Information Security Officer

Location:

Hiawassee, GA

Posted:

August 15, 2023

Contact this candidate

Resume:

Tony Spurlin

************@*******.***

404-***-****

Chief information Security Officer

IT Security Professional with over 25 years of extensive Information Security and Compliance experience, including Security Operations, Incident Response, Vulnerability Management, Identity Management, Network Security, Disaster Recovery, Risk, Policies, Governance and Compliance. Strategic and tactical leader with global experience building and motivating teams to foster engagement and cross collaboration in driving processes and technology to solve complex business problems.

Recognition and Awards

2016 Information Security Executive Alliance – Southeast Project of the Year Award Winner

2016 Information Security Executive Alliance – National Finalist

2015 HP Customer Excellence Award – Enterprise Security

2015 Information Security Executive of the Year – Southeastern Executive Finalist

2005 Information Security Executive of the Year – National People’s Choice Award Winner

2006 Information Security Executive of the Year – Southeast Regional Nominee

Professional experience

Senior Vice President and Chief Security Officer March 2021 to Present

MAXEX, LLC, Atlanta, GA

MAXEX’s provides a central clearinghouse exchange for lenders, banks and investors to buy and sell loans on the secondary mortgage market using standardized industry-approved trading processes.

Reporting to the EVP and Chief Information Officer, I was responsible for all aspects of information security strategy, policy, standards, risk assessments, security operations, management processes and technology to ensure that information assets are adequately protected with acceptable levels of controls.

Key Accomplishments:

From a Greenfield perspective, designed and built the Cyber Security Organization ensuring functional alignment to MAXEX organizational goals and strategy

Deployed multi-factored, single sign-on capabilities to provide secure, seamless access to MAXEX mortgage exchange services and solutions

Delivered a 3 year strategic plan for Board of Directors review and received immediate approval

Core Responsibilities:

Delivering information security capabilities and countermeasures in support of the MAXEX SAFe CI/CD pipeline

Delivers regular reviews to executive management and quarterly reviews with the Board of Directors regarding enterprise risks and information security

Overall responsibility for planning, organizing, developing, and providing oversight and alignment of security solutions, disaster recovery plans and IT resiliency across the enterprise including suppliers and customers

Oversees the initiation, design and deployment of new systems and processes ensuring sites and computer systems are up to date relative to all operating systems, patches and virus protection software including security information assurance program, architecture, certification and accreditation, operational security, incident management and security system implementation.

Directs all IT security audits and tasks to ensure that the integrity, confidentiality, and availability of information to end-users are not compromised

Vice President and Chief Security Officer March 2016 to January 2021

Windstream Communications, Atlanta, GA

Windstream is a leading network services provider offering nationwide network connectivity and professional services to both businesses and consumers.

Reporting to the EVP and Chief Information Officer, I was responsible for the overall enterprise information security strategy, policy, standards, risk assessments, management processes and technology to ensure that information assets are adequately protected with acceptable levels of controls.

Key Accomplishments:

Designed and built the Enterprise Information Risk & Security (ERS) Organization ensuring functional alignment to deliver core ERS services

Deployed multi-factored, single sign-on capabilities to provide secure, seamless access to Windstream services and solutions that support 1.1 M identities for internal employees, vendors, consumers and customers

Developed the risk management and compliance management programs for ongoing management of these critical areas

Delivered a 3-year strategic plan for Board of Directors review and received immediate approval

Reduced measurable risks by 50% within the first year of hire (as measured by Internal Audit and 3rd party assessment

Core Responsibilities:

Ensures compliance with regulatory requirements including Sarbanes-Oxley (SOX), Payment Card Industry Data Security Compliance (PCI), Customer Proprietary Network Information (CPNI), Federal Information Security Management Act (FISMA) and Health Insurance Portability Accountability Act (HIPAA)

Delivers regular reviews to executive management and quarterly reviews with the Board of Directors regarding enterprise risks and information security

Directs all IT security audits and tasks to ensure that the integrity, confidentiality and availability of information to end-users are not compromised

Global Chief Information Security Officer Sept 2012 to March 2016

Cox Automotive, Inc, Atlanta, GA

Key Accomplishments:

Delivered the first in the industry Scraping Advanced Persistent Threat Defense program reducing overall web site scraping attacks for autotrader.com and kelleybluebook.com from 34% of total traffic to 4% (These sites generate over 10M transactions per week)

Delivered the first in the industry fully integrated and automated application security program supporting 34 separate agile development teams and 16 discrete build environments reducing application security vulnerabilities by 66% by the end of the first year of operation

Core Responsibilities:

Responsible for setting the vision and establishes direction for the deployment of enterprise risk and information security that is aligned with the business strategic objectives and priorities

Responsible for the overall enterprise information security strategy, policy, standards, risk assessments, management processes and technology to ensure that information assets are adequately protected with acceptable levels of controls.

