Alan Daniel Cochran

Hoover, AL ***** 404-***-****

adwy35@r.postjobfree.com https://www.linkedin.com/in/alandcochran/

Information Security Leader, Specialist, Advisor

Comprehensive and Tailored Security and Risk-Aligned Programs and Processes

Information Security professional with experience having developed and managed reliable information security programs and enterprise security operations for financial institutions, payment processors, health care providers, state government, managed security services and startups. Expertise with Information Security and Risk Management domains including strategy management, security engineering, continuous operations, incident response, service management, regulatory compliance, audit programs, and information security governance. Enjoy developing people, influencing strategic decisions, and building strong leadership and stakeholder relationships. Maintain CISSP, CISA, CDPSE, and ITIL certifications.

PROFESSIONAL EXPERIENCE

STATE OF ALABAMA Montgomery, AL

Executive Director, CISO, IS&GRC 2021-Present

Serving as the senior information security leader, IT regulatory compliance officer for the State of Alabama Office of Information Technology. Providing strategic leadership and direction to operations, management and cybersecurity posture assuring the information security, governance, risk, compliance, strategy that is consistent with the long-term goals and objectives of the State. COBIT, MITRE ATT&CK, FTI (IRS-1075), SSA control sets.

SECURIT360 AND GLOBAL360 Birmingham, AL 2018-2021

vCISO (S360), Information Security and Risk Advisor (G360)

Perform leadership, consulting and advisory services for an information security consulting firm providing clients with assessment, program management and managed services to achieve their information security goals. Evaluated governance, security programs and processes, information systems and network security, change management, access control, IT infrastructure, software development, cloud computing and other key areas of clients. Supported internal and external audit leadership. PCI DSS, HIPPA AUP/Security Rule, MITRE ATT&CK, AICPA SOC, CMMC, SOX, FFIEC control sets.

BBVA COMPASS BANK Birmingham, AL 2016 – 2018

Senior Vice President, Cyber Security & Entity Management

Oversaw information protection functions under the Entity Management program. Provided leadership for information security engineering, operations, access management, rights provisioning functions and IT audit/compliance programs across parent company and subsidiaries. PCI, FFIEC, NY DFS, CPCA, SOX, AICPA SOC 2T2 control sets.

GLOBAL PAYMENTS WORLDWIDE Atlanta, GA 2011 – 2016

Vice President, Information Security

Led the information protection and security of global payments businesses in four worldwide regions. Applied assessments, planning, process / technology implementation, security testing, communication, and leadership reporting actions. Conducted reviews with each region / country to resolve security issues.

PCI DSS, AICPA SOC 1/2T2 controls.

GLOBAL360 Hoover, AL 2010 – 2011

Information Security and Risk Advisor

Consulted on structure and leadership for security governance, security operations, and policy / risk management programs that balanced security practices with business needs. IS Department rebuild.

KAISER PERMANENTE Oakland, CA 2008 – 2010

Executive Director, Information Security and Data Protection

Directed information security risk management leadership and oversight for 6 million members and 126,000 employees. Established operations strategy for the health plan, hospital and medical offices, and physician group. Led the services and operations department. OWASP, HIPPA/HITech controls.

TSYS INC. Columbus, GA 2005 – 2008

Senior Director, Information Security

Managed information security for the world's third largest electric payments and merchant network provider in eight US and four international locations. Oversaw the strengthening and operation of TSYS' IAM service offerings, application selection, workflow architectures, program development, operational support, and fiscal management. Designed and implemented TSYS' first (through third) PCI DSS compliance programs. FFIEC, PCI DSS, SOX, OWASP controls.

AMSOUTH BANK Birmingham, AL (Now Regions Financial) 2002 – 2005

Senior Director, Information Security

Implemented AmSouth Bank’s Information Security Department and established a continuous FFIEC audit readiness program. Formed an information security policy and standards governance council to sanction policies and standards with multiple financial institutions with senior management participating from business and infrastructure divisions. Partnered with Internal Audit for audit and compliance adherence. FFIEC, PCI DSS controls.

GUARDENT, INC. Boston, MA 2000 – 2002

Senior Director, Managed Information Security Services

Developed the managed security service, including firewalls, intrusion detection / prevention, malware, and incident response program, for this startup. Spearheaded a team of expert information security analysts and technicians to build a world-class cybersecurity operations center.

BANK OF AMERICA SYSTEMS ENGINEERING San Francisco, CA 1980 – 2000

VP, Senior Director, Managed Information Security Services

VP, Director, Global Network Operations

Global IT and Security Operation Center, Design, Implementation and Operation

Leadership of IT/IS, Multiple Departments Technology Division, Internal/External Audits

Funds Transfer Delivery Application, Network, System Implementation

Global Network Operations Innovation Center

Applications Development (Trust Systems)

EDUCATION & PROFESSIONAL DEVELOPMENT

Bachelor of Science, Accounting, Fordham University (Rose Hill)

People Leadership, Synovous Leadership Academy

Certified Information Systems Security Professional (CISSP) #96489

Certified Information Systems Auditor (CISA)

Certified Data Privacy Solutions Engineer (CDPSE)

CISSP Examination Writer and Reviewer 2018-2019

Information Technology Infrastructure Library (ITIL) v3

MEMBERSHIPS

National Association of State Chief Information Officers (NASCIO)

National Council of State Legislatures (NCSL)

Information Systems Security Association (ISSA),

Information Systems Audit and Control Association (ISACA),

InfraGARD (Atlanta, Birmingham, Huntsville Chapters)

Contact this candidate