Information Security It
Resume:
TOMAS STRUAN, CISSP
adyo22@r.postjobfree.com
https://www.linkedin.com/in/tistruan/
Security, Risk & Compliance Leader
Accomplished, Results-Driven, Security Leader with proven experience. Special expertise in cybersecurity, organizational leadership skills, service & operational excellence, change management, process improvement, multi-national teams and multi-million-dollar budgets. Extensive Industry & Business Management Experience.
PROFESSIONAL EXPERIENCE
Celsior Technologies, Alpharetta, GA May 2021 - present
Director Of Risk, Compliance, and Cybersecurity
Focused on consulting support to high-profile, Fortune listed companies.
Design, Plan, and lead cybersecurity and compliance engagements.
Direct Security Engineering teams and project delivery teams, including SoC, Incidence Response, Penetration Testing. High CSAT (Customer Satisfaction) scores.
Manage Cybersecurity Center of Excellence dedicated to cloud security architecture, zero-trust, DevSecOps, and IoT security.
Lead, and provide strategic direction, for Information Security Management & Compliance Development
Create comprehensive compliance architectures (e.g. PCI-DSS, SOC, ISO 27001, ISO 27002, COBIT, ITIL, COSO, NIST, HIPAA and others). Primarily focused on identifying, managing, and mitigating risks.
Architect and developer of Zero Trust, SASE, and CASB platform deployment ensuring performance standards and aligning with quality assurance reviews
Interact directly with boards of directors requiring strong interpersonal skills, the ability to make independent and rapid decisions, and the ability to research and concisely & effectively present information.
Oversees cybersecurity & security Risk Management teams across multiple clients and industries (including Healthcare IT), managing multiple priorities. Owned engagement outcomes.
Led Incident / Critical Response, Security Modernization & Transformation, SOC and SIEM deployment, and Program Management for mid-market and global organizations. Firsthand leadership.
Strongly aligned with sales strategy & business development to ensure profitability and effective delivery of services.
StormHold Services, LLC, Atlanta, GA Jan 2018 - May 2021
Co-Founder and Chief Technology Officer
Direct and lead professional services engagements including the management of employees and consultants.
Design and managed testing and assessment of security technologies and technology ecosystems. Key services included Penetration testing, Vulnerability Management, and SEO poisoning mitigation.
Influence, educate and lead, with non-technical business leaders related to IT Security Technologies.
Demonstrated the value of enterprise solutions through proof-of-concept programs.
Developed and performed complex ROI advisory in challenging OPEX and CAPEX scenarios.
Spearheaded cybersecurity remediation efforts
Coordinated delivery of cybersecurity training, hosted live workshops, developed materials, and performed assessments to help clients score or design the programs.
Introduced Organizational Change Management & Project Management; worked with clients to build, enhance, and deliver various Corporate Compliance Monitoring and Regulatory initiatives.
Interim/Consulting Chief Information Security Officer (Ventiv Technology Corp.) July 2020 – Oct 2020
Identify & unify related security & compliance initiatives and standards
Coordinated vendor, internal, and audit in development and implementation of compliance, security, privacy, and IT Architecture.
Performed corporate-wide assessment of maturity over compliance, privacy, and security programs, and delivered detailed plans to revive and improve stalled auditing and compliance initiatives (includes ISO 27001 and 27003, GDPR, CPRA, NY-DFs and others…)
Collaborative approach with operational leaders from all areas to implement policies and cybersecurity initiatives.
Lead Privacy and Compliance Operations and serve as Subject Matter Expert, DPO and Compliance Officer. Coordinated & responded to risk assessments & questionnaires.
Documented and led information protection strategy, Internal audit, and ensure compliance with Healthcare Industry, and created documentation standardization across teams.
DiversiTech Corporation, Duluth, GA June 2018 - June 2020
Director, Enterprise Architecture: Information Security, and IT Infrastructure
●Lead, deliver & manage $7M+ IT budget (incl. project balance sheet) and delivered multiple high impact projects with tight deadlines totaling $12m.
●Managed and coordinated enterprise architecture teams for a 500,000 square foot distribution center, start to finish in 5 months. Architected and implemented robotic process and business process automation.
●Led the evolution of logistics and supply chain management within the organization. Coordinate closely with logistics and 3rd Party Logistics (3PL) vendors.
●Demonstrated effective time management and Negotiation Skills by delivering an 18-month program in 5 months in a highly visible & accountable environment. Ability to function is high-stress and high-profile environment.
●Exhibit Credible leadership, keen decision-making, problem-solving, collaborating with peers, and strong use of analytical & communication skills in development & implementation of legacy Manufacturing Technology Lifespan Extension technologies.
●Demonstrated accountability and transparency throughout the organization for IT security issues and timely resolution.
●Heavy use of IT security systems automation (including active directory integration to HR Management system, operating systems deployment, asset management, security reporting & log management.
●Reduced critical incidents 64% by designing & implementing comprehensive network security programs including:
Conventional Security (Network Defense): firewall, endpoint security, remote access, access control, asset protection, data privacy, data protection licensing management, and security agent deployments)
Internal Controls related to support compliance such as: PCI and Sarbanes Oxley (SOx)
●Created & led IT Security, facility/physical security and Cyber security strategic direction including Compliance, IT Risk Mitigation & IT Risk Management Process alignment.
●Demonstrated excellent written skills, presentation skills, managerial skills, including the financial goals of the team. Translate concepts to peers and stakeholders.
