Sign in

Information Security Management

Richardson, Texas, United States
January 05, 2017

Contact this candidate

R. Andrew Brice

R. Andrew Brice (Confidential) Page 1 of 4


Name R. Andrew Brice

Address *** ********** **.

Richardson, Texas 75080 US


Mobile Phone +1-214-***-****



I welcome an opportunity to work with an organization in an Executive capacity, with a focus on Information Risk, Cyber Security and Technology. I look forward to an opportunity where I can build on my knowledge and experience to provide new solutions, enhance existing solutions where needed, and address the constantly evolving information technology needs. PROFESSIONAL EXPERIENCE

20+ years of Information Risk Management, Cyber Security, Engineering and IT experience covering all areas of Information Risk and IT

20+ years of global, International experience

15+ years of Executive and Senior Management experience

15+ years of Risk Management experience

Board, Executive and Senior level experience and communication skills

Experienced leader of diversely skilled individuals and International teams

Certified professional including CISSP, CISA, ITIL, MCSE, CNE, etc.

Cybersecurity and IT best practices and compliance knowledge (ISO 27001/18, CobiT, NIST, ITIL, SOX, GLBA, PCI-DSS, SSAE/SOC2, HIPPA, FedRamp, FFIEC, etc.)

Information Risk best practice knowledge (FAIR, OCTAVE, FIRM, SoGP/IRAM, NIST 800-122/53, ISO/IED 27005, CRAMM, etc.)

Deep understanding of IT risk landscape and information security as well as the relevant technology themes, including managed services and Cloud technology

Blend of strategic, analytical and creativity, with the ability to execute and successfully deliver business valued solutions (BYOD, Cloud Services, DLP, Lower IT TCO, etc.) CERTIFICATIONS

CISSP – Certified Information Systems Security Professional CISA – Certified Information Systems Auditor

ITIL – IT Infrastructure Library v3 (Foundations)

MCP/MCT/MCSE+I – Microsoft Certified Professional, Trainer & Systems Engineer + Internet CNA/CNE/CNI – Novell Certified NetWare Administrator, Engineer & Instructor NEP/NEPI – Netscape Enterprise Professional & Instructor CIW-E/CIW-S – Certified Internet Webmaster in Ecommerce and Security EDUCATION

2007 IMD, Lausanne Switzerland – Executive Mgmt., IT Strategy and Architecture 1988-90 American Institute for Computer Science (AICS) – BS in Computer Science 1983-1986 University of North Texas – Major: Business Administration 1978-82 Subiaco Academy College Preparatory

R. Andrew Brice

R. Andrew Brice (Confidential) Page 2 of 4


iTech, LLC (Dallas, TX USA) – 2009 to Present


Providing contracting services for IT control assessment, design, architecture and implementation as well as risk mitigation and project management.

Clients include, but are not limited to:

Bank of America


Credit Suisse




Fifth Third Bank

Netcracker (Subsidiary of NEC)

VCE (Subsidiary of EMC)

Hewlett Packard (HP)

Global Knowledge

Pearson VUE

Special Achievements:

Developed and supported regulatory and compliance programs for control assessments and audits.

Supported the implementation of an Information Security Management System (ISMS) and lifecycle program for multiple clients

Established multiple Security Operations Centers (SOC), including a security information and event monitoring (SIEM) solution to enable quick recognition of security issues o Splunk, Alien Vault, RSA Security Analytics, etc.

Implemented Data Identification, Monitoring, Access Reviews and Blocking of structured and unstructured sensitive data including Data Loss Prevention (DLP) solutions o Symantec, RSA, Check Point, SailPoint SecurityIQ, Cisco, etc.

Utilized the Cloud Security Alliance (CSA) best practice control matrix to perform security control assessments on certain clients Cloud Service Providers (CSP)

Developed a centralized IT Risk Database repository for tracking and reporting of global IT risks

Technical writing and editing for HP expert certification training courseware. Courses include: o Designing & Deploying Connected Device Solutions for Small to Medium Business o Achieving Business Results through Technology

o Designing & Deploying Cloud Solutions for Small and Medium Business Wingspan Portfolio Advisors, LLC (Dallas, TX USA) – 2012 to 2014 Chief Information Security Officer (CISO)

Working with other senior management to deliver a comprehensive information security and privacy program that supports a risk management approach which is aligned with the business risk appetite. Special Achievements:

Supported company growth from 1,300 to over 2,000 employees, including acquisition and expansion into multiple states from coast to coast.

Managed a specialized team of Subject Matter Experts (SME)

Provided guidance and information security integration with the Business Intelligence (BI) group responsible for data warehousing and mining.

