Hoyt Masur, MBA, CISSP
** ******* **** ****. * Wayne, NJ, 07470 ٠ 530-***-**** ٠ H ********@*******..*** Information Security Officer / Information Protection SUMMARY
Information Protection Executive skilled in all aspects of risk management with broad experience in finance, banking and healthcare and a proven record in both technical and business communications. Visionary leader, possessing the ability to get maximum performance out of multi-functional teams.
● Information Security ● Mergers & Acquisitions ● Third Party Due Diligence
● Risk Management/Assessment ● Project Management ● BPO/ITO Process Outsourcing
● Global IT Implementation ● Contract Negotiations ● Regulatory Compliance PROFESSIONAL EXPERIENCE
CIGNA HEALTHCARE, Morristown, NJ 2009 – present
Information Protection Director
Leader in Information Protection and Risk Management with responsibility for security products, controls review, risk analysis and contract negotiation.
● Perform Security Controls reviews for Third Party Relationships.
● Responsible for Information Protection aspects of Merger and Acquisitions from pre deal discovery to post deal integration.
● Created Third Party Service Provider controls review process and questionnaire for both onshore and offshore outsourcing relationships that incorporate risk level.
● Instrumental in automation of the Information Protection processes using RSA Archer GRC solution.
● Implemented a specific review program for 150 Legal Service providers.
● Developed an extensive application review methodology for both internal and external applications which balanced review and verification tests based on risk. This methodology adapted to Cloud technology.
● Spearheaded awareness and reviews of Web Service interfaces.
● Conduct IP Awareness & Education Training and instituted a mentor program for new reviewers.
● Effectively negotiate Third Party contracts related to Information protection, privacy and regulatory language.
● Participated in Cyber security incident response team.
● Designed SDLC lifecycle that incorporated security and DevOPS automated security verification. CITIGROUP, Warren, NJ 2004 – 2009
SVP, Corporate Information Security Risk Management Direct corporate-wide, global Information Security (IS) initiatives covering all aspects of risk management which addressed the FFIEC regulatory requirement for the handling of confidential information.
● Led a team that created an Information Security Assessment program addressing risk by performing controls assessments across all security domains.
● Implemented a web based system to support risk assessment with complete workflow and notification.
● Directed a team to support 250 field assessors through a help desk, SharePoint web portal, and Responded to Office of Controller of the Currency (OCC) inquiries regarding handling of confidential information by outsourced service providers.
● Implemented a training program of Third Party Reviewers.
● Implemented complete QA process that ensures 8000 assessments are of highest qu ality.
● Led a corporate-wide steering committee creating the policy and procedure for risk management and published them using Microsoft SharePoint.
Hoyt Masur, MBA, CISSP
27 Sloping Hill Terr. ٠ Wayne, NJ, 07470 ٠ 530-***-**** ٠ H ********@*******..*** Information Security Officer / Information Protection NJ TRANSIT, N ewark, NJ 2002 – 2004
Chief Information Officer
Implemented a technology plan focused on business goals. Launched a technology leadership process that guided and controlled implementation and strategy across functional boundaries to maximize benefit and minimize implementation costs. Managed the project and provided status reporting to the entire organization. Developed initial Information Security policy and procedures. Managed a staff of 150 employees and a $40M budget.
● Enhanced revenue collection capabilities through ticket vending machine re-design.
● Refocused a troubled ticket office machine rollout using solid technology.
● Established real-time customer communication capability on trains and in stations.
● Established WEB ticketing capability.
● Implemented special systems developed for the new Secaucus Transfer Station, which opened September 2003.
● Implemented Microsoft Outlook with Trend Micro protection. PRUDENTIAL, Livingston, NJ 1997 – 2002
VP, Sales Force Systems
Led Sales Force Compensation System group consisting of Development, Technical Operations, Business Analysis and QA Testing. Managed a $6M budget and 50 person staff.
● Consolidated all sales force compensation plans to a new platform, accomplishing a $2M cost savings and implemented a new 250-seat sales and marketing 24/7 call center with a $10M budget.
● Implemented complete WEB, Single Sign on security architecture.
● Initiated and managed rapid offshore development in Ireland and India.
● Formed compensation software industry users group which initiated and guided vendor software features and design as well as promoted and shared implementation practices. BECTON DICKINSON, F ranklin Lakes, NJ 1995 – 1997
Director and CTO, Corporate Information Technology Directed IT strategy and set policy. Led worldwide team of IT executives from five locations in three countries that determined company standards, procedures and championed projects such as a company wide effort to move to SAP.
EDUCATION & CERTIFICATIONS
MBA, Finance, Pace University, NYC
BS, Business Economics, Weber State University, Utah CISSP C ertified ( #2 47724)
Active member of the O WASP
TECHNICAL SKILLS
Technical Knowledge: JAVA, HTML, MSMQ, VB, XML, TCP/IP, SQL, PHP, Object Oriented Design and AnalysisUNIX, SharePoint, DHCP, Windows, WINS
Standards: FFFIC, PCI, ISO 27001, HIPAA and COBIT