Security Project Manager

Location:

7014

Posted:

October 14, 2010

Contact this candidate

Resume:

Ben Rothke, CISSP CISA

*** ***** *******, *******, ** 07014

*******@*****.*** C: 973/489-0838

ENTERPRISE SECURITY PROFESSIONAL

SECURITY TECHNOLOGY . ARCHITECTURE AND GOVERNANCE . COMPLIANCE & POLICY

Accomplished security professional with passionate and innovative future-

oriented vision, focusing on developing security and risk management, both

as an internal asset as well as a competitive advantage. Career

incorporates complementary corporate and consulting roles, securing IT

assets at numerous Fortune 1000 companies.

Proven track record of thoroughly analyzing security requirements and

synthesizing the results into a set of initiatives and projects designed to

protect company assets, facilitate business opportunities and maximize

revenue in alignment with corporate goals.

CORE COMPETENCIES

? Business-Oriented ? Budget Development & Management ? Cost Containment

Technology

? Vision, Strategy and ? Communication and Education ? Security policy and

Execution procedures

? New Technology ? Security Technology Evaluation ? Sensible Metrics and

Evaluation SLAs

PROFESSIONAL EXPERIENCE

BT Professional Service New York, NY

November 2006 - present

Senior Security Consultant

British Telecom Professional Services is a 5+ billion provider of worldwide

services and solutions that help enterprises effectively use technology to

drive business growth. I help clients with their security, privacy and

risk management requirements.

o Currently on a project for the CISO of a New York energy company,

assisting in the development of a comprehensive information

security program. Includes security assessments, reviews against

policy compliance and project management, participant in the

corporate smart grid security group. Member of the NIST Smart Grid

Interoperability Panel for the Cyber Security Working Group.

o For a health insurance company, lead their PCI assessment.

Reviewed infrastructure, assisted them in creation of the PCI SAQ,

wrote ROC and remediation plan for PCI compliance.

o For an international bank, reviewed 18 of the bank's most critical

application for security and regulatory compliance. Interviewed

application owners and BISO's and wrote-up application security

risk assessment for each application, detailing specific

organizational and application risks and vulnerabilities.

o For a diversified health care benefits company, performed

evaluation of the encryption adherence (encryption deployment,

maintenance and tracking) to the 'American Recovery and

Reinvestment Act (ARRA)', and determined if their current Windows

Storage meets ARRA/HITECH requirements.

o For a publisher of computer and video games, created a security

framework and assisted in the design of a Security and Risk

Assessment methodology that allowed them to evaluate the controls,

designs and management practices for services that they outsource

to third parties.

o Assisted in the creation of a secure coding curriculum, to enable a

brokerage firm to train their developers in secure web and

applications coding.

o For the world's largest motion picture exhibitor, designed incident

response plan for PCI compliance and created short-term and long-

term remediation plans for PCI compliance

o For an international auction house, develop comprehensive set of

information security and privacy policies. Collaborated with

various departments (IT, IS audit, legal, HR, COO Office) for

consensus.

o For a major airline, assisted in an encryption key-management

architecture design and roll-out.

o For Microsoft, wrote a white paper on security, and acted a

security and privacy subject matter expert in the development of

their MCSE and MCP security certification examinations.

o For the managed security services department of a large

international telecommunications company, wrote 20 DLP (Desktop

Level Processes) and created best practices for managed security

operations.

o Member of the P2P selection committee for the RSA 2009-2011

conferences

o Spoke at the 2007 - 2011 RSA US and Europe information security

conferences

AXA Equitable Life Insurance New York, NY January 2006 -

October 2006

Director - Security Technology Implementation

o Managed information security technology implementation group. The

group's primary purpose is to both bring new security and privacy

technologies into the organization and to stabilize and put

processes in place to globally support these initiatives.

o Member of the Corporate Global Security Council and Corporate

Information Security Forum for strategic security projects and

initiatives. Included in these projects is budgeting and financial

planning for cost effective deployment.

o Provides strategic guidance to CISO and executive management in

information security, privacy and regulatory issues.

o Other responsibilities include information security awareness,

incident response, Sarbanes-Oxley and other regulatory work, and

more.

ThruPoint, Inc. New York, NY April 2003 -

January 2006

Senior Security Consultant

o Worked with CISO and senior IT management to determine acceptable

levels of risk to their organization.

o Brokerage - assisted in the design and created a Global SOC

(Security Operations Center) which served as the nerve center for

information security sharing and incident management.

o Brokerage - performed a comprehensive requirements analysis and

roll-out plan for their SIM (Security Information Management)

program. Operating 24/7/365, the SIM provides real-time digital

situational awareness and monitoring of the firm, coordinates

incidents and response activities, issues advisories and bulletins

concerning digital threats the firm, as well as specific protective

measures.

Garden State InfoSecurity Clifton, NJ June 2001 - April

2003

Senior Security Consultant

o For a major pharmaceutical company, Project Manager of a 21 CFR

Part 11 compliance program. Managed staff of 15 consultants and

budget of $4 million.

o For PrivaPlan Associates, wrote HIPAA security and privacy

certification documentation.

o Major pharmaceutical, created and managed their 21 CFR Part 11

compliance program. This included compliance plan development,

interpretation of Part 11 for their organization, business and

regulatory risk assessment, system compliance strategy and

remediation project planning.

o For a New York hospital, assisted in their HIPAA security and

privacy remediation efforts and ensured compliance, and analyzed

all requirements for HIPAA as they related to the product and

client needs. Coached and mentored junior staff members.

o For a major international bank, performed a comprehensive

information security risk analysis. Managed a team of 6 people;

assigning team members tasks, and motivating them to meet

deadlines.

o For a New York City commercial bank, designed and wrote a set of

industry best practices and corporate information security

policies. Championed the use of industry best practices for an

effective corporate security policy.

PREVIOUS RELEVANT EXPERIENCE

Baltimore Technologies New York, NY November 2000 -

June 2001

eB Networks Edison, NJ October 1999 -

November 2000

Ernst & Young New York, NY October 1997 - October

1999

Coopers & Lybrand New York, NY September 1996 - October

1997

Citibank New York, NY June 1995 - September

1996

Track Data Corp. New York, NY November 1993-

June 1995

National League for Health Care New York, NY August 1992 -

November 1993

Montefiore Medical Center Bronx, NY August 1989 - July

1992

RELATED EXPERTISE

o Certifications - CISSP (1997), CISA (2007), CGEIT (2008), CCO (1998), MCP

(2000), PCI QSA (2007 - 2010), CISM (2003), CRISC (2010)

o Cloud Security Alliance (CSA) - Founding member and member of CSA

advisory board

o GAISP - Former co-chairman Information Security Policy Principles working

group

o PCI Knowledge Base - Panel of Experts member

o Information Shield - Security Policy Panel of Experts member

o Network Intelligence - Customer Advisory Board member (2006-2008)

o Computer Associates - eTrust Product Advisory Council member (2006-2008)

THOUGHT LEADERSHIP

Recent speaking engagements and webinars

. RSA US and Europe conferences 2007 - 2011

. InfoTec 2010 - Social Networks and Information Security - Oxymoron or

can you have both?

. Computer Forensics 2010 - Deployment strategies for effective

encryption

. Webinars - Getting and Staying Compliant with PCI DSS, Information

Security and Social Networks, Effective Data Destruction Practices