Cyber Security Leader

ALAN CLARK

Marietta, Georgia *****

+1-919-***-****/***.*******@*****.***

https://www.linkedin.com/in/alan-clark-7413464a

CYBER SECURITY LEADER

Cross-functional leader, advisor, mentor, strategist, and experienced executive in the field of cyber security with a proven record of building security programs or consultancies and executing either on a global scale. Passionate about the role of security as both a protective and enabling function within the enterprise and skilled at delivering market beating results and capabilities. Adept at Project Management and Managing Vendor Relationships. Efficiency expert on current cyber security tools and practices. Committed to creating a culture of excellence, quality, service, and profitability.

AREAS OF EXPERTISE

· Global Compliance Expert

· Cyber Audit

· Cross-functional

· Leadership

· Cost/Benefit Analysis

· Resource Budgeting

· Negotiation

· Strategic Planning

· Road Maps Planning

· Prioritization

· Security Automation

· Financial Planning

· Security Architecture

· Threat Hunting

· Risk Profiling

· Process Improvement

· Virtual/Deputy CISO

· Problem Resolution

· Risk Remediation

· Executive Communications

· Program Management

SUMMARY OF SKILLS

Hands on Experience – Cross-functional Team Leadership, Management, IT Security Strategy, Leadership, Strategy, Negotiation, Strategic Planning, Financial and Resource Budgeting, Delegation

Hands on Experience - Responsible for creating and managing the Governance/Risk Management Programs in several industry sectors including, but not limited to Government, Finance, Private industry, Insurance and Bio-tech.

Hands on Experience - In the process of my career, notably at BB&T, BRCI and VSpace, I have worked on many government/civilian activities utilizing standards including, but not limited to DISSA, EU Financial Regulation, PCI, RFC, HIPAA, SOX, NIST, ISO, US Banking Regulations and Cyber security.

Hands on Experience - Performed network and application pen-tests, security audits (to include but not limited to PCI, HIPAA, SOX, ISO, NIST) and Network Threat Assessments for several Enterprise networks to include VMWare, BB&T and both Civilian and Government industries.

Hands on Experience - Implemented, tuned, and maintained many security technologies to include but not limited to SIEM, IDS/IPS (host and network based,) DLP, Firewalls (host based, network based and WAF,) Anti-malware, Pen-testing, Vulnerability Scanners.

Hands on Experience - Over 21 years in Governance, Risk and Compliance including financial industry, medical industry, and government (Federal and Civilian) frameworks including but not limited to NIST 800-53, SOX, SOC 2, ISO, PCI, HIPAA HiTech, HITRUST FFIEC, GDPR, Privacy Laws and international regulations.

Hands on Experience – Create network and communications policies and standards to bring Fiserv into a global compliance model, Cloud Security Architecture for multiple clouds and application architecture types to include but not limited to AWS, Azure, on-prem and cluster clouds, securing cloud communications based on financial and NIST standards, security network and communications audit companywide to include cloud, third-party and intercompany communications, applications and environment security audits based on current policies standards and regulations, automation of governance processes to assist governance architects in identifying risks for all networked resources including cloud environments, governing body over cloud compliance models, compliance to all financial regulatory bodies, data across borders, HIPAA, NIST, HITRUST and PII, Sr architect for security consulting, continuous process evaluation and improvement, board of director reporting and analysis,

A combined total of over 19 years management experience, including being a member of two boards of directors: controlling a maximum budget of over sixteen million dollars (US) and a maximum staff of thirty-eight direct reports.

PROFESSIONAL EXPERIENCE

Fiserv, Georgia 03/2018-06/2023

Global Cyber Security Director – Department Head

(Full-Time) – Position Was Desolved Due to the Acquisition of FirstData, My Original Company.

Transformed the regional and individual Line-of-Business governance models into the global Cyber Security Governance program which resulted in a much higher security posture for the enterprise.

Performed gap analysis on existing security tools, data, and procedures to create new artifacts. With this gap analysis, strategic planning to remediate the gaps were put in place.

Mentored the enterprise lines of business to understand the risks behind compliance requirements which led project teams to create a decision gate focused on secure development when creating new projects.

Create and expand network security services to ensure a deeper understanding of what data to protect and where it resides, resulting in a greatly reduced risk posture to the global enterprise environment.

Collaborate and negotiate with each Line-of-business Head to help them identify and understand the risks being addressed by the compliance frameworks which resulted in consideration of risk for all ongoing and planned projects.

Cross-functional team leadership and project management to allow for a more risk-based approach to compliance.

Led negotiations between auditors and lines of business to address and remediate any security findings which assisted each Line-of-Business raise the overall security posture.

Created and or modified existing global security policies to cover gaps in good security practices.

Key player in creating cloud computing policies and standards to ensure the cloud deployments follows good security practices maintaining the enterprise security posture.

