Sign in

IT Program Manager - Security, Risk & Compliance

Bernards Township, NJ, 07920
June 07, 2021

Contact this candidate


Russell K. Fairchild

Basking Ridge, NJ *****908-***-**** –

IT Program Manager – Security, Risk and Compliance

IT & Security Governance

Business Administration

C & Powershell Programming

Profit & Loss (P&L)

Quality Assurance

Waterfall & Agile Methodologies

Software Development Lifecycle (SDLC)

Risk Management

Networking & Infrastructure

Third Party Risk Management

IT Professional with broad technical and managerial experience in IT with a focus on IT Security, Risk and Compliance. Extensive business and program management experience, and a proven record of success overseeing critical infrastructure and security initiatives.

Strong leadership experience, proficient in Operations Management, Profit & Loss, and IT Infrastructure implementation, security governance, and risk management.

An exceptional communicator, capable of high-level networking, building and leading cross-functional teams, and collaborating across all organizational levels to ensure the achievement of immediate and long-term company goals.

Highly qualified IT and business manager of enterprise networks and global carrier networks, with experience working with Fortune 2000 accounts, and reporting P&L, business results, metrics, and performance exceptions.


General Manager for AT&T Solutions overseeing, $25 M, 135-person contract for Chase Manhattan Bank’s US data and voice outsourcing contract exceeding revenue targets by a margin of 20% for 3 consecutive years, and closing $6M+ in add-on business.

Saved Chase Manhattan $1M by identifying and implementing key gain sharing opportunities.

Led IT Security initiatives and strategies for major companies, including Bed, Bath & Beyond, Deutsche Bank, Quest Diagnostics, Wyndham Hotels, E-TRADE, and ADP.


Selective Insurance Company of America (SICA) – Branchville, NJ April 2019 – March 2021

IT Senior Security Specialist – IT Vendor Risk Management

Managed SICA’s Third Party Risk Management Program

Automated the Third-Party Questionnaire for all new and existing Vendors providing Software as a Service (SaaS) to SICA.

Authored all Questionnaires including General, Service, API and Cloud.

As single point of contact reviewed over 300 contracts for inclusion of Data Privacy and Information Security terms.

Authored over 150 IT Vendor Risk Reviews.

Ensured the attestation and re-attestation of over 400 vendors for 23 NYCRR 500 Cybersecurity.

Drove and managed the development of SICA GRC platform as well as the on-boarding of Vendors via IT Relationship Managers on-line survey input.

Improved the performance of Tier 1 vendor security profiles over 6 business quarters.

Implemented pro-active Tier 1 Vendor Security Posture improvement program

Monitored and improved the Security Posture of Tier 1 Vendors through active engagement.

The Athene Group – (Customer: Starr insurance, New York City, NY) September 2018 – January 2019

IT Program Manager – COBIT 5 Specialist

Engage C-Levels and their teams to assess the client’s alignment with COBIT 5 IT process and their capabilities and maturity.

Interviewed C-Level, Director and Manager personnel to assess key work product outputs in the area of Operations, Security, Change Management and Business Continuity against COBIT 5 framework

Reviewed over 700 documents of supporting material for COBIT 5 classification and population of COBIT 5 Policy and Procedure documentation repository

Authored COBIT 5 Assessment report following COBIT 5 framework on level of maturity against above mentioned areas.

Authored key policies for Change Management and Security for corporate use and overall Policy Structure

Reviewed, investigated and recommended overall Policy and Procedure framework and documentation management system.

Stratus Technology Services, LLC - (Customer: IFF, Union Beach, NJ) September 2017 – November 2017

IT Program Manager – Security & Networking

Led implementation of all enterprise IT Security projects including:

Remote Single Sign-On for all employees and vendors, Automation Plant Network Segregation, IDS-IPS, Enterprise SIEM,

Data Loss Prevention, Vulnerability Management implementation and final implementation of ZScaler services.

