Manager Security
Resume:
- - - - - SENIOR SECURITY, RISK MANAGEMENT, & COMPLIANCE EXECUTIVE - -
- - -
Distinguished 20+ year career introducing strategies to decrease exposure
and strengthen organizations - Expert in creating the systems, tools,
processes, and methodologies to establish best-in-class security, risk
management, and compliance organizations.
Change agent with strong innovation and transformation leadership -
Strength in creating synergy between teams, regulatory agencies, legal,
operations, engineering, business, and partners to identify risks, create
mitigation controls, and deploy strategies to minimize vulnerability,
reduce risk, and achieve compliance.
Passionate leader with proven ability to motivate, energize, and achieve
success - Skilled in building dedicated global teams sharing common vision
and goals.
- - - - - CORE SKILLS - - - - -
Strategic Planning & Organizational Information Assurance Framework &
Leadership Governance
Security Operations Management & Proactive Security Monitoring &
Optimization Incident Response
Risk & Vulnerability Policies, Procedures, Standards, &
Assessments/Auditing Technical Safeguards
Global Data Protection & Privacy Security, Business Continuity, &
Compliance Mitigation Awareness
- - - - - EXPERIENCE & ACHIEVEMENTS - - - - -
STERLING COMMERCE - Dublin, Ohio
Built an impressive record of achievements through a series of increasingly
responsible positions for this leading provider of business process
integration and multi-channel selling and fulfillment solutions to
organizations globally.
Director, Global Security & Business Continuity / Disaster Recovery (2004-
Present)
Drove the creation of organization's 1st centralized Global Information
Security, Business Continuity/Disaster Recovery, and Privacy/Data Protection
Organization to minimize risks and exposure.
Hold total accountability for the direction, architecture, planning,
delivery, and management of global security, risk management, business
continuity, and data / regulatory compliance strategies. Manage team of 10
in defining frameworks, programs, and tools to evaluate, measure, and
mitigate vulnerabilities globally. Collaborate with business leaders to
advocate information security, business continuity planning, and compliance
to enhance adoption. Member of the Technology Architecture Board. Report
directly to Senior Vice President of IT and Operations.
- Launched new Information Security Program, ensuring the
confidentiality, integrity, and availability of customer and employee
data. Solution has resulted in zero impact security incidents or
compromises since inception.
- Strengthened Disaster Recovery framework enabling the reduction of
Recovery Time Objective (RTO) for critical business applications,
systems, and services by 38%. Introduced automated alert notifications,
personnel and media mobilization, alternative documentation
repositories, and enhanced technical recovery procedures.
- Directed the rollout of Business Continuity portal to provide insight,
information, procedures, training, and awareness across the enterprise.
Site was enhanced to integrate Emergency Communication Services and
critical business, safety, and security data to all users.
- Established and led Global Data Privacy Officer and Regulatory
Compliance Manager in reducing corporate data protection violations.
Partnered with legal, human resources, engineering, and business to
achieve compliance with U.S. and European Data Protection Laws,
securing TRUSTE's privacy and Safe Harbor good keeping seals.
- Completely expanded global security framework to achieve PCI compliance
and improve PII data protection. Led the rollout of disk and email
encryption, Intrusion Detection (IDS), global Internet Filtering, and
web proxy technologies. Developed strategy for Single Sign-On and
Identity Access Management.
Michael J. Nappi - Page Two
- - - - - EXPERIENCE & ACHIEVEMENTS - - - - -
- - CONTINUED - -
Manager, Global Security (2001-2004)
Championed all efforts to build and manage company's 1st Global Information
Security Organization to minimize risks and enhance compliance across the
enterprise.
Full strategic and operational oversight for building and managing security
framework, teams, programs, and policies to decrease exposure, drive
awareness, and minimize vulnerability. Led dedicated teams in defining,
implementing, and overseeing enterprise-wide global security architecture,
risk management, incident response, auditing, compliance, and awareness
strategies to effectively safeguard assets, confidential information, and
intellectual property of internal employees and customers. Held complete
accountability for global team of 5. Reported directly to Vice
President/CIO.
- Pivotal role in designing and implementing organization's 1st
centralized Security and Information Assurance Program, enabling the
creation and adoption of security and privacy policies, standards, and
procedures.
- Led teams in conducting a gap analysis of environments and processes;
evaluating risks; and implementing appropriate controls, enabling the
obtainment of HIPAA and Sarbanes-Oxley compliance within 1st year.
