Mark A. Wilson
CISSP, ITIL, CBCP, CCM, CCSP (in process)
St. Charles, IL 60175
Information Security, Technology and GRC Leader
Leadership by Example ~ Instilling stellar work ethic and company values ~ Solving business problem with technology
(Will relocate and meet all onsite requirements)
Seasoned and highly-qualified professional with proven expertise guiding global business strategy with established and emerging technologies to achieve maximum operational impacts with minimum resource expenditures. Talent for launching programs related to advisory services, risk mitigation, security, and enterprise architecture. Experience in designing and implementing technical solutions for data security and implementing corporate/enterprise infrastructure initiatives. Track record of success in developing solutions that improve the efficiency of IT and business operations. Persuasive leader known for transforming high-potential staff into outstanding leaders demonstrating the creativity to achieve operational success. Accomplished in pursuing advancement in areas of Security, GRC, BC / DR, and Technical Sales.
Highlights of Expertise
Executive Management and Consultant
Strategic & Tactical Enterprise Planning
Effective Technical Evangelist
Global Enterprise Infrastructure Architecture
Information Risk Management
Technical Sales Leadership
Software Development Management
Information Security Program Director
Strategic Account Management
Technology Centric Team Leader / Director
Technology to Business Issue Alignment
Security and Compliance Management (GRC)
Disaster Recovery / Business Continuity
Strategic Account and Vendor Management
Enterprise budgets, planning, forecasting
Accomplished Technical Sales Management
Professional Services Director
Imperative Planning, Ltd., St. Charles, IL (2006 – present)
Provided executive-level leadership with full accountability for all IT Advisory Services, Security, Audit and Compliance, Enterprise Modeling, Disaster Recovery, and Business Continuity engagements. Engagements included business process analysis, financial analysis and budgeting, IT operations, continuity strategy, IT recovery strategy, DR site analysis, data replication, testing procedures, and recover plan maintenance.
Owner – Advisory Consultant (successive fulltime, contract, W2 and 1099 engagements – partial listing)
Provide executive business, technology and product strategy and execution (CIO, CISO, GRC). Guide modernization and service-level enhancement initiatives spanning multiple facets of information systems, including risk tolerance, enterprise dependency models development, present state analysis, business continuity and recovery infrastructure with test procedures, security analysis, design and testing, mitigation techniques, compliance and systems development management.
Served as SailPoint Program Director and managed enterprise implementation efforts at the US Department of Agriculture. LS3 (Jan 2019 – present)
oManaged 5 individuals and responsible for a minimum of 4 concurrent SailPoint integrations supporting IAM and governance requirements
oAgile Scrum Master
oUtilized Jira to plan and execute Sprints
oUtilized Bamboo and Bitbucket as build environment and repository supporting CI/CD efforts
oLed CMMI accreditation effort
Served as ITRO (IT Risk Officer (GRC)) at NiSource / Wipro (Nov 2017 – Oct 2018)
oFocus on SOX IT controls
oIT risk and mitigation – reduced exceptions, increased controls passing at 100%
oIdentified SOX program deficiencies with lacking controls for Virtual Machines and associated hypervisors
oDeloitte audit – praised by NiSource management
oNERC / FERC
oHitachi IAM suite – comprehensive access control management and auditing (10,000 desktop)
oContinuous interaction with on and off-shore delivery teams
Filled CISO role for large hospital system. Management responsibilities included: (July 2016 – Aug 2017)
oLed information security for the outsourced ATOS IT team
oSecurity Program Development w/ Executive Steering Committee reporting
oRisk, Compliance and Audit – review and revised policies and procedures and privacy policies
oEntire Enterprise Scope – 9,000+ endpoints, 12,000+ medical devices, LAN, MAN and WAN networks,
oIncident management – managed major breach (war room)
oEnterprise Controls – Firewalls - CISCO, IPS - CISCO, DDOS - Radware, Network Monitoring, Endpoint Software Suite - McAfee, Device Tracking, Vulnerability Scanning (Rapid 7), SIEM (McAfee) – identified many significant deficiencies in the enterprise
oWorked closely with enterprise network team to implement CISCO ISE, improve security of the wireless network and mobile computing environments.