Developed and implemented the following:

o An ISO 27001 Information Security Management System (ISMS) to address risk management and all security controls, including outsourced Cloud service providers and third party vendors

o Information security policies, standards and procedures, in-line with industry acknowledged best practice such as ISO, NIST, CobiT, etc. o A Secure Operations Center (SOC), complete with Security Information and Event Management (SIEM) solution, Vulnerability and Penetration Testing capabilities as well as components for Data Loss Prevention (DLP)

o A Risk Management program to identify risks related to the protection of confidential and private data and mitigate or transfer these risks in accordance with the organization’s risk appetite.

R. Andrew Brice

R. Andrew Brice (Confidential) Page 3 of 4


Credit Suisse (Zurich Switzerland) – 2000 to 2010

Head of IT Risk Analysis & Mitigation Services for Continental Europe, Middle East and Africa


Located in Zurich Switzerland and managed a team of international security specialists and provided IT risk and security services for Private Banking and EMEA Country IT Heads. Special Achievements:

Managed the Local Information Security Officer (LISO) network with locations world-wide.

Performance of Branch/Entity assessment covering 19 Branches and 60 Rep Offices in 33 countries across CEMEA

Increased the efficiency of the Branch/Entity risk assessments, utilizing the IRAM methodology

Integrated security assessment and control solutions into SDLC and project management processes Head of IT Risk and Security Risk Control at Credit Suisse Group (Global) Located in Zurich Switzerland, reporting to Group Chief Risk Officer (CRO), responsible for coordinating, monitoring and reporting IT Risk and Security efforts across the bank. Special Achievements:

Fulfilled internal audit requirement for defining initial scope and coverage of IT Risk

Performed group-level IT security assessments based on ISO 17799 standard

Project leader for the IT portion of group-wide Sarbanes-Oxley (SOX) project Chief Information Security Officer – Personal Financial Services (PFS) Business Unit Located in Zurich Switzerland, reporting to the PFS Chief Information Officer (CIO), responsible for all aspects of information security for the PFS business unit. Special Achievements:

Managed team of international IT Security Officers and specialists

Provided security architecture and controls for PFS product and data transmissions between Luxembourg, Zurich and London

Developed a security monitoring solution to enable quick recognition of security issues, including the implementation of an Intrusion Detection Solution (IDS) RSL Communications/Prime Line AG (Zurich Switzerland) – 1999 to 2000 Chief Technology Officer (CTO)

Located in Zurich Switzerland, reporting to the Chief Operating Officer (COO), responsible for managing the company IT infrastructure as well as the ISP services infrastructure. Special Achievements:

Managed the 300+ person IT staff

Established and implemented the IT strategy

Established, implemented and maintained all aspects of the Internet Service Provider (ISP) business division

R. Andrew Brice

R. Andrew Brice (Confidential) Page 4 of 4


Prosoft/MeasureUP (Los Angeles, CA USA) – 1996 to 1999 Senior Systems Engineer/Senior Consultant/Technical Content Developer/Technical Instructor Reporting to the Head of Training and Vice President of Sales, responsible for technical training and delivery of IT consulting.

Special Achievements:

Bank One – Contracted to design and implementation of on-line Internet banking services

United Nations, New York – Prepared the design and implementation of global directory and email services utilizing Netscape SuiteSpot solution

Exxon – Migrated Exxon’s corporate headquarters in Las Colinas from LAN Manager to Windows NT. This project included the migration as well as the development of new training curriculum for the corporate headquarters

Microsoft – Contractor to Microsoft to develop and author certification documentation and questions for Microsoft in Windows 2000 Active Directory Design and Implementation Exam, MS Small Business Back Office 4.5 Exam, MS FrontPage 2000 Exam and Internet Information Server 4.0 Exam

Public speaking presentations at security and IT conferences in New York, Chicago and Los Angeles, covering TCP/IP, Security and ecommerce

ExecuTrain (Dallas, TX USA) – 1991 to 1996

Technical Instructor and Consultant

Reporting to the Head of Training, responsible for technical training and delivery of IT consulting. Special Achievements:

Technical training of Novel NetWare, Windows NT, and TCP/IP

Network design and implementation consulting


Information Risk best practice knowledge (FAIR, OCTAVE, FIRM, SoGP/IRAM, NIST 800- 122/53, ISO/IED 27005, CRAMM, etc.)

IT Frameworks/Standards (COBIT, ISO 27001/2, NIST, ITIL, EBK CMMI, etc.)

Compliance (SOX, HIPPA, GLBA, Basel II, FISMA, EU Data Privacy, PCI DSS, etc.)

O/S – Windows, Mac OS X, Linux

Network – TCP/IP, Routers, Switches, Wireless

Devices – Servers, Workstations, Tablets, RAID, Blade

Security – Firewalls, IDS/IPS, Risk and Vulnerability Assessments, Penetration Testing

Other – VMware, Hypervisor, SharePoint, MS Office


o English – verbal strong / written strong (Mother Tongue) o German – basic comprehension

o Spanish – beginner


Available upon request


According to agreement

Contact this candidate