CBCP with twenty- plus years of professional experience including Project Management positions in Operational Capacity, IT Security, Data Center Management, Incident Management, IT Auditor, and Business Resiliency Management.
Business Continuity
Disaster Recovery
Continuity of Operations Management
Incident Management
Alert Notification
Corporate Communications
Emergency Action Planning
Executive Crisis Management planning
Business Resiliency planning
Internal Audit (SOX 302/404 & SOC I/SOCII
Table Top Exercises and Live Exercises
Business Impact Analysis
Risk Management
Compliance, (ISO 22301, NIST)
RELEVANT PROJECT EXPERIENCE
Hyundai Corporation
Business Continuity and Disaster Recovery Architect Consultant Client: Hyundai Corporation – 07/11/2021 to 12/15/2023
A seasoned professional disaster recovery and business continuity consultant and executioner, with over twenty years of experience performing Business Capability Modeling (BCP), Risk Compliance Self-Assessments (RCSA), and continuity of business planning for major enterprises. My experience led me to specialize in Enterprise Resilience Business continuity and Disaster recovery providing companies with contingency recovery plans and compliance. I implement Plans and procedures that support continued non-interrupted service that meets clients Service Level Agreements and protects the company reputation and brand. I also led Recovery Plan testing for standalone and cloud-based application recovery with table top exercises, educational training and full system testing processes. Familiar with tools like RPX Resilience Platform, Fusion Risk Management, and LDRPS.
Develop, implement and maintained an organization-wide strategy around disaster recovery and business continuity
Develop and implement DR incident management practices enterprise wide and trained incident resources
Built and conducted business impact analyses, risk assessments and application impact analysis
Improved and analyze data and recommended process improvements that align with business continuity and disaster recovery industry standards
Presented monthly business continuity and disaster recovery dashboard meeting to management staff
Wrote exercise plans, Table Top Exercises plans and business resiliency workflows and took the initiative to conduct exercises
Communicated technical information in a clear and concise manner to both technical and non-technical resources.
Effectively managed numerous diverse projects and priorities simultaneously.
Establish, build and maintain effective customer-focused working relationships with employees, managers, consultants, vendors, contractors, and others encountered in the course of performing DR work
Build and developed, maintain and/or update standards and documentation using the latest information tool kits
Build business resiliency annual dashboard to identify Disaster Recovery, Business Continuity, BIA’s and training schedules.,.
Implemented 2-year Business Resiliency roadmap in addition to a crawl, walk, run strategy.
Implemented a business resiliency program model for business continuity and disaster recovery.
Valley Bank
Senior Resiliency Governance and Compliance Consultant –Sr. Resiliency Client: Valley Bank SME -01/2021 to 06/12/2021
Valley is one of the most trusted and respected banks in the industry. We have approximately $41 billion in assets and over 200 locations throughout New York, New Jersey, Florida and Alabama. Since 1927, the Bank has never produced a losing quarter. Even during the most challenging economic times, we have never stopped lending to our customers.
Project Management oversight of all Business Resiliency activities including DR and Vendor Testing.
Designed compliance and governance program for 11 IT and 8 business units.
Served as the TSG's Technology Governance Lead responsible for program governance framework, methodology and execution.
Presently acting as liaison to and manage technology relationships and risk relationships with both internal and external business units.
Worked with business continuity Catalyst administrator to automate tool and minimize manual reporting process.
Educated all IT Business functional owners of new standards, procedures, policies and evidence reporting.
Assisted in the development of 35 IT policies, procedures and standards for business continuity and disaster recovery program. Documents were prepared for Regulators, OCC and internal audit teams.
Prepared and facilitated all regulatory meeting and deliverables request.
Completed assessment for Catalyst Business Resiliency tool, which consisted of implementing documents for metric reporting.
Scheduled, tracked and reported all technology audit (internal & external), corporate risk and 3rd party regulatory required activities, evidence review and submission, TSG resource involvement and other aspects of managing from notification to completion.
Lead Valley's response efforts for all Technology Audit, Risk & Compliance related deliverables (these areas are highly focused on Business Resiliency (BR) -- Business Continuity (BC), Disaster Recovery (DR) & Crisis Management (CM).
Accomplishments
Identified several Governance/Compliance policies and addressed gaps for audits. Resulting in a full policy and procedure inventory review.