oContinuous interaction with project planning and deliver teams
oCreated annual information security and compliance budget
oInterface with county network and county security team
oWeekly face to face with CIO to discuss and present enterprise risks and noted vulnerabilities
oSignificant interaction with Privacy Officer and legal team
Drove the attainment of business profitability by assisting numerous customers with their IT Strategy, IT operations, security program, present state analysis and business continuity and disaster recovery planning requirements.
Ignited company growth or created operational efficiency by participating in many conferences, sales meetings, customer events and board events. Engagements included higher education, government, hospitality, manufacturing, distribution, utility, pharmaceuticals, and health care management organizations.
Performed many IT assessments (CIO level) identifying enterprise vulnerabilities
Virtual Auditor – provider of security and compliance automation tools and appliances
oTechnical consulting on flagship software product which monitored (24 x 7) and reported on the enterprise security and compliance.
oMapped NIST 800-53 Cyber-Security Framework v1.1, HIPAA, SANS Top 20, COBIT 5, FFIEC 2016 Handbook, PCI, New York State Cyber Security Framework, SOX, FEDRAMP v2.1, CIS Top 20, UK and other control frameworks to the ISO 27002:2013 controls allowing the Virtual Auditor product to automatically map alerts to the pertinent compliance control items.
oConceptualized, developed, and initiated policy documents matching the ISO 27002:2013 guidance for each documented area which linked the ISO standard to NIST 800-53, SOX, HIPAA, CSC, PCI and several other frameworks.
oInstrumental as executive consultant to Virtual Auditor (VA) tasked with evaluating current appliance and adding numerous enhancement to their security and compliance appliance platform. Conceptualized, planned, and executed marketing collateral and associated sales PowerPoint presentation illustrating strengths of technology product and associated service portfolio focused on addressing 'C' level and executive audiences.
oCreated policy templates for all ISO 27002:2013 controls allowing Virtual Auditor clients to quickly create a policy and produce manual.
Thomas Compliance Agency (TCA), Chicago, IL
Held responsibility for expanding technology operations to ensure the bank’s readiness for the scrutiny of a state or federal examiner.
VICE PRESIDENT TECHNOLOGY RISK MANAGEMENT (Feb 2015 to Jul 2016)
Designed and developed complex programs, including a comprehensive IT Audit program, anti-money laundering system validation, 3rd party technology vendor validation, vulnerability scanning (Qualys – utilized during each audit engagement) (OWASP), pen testing, and confidential data discovery and monitoring.
Improved security and IT operations through analyzing system hardening procedures, firewall rules and logs, 3rd party technical service providers (vendor management), Active Directory management (GPO), network diagrams, patch management, technology lifecycles and logs from other installed devices (IDS, IPS, content filters, SIEM, etc.).
Effectively ensured the confidentiality, integrity, and availability of bank’s information and nonpublic customer information through conducting risk assessments, IT audits, vulnerability scans (Qualys), and AMS validations. (FFIEC controls, Cyber Security Assessment Tool (CAT), GLBA).
Improved Information Security Risk Management Program by identifying threats and vulnerabilities within the organization.
Utilized and shared responsibilities for corporate SharePoint hosted implementation.
Drove the implementation of security best practices and standards to mature the overall Risk Management Program which includes defining security controls.
Revamped failing IT compliance and audit program, including rewriting Master Services Agreements, customer contracts, sales agreements, client quotations and pre-engagement worksheets for IT audits and Anti-Money Laundering validations (AMS).
Conducted IT audits and AMS validations nationwide with remarkable success.
Delivered board of director’s presentations, reports, summarizations and recommendations.
Sikich, Naperville, IL
Provided hands-on oversight to the newly formed Advisory Services division, securing a trusted advisor status with clients and win business that straddled business and technology portfolios.
