Mark A. Wilson

CISSP, ITIL, CBCP, CCM, CCSP

St. Charles, IL 60175

(B) 630-***-**** (M) 630-***-****

ad19fb@r.postjobfree.com

Clearance: Top Secret

CISO, CIO, GRC

Leadership by Example ~ Instilling stellar work ethic and company values ~ Solving business problem with technology

Seasoned and highly qualified professional with proven expertise (CIO, CISO, GRC, Director) guiding global business strategy with established and emerging technologies to achieve maximum operational impacts with minimum resource expenditures. Talent for launching programs related to advisory services, risk mitigation, security, and enterprise architecture. Experience in designing and implementing technical solutions for data security and implementing corporate/enterprise infrastructure initiatives. Track record of success in developing solutions that improve the efficiency of IT and business operations. Persuasive leader known for transforming high-potential staff into outstanding leaders demonstrating the creativity to achieve operational success. Accomplished in pursuing advancement in areas of Security, GRC, BC / DR, and Technical Sales.

Highlights of Professional Expertise

Security, Cloud and Management Consultant (20+ yrs)

Strategic & Tactical Enterprise Planning (20+ yrs)

Lead Enterprise Architect (14+ yrs)

Information Risk Management (12+ yrs)

Software Development Management (11 yrs)

Information Security Program Director (5 yrs)

Strategic Account Management (11+ yrs)

Identity and Access Management SME (4 yrs)

Technology Centric Team Leader / Director (20+ yrs)

Technology to Business Issue Alignment (20+ yrs)

Security and Compliance Management (GRC) (9 yrs)

Disaster Recovery / Business Continuity (5 yrs)

Strategic Account and Vendor Management (11 yrs)

Enterprise budgets, planning, forecasting (11 yrs)

Accomplished Technical Sales Management (15 yrs)

Professional Services Director (7 yrs)

Highlights of Technical Expertise Focused on Security

(Previous 15 years)

Functional, configuration, resiliency, recoverability, audit and compliance oversight for infrastructure supporting enterprise and cloud security.

ovCISO and chief security architect ($5M+ project)

oCloud Security Architect

oSecurity Program analysis, repair

oGovernance program creator, implementor

oLead multi million dollar security advisor

oRisk Management Program creator

oVulnerability Scanning tools (Rapid 7 and Qualys)

oResolution to audit finding, MRAs, MRIAs

oWireless infrastructure deployment including Mobile Device Management (MDM) software, lost device management software

oLog management (SIEM) solutions

oDistributed Denial of Services (Radware),

oSignificant exposure to AWS and Azure cloud environments

oStorage oversite (NetApp)

oSecurity compliance and monitoring hardware / software (Virtual Auditor)

oSecurity tools from Netrix, SolarWinds, others used to monitor the state of Active Directory and network activities

oSignificant time invested in Identity Management and Access Control (SailPoint), Role Engineering, User and Role certifications, certificate management, privacy and compliance

oData loss prevention and detection pertaining to end point security and privacy compliance (Microsoft Exchange and Group Policies, McAfee)

Professional Experience

Imperative Planning, Ltd., St. Charles, IL (2006 – present)

Provided executive-level leadership with full accountability for all IT Advisory Services, Security, Audit and Compliance, Enterprise Modeling, Disaster Recovery, and Business Continuity engagements. Engagements included business process analysis, financial analysis and budgeting, IT operations, continuity strategy, IT recovery strategy, DR site analysis, data replication, testing procedures, and recover plan maintenance.

Owner – Advisory Consultant (successive fulltime, contract, W2 and 1099 engagements – partial listing)

Provide executive business, technology and product strategy and execution (CIO, CISO, GRC). Guide modernization and service-level enhancement initiatives spanning multiple facets of information systems, including architecture analysis, risk tolerance, enterprise dependency models development, present state analysis, business continuity and recovery infrastructure with test procedures, security analysis, design and testing, mitigation techniques, compliance and systems development management.

Servers as Engagement Lead and vCISO on large scale projects (World Wide Technology) (July 2021 – present)

oLarge financial institutions with multiple workstreams

oCloud migration – created cloud security migration program

oControls review, update, and GRC overview

oPeople, process, and technology – managed all aspects of the project

Served as Identity and Access Management SME for (Booz Allen Hamilton) (July 2020 – July 2021)

oRepaired Segregation of Duties (SoD) program transforming it to an audit passing program

oLed Role engineering effort within a decentralized identity management environment

oLed analysis efforts regarding SoD conflicts within the organization

oLed efforts for user and role certifications required by audit / government regulations

oTransformed policy documents to meet requirements and internal program changes

oLed numerous meetings with presentations to government and company management personnel

oReported directly to ISSO - Top Secret Clearance

Served as SailPoint Program Director and managed enterprise implementation efforts at the US Department of Agriculture. LS3 (Jan 2019 – May 2020)

oManaged 5 individuals and responsible for a minimum of 4 concurrent SailPoint integrations supporting IAM and governance requirements

oAgile Scrum Master

oUtilized Jira to plan and execute Sprints

oUtilized Bamboo and Bitbucket as build environment and repository supporting CI/CD efforts

oLed CMMI accreditation effort (processMAX)

