Information Security Manager
Resume:
Kenneth Socko
E adel6q@r.postjobfree.com
L linkedin.com/in/ksocko
A proven thought leader, cross-organizational trusted adviser, team builder, and technologist; looking to leverage my business and technical experience and skills to achieve the most challenging goals. Seeking a new opportunity that focuses on managing and mitigating risks associated with the governance and compliance of information/cyber security, continuity, and data privacy; where I can drive corporate-wide improvements to protect the confidentiality, integrity, and availability of informational assets.
Held various IT roles (Executive Leadership Team Member, Enterprise/Domain/IT Architect, Team Lead, Program/Project Manager, and Technology Subject Manager Expert) with over 25+ years of expanding experience/expertise across business processes, data center solutions, IT services, applications, and infrastructure to ensure processes and technology support business function compliance to regulatory/contractual obligations and business objectives. Lead/facilitated global cross-functional teams and large-scale assignments that represent significant cultural, functional, process, and technical impacts across all levels of a company. Achieving change by ensuring all participants (executives, sponsors, subject matter experts, etc.) align to a common vision, strategy, and execution that properly balance risks and business value.
A strategic/tactical individual contributor that uses logic and reason to break down complex systems and ideas; find obscure connections between seemingly disparate phenomena; create simple concepts to explain why things are as they are, and then develop solutions and plans to resolve and/or improve current state. Leveraging strong communication and influencing skills, move through all phases: visions, strategies, roadmaps, requirements, implementations and then mentoring/training staff to fully operationalize the technology/process.
SKILLS
ACHIEVEMENTS
- Information Security Governance
- Risk Management
- Compliance Management
- ISO 27001, FAR/DFAR, NIST
- 3rd Party Risk Management
- IT Audit Management
- Data Privacy
- GDPR
- Information Classification
- Business Continuity
- IT Service Continuity
- Operational Resiliency
- Disaster Recovery
- GRC Architecture
- Program/Project Management
- Change Agent/Problem Solving
- Team Leadership
- Development/Implementation
- Vision/Strategy
- Policy/Standards
- Process/Procedures
- Efficiency/Optimization
Founding team member to create, perform, and operationalize all aspects of:
oNetApp’s Governance, Risk and Compliance (GRC) group within InfoSec to improve their ability to ensure the confidentiality, integrity and availability of their informational assets.
oNetApp’s and Cisco’s IT Service Continuity Management (ITSCM) Architect to integrate all program aspects with Business Continuity and drive cross-organization technology alignment required to ensure critical business function resiliency and recovery.
Subject Matter Expert (SME) on various IT topics for internal/external audits to ensure NetApp operates securely to regulatory and customer expectations (ex. ISO 27001, FAR/DFAR, CMMC, UK Cyber Essentials, etc.).
Program leadership member to move IT to a service-based organization (ITIL) and to establish the IT Service Continuity Management (ITSCM) practice from scratch.
Directly involved in creating, performing, managing, and training of efficient and scalable practices at NetApp, including: Risk Management, 3rd Party Risk Management (TPRM), Compliance Management, Asset Classification and Cyber Governance.
Directly involved in NetApp’s information security and continuity maturity improvements (NIST Cybersecurity Framework) to increase customer trust and NetApp’s reputation.
Project managed all aspects (people, processes, tasks, and technology) of Red Hat’s:
oCorporate data center relocation from AZ to NC as part of HQ buildout in Raleigh.
oEngineering data center expansion in Massachusetts to meet Ret Hat’s 10-year growth plan.
Project managed all aspects (people, process and technology) of Blue Cross Blue Shield’s:
oYear 2000 (Y2K) testing and mitigation of all UNIX-based systems and applications.
oDesigner, customizer and implementor of Tivoli system management capabilities.
TOOLS
EXPERIENCE
- ServiceNow
- Microsoft Office
- Excel
- Word
- PowerPoint
- SharePoint
- Teams
- Adobe Sign
- SAP Ariba
June 2020 – Present
Consultant, Co-Owner
Socko Consulting LLC
Recent formation of a family-owned consulting company where I can leverage a business risk-based approach to drive solutions to client challenges associated with cultural, operational and/or technical gaps within their internal and external compliance. Ensuring the confidentiality, integrity and availability requirements of their business processes and Information Technology services.
EDUCATION/TRAINING
EXPERIENCE
- 25+ years of on-the-job training
- Leadership
- Team Building
- Conflict Management
- Negotiations
- Time Management
- 25+ years of formal SME training
- Systems Management
- Network Management
- Application Administration
- AWS Essentials Training
- AWS Technical Essentials
- Cloud Practitioner Essentials
- Security Essentials
- Cost Optimization on AWS
- Information Privacy Training
- CIPP/E (IAPP training only)
- CIPT (IAPP training only)
- ISO27001 ISMS Lead Implementer
- Certified Electronic Technician
- Grumman Data Systems
- Various Associate Degree Classes
*Note: Education has been based on fulfilling specific requirements to successfully perform current activities and advance skills.
August 2015 – April 2020
Governance Lead/GRC Architect - Enterprise Information Security
NetApp – RTP, NC
Domain Architect and member of NetApp’s Chief Information Security Officer’s (CISO’s) Leadership Team to influence strategic and tactical decisions regarding organization’s current and future state.
One of three founding members responsible for establishing NetApp’s Governance, Risk and Compliance (GRC) group, focused on Information Security and IT Service Continuity.
Governance Lead responsible for developing; implementing and maintaining strategies, policies, standards, processes, and procedures for NetApp’s Enterprise Information Security practices.
oRevamped corporate policies to support NetApp’s security posture, align with ISO 27001 and that are audience-based to ensure all End Users understand their security roles and responsibilities.
oCo-developed Legal department’s Information Classification strategy, policy and analysis tool.