Director, Risk & Compliance Management Nov 2009 to Sept 2012

Optiv, Inc, Atlanta, GA

Key Accomplishments:

Designed, proposed to the Executive team, developed and operated Optiv’s first Enterprise Staffing practice resulting in $11M first year gross income beating the forecasted target of $9M

Optimized the Risk & Compliance Management practice increasing gross profits by 22% and reducing bench time for consultants, improved reporting and increased customer satisfaction

Core Responsibilities:

Responsible for profit and loss of rapidly growing international consulting practice.

Direct and manage the overall and day-to-day business and technical components of client projects to ensure quality work products, solutions and deliverables

Provide leadership direction with regards to all compliance and Information Security engagements ensuring compliance with regulatory requirements including PCI, FISMA, HIPAA and GLBA.

Manage relationships with clients by maintaining frequent and direct contact with senior level executives

Identify, define, develop and implement techniques to improve engagement productivity, increase efficiency, mitigate risk, resolve issues and achieve cost savings

Share in client, practice and performance management including project team management and the development of the solution services team

Supports team goals by leading strategy meetings, including discussing candidate and consultant pipeline, marketing strategies, and current challenges.

Managing Principal Dec 2007 to Nov 2009

Arsenal Security Group, Atlanta, GA

Key Accomplishments:

Lead a major government service provider to achieve FISMA compliance and Acceptable Risk Safeguards established by ERISA, DHHS, and Department of Education.

Establish Office of the CISO, designed and built-out the new Security & Risk organization including hiring staffing, defining functional alignment, core services and developing a 3-year strategic plan in alignment with corporate governmental requirements

Core Responsibilities:

Responsible for defining and development engagement management and quality assurance processes for the compliance, information security and managed services delivery

Manage the profitability of the SE Sales and professional services business by representing 33% of 2008 annual revenue

Partner with Engagement Managers and field teams to appropriately scope and pre-qualify engagements.

Responsible for creating and managing to the Statement of Work and the overall satisfaction of customers.

Working with customer leadership, lead Compliance and Information Security engagements ensuring compliance with regulatory requirements including PCI, FISMA, NIST and GLBA.

Senior Manager/Senior Architect, Information Risk Management Dec 2003 to Dec 2007

The Home Depot, Atlanta, GA

Key Accomplishments:

Designed and built the Enterprise Information Risk Management & Security (IRMS) Organization ensuring functional alignment to deliver core IRMS services

Designed, built, established and operationalized the first in industry Vendor Risk Management program to manage risks introduced by third-parties and service providers

Designed, built, established and operationalized the first in industry Application Security program with full integration into the corporate solutions development lifecycle

Core Responsibilities:

Reported directly to the Chief Information Security Officer, responsible for all areas of Information Security, including: Strategic Planning, Project Collaboration, Assessments, Policy & Standards Development, and Operations

Directed implementation of process development integrating this process into established corporate Solutions Development Lifecycle.

Responsible for leading a team of 24 engineers and architects focused on Information Security and IT Compliance with an annual operating expense and capital budget of $18 million; directly responsible for identifying business security needs and designing solutions to remediate these risks

Prepared, delivered and presented reports, strategic plans and budgets to Executive Leadership Team, Corporate Compliance Counsel and Board of Directors

Responsible for protecting the information assets of a Fortune 13 company with a network of over 500k nodes, 300,000 users and corporate revenue in excess of $70 Billion

Developed and lead the PCI Compliance remediation program, which included 18 cross functional work streams, over 200 internal and flexible staff and a budget of $14 million.

Recognized as a corporate 360-Degree career counseling coach, United Way Corporate Campaign Captain, High-Potential Leader and Information Security Expert

Previous Work History

Information Security Officer, INFO1, Inc Jan 2003 to Dec 2003

Director of Security Services, Vigilar, Inc March 2000 to Dec 2002

Senior Project Manager, VeriSign, Inc Nov 1998 to March 2000

Education and Publications

Business Administration, Management & Information Systems, Valdosta State University

Article: May 2006, Ping with Tony Spurlin, “Information Security Magazine”

Article: July 2007, Securing Extranets, “Information Security Magazine”

Board Memberships

Information Security Executive Alliance Executive Advisory Board

Contact this candidate