Served as ITRO (IT Risk Officer (GRC)) at NiSource / Wipro (Nov 2017 – Oct 2018)

oFocus on SOX IT controls

oIT risk and mitigation – reduced exceptions, increased controls passing at 100%

oIdentified SOX program deficiencies with lacking controls for Virtual Machines and associated hypervisors

oDeloitte audit – praised by NiSource management

oNERC / FERC

oService Now

oHitachi IAM suite – comprehensive access control management and auditing (10,000 desktop)

oContinuous interaction with on and off-shore delivery teams

Filled CISO role for large hospital system. Management responsibilities included: (May 2017 – Aug 2017)

oLed information security for the outsourced ATOS IT team

oSecurity Program Development w/ Executive Steering Committee reporting

oRisk, Compliance and Audit – review and revised policies and procedures and privacy policies

oEntire Enterprise Scope – 9,000+ endpoints, 4,000+ medical devices, LAN, MAN and WAN networks,

oIncident management – managed major breach (war room)

oEnterprise Controls – Firewalls - CISCO, IPS - CISCO, DDOS - Radware, Network Monitoring, Endpoint Software Suite - McAfee, Device Tracking, Vulnerability Scanning (Rapid 7), SIEM (McAfee) – identified many significant deficiencies in the enterprise

oWorked closely with enterprise network team to implement CISCO ISE, improve security of the wireless network and mobile computing environments.

oContinuous interaction with project planning and deliver teams

oCreated annual information security and compliance budget

oInterface with county network and county security team

oWeekly face to face with CIO to discuss and present enterprise risks and noted vulnerabilities

oSignificant interaction with Privacy Officer and legal team

Drove the attainment of business profitability by assisting numerous customers with their IT Strategy, IT operations, security program, present state analysis and business continuity and disaster recovery planning requirements.

Ignited company growth or created operational efficiency by participating in many conferences, sales meetings, customer events and board events. Engagements included higher education, government, hospitality, manufacturing, distribution, utility, pharmaceuticals, and health care management organizations.

Performed many IT assessments (CIO level) identifying enterprise vulnerabilities

Virtual Auditor– provider of security and compliance automation tools and appliances (10/2016 – 04/2017)

oTechnical consulting on flagship software product which monitored (24 x 7) and reported on the enterprise security and compliance.

oMapped NIST 800-53 Cyber-Security Framework v1.1, HIPAA, SANS Top 20, COBIT 5, FFIEC 2016 Handbook, PCI, New York State Cyber Security Framework, SOX, FEDRAMP v2.1, CIS Top 20, UK and other control frameworks to the ISO 27002:2013 controls allowing the Virtual Auditor product to automatically map alerts to the pertinent compliance control items.

oConceptualized, developed, and initiated policy documents matching the ISO 27002:2013 guidance for each documented area which linked the ISO standard to NIST 800-53, SOX, HIPAA, CSC, PCI and several other frameworks.

oInstrumental as executive consultant to Virtual Auditor (VA) tasked with evaluating current appliance and adding numerous enhancements to their security and compliance appliance platform. Conceptualized, planned, and executed marketing collateral and associated sales PowerPoint presentation illustrating strengths of technology product and associated service portfolio focused on addressing 'C' level and executive audiences.

oCreated policy templates for all ISO 27002:2013 controls allowing Virtual Auditor clients to quickly create a policy and produce manual.

Thomas Compliance Agency (TCA), Chicago, IL

Held responsibility for expanding technology operations to ensure the bank’s readiness for the scrutiny of a state or federal examiner.

VICE PRESIDENT TECHNOLOGY RISK MANAGEMENT (Feb 2015 to Jul 2016)

Designed and developed complex programs, including a comprehensive IT Audit program, anti-money laundering system validation, 3rd party technology vendor validation, vulnerability scanning (Qualys – utilized during each audit engagement) (OWASP), pen testing, and confidential data discovery and monitoring.

Improved security and IT operations through analyzing system hardening procedures, firewall rules and logs, 3rd party technical service providers (vendor management), Active Directory management (GPO), network diagrams, patch management, technology lifecycles and logs from other installed devices (IDS, IPS, content filters, SIEM, etc.).

Effectively ensured the confidentiality, integrity, and availability of bank’s information and nonpublic customer information through conducting risk assessments, IT audits, vulnerability scans (Qualys), and AMS validations. (FFIEC controls, Cyber Security Assessment Tool (CAT), GLBA).

Improved Information Security Risk Management Program by identifying threats and vulnerabilities within the organization.