Risk Management Lead and Subject Matter Expert (SME) responsible for developing, implementing, managing, and training/mentoring team members on various risk associated processes and tools:
oInternal risk identification, assessment, mitigation and/or acceptance.
oSupplier contract review, assessment, vulnerability identification, mitigation/acceptance.
Internal auditor and Compliance Subject Matter Expert to external auditors on the various Information Security and IT Service Continuity policies, processes, procedures, and tools that make up NetApp’s Information Security Management System (ISMS) to internal and external audits (such as ISO 27001, UK Cyber Essentials, etc.).
InfoSec Governance liaison between business process owners and application developers to ensure information security best practices are understood and adopted.
InfoSec Architecture Subject Manager Expert to cross-organizational architects, application and infrastructure developers (On-prem, Cloud/XaaS, Server, End-Point, including: Laptop, Tablet and Mobile) to develop technology assets with information security and data privacy compliance by design.
Lead Risk Architect responsible for assessing technology (infrastructure, applications; etc.) risks and driving response activities to mitigate, remediate and/or accept.
September 2012 – August 2015
Team Lead/Enterprise Architect – IT Service Continuity Management
NetApp – RTP, NC
IT Service Continuity Management Architect (member of ITIL Program Leadership Team) responsible for development, implementing and managing new Operational Resiliency and Disaster Recovery practice to ensure alignment between Business capability requirements and IT service offerings across the enterprise.
oProviding advisory services to all Business organizations and IT teams (executives, owners and developers).
oPractice Lead for the development/implementation of IT Service Continuity Management (ITSCM) strategies; methodologies, processes and tools.
oSME for IT Service Continuity (Resiliency and Recovery) in workshops and working sessions to transition both business and IT from Business Process/IT Application focus to a Business Capability/IT Service model.
Member of Business Continuity Program Office (virtual) to develop/perform new continuity strategies, policies, methodologies, processes, tools, and educational collateral.
REFERENCES
EXPERIENCE
Due to the fact that many of my career achievements were to resolve problems in areas where I did not have any direct authority, I often worked behind the scenes; influencing and guiding those accountable and responsible toward the desired outcome. As such, the best way to depict those activities is through my established reputation with those that assigned me to the activities.
February 2012 – August 2012
IT Project Manager, IT Infrastructure (Contract)
Red Hat – Raleigh, NC
Project Manager responsible to establish a new Raleigh Data Center HUB (Co-Location Facility).
oEstablish Co-Lo data center design/layout/services.
oParticipate in Co-Lo Master Service Agreement and cost negotiations of new data circuits.
oCoordinate all project activities, timelines, and purchases to establish the data center.
oCoordinate all migrations of IT/ENG environments from old to new facility.
Project Manager representing IT in the building of a new ENG LAB in MA.
oEstablish all IT/ENG requirements and ensure they are supported by construction team.
Subject matter expert (SME) on IT Resiliency for Red Hat’s Business Continuity Management Program.
Phil Ferraro
Managing Dir. @ JPMorgan Chase
(former NetApp CISO)
Craig Williams
VP & CIO @ Ciena
Michael Palmer
VP – Transactions & DM @ Fidelity
November 2006 – July 2011
IT Architect, IT Service Continuity Management
Cisco Systems – RTP, NC
Leading processes, procedures, policies, training, strategies, and solution development to ensure all IT Service Offerings (ITIL-based) support Business Continuity requirements.
oAdvisory services to all IT teams and Business organizations (executives, owners and developers).
oPractice Lead for all resiliency process and tool development.
oDeveloping/delivering educational and training sessions.
Resiliency Domain Architect within Cisco IT’s Architecture Process.
oResponsible for providing resiliency focused assessment and analysis feedback on IT implementations to project teams, sponsors and decision makers.
Connie Brenton
Sr Dir, Legal Ops @ NetApp
Gavin Guttersen
Dir of InfoSec Services @ NetApp
Ed Recavarren
Security Manager @ Accenture
March 2000 – November 2006
Program/Project Manager, Enterprise Storage Services
Cisco Systems – RTP, NC
Manage the development and implementation of Data Management Service programs, strategies and solutions Cisco assignments including:
oDevelop strategies and manage the design, testing and implementations of multi-vendor storage/backup solutions for Data Centers, Remote Engineering Offices & Field Sales Offices.
oResearch and define strategies and technologies for:
Data Lifecycle Management (DLM) and Information Lifecycle Management (ILM)
Data Integrity, Replication, High Availability, Disaster Recovery and Resiliency.
Samantha Rudolf-Frank
Insider Threat Lead @ NetApp
See LinkedIn Profile for recent recommendations.
April 1998 – March 2000
Project Manager/Technical Lead (Contractor)
Blue Cross Blue Shield of NC (BCBSNC) – Chapel Hill, NC
Lead various projects within BCBSNC’s Distributed Systems environment. Managed all resources, defined technology paths, and maintained schedules. Performed all or most phases of solutions implementation. Top project includes Y2K testing/mitigation of all UNIX solutions and implementing/customizing Tivoli suite.
September 1993 – March 1998
Client/Server Deployment, UNIX Administration (Contractor)
Cisco Systems – RTP, NC & Carolina Power & Light (CP&L) – Raleigh, NC
Design, deployment, and administration UNIX client/server environment. Responsibilities included: evaluate/recommend hardware and software products; advise system administrators in client/server configurations; operations; and maintenance; develop and deploy Backup and Disaster/Recovery procedures.
Contact this candidate