Implemented global ZScaler services

Implemented segregation/segmentation firewalls for 2 factories and planned segmentation for all worldwide plants.

BED BATH & BEYOND Union, NJ March 2015 – July 2017

IT Program Manager – Security, Risk & Compliance

Led program management of all enterprise IT Security projects, consistently completing deliverables on time and on budget, and demonstrated strong leadership in the development and implementation of system remediation initiatives for Compliance projects. Led and directed Deployment and Service Management for a wide range of Security Services including:

Anti-Virus, DNS/DHCP (BlueCat), Proxy (BlueCoat), External DNS (Akamai), Tripwire, Juniper VPN, PKI & HSM (selection to service), RSA Two-Factor, Imperva WAF & DBF (deployment & tuning), ACS, Transformation to Program Management, Configuration of Management Security Service (Windows PowerShell), and Network Segmentation for PCI Compliance.

Protiviti – (Customer: Deutsche Bank, Jersey City, NJ) November 2013 – January 2015

IT Program Manager – Security, Risk & Compliance

Served as Rollout Manager for Global Configuration Management Deployment of 1K+ Deutsche Bank servers, ensuring full compliance with Monetary Authority of Singapore requirements.

Successfully coordinated Test, Quality Assurance and Production implementation with application worldwide owners.

Drafted and submitted monthly progress reports to local and German project offices, and fully authored guide to assist future rollout implementation strategy.

GALAXE SOLUTIONS Somerset, NJ July 2013 – October 2013

IT Security & Application Program Manager

Oversaw development of custom software solutions within the Technology, Healthcare and Media industries. Utilized Agile and Waterfall methodologies to manage Web & New Technology software introductions for Express Scripts (largest US Prescriptions Benefit Management provider).

Led and directed off-shore staffing and Agile software development scheduling (Scrum), and fully integrating software deliverables with Express Scripts IT process, with minimal impact on day-to-day business.

SECUREISLE Basking Ridge, NJ July 2010 – June 2013

Technical Program Manager – Enterprise Security Solutions

Served as IT Security PMO Lead and Project Lead, delivering a wide range of IT Security Solutions for a wide range of clients:

Quest Diagnostics: Identified security risks and delivered loss prevention reports to Senior Leadership concerning PCI, PII, and PHI data, and provided direct leadership over DLP and SIEM projects. Led Executive Directorate for Demand & Resource Management and served as Program Manager for mapping of Unified Control Framework (UCF) to identify policy gaps for SOX, HIPAA, PII, PCI, PHI and other regulations.

Wyndham Hotel Group: Successfully managed $4.5M Security & Compliance portfolio and saved company $250K+ by recommending buy vs. build option for Privileged Access Management. Implemented security applications, including Embedded Password Mitigation using Scrum and Privileged Access Management (CyberArk) to ensure compliance objectives were met. Additionally, performed PCI gap analysis on Software Development Life Cycle PCI Step 6 to ensure PCI and authored Secure Software Assurance Roadmap, as well as .Net and JAVA development security best practices

ADP: Led project to catalogue and inventory Global Public Internet Edges, and implemented Gateway architectural standards, including Symantec ESM & DLP, Netwitness, Cisco and Juniper firewalls. Led security assessments of global IT sites for Risk Rating and Incident Response Readiness.

Wipro Technologies, Inc. Sept. 2009 – July 2010

Program Manager – Enterprise Security Solution

Directed PCI Compliance project from inception, using RSA-DLP scan. Developed Archer questionnaire and deployed covering 1,200 questionnaires across 43 countries for Credit Card use.

Utilized EMC IRM for remediation. Managed On-shore and off-shore team for production.

Developed new Archer Questionnaire for US SSN and Driver License numbers.

Provided regular updates on progress to EMC Chief Security Officer (CSO)

Assisted development of DLP policies to identify PII information (specifically Massachusetts 201 CMR

17.00) in the global unstructured data environment.

Developed relationships with clients in EMC CSO organizations and developed proposals worth over $2M.

