Security Information

Mark A. Conroy

**** ******** ****, *********, ******** 48197

781-***-**** • **********@*******.***

INFORMATION SECURITY AND RISK PROFESSIONAL

Highly successful IT professional with over 25 years in IT security, risk, compliance, data privacy, risk management, governance, vulnerability management, infrastructure security controls, audit and regulatory compliance. I have success building, managing and motivating teams focused on IT security technology and have a proven track record for meeting and exceeding business expectations and targeted results.

Data Privacy including Domestic and International Regulatory Requirements • ISO27001 • SOX HIPPA • HITRUST, NIST Risk Management Framework • Risk Assessments and Impact Analysis

Compliance Reporting • Data Privacy • Security Program Development • Network Security • Cyber Security • Security training • Strategic Planning • Contingency Planning • Project Management

PROFESSIONAL EXPERIENCE

XlentSoftware Las Vegas, Nv. • Dec 2016 – Present

IT Director - IT Consultant

Serve as the company IT Product Development and Risk Officer supporting information security

products and compliance initiatives. Also, serve as the security and data privacy subject matter

expert.

• Provide security consulting to business initiatives, products and customers regarding COBIT, ISEC, ISO/IEC, NIST, HITRUST, PCI/DSS, SOX, HIPPA.

• Provide mainframe vulnerability assessments and product presentations to prospective customers.

• Visit customer sites to provide customer consulting, training and support.

John Hancock, Boston. Ma • July 2016 – Nov 2016

Senior Security Analyst - Contractor

Senior IT Security Analyst responsible for leading critical security reviews of application and systems on enterprise projects.

• Work with business and IT to implement security measures to meet corporate security policies and external regulations regarding PCI, ISO2700, NIST, HITRUST, SOX, HIPAA.

• Perform application and system risk assessments and security audits of internal and external facilities against established standards.

• Provide consultative advice to information security customers that enables them to make informed risk management decisions.

• Contribute in establishing policies and procedures necessary to ensure the security of information system assets, and to protect them from intentional or inadvertent access, disclosure, or destruction.

• Weigh business needs against security concerns and articulate issues and options to management.

• Ensure user community understands and adheres to necessary procedures to maintain security.

• Communicate risk assessment findings to information security manager and business partners.

• Active participation in strategic initiatives in accordance to the IRM roadmap

XBRIDGE SYSTEMS, San JOSE, CALIFORNIA • Sept 2015 – March 2016

IT Security and Compliance Consultant

Served as the company CISO and Privacy Officer supporting information security initiatives as

the security and data privacy subject matter expert.

• Provided security consulting to business initiatives, products and customers regarding COBIT, ISEC, ISO2700, NIST, HITRUST, HIPPA, SOX, PCI/DSS.

• Provided NIST / HITRUST controls security assessments and product demonstrations to prospective customers.

• Attended security conferences representing Xbridge Systems at vendor shows.

• Visited numerous customer sites to provide customer training and support.

• Presented a PCI update session and participated on the General Security Panel at the Vanguard Security 2015 conference in Las Vegas.

• Speaker and participant on the General Security Panel at SHARE 2016 user conference in San Antonio.

• Participated in the CISO Global Evanta Events 2015 conference in Las Vegas

STATE STREET CORPORATION, Boston, Massachusetts • August 2007 – Sept 2015

Vice President – Corporate IT Risk and Compliance

Serve as the Global IT Security and Privacy Officer subject matter expert focusing on

management and cross organizational risk assessments, audits, external client reviews and

regulatory reviews.

• Developed the IT Data Privacy control program and provided program training to all global IT developers and consultants.

• Provided IT security support to infrastructure, applications, SDLC and operational solutions to ensure appropriate security solutions were implemented.

• Responsible for the management of the IT SOC and SOX reviews, working with internal and external auditors to ensure company compliance.

• Managed a team of IT auditors who performed self-audits against IT controls.

• Documented and managed the ISO2700 IT controls.

• Managed risk reviews for all aspects of the SDLC life cycle.

• Member of the State Street oversite committee for the IBM data center operations and Wipro development outsourcing engagement.

• Project team member to convert RACF Datacom to DB2.

• Provided IT security input to the corporate systems and application strategic planning and vendor risk program.

INVESTORS BANK AND TRUST, Boston, Massachusetts • August 2005 – August 2007

Director - Corporate Information Security

• Lead IT security advisor to the IBT/IBM global IT outsourcing engagement.

• Performed application and vendor risks assessments.

• Developed and implemented the Corporate Information Security and Corporate Security Controls programs.

• Provided management oversight for the SOX, GLBA, SAS70 and Internal Audit reviews.

• Provided security training to system developers and new employees.

STATE STREET CORPORATION, Boston, Massachusetts • Sept 1990 – August 2005

Vice President – Corporate Information Security

Managed a team of Global IT Security Administrators and Security Systems Analysts

• Project manager for the security software conversion for mainframe ACF2, MVS and CICS to RACF security software.

• Converted ACF2 Datacom to RACF

• Responsible for providing global IT security management support for MVS Mainframes, UNIX, Windows, AS400, Tandems, VMS, business applications and security products.

• Built and managed a 30 person, 7x24, corporate security administration support and helpdesk center.

• Managed oversight for security software evaluation, implementations, licensing and vendor management.

• Project manager for security testing and implementations across multiple State Street systems and applications.

• Participated in the development and implementation of the Digital Certificates strategy.

• Tested and implemented the mainframe Vanguard Administrator security products.

• Lead security project manager for IT contingency planning program.

• Lead project manager for ensuring security products, applications and processes were Y2K compliant.

CERTIFICATIONS

CISA, CISM, CRISC

Member of ISACA and ISACA N.E. Chapter

Member of the CISO Executive Chapter

Speaker at Vanguard Integrity Professional user conference 2015

Speaker at SHARE user conference 2016

Contact this candidate