Resume

Sign in

Cyber Security Professional

Location:
Somerset County, NJ
Posted:
April 12, 2016

Contact this candidate

Resume:

Robert Parham, MBA, CISSP, HITRUST

** ****** ****** • Somerset, NJ 08873 • acuby0@r.postjobfree.com• 609-***-****

Forward-thinking Information Security Leader who introduces cutting-edge solutions and strategies to mitigate risk and data breaches that undercut organizational integrity. Leverages subject matter expertise in governance, risk management and compliance within Financial Services and Healthcare settings, 20-year Air Force career and a passion for continuous learning to deliver information security to the full satisfaction of all stakeholders. Interfaces and collaborates comfortably with all levels of the organization, clients and third-parties, easily communicating the most technical and complex information clearly and concisely. Demonstrated success in…

Information Security Governance: Developed enterprise-wide information security governance program for Horizon Blue Cross Blue Shield of New Jersey. Introduced foundation security control framework that ensured regulatory and contractual compliance. Established capability to identify security vulnerabilities, develop corrective action plans and trend analysis metrics that facilitate continuous improvement of the security program.

Security Risk Management: Reduced information security risk across TD Waterhouse organization by developing information risk methodology and approach that was aligned to both the culture and business strategy of the organization.

Network Security: Built the first security operations capability for Headquarters Air Force Personnel Center (HQ AFPC) that aligned with the Air Force Computer Emergency Response Team (AFCERT). Mitigated security risk of unauthorized access and/or data modification to vital personal information stored on HQ AFPC database that was tied to all active duty and retired USAF personnel.

Security Consulting: Developed, conducted, and communicated, sustainable and repeatable managerial and operational processes for Marlabs. Inc. Cyber Security Management Practice; aligning cyber security processes to business strategy supporting Financial, Healthcare, Retail, and Educational industries.

Competencies that Drive Tangible Business Outcomes

Business Process Management

Security Architecture

Security Governance, Risk and Compliance

Security Operations Center Functions

Information Security Policy Development

Digital Forensic Investigation Processes

Vulnerability Assessment

Operational and Process Security Metrics

Capability Maturity Model Development

Identity Access Management Process Design

Security Incident Management and Response

Network Security Profiling

Cyber Security Awareness Training & Education

Cross-functional Team Development, Leadership and Mentoring

NIST,PCI DSS, COBIT, ISO 27001,HITRUST

Attribute Chain: Passionate. Pragmatic. Trustworthy. Empathetic. Inquisitive. Disciplined, Organized

A Career of Delivering Cyber Security Solutions for Operational Integrity

Chubb & Son, Warren NJ

Information Security and Compliance

VICE PRESIDENT, INFORMATION SECURITY AND RISK MANAGEMENT 2014 – 2016

Responsible for Enterprise Identity Access Management, Security Risk Management, and Security Operations and Threat Intelligence functions. Established the delivery and support policies and procedures required to maintain daily operations and adherence to regulatory obligations. Managing a staff of 20 cyber security professionals; overseeing the deployment and maturation of various Enterprise cyber security tools and processes.

Developed Formal Security Risk Management Function and implanted security risk assessment process workflow in accordance with National Institute of Standards and Technology (NIST) Cyber Security Framework; to include capability maturity dashboard, Key Performance Indicators, and risk acceptance letter

Instituted Security Awareness Training and Education Program consisting of web based learning modules, customized presentations, informational security blogs to include live “As the Expert” sessions the employee workforce.

Defined Security Operations Center Functional Roles and Actives and developed security Information event management (SIEM) use cases, Cyber Security playbook, and security incident handling checklist

Developed strategy and managed day – to-Day Security Operations For Enterprise Identify Access Management, Security Risk Management, and Security operation and threat Intelligence across the Enterprise; coordinating security process business unit functional managers across key organizational; Lines of Business

Marlabs Inc., Piscataway, NJ

Cyber Security Management Practice

DIRECTOR, CYBER SECURITY CONSULTING PRACTICE 2011 – 2014

Spearhead the business development of the organization’s first Cyber Security Management Practice. Established and the security service portfolio, staffed critical resources, and directed the creation of necessary processes and procedures required for sustaining both the professional and managed security service delivery for client- base across Healthcare, Financial,Retail, Media, and Educational industry verticals. Manages day-to-day activities

Developed and implemented Information Security Risk Assessment and gap analysis process procedures and orchestrated the organization’s achievement of obtaining status of Health Information Trust Alliance ( HITRUST) Common Security Framework Certified assessor status

Payment Card Industry – Data Security Standard, Established PCI DSS 2.0 and 3.0 assessment process to prepare clients for formal PCI DSS certification

Established Network Vulnerability Assessment (NVA), penetration testing, and security policy development & review services ensuring that formal; sustainable, repeatable methodologies and processes are used for each client engagement

Established, coordinated, maintains the necessary vendor partnerships required to facilitate operational proficient Security Operations Center (SOC), and Incident Management & Response Managed Security Service Offering

Established service pricing models for each of the six cyber security management service offerings

Ensure that staff of 12 security professionals receive appropriate mentorship, training, and professional security growth progression

Often represents the Cyber Security Management Practice at formal speaking engagements to include New Jersey Technical Council (NJTC), Secure Computing Magazine, NIKSUN World Security Consortium, HIITRUST 2013, Financial technology Forum 2014

Horizon Blue Cross Blue Shield of New Jersey, Newark, NJ

The only licensed Blue Cross Blue Shield plan in New Jersey, providing coverage to 3.2 million people

DIRECTOR, INFORMATION SECURITY GOVERNANCE 2007 – 2011

Chosen for newly created position to provide consultative information security guidance to managers of core business processes across the organization. Oversee security policy development, review and communication. Liaise among business units, information technology and internal audit regarding information security regulatory compliance issues and corrective action plan identification and tracking. Member of enterprise compliance coordinator team.

