David P. Zink

Security Consulting and Management

Governance Risk and Compliance Security, Multiple Frameworks, Project Management

adxtit@r.postjobfree.com • 405-***-****

www.linkedin.com/in/david-zink-7312247/

Oklahoma City, OK 73132

Highly professional IT Security Controls Specialist and Project Manager with 25+ years’ industry experience. Information Security Consultant with proven expertise in systems development, compliance strategies, and data privacy. Astute individual, specializing in managing risk assessment projects and security controls reviews, applying industry best practices for identifying workable solutions. Influential leader in the V-CISO space revered for unifying diverse teams, to collaboratively produce quality products, on time and under budget. Prior experience in multiple environments and platforms including network layer, application layer control requirements, secure coding, and user requirements from both a security and functional perspective.

Areas of Expertise

Project Management

GRC Consultant/Specialist

Internal Auditing

IT Security Mgmt & Compliance

Cloud Security

Network Security

Systems Development

Business Process Re-engineering

Risk Management

NIST CSF

Data Privacy\PCI

ISO 27001, SOC 2

GRC Tools

Systems Implementations (SAP/Peoplesoft)

HITRUST CSF

Professional Experience

VSP Vision, OK 2022 – 2023

Director Digital Trust and Assurance

Program manager for HITRUST CSF compliance project responsible for developing policies, procedures and evidence gathering processes in support of the project. Moved the project to the vendor once completed and the project structure was modified to move to separate management for third party review and confirmation of compliance. Developed all testing plans, documentation scoring models and procedure/narrative automation for the vendor which allowed the team to reduce headcount requirements by one half of original design.

Cerberus Sentinel\True Digital Security, OK 2021 – 2022

Senior Security Consultant\Technology Manager

Perform Governance, Risk and Compliance risk assessments based on NIST CSF, HIPAA, PCI and SOC2 standards. Performing V-CISO role for multiple clients including financial services and investment companies. Assisting clients with gap analysis work to prepare for compliance requirements and operational audits, as well as audits to meet state and federal requirements. Implemented multiple projects to automate and implement GRC solutions for multiple compliance frameworks.

Regarding consulting efforts, recently helped a large manufacturing client prepare for successful SOC2 Type I and Type II audits from an original position of no documented infrastructure or policies and procedures. Supervised and managed performance of multiple Oklahoma Senate Bill 584 audits and related Risk Assessments for all business process and IT security operations.

Wells Fargo, OK 2019 – 2021

Program Manager\Information Security Consultant

Analyze and assess security systems and measures for both customer and corporate applications and systems. Focus on determining potential breaches and security risks, including requirements to protect confidential information and suggesting implementable solutions. Performed Project Manager role to coordinate efforts of application owners, system design team, business liaisons and developers to develop the Security Plan for each application and environment under review. Develop project plans, overseeing risk assessment for items such as payment methods, including credit card processing systems, applications, and business reporting processes. Resolve customer’s application challenges, and support requirements such as mobile application access and security challenges as well as real-time account applications processes.

●Increased efficiency in addressing new applications and systems controls requirements.

●Streamlined reporting prioritization of risks for regulators, by formulating real-time approach to match Agile development processes for client’s facing web and mobile applications and processes incidents.

Information Security Controls Consultant/Project Manager 2017- 2019

As a contractor resource, managed and performed numerous security projects for consultants in Oklahoma and surrounding areas for private and public endeavors, recommending solutions for explaining risks and reducing exposure areas. Prepared security program plans and executed IT controls, processes, audit tools, interfaces, and utilities for authentication. Conducted internal audits, providing consultative support for security compliance actions. Implemented periodic, on-demand project audits plus vulnerability analysis.

●Overhauled Graham Leach Bliley review plans and systems, which failed to adhere to industry standards, saving the company 1,000+ auditing hours.

Hewlett Packard/EDS, OK 2009 – 2017

Security Manager & Consultant

Supervised security infrastructure projects for multiple public sector clients including CMS, MERS, Navy, Marine Corps and Army. Designed and implemented security infrastructure to protect organization’s networks hosted by HP, setting, and maintaining security standards. Managed Department of Defense (DoD) Information Assurance Certification and Accreditation Process (DIACAP), Risk Management Framework (RMF) and DISA package review projects for multiple Navy Marine Corps Intranet (NMCI) and Defense Logistics Agency (DLA) applications, particularly the DLA infrastructure environment. Performed security analyst and project management duties for annual certification process and Security Technical Implementation Guide (STIG) scans for Application Hosting Facility managed by HP/EDS, supporting NCMI environment, including security scans, security review on internal processes, disaster recovery and business continuity procedures.

●Improved efficiency of scanning process, by developing reporting scripts to create standardized spreadsheets and reports, saving 100’s of hours of work per month, while improving report deliverables.

●Developed Plan of Action & Milestones (POAM) documentation for 20 projects per year, while managing activities for vulnerability assessment and remediation.

●Successfully completed monthly scans and reports for clients, including NMCI, CMS and MERS.

Ernst & Young, LLP, OK 2004 – 2009

Senior Manager, Technology and Security Risk Services (2007-2009)

Marketed IT audit and IT consulting practice, managed clients’ projects, resulting in annual growth of 20% per year for 5 years. Built practice from no previous IT Audit presence to a staff of 8. Supervised technology and security risk department, consisting of three senior level experts and two staff level IT consultants. Trained, coached, and mentored staff, handling schedules, budgets, and performance evaluations of team.

●Spearheaded projects growing practice to $2.5 million annual billing, for 9,000+ production hours.

●Promoted through position of increase scope and responsibility, from Manager to Senior Manager in 2007.

Implemented risk advisory services product line focusing on IT audit and IT consulting for local offices. Supported local clients in applying Sarbanes Oxley controls. Led multiple safekeeping projects, conducting information security reviews and penetration tests to evaluate risks providing deliverables used by CIO’s and CISO’s to enhance security presence and technical controls. Supervised integrated teams to perform SAS 70 reviews on multiple accounts, ensuring timely completion of projects while adhering to stringent budget specifications.

Deepened client relations and formal feedback scores on multiple accounts by building solid working relations with external stakeholders.

Additional Experience

Director, Information Technology Audit – Worldwide, Hertz Corporation, OK

Manager, Information Technology Audit, Hertz Corporation, OK

Manager, Internal Audit, Integris/Baptist Medical Center, OK

Senior IT Auditor, Information Technology Audit and Security (ITAS) Coopers & Lybrand, TX

Education

B.S. Business Administration, Accounting

Oklahoma State University, Stillwater, OK

Licenses & Certifications

CISSP – Certified Information Systems Security Professional

Contact this candidate