Program Manager Information Security
Resume:
Jeff Zygmunt, GSLC, CISM
Peoria, AZ ***** • ****.*******@*****.***
602-***-**** • www.linkedin.com/in/jeffzygmunt
Cybersecurity Executive Profile
Highly qualified cybersecurity executive with a strong history of success directing end-to-end Information Security Management and IT Infrastructure programs. Expertise across enterprise IT systems, threat intelligence, professional services management, software development, technology implementations, and data center operations. Talent for leading sizeable security teams, ensuring regulatory compliance, establishing controls, nurturing high performance culture, promoting best practices, and influencing C-level technology decisions. Ability to forge solid relationships with partners and build consensus across multiple organizational levels. Excellent communicator with strong interpersonal skills.
Areas of Expertise
Strategic Information Security Planning
Governance, Risk, Compliance (GRC)
Contract & Vendor Management
Risk Management / Incident Response
Information Assurance / Data Privacy
Cybersecurity Regulations Compliance
Security Threat Assessment
CAPEX and OPEX Budgeting
IT Program Management
Security Architecture Design
Security Monitoring (SIEM)
Policy Documentation
NIST / GDPR / ISO 27001 / SOC 2/CSA
Intrusion Prevention & Detection
Cloud Technology Implementations
Plan of Action & Milestones
Breach Investigation & Action
Team Building & Leadership
Career Experience
CSAA Insurance Group (a AAA Insurer), Glendale, AZ
Direct strategic information security initiatives, assess IT infrastructure vulnerabilities, modernize core systems, streamline technology operations, and implement cutting-edge cybersecurity solutions.
SENIOR DIRECTOR – Cybersecurity Architecture & Protective Services Mar 2019 – Present
Envision and execute strategies for data protection, governance, incident response, risk mitigation, access control, business continuity, and regulatory compliance. Leverage latest information security technologies, promote industry best practices, enforce IT policies and standards, and conduct application security reviews. Prioritize information integrity, identify and mitigate emerging threats, review security reports, and present cybersecurity vision to senior leadership. Report to CISO.
Key Achievements and Contributions:
Oversaw Cyber Architecture, Cyber Protection Solutions Teams - Host/Endpoint and Automation (PaaS and Cloud Automation) - Secure Edge Protection (Zero Trust network security and SaaS), and Data Protection (Data Privacy, M365 Azure Protection, CASB, DLP and Cryptography).
Administered and proposed budgets with business case development and presentations to CISO and CIO for controlling security budgets - OPEX and CAPEX of over $11M per year.
Champion efforts to minimize risk and raise the average Security Maturity Model Score from 2.1 to 3.5 by governing and monitoring the ongoing maturity of the cybersecurity program.
Directed the product selection and implementation for a Secure Service Edge and proper segmentation – Palo Alto Networks Edge re-design (on-prem and AWS), including Global Protect VPN in AWS and Secure Web Gateway.
Established and guided Data Protection team for implementing McAfee Endpoint DLP, Microsoft 365 MIP/AIP, Venafi certificate management, as well as Hashi Corp Vault (on-prem and AWS) key and secrets management.
Led the design and deployment of next-gen security controls: cloud access security (CASB) - Mvision Cloud, host behavioral analytics and protection (AV/EDR) - Crowdstrike, and cross-industry cyber threat analytics.
Ensured compliance with PCI, regulatory and legal requirements, data privacy (CCPA), MAR, NY DSF, risk management, transparency, and third-party oversight including internal and external audit.
SENIOR IT ENGINEERING MANAGER – Structured Database Services May 2016 – Mar 2019
Defined and implemented industry best standards, technology processes, and procedures. Collaborated with cross-functional leaders to develop and implement capability roadmaps. Oversaw data security (protection, encryption, and access), incident resolution, and problem management.
Key Achievements and Contributions:
Administered $5.1M operating and $2M capital budget and led Structured Database Services team of 18 employees, contractors, and offshore DBAs to direct database operations and DBMS platforms, including relational databases of Oracle, MS SQL Server, and DB2 platforms.
Diminished headcount by 3.5 full-time employees with $340K reduction in operating budget by implementing Shared Services Model, automating functions, restructuring team, and increasing efficiency.
Spearheaded Database Outage Analysis and Continuous Improvements. Reviewed KPI scorecards to minimize and eliminate capacity & defect-related incidents and drive operational excellence by maintaining four 9’s of availability.
SENIOR IT MANAGER – Systems Integration and Architecture Mar 2012 – May 2016
Developed and aligned infrastructure platforms, security systems, and application roadmaps with business requirements. Leveraged TOGAF and Zachmann Enterprise Architecture principles to meet performance and capacity metrics. Oversaw IT planning, resource coordination, monitoring, reporting, and management of project schedules and budget. Formulated and maintained IT policies, procedures, and documentation.
Key Achievements and Contributions:
Governed $1.85M annual budget and established a team of 11 senior infrastructure and integration architects to support Security, Enterprise Analytics and Data Services, and Application verticals.
Architected and delivered first private and hybrid cloud solutions using VMware vSphere and vCloud Air – reduced infrastructure and platform build-out time from 14 days to 4 hours.
Led Integrated AWS for policy system regression testing; integrated policy administration regression testing to Amazon Web Services for continual regression testing shared with policy vendor.
Directed team to design, test, and plan migration to Enterprise Microsoft 365 for Exchange, SharePoint, and Skype.
Oversaw design team for Hadoop Distributed File System infrastructure, including 175 Hadoop servers and elastic search farm to support enterprise search and usage-based insurance product.
SENIOR IT PROGRAM MANAGER – Policy Administration System (PAS) Integrations Nov 2009 – Mar 2012
Established project scope, ensured resource availability, scheduled work, controlled budget, liaised with business partners and stakeholders, produced weekly status reports, and documented operational processes for development teams.
Key Achievements and Contributions:
Orchestrated MemberPoint 2.0 PAS program, involving Policy Administration Integrations and Reporting projects. Directed technical leads and development teams with up to 30 on-site and offshore developers utilizing Informatica for the integrations and Cognos for reports.
Generated $200K annual savings and achieved 60% reduction in redundant reports and integrations – delivered over 120 integrations using ETL for reporting, SOA structural services, and REST for internal/external integrations.
Additional Experience
Senior Network Security Engineering PM Consultant (01-2008 to 11/ 2009) Ciber, Inc./American Express – Scottsdale, AZ
PCI / Compliance Project Management Consultant (01-2007 to 01- 2008) Acquity Group/PetSmart – Phoenix, AZ
Information Systems Program Manager (01/2006 to 01/2007) Pulte Homes, Inc. – Tempe, AZ
Information Systems & Security Program Manager (03/2003 to 01/2006) Apollo Group, Inc. – Phoenix, AZ
Engagement/Project Manager (1997 to 2003) OneNeck IT Solutions – Phoenix, AZ
Education & Credentials
Bachelor of Science in Systems Information
Western International University – Phoenix, AZ
Professional Development
Project Management Professional (PMP) – Project Management Institute (PMI), 2000 to 2014
Certified Information Security Manager (CISM) – ISACA, 2022
GIAC Security Leadership Certification (GSLC) – SANS, 2020
Change Management Program for Managers – Prosci, 2021
Interpersonal Communication: Strategies for Executives – MIT Sloan School of Management, 2021
Industry Engagements
Advisor to NightDragon (Security VC company) Board of Directors and portfolio companies to identify and scale the next generation of leading companies in the cybersecurity, safety, security and privacy industry – 2021 to Present
Affiliations
ISACA ISC2 IIA InfraGard NIST CIS PMI American Management Association
Contact this candidate