Kevin Sawyers - CISSP, CRISC, CISA
630-***-**** ***********@*****.***
Global Cybersecurity Risk Assessment & Management Security and IT GRC Strategy
Professional Profile
Accomplished executive and dynamic leader with hands-on experience defining and driving global security strategies forward. Proven record steering and developing major programs, organizational security transformations, and innovative solutions for global initiatives of industry-leading organizations. Thrives in high-volume environments with ability to navigate ever-changing business needs, improve operations, and continuously drive stability.
Recognized for expertise across Global Security Operations and Management, Risk Assessment, Application and Product Vulnerability Management and Security, Information Security Architecture & Innovation, Control Reengineering, Project & Program Development, Cybersecurity, System Planning, and Data Protection.
Adept at cultivating partnerships and building trusted relationships across global business sectors as an internally and externally facing cyber advocate, including C-level communications within leading Fortune 500 organizations.
Unparalleled ability to develop and lead large and diverse on- and off-shore teams, and ensure a high level of performance standards, while simultaneously developing programs from the ground-up, and administering multi-million dollar budgets, as well as enhancing operations focused on business solutions and security.
Experience complemented by a Master of Science in Information Systems and CISSP, CRISC & CISA certifications.
Areas of Expertise
Information, Application & Product Security – Cloud First Digital Transformation with Azure/AWS Security – IoT
Multi-Million Dollar Budget Management – Risk Management – Strategic Planning – Contract Negotiations
Global Management – Security Architecture – Data Protection – Board and C-Suite Communications
Cross-Functional Communications – Security and IT GRC Program Development & Leadership – On & Off-Shore Teams Coaching & Mentoring - ISO 27001 – NIST CSF – SOX – Metrics – GDPR - ADA Compliance – M&A Security Assessment
Professional Experience
Secutor Consulting– Chicago, IL May 2019 to Present
Cyber Security V-CISO Consultant
I tackle cyber security challenges of virtually every size and any type. With a wide range of specialities, including building world class Security and IT Governance, Risk, and Compliance programs. We are a VAR, an auditor, an incident response team and do systems integrations. We help our customers figure out what is missing in their program, build a plan to get it right in the most cost-effective manner, implement the plan, and maintain it.
ABC Supply – Beloit, WI August 2014 to April 2019
Manager/Chief Information Security Officer (CISO)
Directly established, hired, and managed a new high-performance Security Department comprised of a dynamic staff of Security Analysts, Security Architects, GRC staff, contractors, and consultants for a $10B+ private organization while reporting directly to the CIO, and managing a $2M+ budget. 15K+ user base with multiple SBUs.
Notable Achievements:
Substantially increased ABC’s Security and GRC maturity from a NIST Tier 1 to Tier 3 maturity within 2 years.
Achieved 90% reduction in critical & high vulnerabilities within 6 months by implementing LogRhythm and Tenable.io along with a metrics strategy.
Collaborate with IT and business partners utilizing data and business intelligence to build and secure connected products/applications.
Chosen to present quarterly to Board and Audit Committees on the state of Security and GRC operations.
Steered and secured digital transformation to Azure, with 90% of stack transitioning to Cloud.
Created robust IT Security, Risk and Governance Program from ground-up, including:
oAdopting NIST CSF, developing IT and IT Security policies, procedures, and processes, a control framework, maturity model, DR/IT BCP plans, an audit program, and a risk framework.
oSeamless Security team integration with key IT and Business stakeholders around cloud security implementations using Azure
oImplementation management of new vulnerability scanning application (Tenable); and implementation and configuration management of new SIEM (LogRhythm) for alerting, alarming, and triage.
oEstablished Senior Executive Security Steering Committee (CLO, CFO, VP HR, VP Operations, CIO) to communicate any current security threats or potential innovate security solutions for ABC.
oCreated organizational wide vulnerability management process and procedures with SLA agreement.
oPartnered with MSSP for threat hunting and incident response management.
oManaged implementation of Privileged Access Management (BeyondTrust) to assess and remediate accounts based on least privilege.
oEstablished Security Operations daily standup for sharing current security related vulnerabilities and threats while incorporating security engineering, Infrastructure and Dev Ops.
oDeveloped and rolled out a first time Security Awareness program, including phishing campaign, signage, metrics, outside speakers, awareness modules, lunch and learns, and ambassador program.
oCreated risk-based Vendor Security Program where team led contact review, redlines, and remediation of gaps via security questionnaires.
oRecognized for establishing IT Security Advisory Board consisting of IT Leadership for Security visibility and risk decisions.
oTactically managed annual external vendor penetration testing and remediation as well as ABC’s own penetration testing strategy.
oPartnered in implementation of Okta MFA on external user access – PA VPN, SSO, OWA, Citrix, and PAM.
oDirected PCI Program compliance and remediation.
oEstablished inter-departmental Security Incident Response Team and performed annual table top exercises throughout organization.
Millward Brown – Lisle, IL January 2014 to August 2014
Manager, IT Governance and Compliance
Led high-performance team driving ISO 27001 core control framework implementation and certification to support organization across both IT and Business. Coordinated and planned audit activities initiated by internal and external audit teams, clients, and consultants. Steered global organization, with $1B+ in revenues, with information security, data privacy, and risk management.
Notable Achievements:
Significantly reduced risk by 30%+ and drove operational, contractual, and regulatory compliance to prevent potential non-compliance litigation.
Drove risk reduction and control enhancement by delivering advisory services focused on risk and compliance to IT management, Finance management, and senior executives.
Served as Vendor Security Program Manager with responsibility for facilitating contract negotiations and vendor environment IT/Security assessment to ensure offsite company data protection.
Arthur J. Gallagher & Co. – Rolling Meadows, IL 2012 to 2014
IT Security, Risk and Compliance Supervisor
Actively managed IT Security and GRC function with a 27K+ user base, including overall IT Security compliance to SOX, PCI, IT policies and procedures. Concisely monitored vulnerability testing results and assisted in risk assessment and remediation of vulnerabilities. Collaborated in IT Risk Assessment Program (ISO) implementation across 6 global divisions.
Notable Achievements:
Transformed SOX Program with 40+ cross-functional team members across 6 global divisions with $6B+ in revenue.
Ensured data privacy and recommended needed changes by evaluating existing methods and controls.
Remediated material weaknesses through ehanced security through recommended tools and controls
Additional Professional Experience
Senior Information Risk Management (IRM) 2010 to 2012; & Senior IT Auditor 2005 to 2010
Allstate Insurance – Northbrook, IL
IT Staff Auditor 2003 to 2005
Ernst & Young – Chicago, IL
Education & Professional Certifications
Master of Science (MS), Information Systems
DePaul University
Bachelor of Science (BS), Finance
University of Iowa
Certified Information Systems Security Professional (CISSP)
Certified in Risk and Information Systems Control (CRISC)
Certified Information Systems Auditor (CISA)
Professional Awards & Affiliations
ABC Supply President’s Award
Chicago CISO Executive Group
Cloud Security Alliance
IoT Security Foundation (IoTSF)
ISACA
ISC2
United Way – Blackhawk Region