DIRECTOR, INFORMATION RISK MANAGEMENT (Oct 2012 to Oct 2014)
Created high quality Information Risk Management Program to ensure the overall security, recoverability, resiliency, efficiency and effectiveness. Demonstrated unsurpassed leadership in identifying top risks and maturing enterprise ensure potential risk exposures were mitigated.
Developed and implemented IT assessment / validation program supporting the CPA division assessing IT operations, infrastructure, and risk issues primarily focused on government and higher education customers.
Improved business through IT innovations and IT leadership by engaging technology division while serving strategic clients in need of corporate IT oversight and recommendations.
Supported interim positions as IT director of a large hospital in NYC for several months.
Engaged client executive teams in need of IT management, IT operations and design assistance, security and business continuity / disaster recovery services which included people, process and technology assessments at all levels of the organizations.
Dependency Modeling – (Blueprints) – graphically illustrating mission critical processes and their dependency on the enterprise IT infrastructure.
NetApp, Sunnyvale, CA
Drove the infrastructure roadmap for enterprise architectural strategies including standardization and modernization of data center, migration, and operational optimization strategies.
GLOBAL ENTERPRISE INFRASTRUCTURE ARCHITECT (Sept 2011 to Sept 2012)
Championed IT management transformation utilizing CMMI, TOGAF / Zachman frameworks, and ITIL principles. Led the definition of architecture, policies and standards covering solution, application, infrastructure, and process components.
Established a “storage as a service” environment for storage consumers to quickly select storage items from a service catalog while ensuring information security.
Supported solution delivery leads by creating appropriate architecture plans, feasibility analysis, system design documents, and implementation plans. (Multi-petabyte storage installations)
Appointed to interact and prescribe solutions for distressed strategic customers resulting in significant improvement retaining customer loyalty, and drive organizational goals maintaining all assigned clients.
Create service catalog for major clients
Delta Initiative, Palatine, IL
Provided IT management consulting support to a national boutique consulting organization focused on organizational performance, process improvements, strategic project turn-arounds, ERP implementations and other business and technology advisory services.
MANAGING CONSULTANT Jan 2007 to Jul 2008)
Instrumental in overseeing project execution, including ERP Implementation, Ecommerce Evaluation – IBM WebSphere, Enterprise Architecture, Data Analysis, BC / DR Planning, and Vendor Analysis. Supplied major contributions to one of Ellucian’s largest installations which retained Delta Initiative to assist in litigating the vendor. Compelled the client to rethink their initiative and work towards a successful implementation.
Resolved client’s long term, vexing software / system integrity issue via root cause analysis methodology.
Discovered duplicate record issue resolving multi-year problem vendor and client could not resolve.
CoFounder / CTO / CISO / Senior Director (1994 to 2005) Endeavor Information Systems
25 direct reports
Directed IT – supported thousands of enterprise systems worldwide
Directed Internal IT – networking, computer, storage, datacenter, cloud computing,
Strategic vendor management (Oracle, SUN, IBM)
Directed technical sales– responsible for millions in revenue from strategic customer.
Technical product management – configuration, security, lifecycle management
Created and enforced security standards – internal and external
Created cloud environment utilized by many higher education clients
Application, database (Oracle), Web (Apache) security, configuration and maintenance
Education & Credentials
Control Data Institute, Lakewood, OH
COMPUTER ELECTRONICS / TECHNOLOGY, 1st in class
University of Toledo, Toledo, OH
CURRICULUM COMPUTER SCIENCE IN ENGINEERING – completed coursework for Computer Science BS degree
Professional Certifications: ITIL, CBCP, CISSP, CCM, American Management Society, IBM Service Management, multiple SUN and IBM technical certifications - admin, security, networking, volume management, Network Management and Monitoring (Solaris & AIX focused), Enterprise Backup i365 Evault. Completed over 50 NetApp University courses on NetApp storage platforms, Data ONTAP O/S, and all NetApp storage efficiency software products
SUN / Solaris, IBM / AIX, RH Linux / Windows / NetApp