**** *. ******** ****, ***** *** 216-***-**** (M)
Cleveland, OH 44114 acgceg@r.postjobfree.com
Gareth C. Webley
Objective Continue career building through a Corporate Security executive position within a
large corporation; where my experience, industry recognized leadership, and
expertise in information and physical security experience can be fully leveraged.
Current March 2013 - Present Entropic Light, Cleveland, OH
Founder
• Exploring the artistic nature of abandoned industrial structures in the North
East Ohio area via photography.
Creative photography in the form of the juxtaposition of human forms against
•
the decay of once majestic industrial buildings.
Preparing to publish a book that captures the essence of the structures before
•
they are demolished.
Experience 2010 – March 2013 Eaton Corporation, Cleveland, OH
Chief Information Security Officer
• Managing international enterprise information security, privacy, technology
risk management, physical access and surveillance areas.
Established a comprehensive security program and multiyear technology
•
plan.
Develop and deploy security infrastructure, policies, and architecture.
•
Programs to assure ITAR compliance and intellectual property protection.
•
Assure compliance with a wide array of international government
•
requirements with a focus on EMEA data protection and privacy.
2009 – 2010 CVS Caremark, Woonsocket, RI
Chief Information Security Officer
• Accountability for information security and technology risk management for
the entire corporation.
Creation of a corporate-wide information security program based on the ISO
•
standards framework.
Responsible for security technology, policies, and architecture.
•
Manage Payment Card Industry level one compliance and certification.
•
Assure compliance with SOX, HIPPA, and government health mandates.
•
1999 – 2009 National City Corporation, Cleveland, OH
Chief Security Officer: 2003 – 2009
th
• Responsible for all Security for 8 largest Financial Services holding company
in the United States through a true corporate security department.
Manage department of 250 security professionals with a $35MM+ budget.
•
Oversight of Privacy policy, procedures, and technology.
•
Full responsibility for physical security and complete life safety at all corporate
•
buildings, bank branches, and operational facilities.
Investigations and Enterprise Fraud.
•
Thought and practice leader in Security Convergence.
•
Chief Information Security Officer: 2002 – 2003
• Manage department of over 50 information security professionals with a
$9MM budget.
Execute strategic information security program, planning, and delivery across
•
entire corporation, including numerous subsidiaries.
Early adoption of an ISO 17799 based security program and policy
•
Board reporting and accountability for all regulatory requirements and
•
corporate governance issues.
Director of Information Protection, SVP: 2000 – 2002
• Directed the substantial growth of information security department
approximately four-fold over two years.
Established such key security practices as:
•
Enterprise ecommerce DMZ’s for online banking with multi-tier firewalls
•
– recognized by regulators as ‘best-in-class.’
Establish core foundation for eCommerce single-sign on.
•
Corporate-wide intrusion detection and centralized monitoring.
•
Full function forensics team and computer incident response team.
•
Three-tier virus protection resulting in virtual immunity to virus and worm
•
outbreaks.
Security Awareness and Training programs.
•
Complete penetration testing and ongoing vulnerability services.
•
Deployment of enterprise provisioning software and Role-Based Access
•
Control methodology that included request workflow.
General Manager, VP – Information Protection: 1999 – 2000
• Established the business case and lobbied for the creation of an enterprise
group for Information Security.
Grew team from essentially an administration team into recognized leaders
•
within the corporation and industry for security technologies and policy.
Established relevance and importance of data security within a bank.
•
Structured and built support for group expansion and responsibility growth
•
for things such as security engineering and internal firewall support.
1989 – 1999 BP America, Inc., Cleveland, OH
Consultant, Information Security: 1993 – 1999
• Transition and implementation of distributed systems security from
Mainframe model.
Pioneering work on security policies across the globe.
•
Developed contingency planning activities.
•
Designed refinery security alerting systems in conjunction with physical
•
security.
Early work on Internet firewalls, large scale Internet e-mail services and corporate
•
data protection.
Began vulnerability assessments and other risk models.
•
Education 1986 – 1990 Youngstown State University Youngstown, OH
A.B., Dual Major: Economics and Computer Science.
•
C.I.S.S.P. (currently lapsed), I.S.S.A Member
•
Interests Technology, Photography, Running, and Travel
Affiliations Charter member of Microsoft’s Financial Services Security Council
Other key industry Customer Advisory Boards – Accuvant, Inc.
Previous Open Security Exchange Convergence Council
Previous BITS Advisory Council Member