Director, Information Security
Resume:
R sum Summary
I seek a position that will provide responsibility, challenge, and
opportunity within a positive work environment.
Education
. M.B.A. with focus in International Business
St. Edward's University, May, 2012 -Magna Cum Laude
. PMP Certified, 2007
. B.A., University of Missouri-Columbia, 1993: Spanish, French, and
Russian
Employment
Director of Information Security - Xerox, Texas Dept. of Information
Resources Account
April 2012 - present
o Direct four security teams (30 people) and their activities on
an account with 9,000 servers on a $1.5 billion account. Areas
of responsibility include anti-virus (AV), end-point services,
incident management, host intrusion detection services (HIDS),
intrusion prevention services (IPS), and access and identity
management (AIM). Design all new security business processes.
o Responsible for assuring security operations meet Master Service
Agreement (MSA) contractual requirements and Service Level
Agreement (SLA) requirements to minimize financial penalty risk.
o Substantially improved security services from that provided
under previous service provider. Examples can be provided.
o Responsible for assuring security operations meets SSAE-16, PCI,
and Sarbanes-Oxley requirements to minimize financial risk of a
qualified audit.
o Responsible for human resource functions of hiring, employee
performance, firing, and time reporting.
Senior Business Resiliency Analyst - ACS/Xerox, Payment Services Group
August 2011 - April 2012
o Designed and lead system disaster recovery testing to meet
customer contract requirements.
o Performed business impact analysis for all key information
systems and supporting infrastructure. Established Recovery Time
Objective (RTO) and Recovery Point Objective (RPO) for all
systems based on customer contracts and business agreement.
o Managed the Information Technology (IT) change control process
for Electronic Payment Card (EPC) and Electronic Benefit
Transfer (EBT) system changes to assure proposed changes to meet
established security criteria.
o Directed virtual, multi-national engineering teams to migrate
states/call centers/vendors sites to Cisco's Virtual Internet
Protocol Address (VIPA) solution.
Privacy and Security Officer - ACS/Xerox, Inc., Texas Medicaid
Healthcare Partnership Acccount
August 2009 - March 2011
o Directed security for a 1,600-person, $500 million Texas Health
and Human Services Medicaid contract. Served as liaison between
the Xerox/ACS Office of the CISO and Client to assess needs,
coordinate security solution projects.
o Managed corporate Information Technology Security, Physical
Security, HIPAA, Disaster Recovery, Business Continuity, and
Ethics policies and practices to protect ACS and the State of
Texas from regulatory risk.
o Directed investigations regarding security breaches and business
process changes to prevent incident reoccurrence. Directed risk
mitigations in concert with crisis response teams, data
forensics, legal, financial, and human resource business units.
o Directed responses to internal corporate audits and external SAS-
70 audits. Prioritized compliance based on appropriate risk
management and spending.
o Improved HIPAA compliance by: raising PGP disk encryption
compliance to 100%; raised HIPAA reporting from 30% to 100%.
o Directed development of a comprehensive, account-wide security,
training program for technical and non-technical staff. Training
improved incident self-reporting by 75%.
Operations Business Analyst - ACS/Xerox, Inc. - TX Medicaid
Healthcare Partnership Account
July 2008 - July 2009
o Analyzed "as-is" and "to-be" business processes. Conducted
requirement gathering, gap analysis, operational readiness, and
production verification to implement contract Change Order
Requests (CORs)
o Participated in corporate proposal response as part of a
national proposal team. Improved technical solution for the
State of Texas Electronic Health Record (EHR) RFP response by
providing detailed MMIS system architecture information
o Oversaw project compliance of ACS-contracted companies. Vendor
management responsibilities include contract and technical
oversight of implementation vendor, assurance of proper
deliverable submission and adherence to contract and business
requirements and ACS and HHSC policies, procedures, and
standards of quality
o Achieved business unit process improvement by implementing the
use of PMBOK methodologies
Business Analyst - First Data - Indiana Eligibility Modernization
Project
Business Analyst - May 2007 - May 2008
o Conducted operations verification and validation oversight for
$1 billion project implementation of the Indiana Family and
Social Service Administration (FSSA) Eligibility Modernization
efforts of TANF, Food Stamps, and Medicaid
o Used PMBOK methodologies to lead work plan and contract change
order monitoring to assure IBM and ACS contract compliance.
Reviewed Contract Change Requests/Change Orders for operational,
time scope, or cost impact. Provided written recommendations to
management for discussion in weekly Change Control Board (CCB)
meetings
o Reviewed and analyzed written deliverables submitted by IBM,
such as planning documents, IT and operational policies and
procedures. Verified adherence to deliverable acceptance
criteria, and provided recommendations for improvement
o Participated in RFP and other business development processes
Research and Appeals Specialist - First Data - Texas Access Alliance
Project
January 2006 - April 2007
o Researched CHIP and Medicaid eligibility issues for the Texas
Eligibility Modernization Project. Analyzed client cases for
system and operational errors and HHSC policy compliance.
Provided written corrective action plans to prevent case
escalation to the Texas Health and Human Services Commission.
Resolved issues according to State of Texas-HHSC Policy and
Procedure (CHIP and Medicaid)
International Experience
. Six-month study abroad program participant in Valladolid, Spain,
1989
. Business and Management in the Multicultural Environment of Central
Europe - Global Business Seminar in the Czech Republic - June, 2011
. Business and Management in Central America - Global Business Seminar
in Honduras - October, 2011
. Business and Management in South America - Global Business Seminar
in Chile - March, 2012
. Travels abroad include trips to: England, Portugal, Mexico, Spain,
and France
Achievements
ACS Government Health Services Corporate Mentor Program, 2009
GPA 3.8, St. Edward's University
Dean's List, University of Missouri
References
Jeff Brewer, CISSP, CRISC, CISA Robin Abbott, J.D.
Business Information Security Officer Assistant General
Counsel,
ACS/Xerox, Portland, OR Texas Department of
Information Resources
Gary Pletcher, PhD. Trish Diffee, C.P.A.
Director, Global Business and Social Whole Foods, Inc.
Justice Institute Austin, TX
St. Edward's University 512-***-****
Austin, TX 512-***-****
Markus Fromherz Clark Snodgrass
Chief Innovation Officer, GHS, ACS/Xerox, Inc. Chief Technology
Officer, TX
Palo Alto, CA Health and Human Services
Contact this candidate