Pat McGregor

Albuquerque, NM

ad23lf@r.postjobfree.com

+1-916-***-****

http://www.linkedin.com/in/patmcgregorcissp

Qualifying Experience

March 2020-Present

Writer

Self-employed

Medical Leave Jan 2020-November 2020. Worked as a writer doing fiction and short articles since November 2020. Four short stories published, including one in an anthology due out October 2023. Editing for various clients.

March 2011-March 2020

Operational Risk Consultant, Site Review Team

Wells Fargo Bank (first as contractor, FTE beginning Nov 2012)

Troubleshot and resolved user problems with a SQL database used by the division to publish reports.

Perform Quality Assurance activities on site visit reports on third-party service providers assessing compliance with Wells Fargo standards, including third-party service provider security posture and risk findings. Requires strong knowledge of Well’s control standards and industry best practices (including NIST and ISO 17799) as well as reporting formats and tools.

April 2010-November 2010

Information Security Analyst (short term contract)

Employees Retirement System of Texas (ERS), Austin, TX

Developed the first full manual of Standards and Guidelines for the Information Security program within ERS Information Systems. Created and delivered the first all-inclusive Information Security Awareness program for ERS: posters, course ware, quick reference guides, and other collateral. Required substantial background in industry best practices, Federal and State regulation and law, and International Standards. With the position of Information Security Officer vacant and no direct management available, created a project proposal, GANTT charting, key milestones and deliverables, review and approval processes, and document management system using SharePoint.

January 2010 – March 2010

IT Risk Assessment Analyst (short term contract)

Texas Department of Health and Human Services, Austin, TX

Developed thorough baseline vulnerability assessments and remediation strategies for 98 mission critical information assets, using proprietary analysis and report tools developed by Texas A & M. Interviewed department directors, subject matter experts and asset owners to determine compliance with Texas government’s Security Standards for State Agencies.

January 2003 – January 2011

Security and Privacy Editorial Board Member

Berglund Center for Internet Studies at Pacific University, Forest Grove, OR

Researched and wrote articles on security and privacy, especially as impact individuals, for Interface on the Internet, the Berglund Center electronic journal. Feb 2009- December 2009: Sole Caregiver for an adult disabled cancer patient, maintained skills by taking short projects, online seminars, and writing articles, etc.

May 2007 – Sept 2008

Sr. Privacy Manager

Intuit Inc., Legal & Compliance Organization

Worked with business lines to measure effectiveness of privacy controls on specific business databases of critical PII by performing risk assessments and spot audits. Worked with product architects on controls for protection of customer PII.

Managed deployment of Privacy Batch Monitoring, a significant component of the Corporate Privacy Infrastructure and an urgent audit item that had slipped 18 months. Brought on line to meet data governance & IT operations compliance within 4 months of assignment, enabling real-time monitoring of processed privacy preference updates from various third-party service providers.

Intel Corporation (1996-2005)

Sr. IT Business Risk Manager (2 years)

Needing a tool to track risk mitigation projects in all business units, created an IT Corporate Risk Assessment tool (partnering with IT Finance & Internal Audit) to measure effectiveness of risk mitigation for specific business assets. Versions of this tool are now in use at major corporations across the US. Worked closely on governance & regulatory compliance issues with Intel Legal and Government Affairs.

Performed in-house preliminary SOX and GLBA audits and risk assessments to measure formal audit readiness, using PWC standards. Reached across all affected business lines and operational units.

Sr. Information Security Architect (~ 3.5 years)

Created first unified Corporate Information Security Principles and developed new process for gaining buy-in within all business units. Technologies covered included external connectivity, protection of internal networks, desktop & server protection, host, network, & WAN intrusion detection, authentication & authorization, VPN, & personal usage of the Internet. Managed two solutions architects and two Privacy Managers. Worked with Risk Assessment team and Auditors to evaluate past results, looking for gaps in our policy and procedure coverage.

Security Products Manufacturing Facility Program Mgr. (~18 months)

With a global scope and budget exceeding $3 million, created and executed an IT program to specify, design, & install secure manufacturing facilities in three countries. Program included a risk assessment of not only manufacturing process and global data transmission, but issues in specific countries that might endanger our project/facility. Required military-grade security infrastructure. Team included 25-30 engineers. At the end of the project, re-purposed one facility into a Protected Signing Facility for issuance of digital certificates, & another into a Protected Design Facility for clean-room code development.

Researched requirements for certificate use in all of Intel’s business processes. Shepherded a cross-division team to develop & ratify a Certificate Policy and Practices Statement for the implementation of digital certificates across the company.

Firewall Systems Product Mgr. (2 years)

In face of communications budget rapidly swamping all previous IT budgets and with the deadline for the return of Hong Kong to China looming, managed a global, cross-company team to install a firewall between Intel US and our factories in former Soviet republics. Required C-level communication skill as well as ability to get down-and-dirty with engineering projects. Required knowledge of manufacturing processes, US law, encryption, and firewall technology.

Eliminating 34+ legacy direct T1 lines between Intel and other companies, our team standardized Intel’s firewall and proxy architecture. Coordinated firewall and gateway activities within the company, and gained acceptance for policies and processes for adding new technologies to our firewall systems.

July 1985—September 1993

University of Michigan

Sr. Computer Systems Consultant, Merit Network/NSFNET project

Dual appointment with the Merit Network and the University of Michigan. Managed customer service phone bank for network issues and worked closely with U-M Computing Consultants to answer user questions quickly and accurately. Participated in the NSF-funded expansion of the ARPANET into the modern-day Internet backbone.

Volunteer Experience

April 2005-March 2007

Partner

Chaos Café, is an outreach program for at-risk teens in the Cameron Park, Rescue, and Shingle Springs, CA areas. Developed Business Plans, budgets, grant applications, and presentations to evangelize and bootstrap the project. When the real estate zoning issue became deadlocked, began to look for full-time work.

Contact this candidate