Managed Operational expenses and Capital expenses for my tower.

Lead threat hunting exercises that discovered numerous hidden/unidentified risks and collaborated with the business owners to remediate each discovered risk which resulted in a much lower enterprise risk posture.

Optimized staffing resources using tangible statistics and real-time data by developing automation of repetitive tasks.

Assist SVP and EVP level executive in guiding global cyber security decisions, policy creation and enforcement, continuous process improvements and optimizations, automation of the Network Security Assurance Process, risk hunting, Enterprise Cyber Security Architecture consulting. Cloud Compliance, C5 and C6 security clearance.

Managed and mentored a team of security architects with less than a three percent turnover rate.

Conduent, Raleigh, North Carolina 10/2017-2/2018

(Full-Time) – Position Was Resigned Because It Was Being Relocated to India.

Director Of Security Architecture and Engineering

Oversaw creation and management of a security architecture and engineering program, ongoing creation and management of governing policies and guidelines for protected environments within the Conduent network.

Managed Client and Line-of Business security consulting activities, Cloud Compliance, Security Architectural design, and review. This led to more mature application security configurations for all parties.

Key player in DLP process implementation from IAM in databases to DLP appliances monitoring for data egress. This greatly reduces the scope of external audits and unauthorized exfiltration of data for the enterprise and for the external clients utilizing the Conduent resources.

As the lead architect, worked directly with various project teams to ensure compliance, HIPAA, ISO27002, EU, FEDRAMP, PCI-DSS, NIST, SAFE Harbor and internal policies.

Negotiated and assisted in strategic planning to remediate security concerns.

Worked with executive management to present and prioritize security objectives, leading to strategic planning and optimizing efforts for the remediation of security concerns. This in turn led to a more cost-effective remediation strategy.

Negotiated and led cross-team collaboration efforts to identify and remediate any security concerns.

Collaborated with C-suite executives to build a security roadmap which allowed for prioritization and less cost to remediate security concerns.

Performed ongoing gap analysis of security tools, processes, and people to ensure a mature security program could be maintained with the ever-changing threat landscape.

Fourteen direct reports with no turnover.

Independent Security Consultant 02/2017-10/2017

(Per Assignment, Hands on experience)

Short-term projects for several large to small enterprise environments to perform various security audits, security awareness training, SIEM architecture, training and tuning assistance, Security Governance program creation, various security controls auditing, DLP and malware impact analysis.

Performed Virtual CISO roles as needed and led meetings with auditors to address any security concerns. All the companies that utilized my services receive a compliance certificate.

Assisted companies to address and remediate security findings as a security architect.

Performed the role of project manager to allow for cross-team collaboration during remediation efforts.

Clorox Corporation, Durham, North Carolina 04/2016-1/2017

(Contract, Hands on experience)

Deputy CISO, Operations Director

Created and maintained the Risk Assessment Process, reviewed, and maintained network security daily.

Discovered and assessed emerging threats and planning/implementing strategic remediation.

Worked with Lines-of-business to ensure security best practices are followed where technically feasible.

Maintained the Cloud Security posture through regular audits and controls testing.

Led DLP efforts to identify data type, where the data resides and the data paths to ensure unauthorized access to the protected data and the transmission there of was tightly monitored and minimized where technically feasible.

Governed the enterprise environments to ensure compliance to all internal and external regulatory requirements and internal policies.

Key player in creating and modifying internal policies to meet all government and external regulatory requirements.

Led risk hunting efforts to identify and remediate existing risks throughout the enterprise to continuously mature the enterprise security posture.

Budget planning for both OPERATIONAL EXPENSES and Capital expenses.

Created and led the incident response team.

Assisted with security focused architectural designs to ensure more secure solutions for business needs, correct past security issues and over-sights, IOT Security.

Created and maintained Security policies for enterprise operations.

Created and maintained the Computer Incident Response program, Incident Response Team Lead, Application Security.

Performed security audits and track remediation of findings, Security Project management, Security product evaluation/implementation/testing, Network threat Assessment, 16 direct reports, NIST, PCI-DSS, SIEM.

ANXeBusiness Inc., Raleigh, North Carolina 09/2014-04/2016

(Full-Time, Hands-On Experience) – Company Sold and Relocated

Sr. Manager Information Security Architect and Senior Security Consultant

HIPAA Compliance Manager, Security Product Consultation, Governance/Risk/Compliance consulting for HIPAA and PCI.

Built various Risk Assessment tools based on industry best security practices.

Evaluated security offerings and make recommendations, Security, and industry trend analysis, DLP consultant, Certified PCI Qualified Security Assessor, PCI product offering consultant, QRadar (SIEM) Consulting and Tuning for individual customers, Client Security Consulting.

Helped external clients create and maintain internal Security Policies to ensure compliance with external regulatory requirements.

