Risk Management Program Manager
Resume:
Russell K. Fairchild
Basking Ridge, NJ ***** – 908-***-**** – ad5ctj@r.postjobfree.com
IT Program Manager – Security, Risk and Compliance
IT & Security Governance
Business Administration
C & PowerShell Programming
Profit & Loss (P&L)
Quality Assurance
Waterfall & Agile Methodologies
Software Development Lifecycle (SDLC)
Risk Management
Networking & Infrastructure
Third Party Risk Management
IT Professional with broad technical and managerial experience in IT with a focus on IT Security, Risk and Compliance. Extensive business and program management experience, and a proven record of success overseeing critical infrastructure and security initiatives.
Strong leadership experience, proficient in Operations Management, Profit & Loss, and IT Infrastructure implementation, security governance, and risk management.
An exceptional communicator, capable of high-level networking, building and leading cross-functional teams, and collaborating across all organizational levels to ensure the achievement of immediate and long-term company goals.
Highly qualified IT and business manager of enterprise networks and global carrier networks, with experience working with Fortune 2000 accounts, and reporting P&L, business results, metrics, and performance exceptions.
CAREER ACCOMPLISHMENTS
General Manager for AT&T Solutions overseeing, $25 M, 135-person contract for Chase Manhattan Bank’s US data and voice outsourcing contract exceeding revenue targets by a margin of 20% for 3 consecutive years, and closing $6M+ in add-on business.
Saved Chase Manhattan $1M by identifying and implementing key gain sharing opportunities.
Led IT Security initiatives and strategies for major companies, including Bed, Bath & Beyond, Deutsche Bank, Quest Diagnostics, Wyndham Hotels, E-TRADE, and ADP.
PROFESSIONAL EXPERIENCE
Liberty Corner Presbyterian Church – Liberty Corner, NJ October 2022 – Present
Identify and implement projects to maintain and improve the structural integrity, safety, security and appeal of an 800 member, twelve acre church including a children’s pre-school.
Map and Digitize Cemetery Records for proper maintenance and expansion.
Identify and remove diseased and dying trees for purposes of safety and ground’s health.
Remove and replace a 20-foot deteriorating paver circle with a new butterfly garden and memorial.
Direct Boy Scout and Cub Scout troops on scheduled ground cleaning and improvement events.
Remediate Children’s pre-school issues including those identified by Department of Education.
Ensure proper maintenance of Cemetery grounds using allotted funds.
Remediated 20-year dirt pile to ensure continued growth of mature Sugar Maple trees and address neighbor’s concerns.
Regraded down large flower beds to ensure proper drainage of water away from foundation to address seepage issues.
Manage multi-year concrete pavement and step repair and replacements.
Upgraded existing Automatic External Defibrillators (AED) and installed an additional AED while providing training to all staff and teachers.
C&G Consulting Services, Inc (Customer: Legend Biiotech) June 2022 – October 2022
Third-Party Risk Management
Third-Party Risk Management & OneTrust Product Owner
OneTrust Product Owner for modules: Third Party Risk Management, Data Mapping, Data Discovery & Classification, Cookie Consent, Policy Management. Lead process owner of Third Party Risk Management and Policy Management modules.
Review all Third-Party agreements and provide Privacy & Security Assessments according to risk and possible mitigation
Advise Legal on appropriate language to include in contracts to ensure proper risk mitigation
Author all Policies, Standards and SOPs related the Third-Party Risk Management
Work with IT Business Partners, Procurement, Legal and Contracting to streamline the Third-Party Risk Management process
Automate the Third-Party Risk Management process utilizing the OneTrust platform and Third-Party Risk Management module
Overall owner of the OneTrust platform for all modules including Data Mapping, Cookie Consent, Consent, Enterprise Policy Management, et. al.
DM&A - (Customer: Orlando Health) August 2021 – March 2022
IT Program Manager – Security, Resiliency & Compliance
Managed Orlando Health’s Security, Resiliency & Compliance Program and Projects including Saviynt IAM, Imperva, AD Modernization, Varonis, GRC Riskonnect
Developed and Executed Saviynt IAM Recovery Plan
1.Assembled a restoration team
2.Directed the development of business processes for on-boarding personnel from disparate systems including Student Services, M&A, & MD-Staff
3.Developed and executed on process to fix, streamline or eliminate IAM Technical Rules
4.Developed and executed on process to address complex IAM Service Requests
Responsible for NIST/CIS program
1.Updated existing roadmap to CIS 8.
Selective Insurance Company of America (SICA) – Branchville, NJ April 2019 – March 2021
IT Senior Security Specialist – IT Vendor Risk Management
Managed SICA’s Third Party Risk Management Program
Automated the Third-Party Questionnaire for all new and existing Vendors providing Software as a Service (SaaS) to SICA.
Authored all Questionnaires including General, Service, API and Cloud.
As single point of contact reviewed over 300 contracts for inclusion of Data Privacy and Information Security terms.
Authored over 150 IT Vendor Risk Reviews.
