Director, Information Security
Resume:
PHILLIP E. MITCHELL, MBA, CISSP, MCSE
Suwanee, GA 30024
***************@*****.***
Executive Summary:
•Senior Leader and Creative Problem Solving Manager with over 15 years comprehensive experience in Information Security, Government, Risk Management, and Compliance (GRC), IS Policy Development, and Strategy Creation
•Expert knowledge of IT Control Framework (COSO, COBIT, ISO 27001) Federal IS Regulation (FISMA, FedRAMP, FIPS, and NIST 800 Series), Information Security Audits and Assessments, PCI-DSS, Sarbanes-Oxley, HIPAA, HITRUST, Secure Software Development Lifecycle (SSDLC), Data Loss Prevention (DLP), Computer Forensic, Disaster Recovery, Continuity Planning, and Third Party Information Security Reviews and Assessments
•Excellent Leadership, Communication, and Presentation Skills
•Certified Information Systems Security Professional
•Exceptional team building, talent development, and coaching ability
•Proven ability to create and deliver on innovative and strategic directions
•Ex-Army Officer and former Chief of Network Security at the Pentagon
Security Clearance: Top Secret / SCI
Work Experience
Senior Vice President, Information Security Group Manager, OneMain Financial / Citi, Baltimore, MD
Oct 06 – Nov 16
Directed activities for all aspects of the OneMain Financial, CitiFinancial Canada, CitiFinancial Auto, and CitiFinancial Services Information Security programs including Business & Technical Information Security Officers interviewing, selection, evaluating, and compensation
Completely revamp the information security program to include development and implementation of a new information security process control manual in support of Citi’s Information Security Standards
Successfully passed numerous comprehensive internal and external audits that reviewed every area of information security resulting in no findings in the Information Security area of responsibility
Led a team of information security engineers and architects responsible for covering all Business and Technical Information Security Officers responsibilities throughout CitiFinancial line of businesses
Successfully managed multiple large-scale Information Security programs/projects by coordinating resources within the business and across control teams
Led Businesses and IT in development of action plans as a result of gap assessment findings and/or ethical hacking results
Integrate a new Information Security Review Process into business development, acquisition and project management scenarios
Ensured that Information Security is incorporated into all OneMain’s applications, products, systems, and services lifecycles
Led the successful integrating and implementing security controls for new M&A's between OneMain Financial and Springleaf financial
Evaluated impacts of business changes/re-engineering efforts on information security controls
Director, Information Security & Data Management, Tyco International Inc, Princeton, NJ
Feb 05 – Apr 06
Managed the corporate infrastructure security for a $40 Billion Fortune 100 company with over 250,000 employees, to include information security policies, standards and guidelines for over 350 worldwide sites
Designed and directed Tyco global Intrusion Detection (IDS) implementation program
Negotiated, monitored, and created statements of work for professional security service activities
Performed Sarbanes & Oxley, HIPAA and other compliance activities to ensure the successful implementation of Tyco compliance program
Partner with the management and different Tyco’s business units to analyze new complex security operations processes and recommend solutions, process alternatives, and training opportunities
Created and headed the Corporate Global Computer Incident Response Team (CIRT)
Directed the data collection of computer forensic evidence for SEC investigation and shareholders litigation lawsuits
Led a six-sigma team that focused on improving the process for globally collecting forensic and electronic evidences for the company many litigation cases.