Utilized and shared responsibilities for corporate SharePoint hosted implementation.

Drove the implementation of security best practices and standards to mature the overall Risk Management Program which includes defining security controls.

Revamped failing IT compliance and audit program, including rewriting Master Services Agreements, customer contracts, sales agreements, client quotations and pre-engagement worksheets for IT audits and Anti-Money Laundering validations (AMS).

Conducted IT audits and AMS validations nationwide with remarkable success.

Delivered board of director’s presentations, reports, summarizations and recommendations.

Sikich, Naperville, IL

Provided hands-on oversight to the newly formed Advisory Services division, securing a trusted advisor status with clients and win business that straddled business and technology portfolios.

DIRECTOR, INFORMATION RISK MANAGEMENT (Oct 2012 to Oct 2014)

Created high quality Information Risk Management Program to ensure the overall security, recoverability, resiliency, efficiency and effectiveness. Demonstrated unsurpassed leadership in identifying top risks and maturing enterprise ensure potential risk exposures were mitigated.

Developed and implemented IT assessment / validation program supporting the CPA division assessing IT operations, infrastructure, and risk issues primarily focused on government and higher education customers.

Improved business through IT innovations and IT leadership by engaging technology division while serving strategic clients in need of corporate IT oversight and recommendations.

Supported interim positions as IT director of a large hospital in NYC for several months.

Engaged client executive teams in need of IT management, IT operations and design assistance, security and business continuity / disaster recovery services which included people, process and technology assessments at all levels of the organizations.

Dependency Modeling – (Blueprints) – graphically illustrating mission critical processes and their dependency on the enterprise IT infrastructure.

NetApp, Sunnyvale, CA

Drove the infrastructure roadmap for enterprise architectural strategies including standardization and modernization of data center, migration, and operational optimization strategies.

GLOBAL ENTERPRISE INFRASTRUCTURE ARCHITECT (Sept 2011 to Sept 2012)

Championed IT management transformation utilizing CMMI, TOGAF / Zachman frameworks, and ITIL principles. Led the definition of architecture, policies and standards covering solution, application, infrastructure, and process components.

Established a “storage as a service” environment for storage consumers to quickly select storage items from a service catalog while ensuring information security.

Supported solution delivery leads by creating appropriate architecture plans, feasibility analysis, system design documents, and implementation plans. (Multi-petabyte storage installations)

Appointed to interact and prescribe solutions for distressed strategic customers resulting in significant improvement retaining customer loyalty, and drive organizational goals maintaining all assigned clients.

Create service catalog for major clients

Imperative Planning, LTD. - Multiple short contracting engagements during this timeframe.

Delta Initiative, Palatine, IL

Provided IT management consulting support to a national boutique consulting organization focused on organizational performance, process improvements, strategic project turn-arounds, ERP implementations and other business and technology advisory services.

MANAGING CONSULTANT Jan 2007 to Jul 2008)

Instrumental in overseeing project execution, including ERP Implementation, Ecommerce Evaluation – IBM WebSphere, Enterprise Architecture, Data Analysis, BC / DR Planning, and Vendor Analysis. Supplied major contributions to one of Ellucian’s largest installations which retained Delta Initiative to assist in litigating the vendor. Compelled the client to rethink their initiative and work towards a successful implementation.

Resolved client’s long term, vexing software / system integrity issue via root cause analysis methodology.

Discovered duplicate record issue resolving multi-year problem vendor and client could not resolve.

EARLIER CAREER

CoFounder / CTO / CISO / Senior Director (1994 to 2005) Endeavor Information Systems

25 direct reports

Technology evangelist

Directed IT – supported thousands of enterprise systems worldwide

Directed Internal IT – networking, computer, storage, datacenter, cloud computing,

Strategic vendor management (Oracle, SUN, IBM)

Directed technical sales– responsible for millions in revenue from strategic customer.

Technical product management – configuration, security, lifecycle management

Created and enforced security standards – internal and external

Created cloud environment utilized by many higher education clients

Application, database (Oracle), Web (Apache) security, configuration and maintenance

Education & Credentials

Control Data Institute, Lakewood, OH

COMPUTER ELECTRONICS / TECHNOLOGY, 1st in class

University of Toledo, Toledo, OH

CURRICULUM COMPUTER SCIENCE IN ENGINEERING – completed coursework for Computer Science in Engineering BS degree

Professional Certifications: ITIL, CBCP, CISSP, CCM, Azure security certification, American Management Society, IBM Service Management, multiple SUN and IBM technical certifications - admin, security, networking, volume management, Network Management and Monitoring (Solaris & AIX focused), Enterprise Backup i365 Evault. Completed over 50 NetApp University courses on NetApp storage platforms, Data ONTAP O/S, and all NetApp storage efficiency software products

Technical Proficiencies

SUN / Solaris, IBM / AIX, RH Linux / Windows / NetApp

Contact this candidate