North Carolina State Employee’s Credit Union
Senior Disaster Recovery Tower Client: North Carolina State Employee’s Credit Union 01/2020 to 01/2021
SECU is a not-for-profit cooperative financial institution owned by and operated for the benefit of member-owners. SECU’s members share a common bond: employees of the State of North Carolina, public boards of education, and 7000+ employees. SECU was founded June 4, 1937 with 17 members and $437 in assets. Over the years, SECU has grown in services, membership, and assets. SECU now has over $40B in assets and serves over 2.4M members through more than 260 branch locations, more than 1,100 ATMs, 24/7 Member Services, a 24/7 voice response telephone service, an interactive website, and a mobile app.
•Presently assisting “C Levels” with implementation of COVID-19 ongoing support framework and working group coordination. This includes issue tracking, business case approval tracking and ongoing progress pandemic planning reporting.
•Responsible for driving the maturity of the business resiliency program as part of the corporate risk management policy.
Developed/implement business resiliency metric framework for organization strategic Business Continuity and Disaster Recovery program.
Facilitate all Disaster Recovery and Business Continuity best practices to leadership monthly.
Demonstrate and provide complex project leadership between the technology groups and business units.
•Work with Associates from the Business Groups, IT, Information Security, Internal Audit, executive management organizations to improve current IT and business continuity capabilities position.
•Defined Business Continuity strategy and seeks its approval at the highest level of the company.
•Implement the overall enterprise business continuity and disaster recovery strategy.
•Responsible for establishing/ maintaining the Disaster Recovery and Business Continuity policy (ISO27001 and ISO22301 based) and the overall program framework to deliver across the Resiliency Life Cycle: Business Impact Analysis, DR Readiness Assessment, BC/DR Strategy Design and preparation, BC/DR Plans, BC/DR Testing, Recovery, Training, and remediation oversight of identified gaps.
•Identify and develop learning opportunities related to IT and Business Continuity.
•Coordinate and mentor IT and business units on the creation and maintenance of business continuity plans.
•Provide direct communications between the Business Continuity Groups, Information Technology Operations, Technology Architecture, IT Operations, Application Development Management.
•Participate in appropriate business groups and development planning meetings and activities. Facilitate timely identification, escalation, resolution, and follow-up for all outstanding issues.
•Oversee the planning, coordination, and scheduling of IT and business continuity exercises to validate plans. Establish process to integrate key learning from ERO Exercise in the crafting of future plans.
•Ensure all stakeholders are present in the IT Project lifecycle and consult and advise systems owners on solutions and alternatives related to business resiliency.
•Facilitate evaluations and assessments of technologies related to cyber security, and business resiliency.
•Designed Cyber Security Play book for 15+ tools and metric reporting for cyber and incident events.
•Coordinate with the Internal Audit team periodic reviews and tests of established business continuity plans/disaster recovery procedures.
•Drive standard work and simplification through holistic approach which minimizes, and proactivity manages against disruptions.
•Create documentation to train personnel on business resiliency projects, exercises, procedures and plans.
Accomplishments
Implemented enterprise BC and DR program with an annual testing life cycle methodology and business resiliency roadmap. Lastly, I drove and designed a resource certification training program for over 15 business segments resulting in many resources preparing for their certification.
Arch Capital Financial Services
Manager - Global Disaster Recovery and Business Continuity worldwide Client: Arch Capital Services 11/2017 to 01/2020
Arch Capital Group Ltd., a Bermuda public limited liability company, writes insurance, reinsurance, and mortgage insurance on a worldwide basis. ACGL has a unique underwriting platform, experienced management team and strong capital base have enabled ACGL to establish a prominent presence in the global insurance, reinsurance, and mortgage insurance markets.
Managed the Global Business Resiliency Program 14 countries, establishing the Corporate Crisis and Continuity Management (C&CM) framework and develop of global program implementation.
Provided guidance, consultation, facilitate all global business resiliency decisions and advised divisional C levels on implementation and exercising globally - Business Resiliency plans.
Developed, coordinated, and conducted exercises including plan walk-throughs, simulations and table-top to live exercises. Drive continuous improvement through exercise results.
Governed the program leveraging our policies standards, processes, and procedures.
Ensured all global business Vendors resiliency programs meet company industry regulations, standards, and compliance requirements worldwide.
Developed and maintained policies, standards, procedures, guidelines and assist the Business continuity and Critical event Manager with developing and maintaining KPIs, KRIs and KCIs, Scorecard, and Executive Dashboard. Performance metrics; compile and deliver regular and ad-hoc reports and briefings to senior management, business and technology risk owners, and other audiences, as needed.
Provided a clear understanding of dependencies for business processes, business functions, applications, technology, and internal and external parties related to their business functions.
