Cyber Security Compliance – PCI, HIPAA, SOX, ISO, GRC
Chronological Experience
PCI Cyber Security Consultant – BuySeasons, Inc.
Oct 2015 – Jan 2016 (4 months, corp to corp) - PCI documentation project to prepare for annual PCI/QSA audit. Prepared proof of compliance around SEIM, FIM, Scanning, Network Segmentation, Encryption, POS, Physical Security, Call Center Compliance, VoIP Pause-Resume, and Updated Data/Process Flow Diagrams.
PCI Cyber Security Consultant - Hewlett-Packard
May 2015 - October 2015 (6 months, W2) Responsible for PCI Compliance assessments for International Service provider of managed services including ITO, Managed Cloud Services, Global Payment Systems and Outsourced call centers for banks and global retailers.
Sr. Manager, I.T. Compliance Lowe's Companies, Inc.
August 2014 - March 2015 (8 months, W2) Senior Manager for a team of nine analysts in multiple, technical areas including Network Security, External and Internal Vulnerability Analysis, Scanning, Patching, Encryption, Tokenization, Elevated Access, Internal Audit, Server Hardening, Security Awareness and Compliance Assessments. Emphasis on PCI DSS and SOX compliance, and GRC compliance liaison.
PCI Compliance Manager - Facilities Maintenance - HD Supply
May 2013 - August 2014 (1 year 4 months, W2) Designed comprehensive risk management and compliance programs to implement data security standards and best practices at the flagship division. Produced reusable solutions across multiple lines of business and compliance frameworks. Identified, prioritized and mitigated risk. Created detailed mappings of credit card process flows within the Cardholder Data Environment (CDE). Achieved significant scope reduction through tokenization and data purges. Developed multiple utilities to improve security in VoIP Call Center platforms. Co-sponsored enterprise information security initiatives and security awareness programs.
Program Manager at Liquid Partners
June 2010 - May 2013 (3 years, corp to corp) Program Management across several integrated businesses. Responsible for requirements gathering, solution development, project planning, team building, implementation and internal budgeting. Adept at creating order from Chaos and producing clear documentation throughout the project life-cycle from conception through planning and development. Soft Skills include excellent written and verbal abilities, creativity, a sense of urgency, and the ability to conduct an effective meeting in a half-hour.
PCI Compliance Program Manager - Analyst at Hawaiian Airlines
January 2009 - March 2010 (1 year 3 months, W2) • Co-Managed a Payment Card Industry Data Security Standards (PCI-DSS) compliance program. Responsible for the security of clients' credit card information in web and physical POS systems • Responsible for identifying PCI deficiencies and implementing correct security protocols • Administered RFP process to select security vendors to identify and fix "Top 10" vulnerabilities • Prepared and administered 25 concurrent project plans, schedules and reporting requirements • Assembled and drove cross-functional teams of 8 - 10 professionals on all projects • Achieved PCI Compliance at all online and physical Point of Sale locations within 9 months
Program Manager at Liquid Partners
July 2003 - December 2008 (5 years 6 months, corp to corp) • Responsible for business development projects • Business analysis, planning and execution • Selected and supervised 30 sub-contractors and vendors • Formulated and administered budgets • Procured financing and funding • Negotiated and signed off on contract terms • Handled marketing, inventory management, and P/L functions
I.T. Manager at New York Life Insurance Company
November 1998 - October 2003 (5 years, W2) • Responsible for a program of financial sales tools and insurance illustration software for Whole, Term, and Universal Life Insurance, plus Fixed and Variable Annuity products • Led a 1-year Deferred Compensation project team of 8 developers, consultants and product managers • Managed a 3-year project to develop international insurance illustration sales software for agents in Indonesia, Mexico, India and Asia • Led a team of 30 IT professionals to develop business logic, user interfaces, calculation engines and illustrated output • Managed country-specific projects with language translations and currency valuations • Led a team of 15 US-based developers and 6 remote developers in India.