Ensured the attestation and re-attestation of over 400 vendors for 23 NYCRR 500 Cybersecurity.
Drove and managed the development of SICA GRC platform as well as the on-boarding of Vendors via IT Relationship Managers on-line survey input.
Improved the performance of Tier 1 vendor security profiles over 6 business quarters.
Implemented pro-active Tier 1 Vendor Security Posture improvement program.
Monitored and improved the Security Posture of Tier 1 Vendors through active engagement.
Managed the implementation of SSO for existing and new vendors as well as DMARC policies concerning enforced TLS for sensitive data email transmission.
The Athene Group – (Customer: Starr insurance, New York City, NY) September 2018 – January 2019
IT Program Manager – COBIT 5 Specialist
Engage C-Levels and their teams to assess the client’s alignment with COBIT 5 IT process and their capabilities and maturity.
Interviewed C-Level, Director and Manager personnel to assess key work product outputs in the area of Operations, Security, Change Management and Business Continuity against COBIT 5 framework.
Reviewed over 700 documents of supporting material for COBIT 5 classification and population of COBIT 5 Policy and Procedure documentation repository.
Authored COBIT 5 Assessment report following COBIT 5 framework on level of maturity against above mentioned areas.
Authored key policies for Change Management and Security for corporate use and overall, Policy Structure
Reviewed, investigated, and recommended overall Policy and Procedure framework and documentation management system.
Stratus Technology Services, LLC - (Customer: IFF, Union Beach, NJ) September 2017 – November 2017
IT Program Manager – Security & Networking
Led implementation of all enterprise IT Security projects including:
Remote Single Sign-On for all employees and vendors, Automation Plant Network Segregation, IDS-IPS, Enterprise SIEM,
Data Loss Prevention, Vulnerability Management implementation and final implementation of ZScaler services.
Implemented global ZScaler services
Implemented segregation/segmentation firewalls for 2 factories and planned segmentation for all worldwide plants.
BED BATH & BEYOND Union, NJ March 2015 – July 2017
IT Program Manager – Security, Risk & Compliance
Led program management of all enterprise IT Security projects, consistently completing deliverables on time and on budget, and demonstrated strong leadership in the development and implementation of system remediation initiatives for Compliance projects. Led and directed Deployment and Service Management for a wide range of Security Services including:
Anti-Virus, DNS/DHCP (Blue Cat), Proxy (BlueCoat), External DNS (Akamai), Tripwire, Juniper VPN, PKI & HSM (selection to service), RSA Two-Factor, Imperva WAF & DBF (deployment & tuning), ACS, Transformation to Program Management, Configuration of Management Security Service (Windows PowerShell), and Network Segmentation for PCI Compliance.
Implemented and upgraded SOC platforms as well as improved their processes and capabilities.
Protiviti – (Customer: Deutsche Bank, Jersey City, NJ) November 2013 – January 2015
IT Program Manager – Security, Risk & Compliance
Served as Rollout Manager for Global Configuration Management Deployment of 1K+ Deutsche Bank servers, ensuring full compliance with Monetary Authority of Singapore requirements.
Successfully coordinated Test, Quality Assurance and Production implementation with application worldwide owners.
Drafted and submitted monthly progress reports to local and German project offices, and fully authored guide to assist future rollout implementation strategy.
GALAXE SOLUTIONS Somerset, NJ July 2013 – October 2013
IT Security & Application Program Manager
Oversaw development of custom software solutions within the Technology, Healthcare and Media industries. Utilized Agile and Waterfall methodologies to manage Web & New Technology software introductions for Express Scripts (largest US Prescriptions Benefit Management provider).
Led and directed offshore staffing and Agile software development scheduling (Scrum), and fully integrating software deliverables with Express Scripts IT process, with minimal impact on day-to-day business.
SECUREISLE Basking Ridge, NJ July 2010 – June 2013
Technical Program Manager – Enterprise Security Solutions
Served as IT Security PMO Lead and Project Lead, delivering a wide range of IT Security Solutions for a wide range of clients:
Quest Diagnostics: Identified security risks and delivered loss prevention reports to Senior Leadership concerning PCI, PII, and PHI data, and provided direct leadership over DLP and SIEM projects. Led Executive Directorate for Demand & Resource Management and served as Program Manager for mapping of Unified Control Framework (UCF) to identify policy gaps for SOX, HIPAA, PII, PCI, PHI and other regulations.
Wyndham Hotel Group: Successfully managed $4.5M Security & Compliance portfolio and saved company $250K+ by recommending buy vs. build option for Privileged Access Management. Implemented security applications, including Embedded Password Mitigation using Scrum and Privileged Access Management (CyberArk) to ensure compliance objectives were met. Additionally, performed PCI gap analysis on Software Development Life Cycle PCI Step 6 to ensure PCI and authored Secure Software Assurance Roadmap, as well as .Net and JAVA development security best practices.
ADP: Led project to catalogue and inventory Global Public Internet Edges, and implemented Gateway architectural standards, including Symantec ESM & DLP, Netwitness, Cisco and Juniper firewalls. Led security assessments of global IT sites for Risk Rating and Incident Response Readiness.
