Data Engineer
Resume:
Marlin Pohlman
*** ** ***** ********, ** 503-***-**** ******.*******@*****.***
OBJECTIVE
Experienced 18-year veteran in Identity Security and IT Governance. Seeking a position as Data Analyst where I can utilize my security and compliance expertise, effective communication skills, and vast creative experience for the success and growth of the organization AREAS OF EXCELLENCE
ISMS and IdM Program Execution IT Governance Staff Development/Training Multi-national Privacy & Regulations BCP/DR Healthcare (HITRUST) and PCI ISO ISMS Standards Cloud Security Standards and Audit EXPERIENCE
Data Engineer/Analyst – Cognova Analytics March 2013 – March 2018
(from inception currently in SEC pre-ipo quiet period)
● Analysis and report generation of Client SNPs based on genomic datasets stored in Amazon DynamoDB via RStudio and Juypter notebook in Python (Anaconda)
● Use of Geneious 11.1.4 suite of molecular biology and NGS analysis tool for Microsatellite location and Genealogy (paternity) verification (phylogenetic analysis)
● HITRUST HIPAA audit of a AWS hosted cloud based infrastructure
● Secure architecture integration relating to required Bioinformatics software
Cas-OFFinder, Cas-OT, DESKGEN, CRISPRScan, CIISMERE, CRISPROr, GT-Scan integration with datasets provided by ENCODE Project, Lifecode and OMIM for use in a High-Throughput Cloud based Genome Engineering platform
● Personnel audit for toxic role & responsibility matrices (COBIT 5)
● PCI audit for AWS hosted credit card payment interface. Contract Auditor – State of Oregon March 2012 – March 2013
● Responsible for audit of the selection strategy and deployment Oracle identity Management components relating to employment department. Chief Governance Officer – EMC Corporation January 2010 – March 2012
● Responsible for setting the direction, trajectory and investment strategy of EMC’s Cloud Governance, Risk and Compliance product suites
● Designed, marketed & externally evangelized the security and governance product strategy of VMWare, (97% owned subsidiary) and RSA, the security division of EMC.
(over 50 external speaking engagements)
● Created and coordinated the Cloud Governance program within the EMC office of the CTO charged with creating, maintaining and implementing security standards and architecture for select participants of the EMC Customer Reference Program.
● Managed team of 14 Security Subject Matter Experts and business consulting personnel who were deployed at clients agreeing to participate in the Customer Reference Program.
● Oversaw $2M annual security budget and 14 regional matrix managed SME consulting staff.
● Delivered coordinated cloud security standards efforts in Cloud Security Alliance, DMTF, ISO, 451 group, OpenGroup, Open Data Center Alliance, OMG, OCEG, ISF, BITS Shared Assessment, HITRUST, IETF, ISACA and ISSA, ITU.T SC 17, ISO/IEC SC27 CS1, World Economic Forum(Davos) .
Appointed volunteer industry leadership role: Cloud Security Alliance – Global Strategy Director.
● Responsible for Cloud Control Matrix content development team of 16 volenteers. o Developed the Cloud Security Alliance and ISO 27017 Cloud Security standards based on customer requirements.
● Managed technical lobbyist activity: Tech America, Business Software Alliance, US. House of Representatives, Association of Southeast Asian Nations, Kingdom of Thailand, Japan Ministry Information Technology and Trade, Malaysia Technology Development Corporation (MTDC), EU Parliament – INFSO Communications Committee.
● Human resource management: three direct reports, 40 people total on four continents. RSA / VMWare - Office of the CTO October 2009 – December 2009
● Functioned as virtual CISO for Customer Reference Program participants planning, executing, and managing information security and risk management program for key EMC clients.
● Served as board level strong voice for security processes and security control standards for Customer Reference Program participants.
● Delivered a zero vulnerabilities exploited metric for 24 months in Customer Reference Program clients once the program was implemented.
● Entrusted with evaluating new security technology, secure coding practices and SCAP vulnerability assessments for select Reference Program participants.
● Responsible for setting the direction and trajectory of Governance, Risk and Compliance regulatory strategy.
Director, IdM Governance, Risk & Compliance – SunGard Feb. 2009 – Sept. 2009
● Created and ran the Identity and Information Systems Management program within Sungard consulting services.
● Direct team of 9 information security specialists with authority for information risk management, IT audit and compliance, information security operations, infrastructure and applications, incident response for Sungard customers.
● Coordinated security management across corporate IT, security, legal, ERP and HR for clients as virtual CISO.
● Functioned as change agent for improvements in security, compliance, and audit of client business critical systems.
● Responsible for coordinating adoption of Banner/Ambit financial SaaS platform information assurance and IT governance for twelve financial services clients.
● Software Subject Matter Expert Focus: Banner UCM, SunGard Ambit banking, Banc Ware Risk & Performance Management, Adaptiv, Protegent, APT and Infinisty SaaS/SOA/BPM financial platform.