Instituted company’s first information security common security framework and information security governance risk compliance tool.

Developed and directed web-based security awareness training and education program for 5,000+ workforce.

Established data protection program to enhance protection of electronic protected health information.

Created and enacted information security risk management and risk analysis program and conducted 32 vendor security risk assessments as part of data protection program.

Performed PCI-DSS gap analysis, reviewed policy, procedures, and systems in accordance with standards set forth in PCI Data Security Standards Version 2.0 covering 6 control areas and 12 key control groups

Implemented HITRUST Common Security Framework compliant policy and standards.

Recommended, developed and governed organization’s Identify Access Management Program; reduced risk of “Segregation of Duty Access” and “User Role Entitlement “conflicts within seven core business applications. Process design included: (1)Governance, (2) Identity Management,( 3) Access Management, (4)User Role Management, (5) resources, and (6) services

TD Ameritrade/TD Waterhouse, Jersey City, NJ

US-based online broker with more than six million customers

MANAGER, SYSTEM ACCESS CONTROL AND FORENSIC SECURITY 2006 – 2007

SENIOR MANAGER, TECHNICAL RISK AND INFORMATION SECURITY 2004 – 2006

During a period of significant reorganization leading up to and following Ameritrade’s acquisition of TD Waterhouse, integrally involved in identifying risk, threats and vulnerabilities to network infrastructure, forensic security and system & user access control. Guided teams of up to eight security experts and administrators. Provided forensic support for Internet abuse, compliance violations, malicious activity and intellectual property theft.

Appointed to cross-functional client asset protection and client information incident response teams that provided detailed incident data to chief executive’s general council office.

Enhanced forensics acquisition and analysis capabilities through creation of forensic investigation life cycle process, training and hardware/software solutions.

Drafted, implemented and coordinated security access control plan, enforced data classification policies, entitlement review processes and fulfillment service-level agreements.

Created organizational incident response and forensic security program to respond to fraudulent client activity.

Developed organization process for incident detection, triage and emergency response.

Established and integrated technical risk assessment processes into the system development life cycle for more than 45 projects valued from $100K to $1M.

Planned, designed, developed and implemented information security requirements in accordance with International Standards Organization 27002:2005.

Gathered and presented proof of audit control items for SOX 404 and annual external and internal audit programs.

Virtual Corporation, Inc., Budd Lake, NJ

Technology and management consulting firm specializing in business continuity, contingency planning, disaster recovery and technology staffing

MANAGER, BUSINESS CONTINUITY SERVICE 2004

Brought in on short-term engagement to develop curriculum for business continuity process assessment training class and conduct two-day workshops that produced 15 certified business continuity assessors. Drafted strategic plan for business continuity center and provided direction for newly established service department.

Associated Press, New York, NY

Global news network

MANAGER, ENTERPRISE INFORMATION SECURITY 2002 – 2003

Raised awareness, enhanced security posture and provided guidance for information security strategy and policy for 242 locations and 3,500 remote users worldwide. Established 18-member cross-functional information security forum, instituted VPS access controls and designed training manual tor VP users and administrators.

Developed the security metrics process in accordance with National Institute of Standards and Technology (NIST) guidelines.

AimNet Solutions, Inc., Norwalk, CT

Technology services company offering network professional and managed services

DIRECTOR SERVICE DEVELOPMENT, SECURITY 2001 – 2002

Came in as subject matter expert on intrusion detect system design and implementation. Advised chief technology officer on information security service offerings. Drafted ISO 27001:27002, GLB and HIPPA compliant general organizational information security policy and conducted security assessment for healthcare and financial services clients.

Bear Stearns, New York, NY

Global investment bank and securities trading and brokerage firm

ASSOCIATE DIRECTOR, NETWORK SECURITY 2000 – 2001

Oversaw security testing and evaluation that resulted in the selection and subsequent deployment of company’s first-ever network intrusion monitoring device. Developed and instituted administrative security process and procedures that reduced the number of known vulnerabilities 27%.

US Air Force

CHIEF OF NETWORK SECURITY, NETWORK PLANS AND SECURITY BRANCH 1995 – 2000

RETIRED MASTER SERGEANT 1980 – 2000

Led staff of 10 in implementation of cutting-edge automated network security tools, providing the Air Force Personnel Center with intrusion detection capability for 3,500-computer node, 200-server infrastructure valued at $2M+. Developed continuous risk management process and provided repeatable methodology for identifying and reducing information security risk within the network infrastructure to an acceptable level.

Dedicated to Continuous Education

MBA, Computer Resources and Information Systems, Webster University, 1998

BS, Administration of Technical Services and Information Management, Bellevue University, 1995

Certified Information System Security Manager (CISM), 2012

Certified Health Information Trusted Alliance Common Security Framework Assessor (HITRUST CSF), 2011

Certification, Excellence in Corporate Governance, Tulane University Law School, 2006

Certification, Computer Security Incident Response Team Manager, Carnegie Mellon University, 2005

Certificate of Information Risk Management, MIS Training Institute, 2002

Certified Information System Security Professional (CISSP), since 1999

Commitment to Continuous Professional Development

Open Web Application Security Association

CISO Platform

Anti-Phishing Work Group

ISACA, New York Chapter

Carnegie Mellon, Software Engineering Institute Program

Institute for Applied Network Security

International Security Computer Consortium (ISC2)

National Association of Black MBAs

--



Contact this candidate