SUMMARY
I am a seasoned information Security / Technology professional with over 30 years of hands-on experience managing various IT departments and managing multiple large-scale, cross-functional IT projects within Fortune 100 companies resulting in increased performance and value to the company. Outstanding organizational and administrative skills. High energy, independent and self-motivated oriented towards execution and solutions. I have successfully remediated various Business Continuity / Disaster Recovery and Cybersecurity events and am the founder and president of Software Support, Inc., a software development, and consulting firm based out of Houston, Texas.
I was the Information Security Officer (ISO) for the Invesco Trust Company, responsible for coordinating the implementation of an effective information security program and satisfying the annual IT & Security audit conducted by the Texas Department of Banking. I was also a Sr. Officer, Business Security (BSO) at Invesco for North America, responsible for coordinating the implementation of an effective information security program and assisting the Business and Information Technology (IT) teams with identifying, understanding, managing, and reporting on information security risks and compliance. I also served as the single point of contact for security related inquiries, Security Exception Requests, maintaining Policies, Client Due Diligence requests, and contract reviews. I oversaw the effective delivery of all information security services to the various business units. Prior to joining Invesco in 2015, I was a Business Information Security Officer (BISO) at AIG with global responsibilities, Vice President of technology operations at JPMorgan Chase Bank, Vice President of IT security and regulatory compliance at Loomis LLP, a Senior Systems Analyst at Coca-Cola, and a Senior Programmer/Systems analyst at Bechtel.
I maintain a variety of technology certifications, including Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Business Continuity Professional (CBCP), Certified Data Privacy Solutions Engineer (CDPSE), Certified in Information Technology Infrastructure Library (ITIL4) and a certified Project Management Professional (PMP). I have spoken at national conferences on business continuity and information security. I reside with my wife and two children in Houston, Texas.
WORK EXPERIENCE
September 2023-Current
• Lead Consultant, Information Technology & Cybersecurity
SOFTWARE SUPPORT, INC
11000 Richmond Avenue, Houston, Texas 77042
Consulting with companies on Cybersecurity and Information Technology. Conducting Business Impact Analysis, Risk Management/Assessments, Vulnerability Assessments, Due-diligence Questionnaires, Business Continuity Plans, Project Management, and 3rd Party Risk Analysis.
November 2015-September 2023
• Information Security Officer (ISO)
Invesco Trust Company
• Sr. Officer, Business Security (BSO)
INVESCO, Ltd
11 Greenway Plaza, Suite 1000, Houston, Texas 77046
Information Security Officer (ISO) Invesco Trust Company ($65 Billion AUM). Responsible for successful Banking annual audits and compliance to banking regulations resulting in consistently receiving the highest ranking (’1’) from the Texas Department of Banking. Responsible for any audit findings and the ultimate remediation of those findings. Satisfied multiple client Due-diligence Questionnaires. Passed Cybersecurity audit of Invesco Trust Company by the Texas Department of Banking since taking the position. Maintained Information Security policies and minimum standards. Responded to client due diligence requests/questionnaires. Prepared and presented the Annual Report on the Effectiveness of the Information Security Program to the Board of Directors.
Sr. Officer, Business Security (BISO) for Invesco Ltd ($1.2 Trillion AUM)
Primary Interface between the various business units and the Global Security Department. Presenter to various Board of Director's meetings on behalf of Information Security. Oversaw Information Security functions for Invesco North America and served as the liaison between various business units (24,000+ employees) and Information Security. Investigated incidents and reviewed policy exception requests for approval, completed multiple client due-diligence questionnaires, and implemented remediation plans following the National Institute of Standards and Technology (NIST) framework.
Provided second level of response to security incidents. Reviewed and maintained security policies, procedures, and minimum standards. Identified security risks, recommended remediation options and assured compliance to policies / minimum standards. Greatly improved consistency and success rate of client and vendor due diligence and regulatory audits throughout the Company by creating a central repository in SharePoint for audit findings and remediations. Enabled use and maintenance of shared documents (policy, standards, and evidence) for each Business Information Security Officer.
Provided status reports to the Board of Directors, standardized reporting metrics including comparisons to industry standards in Global Security.
October 2011-November 2015.
• Business Information Security Officer (BISO)
AIG
2929 Allen Pkwy, Houston, Texas 77019
BISO for North America & Global Claims. Managed 3rd party security reviews (Data Classification, Risk Calculator, Security Assessment Questionnaire, Contract Review). Provided Application Security Reviews support, developed and implemented the Cybersecurity Incident Response Playbook. Served as liaison between line of business and Information Security. Enabled consistent vendor assessments, including an automatic assignment of risk rating, by developing a new Vendor assessment template. Satisfied due-diligence questionnaires.
Manager, Security Administration. Managed 12-person security administration team. Oversaw various platform security access controls (Mainframe, Microsoft [Active Directory], and Unix), govern access and IT audits, and annual Identity Access Management (IAM) recertification utilizing SailPoint. Eliminated backlog of over 2,500 requests resulting in reduced turnaround time for Access Requests (via ServiceNow) from two weeks to less than 24 hours by reorganizing the department and tracking/assessing individual performances to identify and reward high producing team members.
