Todd Luther

San Tan Valley, AZ ***** 480-***-**** adg2wh@r.postjobfree.com LinkedIn

Chief Information Security Officer

Driven leader and innovator with more 20 years’ experience as an Information Technology (IT) professional with strong expertise in IT management, IT security and risk management, and IT enterprise leadership and engagements.

Expertise in establishing and implementing medium and large IT and information security programs to protect sensitive information.

Design and implement risk management and security programs that promote compliance, safety, and business growth.

Perform evaluations and selections of IT security tools and successfully implement IT security systems to protect the availability, integrity, and confidentiality of critical business information and information systems.

Trusted manager of local and offshore teams who focus on opportunities to improve profitability via policy implementation and process development.

Technical Capabilities: Cloud Solutions, Cybersecurity, Cyber Incident Response, Governance, SaaS, ISO 27001, HIPAA, HITRUST, NIST 800-53r4, OWASP, PCI-DSS, ITIL, GLBA, SOX, ITBI-SSAE Controls, CCPA, GDPR, and FISMA.

Career Highlights

Leadership

Developed, implemented, and led enterprise security strategy and frameworks that consists of strategically integrated elements of NIST risk management and Cyber Security Frameworks, Secure Controls Framework, and OWASP.

Built and implemented a Security Operations/Fusion Center.

Council member on the Enterprise Security Program Council – a group of leading security individuals.

Manage the identification, development, and implementation of security and technical programs and initiatives.

Provide clear communication of IT and Security related matters to senior leadership to drive business operations.

Manage multiple, complex projects, including timelines, milestones, responsibilities, and stakeholder relationships.

Strategy and Planning

Created and implemented the first State of Arizona agency Governance, Risk, and Compliance coordinated strategy.

Established policies and procedures for a large State agency to meet Federal and State regulatory requirements.

Developed a strategy centering on DevSecOps for application code development and review.

Team Collaboration

Established the enterprise system security program to accomplish common IT security and privacy objectives and leveraged common tools to reduce risk and audit findings.

Coordinated within DES and other agencies to define and establish unified programs to tackle IT security issues.

Adept at building processes to work remotely and within a matrixed environment.

Professional Experience

Arizona Department of Economic Security 2018 - present

Chief Information Security Officer

While reporting directly to the CIO, governed all AZ DES security policies, procedures, designs, networks, application deployments, and implementation of all facilities. Established and implemented security program policies and standards for 7 Divisions over 150 locations across Arizona. Collaborated with engineering and developers on security concerns for network and application projects. As a member of the executive team, presented Information Security topics for business-specific issues to senior leadership, department heads, and the board of supervisors. Handled a $4.47M annual budget.

T. Luther, page 2

Professional Experience, Cont.

Arizona Department of Economic Security, Chief Information Security Officer, Cont.

Created 5 new information security processes: Security Governance, Risk Management, Security Incident Response, Vulnerability Management Strategy, and Enterprise System Security to improve audit compliance from 0% to 80%.

Automated cyber security incident response and decreased response time by 38%.

Set standards and procedures for operations and development working in Azure and GCP web environments.

Rolled out an Information Security Program that has more than 450 controls centered on NIST 800-53 r4 for CJIS, CMS/MARS-E2, HIPAA, FISMA, and PCI.

Developed IT Security Governance structure to reduce risks in business processes, enhanced information security, and comply with regulatory requirements.

Created and deployed the Security Awareness Program to reduce phishing attack from 70% to 20% in the first year.

Increase the safeguarding of Arizona citizen’s data through the initiation of the Computer Incident Response Team and worked with IT Operations in Disaster Recover/Business Continuity Plans.

T-Systems North America 2010-2017

Head of IT Security

As a managed service provider, TSNA provides IT and IT security for several Fortune 500 companies within the US and Canada. As the local head of security for the region, oversaw the security operations, governance, compliance, business continuity, internal/external risks, and served as a key contributor to the global risk management board. Acted as the SME for Cloud Security in the design, implementation, and support of cloud IaaS solutions. This included servers, storage, networking, and the physical facilities that support the applications and business processes as required.

Turned 13.8% profit variance loss to a 6.2% profit the first 2 years and 16% the next year while increasing headcount.

Implemented a mature IDS/IPS environment within a private cloud environment to our global client base.

Consistently secured new sales business along with alleviating concerns customers had with Cloud and hybrid cloud security and risk. These efforts brought in two multiyear multimillion-dollar deals.

Improved global processes and eliminated all audit findings regarding risk management in less than one year.

DP DHL 2004 - 2009

Information Security Manager

Managed the US Cyber Security Program. Led risk management and security government processes for a region encompassing most of the continents of North and South America. Ensured full compliance and conducted regular audits. Implemented procedures and policies aimed at strengthening systems security and compliance.

Collaborated with executives in implementing security policies and saved over $100K in penalties and fees.

Implemented and developed a vulnerability and patch management program and reduced malware impacted systems to zero virus or malware attacks for five years after the first 90 days of execution.

Created proactive security checks for internal software and lowered tickets by 27% and audit findings by 70%.

PCI-DSS Security Officer for 4+ years to review requirements for Express Business Unit in meeting PCI compliance.

Initiated, planned, developed, and implemented several successful initiatives which improved the IT to business process and included reliable communication, and resulted in a 11% increase in efficiency by the second year.

Integrated IT systems development for the entire Americas region and led region-wide training for colleagues.

Education & Certification

Bachelor of Science in Computer Information Systems – DeVry University, Phoenix, AZ

Certified Information Security Manager – CISM – In process.

Professional Affiliations

AZ InfraGard, Member and currently a candidate for board membership, 2017 - present

Arizona Counter Terrorism and Information Center – ACTIC, Member, 2018 - present

ISACA, Member, 2015 - present

Core Competencies

Information Security & Assurance

Risk Assessment & Information Gathering

Governance, Risk, and Compliance -GRC

Strategic Planning & Business Continuity

Budget & Contract Management

AZURE, AWS, and Google Cloud - GCP

Servant Leader & Team Management

IT Process & Infrastructure Advances

Stakeholder & Vendor Relationships

Contact this candidate