Security Manager
Resume:
Philip E. McMurray, CISSP
____________________________________________________________________________________________________________________
_
** ******’s Crossing – Suffield, CT 06078 – Phone: 860-***-**** – *********@***.***
____________________________________________________________________________________________________________________
_
Information Security and IT Audit Leader / Experienced Information Technology Professional
Key Skills and Experience
Highly-experienced Information Risk Leader with outstanding credentials built during a 25-year career with experience
including leadership roles in the fields of Information Security and IT audit, system development and enterprise architecture, with
both ‘Big 4’ firms and with private industry. Significant skills and accomplishments from ‘both sides of the table’ include:
Extensive Information Security Credentials and Expertise: Extensive experience leading information security
advisory engagements across multiple industries and recent experience as Senior Manager in the ‘Big 4’. Served as Chief
Information Security Officer (CISO) and successfully created a world-class information security department for the nation’s
leading direct mail company, including strategy, support, technology implementation, operations, business processes and
SOX readiness.
Proven Business Development Experience: Strong, proven ability to develop new business and to extend existing
client relationships. Key business development success includes multi-year and individual projects totaling neraly $100
million. Adept at working with vendors to develop market offerings within the information security marketspace.
Practice and Project Leadership Experience: Successful history of leading simultaneous Information Security and
IT Audit projects across multiple industries. Extensive experience leading teams and risk consulting practices, including
staffing and staff supervision, budgeting, resource alignment, planning, training (including international IT controls training)
and mentoring.
IT Audit and Compliance Experience: Extensive experience in leading IT audits and readiness engagements across
multiple industries. Developed both regional and national IT audit methodologies for professional services firms, and
served as subject matter expert for information security, IT audit and controls, and regulatory consulting for both firms.
Broad Understanding of Underlying Technologies and Business Processes: A broad background in software
development, technical architecture, databases, infrastructure and business resiliency forms the basis for a strong history of
success in both internal and external Information Security and IT Audit roles. Specific, detailed experience in architecting
and implementing a wide range of technology security solutions including end-user system security, identity management
and role-based access controls, firewalls, intrusion management (signature-based and heuristics-based), event logging, single
sign-on, workflow-enabled systems and security assessment solutions.
Cross-Industry Knowledge: Strong client-service focus with experience with multiple industries including
technology, financial services, healthcare, manufacturing, telecom, utilities, consumer goods and public sector vertical
markets.
Executive Communications and Relationship-Building Skills: Adept at developing and delivering executive
communications/presentations to clients, boards of directors, senior firm executives and audiences of all sizes. Strong skills
in developing cross-functional networks and cross-service line collaborative relationships.
Professional Experience
Brought considerable organizational and leadership skills into play in helping to define departmental strategy and reorganize the
company’s information risk department. Significant achievements focused on integrating team efforts across
departments (including IT governance, compliance and internal audit) and developing a system of comprehensive
metrics for senior leadership and board presentations. Led all aspects of information risk consulting and information
security analytics for applications, infrastructure, vulnerabilities and vendor relationships.
Served in numerous engagement and practice leadership roles. Significant achievements included leading multiple, simultaneous
advisory and IT audit engagements, designing and implementing firm-wide audit and compliance testing
methodologies and leading the development of a regional ERP risk consulting services practice focusing on
Governance, Risk and Controls.
Served in regional and national leadership roles in the areas of technology controls and SOX readiness. Extensive business
development success included external audit services, controls assessments, SAS70s and regulatory engagements
totaling over $90 Million. Representative clients included The Federal Reserve System, BlackRock, MetLife, John
Hancock, Citizens Financial Group, GenRe, Liberty Mutual, Affinion Group, Northeast Utilities, The Travelers and
numerous other clients.
Created a comprehensive Information Security Department for the leading national shared mail marketing company with annual
revenues of $1.6 billion. Operationalized and led this department until an acquisition resulted in the elimination of
the CISO role. Significant achievements included architecting and implementing a wide range of information risk
technologies including identity management, role and responsibility management, internal portals, workflow-enabled
applications and intrusion management. Also, led the company through SOX readiness and years one and two of
SOX IT audit including planning, testing remediation and reporting.
Led multiple Information Security and IT Audit engagements focused on the financial services and healthcare industries.
Significant achievements included serving as regional practice subject matter expert for information security, and
security risk assessments, privacy, regulatory compliance and technology audit.
Extensive experience in developing thought information security leadership materials and other marketing information.
Representative client list includes Aetna, The Hartford, Connecticare, Liberty Bank, Northeast Utilities, United Healthcare and
many other clients.
Prior Experience
Prior to the positions listed above, held several earlier roles including Director of Professional Services for a leading security
software vendor, a Manager role with Ernst & Young LLP, a Programmer/Analyst in the United States Army
(including two years as a faculty member at The United States Military Academy at West Point, New York and three
years serving with a national research and development command at Fort Ord, California) and as a Product Manager
for Microcom Systems specializing in data communications and terminal emulation software.
Technical experience beginning in 1984 has included extensive exposure to mainframe and midrange systems, networks (LANs
and WANs across multiple protocols), applications, client systems, databases and business processes.
Education, Certifications and Affiliations
Contact this candidate