Identified opportunities for strategic improvement or mitigation of business interruption and other risks caused by business, regulatory, or industry-specific change initiatives.
Managed 35 offshore resources in addition to 19 US resources.
Accomplishments
Designed a Global Segment Business Resiliency Implementation model in China, Australia, Manila, Cebu, Canada, Dublin, Zurich, London, Denmark, Finland, Cyprus, Brazil, Ireland, and Dubai.
State of North Carolina
Director of Disaster Recovery and Business Continuity (Interim Consultant Client: State of North Carolina 02/2017 to 11/2017
North Carolina State Government is the state’s largest employer with approximately 130,000 employees. It is a large organization comprised of various agencies, branches, and universities, each providing an important public service.
Reported directly to the state of North Carolina Deputy CIO, Responsible for all Disaster Recovery, Business continuity, Data Center Compliance, Knowledge Transfer, Technical architectural designs and all testing and exercises.
Ensured change / revision / version control procedures are effective.
Facilitated CIO monthly meeting with over 25 CIOs on educational DR/BC awareness, cost effective best practices.
Managed the completion of risk assessments and compliance audits to monitor, risks related to business and technology initiatives; work with business and technology risk owners to document risk treatment plans as well as track and report progress on, or achievement of risk reduction activities.
Implemented enterprise-wide Business Resiliency Life Cycle Methodology.
Led BIAs and RAs with cross-functional business units.
Facilitated the review, development and administration of policies and procedures for BCP/DR, and others as requested, to implement Business Resiliency strategies.
Motivated and influenced senior management and other staff to maintain an overall Resiliency Program.
Accomplishments
Aligned Disaster Recovery/Business Continuity Best practices statewide for all agencies.
Conducted Risk Assessment for all Data Centers, resulting in Data Center Consolidation and multimillion-dollar cost savings to taxpayers
Public Consulting Group
Sr, Business Resiliency Program Manager 11-2013 to 01-2017
Privately held $350 Million consulting firm serving government clients in the Education, Health and Human Services arena. Over 4,000 employees in over 40 offices throughout the US, Canada and Europe.
Member of the Sr. Management team. Responsible for all Disaster Recovery, Business continuity, Data Center Compliance and all testing and exercises.
Implemented a sustainable business resiliency program globally across 6 business divisions and internal IT.
Developed processes, documentation, BC/DR Training tools, business resiliency plans and employee certification programs.
PCG now has a full business resiliency life cycle methodology in place.
Advised Sr. Management of all business resiliency goals and objectives weekly.
Managed a budget that meets the goals and objectives of the Business Resiliency Program as required by the board.
Managed a team and associated consultants in their duties to deliver BC/DR capabilities (lead / supervise / manage 9+ employees).
Responsible for BC/DR Internal Audit and regulatory compliance obligations.
Assesses the business continuity implications of proposed technological to the organizational changes, and coordinated any revisions to the existing IT continuity and recovery action plans.
Developed a Business Impact Analysis (BIA) to quantify and qualify potential impacts of events on the organization and its operations to prepare Recovery Time Objective (RTO) and Recovery Point Objective (RPO) that meet business needs and contractual obligations.
HCL America
Sr, Business Resiliency Project Manager 12-2012 to 10-2013
A Global Leader in IT Applications & Infrastructure Services Across Industries’ Technologies is an Innovative Technology & Outsourcing Company that provides ...32 Countries · $6.4BN Organization · 109,795
Led 6 key Enterprise application Disaster Recovery Testing programs for HCL clients within the U.S and abroad.
Managed application customer stakeholders relationships
Responsible for all application testing, remediation, and final reporting to Sr. Management.
Served as the Lead DR Analyst overseeing all aspects of the DR program to include: plan development and maintenance, testing, process improvement, business recovery centers, and risk management.
Defined and managed a distribution strategy to ensure that continuity and recovery action plans are properly secured, distributed, and made accessible under all disaster scenarios for the DR Teams.
In the event that a declaration is required, serves as liaison between IT management and departmental business continuity teams.
Rex Hospital/UNC Hospital
Business Continuity Consultant July 2012 to December 2012
Founded in 1894, UNC REX Healthcare (a member of UNC Health Care) is a private, not-for-profit health care system. For over 120 years, UNC REX has met the health care needs of our community by providing various services throughout Wake County. Rex Healthcare has multiple facilities located in Apex, Cary, Garner, Holly Springs, Knightdale, Wakefield, and Raleigh. Rex Hospital has over 5,400 staff members.