Senior Consultant at Walker Interactive Systems
May 1996 - November 1998 (2 years 7 months, W2) • Provided software development expertise supporting ERP system of integrated financial services modules in purchasing, inventory, credit/accounts receivable, and accounts payable • Managed a team of 15 professionals and credit managers at ConAgra to define requirements for a CARMS (Accounts Receivable) implementation • Supervised definition of requirements for a General Ledger implementation at U-Haul • Led software upgrades and parallel testing at US Steel, including process flows and use cases
Marketing Resources Manager at Brandes Investment Partners
November 1993 - May 1996 (2 years 7 months, W2) • Responsible for managing 25 consultant database interfaces, quarterly updates, compliance questionnaires, client reports, marketing materials, RFP responses, and website development.
Marketing Resources Manager at Allianz Global Investors / Nicholas Applegate
November 1990 - November 1993 (3 years 1 month, W2) Maintain portfolio characteristics for MidCap, MiniCap, MicroCap, Balanced, Income and Growth portfolios; Weighted Average Performance Reporting; Benchmark Comparisons; Quarterly SEC compliance questionnaires; Website and marketing material development; RFP responses; Marketing and general business development. Quarterly SEC compliance reports and Annual ADV revisions.
Product Development - Global Hedge / Prime Lending at Merrill Lynch International Bank (MLIB) London November 1989 - November 1990 (1 year 1 month, Paid Scholarship) - Global Hedge group at Merrill Lynch International Bank (MLIB), a part of Merrill Lynch International (MLICO). Responsible for trading and valuations using Black Scholes Options Pricing Model to trade international arbitrage and global hedge accounts, currency hedges, options, and stock loans for George Soros’ and Bass Brothers’. Portfolios were valued in billions of dollars
Skills Summary
INFORMATION SECURITY: Led cross-functional teams of Engineers, Developers, Architects and Auditors from infrastructure, network security, info security, telecommunications, SAP, eCommerce, and internal audit. Led brainstorming workshops on architecture, secure communications, VoIP, Quality Monitoring Tools, Encryption Protocols, Network Security and System Hardening. Effectively interfaced with business users, Internal Auditors, and IT leadership to foster creativity, unclog bottlenecks and drive solutions.
PCI DSS COMPLIANCE: Payment Card Industry Data Security Standards (PCI DSS) Compliance Programs, SAQs, Gap Analysis, Data Mapping, Remediation & Reporting. Managed programs of inter-related sub-projects to secure credit card information within multiple systems and environments. Performed Self-Assessment Questionnaires (SAQs) and Gap Analysis to identify and remediate deficiencies. Employed standard security measures like firewalls, WAFs, Intrusion Detection and Prevention Tools, End to End Encryption protocols, Tokenization, UAM, Log Management, Vulnerability Scans, Penetration Testing, Secure Code Reviews and OWASP "Top 10" vulnerabilities. Drove cross-functional teams of engineers, developers, architects, auditors and management professionals to reduce scope and achieve PCI Compliance.
PMP/MANAGEMENT: Certified Project Management Professional (PMP) with 15+ years of experience. Adept at building teams, streamlining processes and presenting options to Sr. Management. Experienced throughout the project life-cycle from charter and proof of concept, all the way through to resource and vendor management. Waterfall, Agile and Scrum, MS Project and JIRA software. Authored all forms of project documentation. Soft Skills include excellent written and verbal abilities and the wherewithal to create order among chaos while delivering programs with budgets up to $140M.
Certifications
Project Management Professional PMP, Project Management Institute June 2010. Active PMP Certification
California Real Estate, Department of Real Estate, Active sales license
Languages
French
Skills & Expertise
PCI DSS; JIRA; MS Project; Visio; Management; Cross-functional Team Leadership; Strategic Planning; Program Management; SDLC; Vendor Management; Business Analysis; Requirements Analysis; Leadership; Process Improvement; Team Building; Project Management; Financial Services; Real Estate; Requirements Gathering; Marketing; Telecommunications; Entrepreneurship; Project Planning; Social Media; ERP; Ecommerce; Analysis; Budgets; Small Business; New Business Development; Coaching; Investment Analysis
Education
Northeastern Illinois University B.S. w/Honors, Finance, 1987 Activities and Societies: Delta Sigma Pi business fraternity, Ski Club, Kappa Alpha Theta Sorority
Volunteer Experience & Interests
Dressage, Foxhunting, Singing Jazz, Hiking, Home Remodeling