NetworkingPS, L.L.C May 2003 – Aug 2009

Project Director – Security Solutions

Deployed Compliance and Configuration management software for Fortune 1000 companies including PCI, GLBA and SOX compliance reporting. Software now part of RSA IONIX Products.

Developed and executed SOW for Assessment and Solution Design and Phase 2 roll-out engagement for a large Financial Broker company using IBM Tivoli Identity Manager (ITIM).

Led IBM Tivoli Identity Management Assessment ( ITIM ) & Solution Design engagement for a 60,000-person insurance company

Completed successful turn-up of a Phase 1 installation of an IBM TIM/TAM/EDS Identity Management Suite (ITIM) environment for a 2,000+ person energy company providing password management, provisioning, Web portal access management and SSO services.

AT&T Solutions – Chase Outsourcing Services 1998 – 2002

General Manager & Senior Client Executive - Chase Manhattan Corp.

Managed and directed $25M contract and 135 personnel consisting of engineering, implementation, and operations personnel supporting multi-year Professional Outsourcing Services Agreement with Chase Manhattan Corp. Primary interface to Chase senior management on Outsourcing & Managed Services

AT&T Solutions – Chase Outsourcing Services 1996 – 1998

Director - Engineering & Network Implementation – Chase Manhattan Corp.

Managed engineering and IT program management for Chase’s domestic network for multi-year outsourcing agreement with Chase Manhattan Corp.

AT&T Solutions – Chase Outsourcing Services 1994 – 1996

Manager - Voice & WAN Engineering – Chase Manhattan Corp.

Directed and managed engineering, capacity and services management for Chase’s domestic network. Provided corporate Voice, WAN and Call Center Services. Managed 14 Technical Professionals.

AT&T Corp. 1992 – 1994

Manager – Worldwide Network Operation Center

Identified, quantified and mitigated risk associated with national network activities. Managed introduction of surveillance tools for network services. Obtained, analyzed and reported network performance information to Executive Management, Public Relations, Account Managers and Business Unit Product Managers. Supervised 6 employees.

AT&T Corp. 1989 – 1992

Senior Internal Auditor - Corporate Auditing

Developed and performed Management Process Audits for Network Systems.

AT&T Network Systems 1983 – 1989

Development Engineer – Oklahoma City Works

Coordinated and streamlined systems testing of all International 5ESS® systems. Developed C code for management display and dissemination of test information. Worked closely with Bell Laboratories to resolve first office application hardware, software and database issues. Delivered on-time shipment of International Systems to clients including Saudi Arabia, Netherlands and China. Designed, implemented and managed LAN supporting 100+ UNIX® minicomputers supporting multi-million-dollar cost reduction effort.


Technical Background:

C language, IP, LAN, UNIX, LDAP, XML, SQL, PowerShell


RSA-DLP, RSA SecurID, RSA Envision, Archer, Netwitness, Qualys Vulnerability Management, Symantec ESM & DLP, IBM Tivoli Identity Manager (ITIM), IBM Tivoli Access Manager (TAM), IBM Enterprise Directory Server, Eurekify Sage, Cisco. ZScaler, Okta, McAfee, Titus, SDLC


ITIL, COBIT 5, HIPAA, NIST Cybersecurity Framework, ISO 27001.


RUTGERS, East Brunswick, NJ

Master of Business Administration


Master of Engineering, Electrical Engineering


Bachelor of Science, Electrical Engineering


Certified Third Party Risk Management Professional Previous: PMI PMP Certified Project Manager, CISSP, CISA, CRISC, ITIL Certified, COBIT 5 Instrument Rated Private Pilot


Institute of Electronic and Electrical Engineers (IEEE) Project Management Institute (PMI)

(Open Web Application Security Project (OWASP) Information Systems Security Association (ISSA)

Information Systems Audit and Control Association (ISACA) NJ ISACA Chapter Designated COBIT 5 Trainer

International Information Systems Security Certification Consortium (ISC)2

Contact this candidate