John M. Lindsey...

Edmond, OK • 405-***-**** • adcg8g@r.postjobfree.com • www.linkedin.com/in/john-lindsey-850a67/ Decisive Information Security and Risk Management Senior Executive (CIO, CISO) with a talent for defining, developing and executing business solutions that ensure regulatory compliance, protect company assets and help drive enterprise performance. Leverage leadership experience and technical expertise to define and translate requirements, improve IT infrastructure, build out organizations and transform companies. Certified Penetration Testing Specialist.

Risk, Security and Compliance: Ethical leader skilled at recognizing Risk, Security and Compliance gaps, building programs, advocating for change and assembling the people, technology and processes to achieve IT compliance across the entire global footprint.

Transformation Leadership: Drive cultural transformation through security training programs designed to inform and educate business areas on their cybersecurity roles. Define and champion strategies for automating, configuring and hardening IT infrastructure.

“John always puts the mission first and does the right thing regardless of external pressure. His integrity and loyalty to his team [leads] to repeated success in the implementation of security and risk management initiatives …” Expertise Spanning Business and Technology Domains

Security Governance

Security Strategy

Enterprise Risk Management

(ERM)

Risk Assessment and Mitigation

Regulatory compliance (SOX,

HIPAA, PCI)

Data Loss Prevention

IT General Controls

Facility Access Controls

Role-based Access Controls

Control Design

Incident Response

Due Diligence Audit

Total Quality Management (TQM)

Lean Champion

Metrics Reporting

Third-Party Relationships

Team Building

High-Performance Leadership

Project Management

ITIL Certified, COBIT, ISO 17799, Control Design, Control and Compliance, Six Thinking Hats A History of IT Security and Compliance Leadership, Vision and Transformation M GROUP, Edmond, OK 2019 – Present

ADVISOR, SECURITY & RISK MANAGEMENT SOLUTIONS

Consulting on security solutions to help connect companies with the right technologies, processes and people, in order to mitigate risk and achieve customer goals. AMERICAN FIDELITY ASSURANCE COMPANY, Oklahoma City, OK 2009 – 2018 CHIEF SECURITY OFFICER, ENTERPRISE INFORMATION SECURITY AND RISK MANAGEMENT, 2013 – 2018 Defined strategy, developed transformation plan and drove transition to risk-based enterprise security program. Designed role-based access controls, established network penetration testing and application/vulnerability scanning programs, and maintained forensics/litigation support processes. Defined organizational roles (RACI) and implemented third-party audit due diligence and risk mitigation processes. Charter member, McAfee Security Executive Council (Advisory Board). Oversaw $10M annual budget.

Delivered company’s first risk-based enterprise security program, implementing Security Awareness and Training and establishing an overall security posture for the organization that encompassed information and physical security.

Created Enterprise Information Security and Risk Management organization/team that replaced network security infrastructure with best-in-class integrated security platform and enabled regulatory compliance.

Upgraded all security components and instituted security governance; migrated IS&RM to newly formed Enterprise Risk Management (ERM) division.

PROTECTING COMPANIES FROM OPERATIONAL

AND TECHNOLOGY-BASED BUSINESS RISK

John M. Lindsey Page 2

Tripled IT security team (from four to 12); delivered on numerous enterprise-level improvement projects in the areas of identity management, data loss prevention, access controls, vulnerability assessment and application security certification.

Cut costs and gained new efficiencies through automation and integrated security solutions; separated governance, operational functions between IT and enterprise risk management.

Established third-party access program enabling seamless integration of external system users. SENIOR INFORMATION SECURITY ANALYST/ARCHITECT, 2009 – 2013 Recruited to build out enterprise cybersecurity program and modernize AFA’s security posture from the ground up. Oversaw all application and infrastructure development, set enterprise IT security policies and standards, performed due diligence on potential business partners, investigated and resolved all security incidents and ensured regulatory compliance companywide. Member, Standards Management and Lean 5S teams.

Created AFA’s first IT Security and Compliance program, building policies and processes to support the control structure.

Built and directed Security team; created cross-functional Technical Architecture Group and Group Policy Management Team.

Spearheaded Microsoft 2003-to-2008 migration; eliminated two Microsoft Active Directory Forests at sister companies by developing and executing Domain Consolidation initiatives. HEALTHMARKETS LIFE INSURANCE OPERATIONS, Oklahoma City, OK 2004 – 2009 SENIOR INFORMATION SECURITY OFFICER

Recruited to build out corporate IT security and compliance programs, including infrastructure, governance and control structures. Defined and implemented security strategies, policies and procedures, performed security reviews, managed security audits and external auditors, and led initiatives to enhance business performance.

Built and operationalized a fully compliant enterprise IT security program from the ground up; included all policies (150+), rules, processes, documentation, reporting and SOX/HIPAA controls.

Established Business Continuity and Disaster Recovery plans, developed off-site security vault, and championed IT security culture enterprisewide.

Defined and implemented IT general controls correcting 168 significant SOX and HIPAA compliance deficiencies; delivered 100% SOX/HIPAA compliance within two years.

Change Control and Information Asset Owner Programs improving system availability and aligning IT functions with business needs.

Early Career Experience

KERR-MCGEE CORPORATION, Oklahoma City, OK

DESKTOP LEAD/DEPLOYMENT MANAGER, COMMON OPERATING ENVIRONMENT MANAGER, DESKTOP TECHNOLOGY MANAGEMENT

Decentralized IT organization, merging 13 divisional IT support teams and integrating into a single corporate IT support group covering 126 global offices.

Drove development, implementation of enterprise image and desktop infrastructure; standardized computing environment globally.

Directed team of 30 IT professionals, providing performance reviews and career development. Education

BA, Management Information Systems, Oklahoma State University, Oklahoma City, OK

(Anticipated graduation 2020)

CERTIFICATIONS

Certified Penetration Testing Specialist, Certified Lean Facilitator, Microsoft MCP-Enterprise

Contact this candidate