Post Job Free
Sign in

Information Security Director

Location:
Chattanooga, TN
Posted:
March 14, 2023

Contact this candidate

Resume:

TIM SKINNER, CISSP

Chattanooga, TN 423-***-**** ***.*.*******@*****.*** linkedin.com/in/timskinner2/

Information Security Director/VP: IAM, Engineering, Architecture, GRC

Innovative, forward-focused Information Security Executive advancing the mission and vision of enterprise-level financial and insurance companies through strengths in cyber-resilient security design, monitoring, response, and recovery. Strong proficiency in direction setting backed by hands-on experience in security assessment processes, identity and access management, customer identity and access management (CIAM), engineering and architecture, technology selection, standards development, and risk and vulnerability management.

●Spurred innovation as a champion of proof-of-concept initiatives and discovery projects for new technologies, incentivizing automation, and process improvements.

●Expertly guides large-scale IT implementations as part of decisive project leadership.

●Superior team builder defining and motivating alignment with corporate goals and growth strategies through leadership, training, mentoring, and coaching.

●Agile communicator pivoting among multi-level stakeholders to drive cohesion and transparency.

●Certified Information Systems Security Professional (CISSP).

Identity And Access Management Information Security Engineering/Architecture Vulnerability Management Innovation

Project Management Change Management Team Leadership, Building/Coaching Business Security Solution Development Security Technology Lifecycle SOC1 / SOC2 Audit Remediation Projects Performance Management Workload Management Problem Resolution Leadership/Organizational Design Strategy/Roadmap Development Process Development / Improvement

DevSecOps Communication and Collaboration Azure Zero Trust SAST DAST

SELECT KEY ACCOMPLISHMENTS

●Managed integration of Veracode with Developer environments and Jenkins build server for CI/CD pipeline automated security testing, resulting in good metrics to measure application security and minimizing security defects.

●Created and optimized security technical assessment processes to ensure compliance and best practice security configuration.

●Developed technical 3rd party risk assessment processes that added technical perspective to our 3rd party risk program.

●Introduced Ping Identity Access Manager, Federate, and Directory, migrating Websphere portal and .NET apps.

●Created and managed Security Engineering, Security Architecture, and Security Tools Operations teams.

●Configured DataPower web services gateways with ACA federal services hubs (such as CMS and the IRS) for states that included Michigan, Connecticut, and Massachusetts while at Deloitte.

●Originated a network and system penetration testing audit service for LarsonAllen (aka CliftonLarsonAllen), resulting in a new practice and profitable service delivery.

PROFESSIONAL EXPERIENCE

BLUE CROSS & BLUE SHIELD OF TENNESSEE, Chattanooga, TN 05/2014-12/15/2022

Director, IAM, Information Security Technology, Engineering, Architecture 05/2019-12/15/2022

Originated all work processes for workload intake and backlog management, engineering security assessments, technical security baselines, architecture review, DevSecOps build pipeline security testing, on-call rotations, service desk request / incident routing and resolution, and standards assurance testing. Managed the complete technology portfolio for the security team. Cultivated collaborative environments, strengthening interdepartmental communications through cross-functional leadership and relationship-building and accelerating resolution of issues and challenges. Built and staffed ground-up teams of up to 34 people for security engineering, architecture, and technology support. Strengthened information security services by forging key relationships with internal leaders.

●Automated security and configuration testing, expediting identification of and resolution of defects and other issues impacting implementation success.

●Integrated security elements into established business processes, including procurement, PMO, software development lifecycle, and information systems engineering resulting in increased security awareness and effectiveness.

●Drove resolution of potential problems early in solution development process through simultaneous code review and automated security testing, Improving the quality of products and security configurations.

●Supported internal business units and Information Security teams through security technology implementations.

●Ideated and introduced a product-centric workflow intake management process, generating technical depth by creating backlogs and implementing transparent processes to effectively prioritize work. Results included heightened CISO-level team visibility.

●Mentored and coached several team members for more accountable promotions, including from engineering to threat hunting and management as well as from management to an enterprise architecture position.

Information Security Engineering Manager 05/2016 – 05/2019

Oversaw a 14-person cybersecurity technology team, two supervisors, and one solution architect. Established team structure, emphasizing collaboration and skills development. Defined technology roadmaps and managed strategy development and communications while balancing process development/improvement initiatives. Narrowed the focus of information security services on business enablement.

●Built and trained IS engineering team on system design methodology, security assessments, and security assurance resulting in a repeatable process for integrating security requirements early.

●Eliminated redundant applications, reduced SSO and provisioning times, and enabled standards compliance by implementing centralized customer identity and access management system, replacing the legacy solution as part of a two-year project.

●Adhered to cutting-edge identity standards, such as FIDO, OIDC, XACML, SAML, SCIM, OAuth, in the rollout of customer-facing solutions such as streamlined registration processes.

Principal Consulting Security Engineer 05/2014 – 05/2016

Oversaw application security team performance, including budgeting, resource allocation, and staff professional development, as a supervisor accountable for hiring and onboarding two new employees. Contributed to technology evaluations and IAM roadmap development. Outlined and refined position descriptions for the IAM application security team.

●Rolled out web services security systems and processes using IBM Websphere DataPower appliances.

●Launched web application security systems and processes using Ping Identity Ping Access and Ping Federate.

●Introduced enterprise virtual directory systems/processes using Radiant Logic Virtual Directory Server.

DELOITTE AND TOUCHE, LLC, Minneapolis, MN 04/2013-05/2014

Specialist Manager

Directed IBM Security Identity Manager implementations for state governments such as Michigan, Connecticut, and Massachusetts. Configured and implemented IBM WebSphere DataPower security solutions. Excelled in project management execution and support.

●Managed identity and access management system architecture, design, and build documentation as well as program evaluations and roadmap development.

BLUE CROSS BLUE SHIELD MINNESOTA, Eagan, MN 07/2011-04/2013

Information Security Consultant Lead

Demonstrated proficiency in Tivoli’s suite of solutions as the driver of multiple cross-product implementations, including Access Manager eBusiness system design, implementation, and administration as well as Tivoli Federated Identity Manager installation and administration. Rolled out and maintained role-based access control (RBAC). Mentored and coordinated workload management for the IAM engineering team.

●Employed Tivoli Directory Integrator, installation, and basic assembly lines with TAM.

●Handled Unix PERL and KSH scripting as well as DataPower system configuration/administration for web services security.

SIRIUS COMPUTER SOLUTIONS, San Antonio, TX 02/2011 – 07/2011

Consultant

Built TAM eB demos for sales presentation during this short-term role. Executed a TAM ESSO implementation project.

●Contributed to Tivoli Identity Manager implementation projects as requested.

SHAKOPEE MDEWAKANTON SIOUX COMMUNITY GAMING ENTERPRISE, Prior Lake, MN 12/2009-02/2011

IT Business Systems Manager

Directed a 13-person team in the delivery of application support, development, middleware, data warehouse, and databases.

●Orchestrated performance management, new staff recruitment, job profile development/implementation for the business systems team, and department budgeting.

●Devised incident management processes and executed business application consolidation projects.

Senior Consultant, MIDWAVE CORPORATION, Eden Prairie, MN 03/2005-12/2009

Information Systems Lead, Enterprise Technology Application Support, TRAVELERS, St. Paul, MN 08/2001-03/2005

EDUCATION / CERTIFICATIONS / PROFESSIONAL DEVELOPMENT

Bachelor of Science in Management Information Systems (MIS)

Iowa State University – Ames, IA

Master of Science, Cybersecurity and Information Assurance (in progress)

Western Governors University

CISSP, #11115



Contact this candidate