November 2007-September 2011
• Vice President, Information Technology Security & Regulatory Compliance
LOOMIS, LLP
2500 Citywest Blvd, #2300, Houston, TX 77042
Vice President, Information Technology Security & Regulatory Compliance. Developed, established, and maintained IT Security policies and practices (Corporate office and 80+ branch locations in the United States). Managed internal and external audits as well as due-diligence questionnaires. Successfully implemented the Business Continuity / Disaster Recovery Plan in response to a Zero-Day virus.
TSA - IAC Security Coordinator
Participated in contract negotiations. Responsible for compliance to the Department of Homeland Security regulations and audits. Established IT policies and procedures. Created Business Continuity Plan. Managed $13M US IT budget. Automated badge acquisition and access system nationwide.
May 2007-November 2007
• Lead Consultant, Information Technology
SOFTWARE SUPPORT, INC
11000 Richmond Avenue, Houston, Texas 77042
Consulted with Calpine Corporation (Electrical Power Company) and created/Implemented the Client Company's Disaster Recovery Plan for their trading floor.
December 2004-May 2007
• Vice President, Information Technology Service & Delivery
AEGIS MORTGAGE CORP
3250 Briar Park Drive, Houston, Texas 77042
Managed five departments (Information Security, Access Management, Branch Support, Desktop Support, Help Desk), and two data centers (Houston and Baton Rouge, LA). Enabled and maintained consistent critical services and service levels, despite a reduction in the workforce due to an industry downturn. Produced their Business Continuity Plan.
May 2004-December 2004
• Lead Consultant, Information Technology
SOFTWARE SUPPORT, INC
11000 Richmond Avenue, Houston, Texas 77042
Consulted with Pulse EFT and produced/updated the Company's Business Continuity Plan. Ensured client company preparedness to recover in the event of a disaster by updating old unusable plan and format, and by training management through conducting table-top exercises.
May 1993-May 2004
• Vice President, Technology Operations
JPMORGAN CHASE BANK
601 Travis, Houston, Texas, 77002
Managed Pulse EFT Switch (ATM) system and software and technology relationships. Controlled $20M US budget. Led three IT Departments with over 65-team members. Directed Pulse EFT business support and data centers realizing an annual net profit exceeding $14M. Oversaw worldwide Check Imaging system. Successfully implemented the Business Continuity / Disaster Recovery Plan in response to complete loss of production data center. Responsible for FFIEC regulatory audits and reviews along with resolution of any findings. Completed large-scale projects on time and under budget involving migrating Pulse ATMs to new Data Center in less than 12-months without service interruption. Enabled Company to integrate all Texas branch Banks into the corporate network by leading multiple teams to convert equipment and connectivity to the WAN.
EDUCATION
1977-1986
Associates of Science (equivalent)
UNIVERSITY of HOUSTON - Houston, TX (8/29/1977 to 12/18/1986)
4800 Calhoun Rd Houston Texas 77004 713-***-****
Associates of Science (equivalent) Major: Computer Science/Mathematics
SKILLS
Information Security
Cybersecurity
Business Continuity
Disaster Recovery
Mergers & Acquisitions
Microsoft Suite
Access Management
Contract Negotiations
Budgets
Client Due Diligence
Client Questionnaires
Regulatory Compliance
Manufacturing
Banking
Migrations
Data Centers
Project Management
Board Presentations
Remote Access
Security Policies
Security Minimum Standards
Dashboards
International Team Management
Team Building
Multitasking
Mentoring
SharePoint
MS Teams
KanBan Board
Risk Assessment
3rd Party Mgmt / Assessments
FFIEC Audits
Contract Reviews
Teams
SharePoint
Security Policies
Tx Dept of Banking Audits
Migrations
Disaster Recovery
Minimum Standards
Incident Management
Cyber Incident Response
Audits
Problem Solving
Business Risk
Issue Management
Issue Remediation
Technology Risk
Third party risk management
Vendor Management
Monitoring
Budgets
Forecasting
SDLC
3rd Party Assessments
Manufacturing
CERTIFICATIONS Org Obtained Renewal Cert #
CISA
Certified Information Systems Auditor
ISACA
04/07/23
01/31/26
232147355
CISM
Certified Information Security Manager
ISACA
09/10/09
01/31/25
0912159
CRISC
Certified in Risk and Information Systems Controls
ISACA
06/20/11
12/31/24
1110148
CDPSE
Certified Data Privacy Solutions Engineer
ISACA
07/13/20
12/31/24
2004625
PMP
Project Management Professional
PMI
08/22/07
08/21/26
482983
CBCP
Certified Business Continuity Professional
DRI
01/25/06
N/A
10060
ITIL4
Information Technology Infrastructure Library
AXELOS
09/18/19
N/A
GR671059736DM
https://www.linkedin.com/in/david-marx-1a1800293/
David W. Marx CISM, CISA, CRISC, CDPSE, CBCP, ITIL4, PMP
INFORMATION SECURITY OFFICER (ISO)
BUSINESS INFORMATION SECURITY OFFICER (BISO)
PROJECT MANAGER
DEPARTMENT MANAGER
INCIDENT RESPONSE
BUSINESS CONTINUITY / DISASTER RECOVERY