastructure for the data center to include redundancy, high
availability and new tape backup systems and getting senior management
approval and funding for this $11.5 million project.
Bank of America 1998 to 2000
Audit Consultant
. Responsible for writing new audit plans and documenting audit work for
both internal and external audit review to include federal regulatory
agencies.
. Review of all controls, both procedural and automatic for new
applications and technology to ensure that they were appropriate and
comprehensive.
. Wrote and conducted audits on projects involving Secure Electronic
Transaction (SET), Firewalls, PKI, Proxy Servers, Smart Cards, SSL3,
Encryption and E-commerce.
. Monitored and evaluated all Disaster Recovery plans and test. Responsible
for reviewing and testing IBM MVS security and disaster recovery plans.
Sun Diamond Growers 1993 to 1997
Manager IT Audit
. Responsible for managing, auditing, consulting and project leadership of
a variety IS projects for Sun-Maid Raisins, Sunsweet Prunes, Diamond
Walnuts, Valley Figs, and Oregon Hazelnuts.
. Developed and implemented all audit programs for a variety of computer
systems and applications, including; UNIX, Sybase, Novell 3.x & 4.x,
Windows applications, UNISYS mainframe, VMS and Client/Server
applications.
. All audit documentation had to meet Internal Audit Association standards.
Project manager for the installation of the companies first LAN using
Novell NDS.
Wells Fargo Bank 1988 to 1993
Vice President IT Audit/Fraud
. Managed the IT audit program for all of Wells Fargo Bank. Have a
department of 10 IT auditors
. Managed the internal fraud program. This program was designed to
indentify employee's who either committed fraud against the company or
violated code of conduct.
U.S. Army Reserves 1972 to Present
Automation Manager
. Managing a MicroVAX/VMS computer center and Microsoft NT LAN. Installed
and maintained a mobile IBM mainframe.
. Responsible for designing, procuring, and installing all data processing
equipment for the 91st Division. Past assignments have included fielding
of mobile IBM mainframes and PC LAN systems and creating disaster
recovery plans for all army data centers in the Pacific. Obtained the
rank of Lieutenant Colonel.
Professional Accomplishments
. CERTIFIED INFORMATION SYSTEM AUDITOR (CISA)
. Certified Information System Security Professional (CISSP)
. Certified in the Governance of Enterprise IT (CGEIT)
. U.S. Army, Command and General Staff College
Platforms: UNIX, AIX, IBM Mainframe, VMS, NT
Networking: Secure Electronic Transaction (SET), Firewalls, PKI, Proxy
Servers, Smart Cards, SSL3, Encryption and E-commerce, Novell, Active
Directory
ERP: Oracle, SAP, Lawson, MAS 500, Hyperion, Timberline
Databases: IMS, Oracle, Sybase, MS SQL, Access, IDMS, VSAM
Standards: SOX, ISO, HIPPA, SAS70, PCI
Frameworks: COBIT/COSO, ITIL, EU Privacy, Safe Harbor Act, California
Privacy laws
Programming: COBOL, databases, ERP development, Software development