● Human Resource Management: Lead 28 developers and consultants in three divisions. Sr. Director – GRC Strategy - Oracle Corporation Dec. 2007 – Feb. 2009
● Coordinated cross business unit IT governance and product security under the direction of Oracle Chief Security Architect.
● Lead M&A efforts to build out GRC and IdM product portfolio o Developed first commercial Identity Management solution for Oracle (OIM)
● Software Development: Oracle GRC manager Product – 30 person development team. o Designed GRC Manager Product: IT Governance Module, Policy (Legal Compliance) ModuleBRD GRC Intelligence Product: PCI DSS Dashboards, FISMA / HSPD-12 Dashboard - BRD (Waterfall SDLC development methodology)
● Delivered IT Governance Module, Policy (Legal Compliance) Module, Life Science Module o Delivered Competitive Intelligence: Microsoft One-Compliance, Microsoft Identity Lifecycle Manager 2007 FP1 & Microsoft Identity Integration Server (MIIS) 2003, Autonomy, Interwoven, Open pages & Agiliance IT Governance – Complete Deployment, Integration and Unit o Executive Leadership: Managed a team of 30 developers across three continents with $5M P&L.
Director – GRC Technology Business Unit – Oracle Corporation Nov 2003 – Dec 2007
● Developed ISMS, Risk Management and Regulatory Compliance Solutions
● Managed team of 4 information security specialists focused on IT security and governance o Delivered line of business solutions accelerators for manufacturing, banking, retail, higher education and defense agency.
● Founded a cross business unit IT governance partnership for Siebel, PeopleSoft, eBusiness Suite business units under the direction of Oracle’s Chief Security Architect and Chief Security Officer. o Served as the Oracle consultant to Government of Turkey, which resulted in the BDDK COBIT legal adoption as the BIS (Basil) II compliance metric.
● Maintained Analyst Relations for GRC (Gartner, IDC, Forester) resulting in magic quadrant placement for GRC Manager Product in 2007.
● Designed and delivered an Identity and GRC implementation methodology for Oracle Unified Method release 4.5. o Published regulatory decomposition of COBIT, ITIL, ISO27001, NIST 800, FISMA, AN/Z4360, BSI IT-Grundschutz, Joint EU Framework
(ISO/IEC 27001:2005, ITIL and CobiT)
Director, Identity Management Practice – Schlumberger Sema Mar 2002 – Nov 2003
● Product Development: LDAP Directory Proxy Product.
● Designed and developed a directory and provisioning implementation, compliance regiment for EU Directive 95/46/EC and US DOC Safe Harbor/GLBA.
● Executive Leadership: Managed a team of 30 developers across three continents with
$1.5M P&L.
CEO/Founder– Coradon Consulting Dec 2001 – Mar 2002
● Founded and managed consulting firm with $3.2M yearly revenue servicing IPlanet professional service, AOL and Netscape professional services contracts.
● Executive Leadership: Managed a team of ten developers with $1 M annual P&L.
● Cited as a model “post dot com” consulting firm in Promoting Yourself by Hal Lancaster. OTHER POSITIONS HELD
Sr. Managing Principal Directory Services- iPlanet Professional Services (AOL) Sr. Managing Principal Consulting Services- Netscape Systems Integration Consultant- IBM Research Triangle Park
PROFESSIONAL DEVELOPMENT
Bachelor of Science in Engineering Physics, 1995 University of Tulsa Certification: Media Training for Executives Certificate; presented by Cosway, Australia Licensed Professional Engineer 10704 EI #
Certified Information Systems Auditor 0437642 CISA # Certified Information Security Manager 0606405 CISM # Certified Information Systems Security Professional 85798 CISSP # Certified in the Governance of Enterprise IT 225966 CGEIT# Certified in Risk and Information Systems Control 1001645 CRISC# HITRUST Certified QSA CCSK – Cloud Security Alliance Certificate of Competency AFFILIATION
The Open Group – Cloud Security Focus Group (ISO SC27 Liaison) ISACA – Professional Standards Committee (ISO SC27 Liaison) International Telecommunications Union SC17 security committee delegate ISO/IEC SC27 JTC1 Editor ISO 27017 Cloud Security Standard American Computing Machines
(ACM)
Membership Mensa Member ID 100174880
MEIT IEE Society of Great Britain
PUBLISHED WORK
Book Title: Oracle Identity Management: Governance, Risk and Compliance Book Title: Oracle Identity Management: Governance, Risk and Compliance 3rd edition Book Title: LDAP Metadirectory Provisioning Methodology: a step-by-step method to implementing LDAP based metadirectory provisioning & Identity management systems Book Title: LDAP and Metadirectory Architecture
STANDARDS
Author of two Internet RFC in the areas of identity management and messaging LDUP Protocol 42-IETF, DIX Protocol 66-IETF/Liberty Alliance
PATENTS
Holder of four patents in the areas of identity management and messaging
Contact this candidate