Designed and directed Tyco’s global Vulnerability Management Program
Global Director, Information Security, RR Donnelley, Chicago, IL
Sep 03 – Dec 04
Created, developed and managed the global information security program for a $7 Billion Fortune 400 company, to include information security policies and standards for over 250 worldwide sites
Responsible for the strategic planning for the safeguard of the company's assets, intellectual property and computer systems to include all budgetary goals, hiring and termination of employees, creation of development plans and evaluations
Primary responsibilities included executive level reporting, all budget aspects, delivery of overall project initiatives, attending Senior Leadership meetings and providing projects. updates
Built, managed, motivated, and mentored a staff of seven security engineers
The company primary point of contact for all issues dealing with the security of all customers financial data
Successfully managed a budget of $10.3M
Performed information security audits and risk assessments on Business Partners in Europe, India and across the US that connected into RRD network and transmitted highly confidential financial information (Customer’s Mergers & Acquisitions, SEC filing info)
Created, developed and implemented an Information Security Awareness and Education program for over 40,000 employee organization
Performed Sarbanes & Oxley and other compliance activities to ensure the successful implementation of the program
Consulted with business units regarding their changing business and technical plans to ensure that information security issues are addressed early in a project’s life and in the program
Consulted with senior management in times of an information security crisis to ensure that the crisis is managed properly both internally and externally
Advised senior management of changes in the technical, legal and regulatory arenas affecting information security and computer crime
Senior Manager, Network Security, Nokia Inc, Irving, TX
May 01 –Sep 03
Created, organized, build, and managed Nokia’s internal security professional service team that provides network security services for internal business units
Led a team of seven Security and System Engineers in providing all level of security and network planning and support for the global eBusiness application create group and other internal customers
Planned and performed information security audits and risk assessments on Business Partners located throughout US and Europe
Successfully managed a budget of $1.5M
Designed and implemented a global identify management program that is tied into Nokia SAP HR program that uses a combination of security tokens and smart card technology
Designed the security & network architecture for several of Nokia major global eBusiness projects
Project Manager of IDS implementation in several global Business-to-Consumer systems
Created, organized and trained Nokia Computer Forensic team
Developed Nokia global eBusiness security standards, processes, and procedures
Project Manager of the global implementation of Nokia application gateway solution
Senior Manager, Deloitte & Touché, Chicago, IL
December 00- April 01
Designed and implemented a complete security architecture for a major health insurance company
Responsible for building, growing, and leveraging both a client base and delivery capability in IT Security
Conducted several major research projects in the area of new security solutions that provided cost saving solutions for clients
Develop the firm new Identity Management offering
Played instrumental role in winning several major proposals
Project manager on an engagement that perform a complete security assessment for a major insurance company with emphases on their Internet presence and major business application security requirements
Assistant Vice President, Network Security, First Horizon Home Loans Corporation, Irving, TX
March 00 – December 00
Created and headed the nation-wide corporate security program for a financial institution that has 4,500 employees, which consist of five major divisions and 125 branch offices located across the US
Developed, implemented and enforced the Information Data Security Policy
Implemented an Information Awareness Program to train and educate all employees and senior management with regards to security procedures and best practices
Built, managed, motivated, and mentored a staff of six security administrators and engineers
Designed the new corporate security architecture
Created and headed the corporate Computer Incident Response Team (CIRT)
Maintain relationships with local, state and federal law enforcement, regulatory bodies and other related government agencies
Responsible for the evaluation of all security related tools and new technology
Officer, United States Army, 1990 to May 2000
Chief, Network Security Division, Pentagon, VA
Expertly led a team of 25 military, civilians, and contractors in conducting intrusion detection, incident response, penetration testing, network vulnerability assessments, and firewall management on the Pentagon classified and unclassified backbones
Skillfully led network security operations on over 100 critical networks representing 6,000 Air Force, 8,000 Army, and 5,000 Secretary of Defense users
Effectively managed a large scale IT security implementation in a federal government environment
Superbly managed a $4M budget
Justified and acquired $1.5M to implement a cutting-edge intrusion detection, VPNs and firewall systems for both classified/unclassified networks
Education:
MBA, Keller Graduate School of Management, DeVry University, Irving, TX
BA, Political Science / Computer Science, North Carolina Central University, Durham, NC
Certifications:
Certified Information System Security Professional (CISSP)
Microsoft Certified System Engineer (MCSE)
Selected Software Experience
Operating & Security Systems:
UNIX (Solaris, Linux, and SCO); Microsoft OS, Tripwire, Check Point, Point Sec, AppScan, Encase Forensic Tool, Nessus, Splunk, Citrix, and Surf Control, ArcSight, Bit9, FireEye, Net Motion, RSA Security (EMC), WebSense, and Symantec
Programming:
Shell Scripting, C, Pascal, Visual Basic, FORTRAN, COBOL, Pearl, and HTML
Computer-Related Skills and Training
Checkpoint Firewall (Intermediate and Advance Training), Encase Forensic Training (Intermediate & Advance), Real Secure IDS (Intermediate & Advance Training), Global Knowledge: ICRC, ACRC, Cisco Security, and Networks Security Courses, SAN’s Security Conferences: New Orleans, San Francisco, Gartner Group: Network Security Best Practices Working Group, SAN’s Security Audit Track
Contact this candidate