- Instituted the Security Incident Response Team (SIRT) with associated
methodology and processes to proactively identify and resolve security
threats and incidents. Team was recognized for improving reaction time
and remediation of systems due to Internet attacks.
- Established global Network Monitoring framework to appropriately
monitor and capture security metrics in real-time across all critical
applications, infrastructure, and access points.
- Directed the rollout of intrusion detection and prevention, web
filtering and reporting, DMZ architecture, forensics, 2-factor
authentication, and global remote access technologies and standards,
reducing security threats and vulnerability.
- Established a comprehensive Auditing and Compliance Program providing
an effective framework for system and network compliance verification,
process validation, production certification, and Internet perimeter
health.
Director, Global Strategic Directions (2000-2001)
Oversaw the establishment of direction, architecture, and standards for
network and security infrastructure globally.
Chosen for newly established position and charged with building a
centralized Global Strategic Directions Organization to meet evolving
organizational needs. Provided leadership and framework to actively
identify global goals and resolve critical issues. Led team of 8 network
and security architects in defining strategy and roadmap to effectively
standardize and expand infrastructure globally. Managed staff of 8 and a
budget of $3 million. Reported directly to the CIO.
- Directed the development of the enterprise network architecture plan
and framework, providing an effective means to expand overall services
to customers and internal business organizations.
- Spearheaded the successful integration of 3 disparate global divisions
into a centralized organization to support new strategic direction.
- Championed the introduction of security awareness and training programs
across the enterprise to enhance visibility and adoption of new
standards and procedures.
- Negotiated global contracts with corporate network service providers,
reducing annual costs by 20% while improving network diversity.
Michael J. Nappi - Page Three
- - - - - EXPERIENCE & ACHIEVEMENTS - - - - -
- - CONTINUED - -
Director, Global Network Services (2000); Manager, Network Services (1994-
2000)
Spearheaded the design, implementation, and management of organization's
LAN/WAN infrastructure to ensure optimal integration and secure information
access globally.
Promoted to Manager of Network Services to build and lead global teams in
evaluating, recommending, implementing, and supporting network
infrastructures within corporate Data Center and remote locations. Advanced
to Director of Global Network Services to drive the continued expansion of
global networks to support growth. Directed teams in designing, deploying,
and administering LAN/WAN infrastructures supporting core business
applications and services.
- Led the successful design and rollout of the 1st WAN infrastructure to
ensure optimal integration between The Americas, Europe, and AsiaPac
Divisions, based on Cisco, T1, Frame Relay, and X.25 technologies.
Provided network and security design, planning, deployment, and support
expertise.
- Managed the build-out of LAN infrastructures across all 3 divisions
globally, utilizing Token Ring and FDDI architecture. Oversaw the
subsequent upgrade to Novell NetWare and Windows NT architectures.
- Established the 1st network management platform, comprised of HP
OpenView, Cisco Works, and 3Com technology, to provide a proactive
means to identify and troubleshoot network and security issues.
- Strengthened relationships with IBM, Cisco, HP, Logos, and Microsoft
vendors and positioned Sterling as a premiere customer, achieving cost
savings while ensuring high levels of accountability.
- Credited with building a high-performance team recognized for exceeding
internal and customer goals.
Senior Software Communications Engineer/Supervisor (1990-1994); Network
Systems Programmer (1986-1990)
Played key role in overseeing the expansion and optimization of highly
transactional communications environment supporting internal operations and
more than 23,000 customers globally.
Originally recruited as Network Systems Programmer to deploy and administer
company's communication platform. Advanced to Senior Software
Communications Engineer/Supervisor to lead team in continuously enhancing,
upgrading, and troubleshooting issues across highly complex communications
platform to ensure optimal uptime and performance.
- Recognized for leading the successful relocation of Data Center with
minimal disruption to business operations. Planned and oversaw the
upgrade of platform to expand overall capability.
- Selected as Employee of the Year in 1989 for deploying the next
generation of communication platform, improving overall processing of
transactions while meeting industry standards.
- - - - - EDUCATION - - - - -
Associate of Science in Computer Science - Columbus State Community College
Bachelor of Science in Technical Operations Management - DeVry University
2/2011
Certification & Associations
Certified Information Security Manager (CISM)
Member, Information Systems Audit and Control Association (ISACA), and
InfraGard
Michael J. Nappi
Contact this candidate