Alan Daniel Cochran
Hoover, AL ***** 404-***-****
*******.*******@*******-**.*** https://www.linkedin.com/in/alandcochran/
Information Security Leader, Specialist, Advisor
Comprehensive and Tailored Security and Risk-Aligned Programs and Processes
Information Security professional with experience having developed and managed reliable information security programs and enterprise security operations for financial institutions, payment processors, health care providers, state government, managed security services and startups. Expertise with Information Security and Risk Management domains including strategy management, security engineering, continuous operations, incident response, service management, regulatory compliance, audit programs, and information security governance. Enjoy developing people, influencing strategic decisions, and building strong leadership and stakeholder relationships. Maintain CISSP, CISA, CDPSE, and ITIL certifications.
PROFESSIONAL EXPERIENCE
STATE OF ALABAMA Montgomery, AL
Executive Director, CISO, IS&GRC 2021-Present
Serving as the senior information security leader, IT regulatory compliance officer for the State of Alabama Office of Information Technology. Providing strategic leadership and direction to operations, management and cybersecurity posture assuring the information security, governance, risk, compliance, strategy that is consistent with the long-term goals and objectives of the State. COBIT, MITRE ATT&CK, FTI (IRS-1075), SSA control sets.
SECURIT360 AND GLOBAL360 Birmingham, AL 2018-2021
vCISO (S360), Information Security and Risk Advisor (G360)
Perform leadership, consulting and advisory services for an information security consulting firm providing clients with assessment, program management and managed services to achieve their information security goals. Evaluated governance, security programs and processes, information systems and network security, change management, access control, IT infrastructure, software development, cloud computing and other key areas of clients. Supported internal and external audit leadership. PCI DSS, HIPPA AUP/Security Rule, MITRE ATT&CK, AICPA SOC, CMMC, SOX, FFIEC control sets.
BBVA COMPASS BANK Birmingham, AL 2016 – 2018
Senior Vice President, Cyber Security & Entity Management
Oversaw information protection functions under the Entity Management program. Provided leadership for information security engineering, operations, access management, rights provisioning functions and IT audit/compliance programs across parent company and subsidiaries. PCI, FFIEC, NY DFS, CPCA, SOX, AICPA SOC 2T2 control sets.
GLOBAL PAYMENTS WORLDWIDE Atlanta, GA 2011 – 2016
Vice President, Information Security
Led the information protection and security of global payments businesses in four worldwide regions. Applied assessments, planning, process / technology implementation, security testing, communication, and leadership reporting actions. Conducted reviews with each region / country to resolve security issues.
PCI DSS, AICPA SOC 1/2T2 controls.
GLOBAL360 Hoover, AL 2010 – 2011
Information Security and Risk Advisor
Consulted on structure and leadership for security governance, security operations, and policy / risk management programs that balanced security practices with business needs. IS Department rebuild.
KAISER PERMANENTE Oakland, CA 2008 – 2010
Executive Director, Information Security and Data Protection
Directed information security risk management leadership and oversight for 6 million members and 126,000 employees. Established operations strategy for the health plan, hospital and medical offices, and physician group. Led the services and operations department. OWASP, HIPPA/HITech controls.
TSYS INC. Columbus, GA 2005 – 2008
Senior Director, Information Security
Managed information security for the world's third largest electric payments and merchant network provider in eight US and four international locations. Oversaw the strengthening and operation of TSYS' IAM service offerings, application selection, workflow architectures, program development, operational support, and fiscal management. Designed and implemented TSYS' first (through third) PCI DSS compliance programs. FFIEC, PCI DSS, SOX, OWASP controls.
AMSOUTH BANK Birmingham, AL (Now Regions Financial) 2002 – 2005
Senior Director, Information Security
Implemented AmSouth Bank’s Information Security Department and established a continuous FFIEC audit readiness program. Formed an information security policy and standards governance council to sanction policies and standards with multiple financial institutions with senior management participating from business and infrastructure divisions. Partnered with Internal Audit for audit and compliance adherence. FFIEC, PCI DSS controls.
GUARDENT, INC. Boston, MA 2000 – 2002
Senior Director, Managed Information Security Services
Developed the managed security service, including firewalls, intrusion detection / prevention, malware, and incident response program, for this startup. Spearheaded a team of expert information security analysts and technicians to build a world-class cybersecurity operations center.
BANK OF AMERICA SYSTEMS ENGINEERING San Francisco, CA 1980 – 2000
VP, Senior Director, Managed Information Security Services
VP, Director, Global Network Operations
Global IT and Security Operation Center, Design, Implementation and Operation
Leadership of IT/IS, Multiple Departments Technology Division, Internal/External Audits
Funds Transfer Delivery Application, Network, System Implementation
Global Network Operations Innovation Center
Applications Development (Trust Systems)
EDUCATION & PROFESSIONAL DEVELOPMENT
Bachelor of Science, Accounting, Fordham University (Rose Hill)
People Leadership, Synovous Leadership Academy
Certified Information Systems Security Professional (CISSP) #96489
Certified Information Systems Auditor (CISA)
Certified Data Privacy Solutions Engineer (CDPSE)
CISSP Examination Writer and Reviewer 2018-2019
Information Technology Infrastructure Library (ITIL) v3
MEMBERSHIPS
National Association of State Chief Information Officers (NASCIO)
National Council of State Legislatures (NCSL)
Information Systems Security Association (ISSA),
Information Systems Audit and Control Association (ISACA),
InfraGARD (Atlanta, Birmingham, Huntsville Chapters)