●Improved end user support by building a culture based on service orientation, client service, and listen-first
●Avoided a ransom worth more than $2m through incident response improvements consistent with effective Business Continuity & Disaster Recovery (BC/DR) processes.
●Numerous promotions demonstrating progressive leadership experience and critical business insights.
ForenSights Security Solutions, Atlanta, GA Aug 2015 - June 2018
Co-Founder & Chief of Digital Forensics
Founder & innovator of computer forensics and security consultancy focused on assisting clients with cybercrime and malware analysis with integrity and confidentiality.
Exhibited strong executive leadership skills, provide direction, and overall vision.
Developed business solutions portfolio including extensive work on end-to-end data encryption leveraging computer science background.
oMalware identification, intrusion detection, incident response, emergency response, and data recovery operations
oForensic Analysis of computer-based Internal Malfeasance and Ransomware Events
oIn-Depth analysis of systems designed to protect and secure intellectual property (IP)
oCloud Architecture (AWS, Azure, GCP) and SaaS tooling development
oLead Forensic Investigation of IT security, network penetration, and computer fraud events.
oExpert Witness during multiple legal engagements including coordination with law enforcement agencies.
Army Aviation Center (now All-In) FCU, Daleville, AL May 2011 - Aug 2015
Senior Vice President, Information Services/- CIO & CISO
Establish, Inspire, and lead Organizational Security Awareness & Employee Engagement &Training program as well as Multiple Technology and Security Governance programs designed to protect company assets
Developed & managed IT and IS budgets (full balance sheet responsibility)
Built & led cybersecurity risk management program based on NIST CSF & RMF and in compliance with Federal Laws and Regulations.
Originator of 100% of the organization’s Information Technology / Security Policies & Governance documents
Directed board-level training on emerging cybersecurity and technology topics including regular reporting.
Demonstrated Negotiation Skills during technology and security contract negotiations to drive business value.
Inventor & architect of a best-in-class SaaS kiosk that increased member/customer engagement in-branch mirrored to mobile service technologies.
Program implementation of multiple projects for ongoing improvement of security posture. Presenting information to teams at all levels including consultation with senior business management, The Board of Directors, and committees.
Originated Third Party Risk Management / GLBA Program including Security Risk Assessment, SIG profiling, and scanning of supplier interfaces. Implemented security best practices.
Eliminated electronic and physical vulnerabilities by implementing and re-architecting enterprise-level, disaster recovery / business continuity management, emergency response, multi-tiered security & network infrastructure.
Epiphany Partners, LLC, Denver, CO Sep 2009 - May 2011
Senior Director - Technology & Security
Exceptional ability to analyze & present information, diagnose issues, utilize leadership and technical skills when managing projects and engagements in a challenging environment.
●Manage a team in support of large global San Francisco-based manufacturing Corp with their acquisition-related technology needs. Excellent communication skills required to articulate project information.
Completed global update installation, and training of firewalls (500 sites)
●Excellent organizational skills to coordinate and manage enterprise architecture and project plans.
●Extensive customer network and security ecosystem architectures & engineering
●Performed in-depth security assessment (port scan, defense, optimization, vulnerability assessment)
●Designed consumer technology and privacy programs for Fortune 50 clients.
●Highly knowledgeable regarding information security. Created open forums and round table meetings with large numbers of attendees dedicated to security operations, threat analysis, and the value of training employees at all levels. Key component to relationship building.
●Actively engage with Governmental Entities to incorporate threat intelligence into detection platforms.
BayRock Financial Corporation, Alpharetta, GA Dec 2001 - Sep 2009
Senior Vice President- CIO & Chief Information Security Officer
Directed corporate security and IT operations for $28B Financial Services org ($8B Commercial Property Lending) with >200 locations in 5 states and offshore captive. Supervised fintech staff consisting of four direct and 20 indirect reports. Administered $5M+ budget. Oversaw information security, understanding of risk for the enterprise, change management, regulatory compliance, threat/incident management, data security, business continuity, disaster recovery. Public relations, forensics, and legal matters.
●Reduce costs $5M+ via efficient resource management and identification of key performance indicators (KPIs).
●Delivered policy & regulatory compliance structures to meet industry, regulatory, & company standards
●Measurably improved IT security through staff development and retention of critical staff
●Created a coaching & mentoring program to develop a team of engaged employees.
●Originated and controlled publication of Information Security & Technology Policy governance documentation.
●Designed annual performance reviews for multiple teams and conducted assessments accordingly.
●Guided business through massive M&A growth ($70M to $28bn)
●Led more than one hundred major acquisitions through systems integration of customer, employee, and management information systems (MIS).
●Provide direction for the technology and security groups & provide leadership to a diverse team.
●Served as Chairperson of the Change Control Committee, Litigation Sub-Committee, and member of Loss Prevention Committee
●Security Advisory Board Chairperson, Record Retention Committee Member, IT & Security Review Board Chairperson, and IT & Security Steering Committee Vice-chairperson
●Multiple merit-based promotions due to high performance
MILITARY SERVICE
Corporal, The British Army, Royal Regiment - The Castle, Edinburgh, Scotland, UK
EDUCATION
University of Texas at El Paso
Master of Science, Accountancy & Financial Information Systems
Bachelor of Business Administration, Accounting & Economics
CERTIFICATIONS
Certified Information Systems Security Professional (CISSP) 420305
Contact this candidate