Assumed leadership role in developing, coordinating, and maintaining comprehensive Data Center recovery plans and a testing program, to ensure proper documentation and the ability to recover in the event of an unforeseen disruption to Rex Hospital and UNC health care system facilities, technology systems, and applications.
One of my many duties were to draft and publish incident management communications in collaboration with the present business continuity Team
Once plans were completed and signed off by management I conducted round table educational and awareness working sessions. This process resulted in the next steps for a table top exercise.
Developed best practices model and tools for project execution and management, with a self-service DR Model.
Ensure compliance with Sarbanes-Oxley (SOX)
Analyze big 4 compliance controls and provided recommended process improvements to Senior Management – note: some controls from big 4 were not properly designed.
Design, execute and document internal control procedures
Work with Business Unit Leaders on analyzing and implementing SOX 302/404 best practices
Big 4 Consultant & Fortune 500 IT Consultant
Sr Technical and Compliance Consultant Dec 1999 to June 2012
From 1999 to 2012 I worked as a freelance consultant for clients in the following industries, Banking and Finance, Manufacturing, Pharmaceutical, state and local government, Health Care, IT Consulting firms and the Big 4 Consulting firms. My roles varied depending on the project. SME in the following areas:
Business Continuity Consultant – Assisted several clients with implementing ant testing business continuity capabilities, in addition to remediating all exception.
SOX 302/404 Consultant – Assisted several clients with 302/404 controls review and audits.
IT Auditor – Worked with clients auditing security controls and access to programs and data.
Disaster Recovery and Data Center Security testing – conducted Data Center testing compliance ISO27001
Technical Architect – assisted clients with data center DR Plan’s designs and architectural reviews.
SOC I & SOC II Consultant – assisted clients with security controls audit and pre-audit review.
Risk Management Consultant – assisted clients with Business Impact Analysis resulting in GAP analysis,
Served as Sr. liaison between Sr. management and board members.
SunGard Planning Solutions
Sr Business Continuity Consultant/Project Manager Jan 1994 to December 1998
SunGard Availability Services is a provider of IT production and recovery services with annual revenues of approximately $1.4 billion and offices in 9 countries. The company uses its experience in recovery to design, build and run production environments that are more resilient and available.
Managed ERP SunGard implementation testing for fortune 500 clients & educated clients on Continuity Planning & Disaster Recovery strategies
Wrote123 DR plans and Business Continuity plans for manufacturing, health care, IT, Telecomm company and state\local government
Developed client tools to better assist clients understanding the administrative process of IT internal controls
Tested SunGard ERP software internal controls and business process functionality
Developed over 55 enterprise risk & fraud assessment reviews
Developed 34 Business impact analyses for fortune 500.
Managed all tier one business continuity exercises and made recommendations for exceptions
Conducted Data Center vulnerability analysis for external and internal Data Center assets.
Tested capacity management policies and procedures
EDUCATION
University of Texas in Austin
Master of Business Management – 2001
(12 hrs completed)
Voorhees College – Denmark, SC
Bachelor of Science, Computer Science - 1988
Denmark Technical College – Denmark, SC
A.A.S. Data Processing/Mathematics - 1986
Professional Affiliations
Certified Business Continuity Professional 2012
Advanced Business Impact Analysis Training 2014
Project Management Professional 2000
Advanced resiliency Training, Las Vegas, 2009
Advanced Business continuity resiliency & Disaster Recovery software training
SOX accelerator application tools - 2007; CISA & CIA candidate - 2006; State of North Carolina Honorary
NIST SME
Business Council Member – 2005; SOX 404 Testing, Remediation, RCM, Training – E&Y 2005; SOX 404
ISO27001 & ISO22301
DRI Conference member 1999 - 2015
DRJ Conference 2009 – 2016
BCI Conference 2015
FISMA Training 2013
SOC I and SOC II advanced Training by KPMG
Business Resiliency Tool Experience
Fusion
Recovery Planner RPX
LDRPS
Archer
KinsBridge
Mike E. Gagum
Certified Business Continuity Professional
Accomplishments
Implemented a global business resiliency program, compliance mentoring and education to 6 business divisions under budget. .
Managed and Mentored staff resulting in 8 of 9 employees obtaining CBCP.
Delivered excellent guidance to Sr. Management
Knowledge transfer completed. Internal resources are now trained to manage a sustainable business resiliency program.
Select the yellow dot to control the highlight’s pointer.
To delete select this shape and select delete