Negotiated with lines-of-business heads and auditors to ensure compliance with all regulatory requirements and a certification issued.

Created and maintained internal security policies.

Budget planning for operational expenses.

Led and was a key member of the external audit team to maintain and provide evidence of compliance for external customers.

Led the team of architects in Security solution design for the enterprise environment.

Evaluated and tested Cloud based Application Security

Led internal staff Security Awareness Training

Evaluated and tested Security tools for ANXeBusiness offerings which resulted in a more security mature product offering.

Led efforts HITRUST, IDS/IPS, HIPAA/HiTech, IOT Security, Anti-malware, and others, such as Security Awareness Training offerings, Security product development and implementation, NIST, Application Security, Pen-testing.

Additional Work Experience

VMWARE, ATLANTA, GEORGIA 06/2014 TO 9/2014

INFORMATION SECURITY ARCHITECT - Lead

NCDOT, RALEIGH, NORTH CAROLINA 05/2013 TO 6/2014

SR. SECURITY ANALYST/ENGINEER III

GRIFOLS, CLAYTON, NORTH CAROLINA 01/2013 TO 5/2013

SECURITY ANALYST III

BCBSNC, DURHAM, NORTH CAROLINA 01/2012 TO 12/2012

SENIOR SECURITY ENGINEER

UGC, GREENSBORO, NORTH CAROLINA 09/2011 to 12/2011

SENIOR SECURITY ANALYST

AT&T, RTP, NORTH CAROLINA 08/2008 TO 8/2011

NETWORK SECURITY ENGINEER – TEAM LEAD

BB&T, RALEIGH, NORTH CAROLINA 04/2005 TO 7/2008

INFORMATION SECURITY ENGINEER – TEAM LEAD

AT&T, MORRISVILLE, NORTH CAROLINA 08/2003 to 4/2005

INTERNET INVESTIGATIONS AND SECURITY SERVICES TEAM LEAD, LOW-LEVEL PEN-TESTING

BRCI, ZEBULON, NORTH CAROLINA 06/2002 to 6/2003

VICE PRESIDENT/CHIEF TECHNOLOGY OFFICER AND INFORMATION SECURITY MANAGER (LEAD FIELD SECURITY ENGINEER)

VSPACE, INC., TAMPA, FLORIDA 08/1997 TO 2/2002

VICE PRESIDENT/CHIEF TECHNOLOGY OFFICER AND BOARD OF DIRECTORS

AMA WEB SOLUTIONS, COLORADO SPRINGS, COLORADO (MERGED WITH VSPACE, INC.)

LAN AND WAN NETWORK ADMINISTRATOR/ENGINEER AND PRESIDENT with seven (7) direct reports.

GENERAL DYNAMICS, COLORADO SPRINGS, COLORADO 01/2000 to 12/2000

TIER III DSL ENGINEER – Second Level manager with twenty-eight (28) direct reports.

US NAVY, 1988 TO 1993, NAVAL ENGINEER- NUCLEAR PROGRAM

HANDS ON EXPERIENCE COMPLIANCE FRAMEWORKS WITH AUDIT EXPERIENCE

GDRP – Fiserv, First Data

SOC 1 – BB&T, Fiserv, First Data

SOC 2 – BB&T, Fiserv, First Data

ISO 27001 – BB&T, Fiserv, First Data, VMWare

FFIEC – BB&T, Fiserv, First Data

FISMA, HIGHTRUST – VMWare, Fiserv, First Data

Fed Ramp – Fiserv, First Data

HIPAA/HiTech, HITRUST – ANXeBusiness

California Privacy Laws

Poland Policy Laws

China Compliance Laws

SOX – BB&T, Fiserv, First data

Germany Privacy Laws – Fiserv, First Data

India Privacy Laws – Conduent, Fiserv, First Data

PCI – ANXeBusiness, BB&T, Fiserv, First Data, BB&T

Local Government – NCDOT

Military – DoD, Vspace.

PROFESSIONAL TRAINING, EDUCATION AND CERTIFICATES

Mechanical Engineering, US Navy

Nuclear Field School, Nuclear Propulsion US Navy

• PCI Security Essentials

• Tumbleweed Admin

• ISO

• PCI Cert. Sec Assessor

• Incident Response Team

• Microsoft Network Sec

• Sans GSEC GIAC

• AT&T One Step Process

• Domain Name Service

• NChiper Administrator

• Web Design

• TCP/IP – LAN/WAN

• NChiper Management

• DSSA Network Security

• Network Optimization

• Aventail Engineer

• Industrial Sec User Agency

• IT Maintenance

• RSA SecureID Admin

Personnel (IS001.08)

• Web Design/Graphics Art

• RSA SecureID Mgmt

• Microsoft 95- 2000

Contact this candidate