Wipro Technologies, Inc. Sept. 2009 – July 2010
Program Manager – Enterprise Security Solution
Directed PCI Compliance project from inception, using RSA-DLP scan. Developed Archer questionnaire and deployed covering 1,200 questionnaires across 43 countries for Credit Card use.
Utilized EMC IRM for remediation. Managed On-shore and off-shore team for production.
Developed new Archer Questionnaire for US SSN and Driver License numbers.
Provided regular updates on progress to EMC Chief Security Officer (CSO)
Assisted development of DLP policies to identify PII information (specifically Massachusetts 201 CMR
17.00) in the global unstructured data environment.
Developed relationships with clients in EMC CSO organizations and developed proposals worth over $2M.
NetworkingPS, L.L.C May 2003 – Aug 2009
Project Director – Security Solutions
Deployed Compliance and Configuration management software for Fortune 1000 companies including PCI, GLBA and SOX compliance reporting. Software now part of RSA IONIX Products.
Developed and executed SOW for Assessment and Solution Design and Phase 2 roll-out engagement for a large Financial Broker company using IBM Tivoli Identity Manager (ITIM).
Led IBM Tivoli Identity Management Assessment (ITIM) & Solution Design engagement for a 60,000-person insurance company
Completed successful turn-up of a Phase 1 installation of an IBM TIM/TAM/EDS Identity Management Suite (ITIM) environment for a 2,000+ person energy company providing password management, provisioning, Web portal access management and SSO services.
AT&T Solutions – Chase Outsourcing Services 1998 – 2002
General Manager & Senior Client Executive - Chase Manhattan Corp.
Managed and directed $25M contract and 135 personnel consisting of engineering, implementation, and operations personnel supporting multi-year Professional Outsourcing Services Agreement with Chase Manhattan Corp. Primary interface to Chase senior management on Outsourcing & Managed Services
AT&T Solutions – Chase Outsourcing Services 1996 – 1998
Director - Engineering & Network Implementation – Chase Manhattan Corp.
Managed engineering and IT program management for Chase’s domestic network for multi-year outsourcing agreement with Chase Manhattan Corp.
AT&T Solutions – Chase Outsourcing Services 1994 – 1996
Manager - Voice & WAN Engineering – Chase Manhattan Corp.
Directed and managed engineering, capacity, and services management for Chase’s domestic network. Provided corporate Voice, WAN and Call Center Services. Managed 14 Technical Professionals.
AT&T Corp. 1992 – 1994
Manager – Worldwide Network Operation Center
Identified, quantified, and mitigated risk associated with national network activities. Managed introduction of surveillance tools for network services. Obtained, analyzed, and reported network performance information to Executive Management, Public Relations, Account Managers and Business Unit Product Managers. Supervised 6 employees.
AT&T Corp. 1989 – 1992
Senior Internal Auditor - Corporate Auditing
Developed and performed Management Process Audits for Network Systems.
AT&T Network Systems 1983 – 1989
Development Engineer – Oklahoma City Works
Coordinated and streamlined systems testing of all International 5ESS® systems. Developed C code for management display and dissemination of test information. Worked closely with Bell Laboratories to resolve first office application hardware, software, and database issues. Delivered on-time shipment of International Systems to clients including Saudi Arabia, Netherlands, and China. Designed, implemented, and managed LAN supporting 100+ UNIX® minicomputers supporting multi-million-dollar cost reduction effort.
TECHNICAL PROFICIENCIES
Technical Background:
C language, IP, LAN, UNIX, LDAP, XML, SQL, PowerShell
Security:
RSA-DLP, RSA SecurID, RSA Envision, Archer, Netwitness, Qualys Vulnerability Management, Symantec ESM & DLP, IBM Tivoli Identity Manager (ITIM), IBM Tivoli Access Manager (TAM), IBM Enterprise Directory Server, Eurekify Sage, Cisco. ZScaler, Okta, McAfee, Titus, SDLC
Frameworks:
ITIL, COBIT 5, HIPAA, NIST Cybersecurity Framework, ISO 27001.
EDUCATION AND CERTIFICATIONS
RUTGERS, East Brunswick, NJ
Master of Business Administration
CLEMSON UNIVERSITY, Clemson, SC
Master of Engineering, Electrical Engineering
UNIVERSITY OF OKLAHOMA, Norman, OK
Bachelor of Science, Electrical Engineering
Certifications
Certified Third Party Risk Management Professional Previous: PMI PMP Certified Project Manager, CISSP, CISA, CRISC, ITIL Certified, COBIT 5 Instrument Rated Private Pilot
Affiliations
Institute of Electronic and Electrical Engineers (IEEE) Project Management Institute (PMI)
(Open Web Application Security Project (OWASP) Information Systems Security Association (ISSA)
Information Systems Audit and Control Association (ISACA) NJ ISACA Chapter Designated COBIT 5 Trainer
International Information Systems Security Certification Consortium (ISC)2
Contact this candidate