Post Job Free
Sign in

It Security Vice President

Location:
Canton, OH
Posted:
March 19, 2025

Contact this candidate

Resume:

Shirley Barnes

***********@*****.*** 484-***-****

SUMMARY

Accomplished IT leader with 19 years of experience as a Senior Cybersecurity Risk, Data Governance and financial reporting. Proven track record in managing Physical Plant Operations, fostering Vendor Relationships, and executing Capital Projects with strategic use of technology. Expertise includes advising on IT strategies, enhancing cybersecurity, and optimizing digital transformations. Also previously licensed Realtor in Pennsylvania and Delaware.

WORK EXPERIENCE

H&R Block

Accelerated Tax Professional Dec 2023 - Apr 2024

•Compiled and assessed client financial information to prepare and file accurate tax returns, ensuring compliance with current tax laws and regulations.

•Communicated effectively with clients to address inquiries, provide tax advice, and facilitate a comprehensive understanding of their financial scenarios.

•Identified and resolved discrepancies with tax authorities, while recognizing opportunities for tax planning and optimization for clients.

Hall of Fame

Senior Vice President Information Technology May 2021 - May 2023

•Advised executive committees on IT strategies to enhance digital transformation and user experiences for visitors, contributing to positive business outcomes.

•Developed and implemented a cybersecurity roadmap to strengthen the organization's security posture and ensure compliance with regulatory mandates and risk frameworks.

•Designed an ERP system that integrated with legacy software, reducing employee hours by automating repetitive accounting and finance tasks.

•Managed projects budget for construction buildouts, focusing on technology strategy, IT asset management, and digital implementations to ensure seamless operations.

Aqua America – Oxford Consulting Remote

Security Engineer/Architect Mar 2020 - May 2021

•Conducted risk and vulnerability assessments of IT/OT SCADA environments, performing threat analysis using intel feeds from tools such as Qualys, Carbon Black, and Recorded Future.

•Delivered endpoint detection and response (EDR) solutions with CrowdStrike Falcon, implementing proactive threat hunting, malware prevention, and incident remediation strategies.

•Enhanced security measures by routing traffic through a reverse proxy to enrich security logs, supporting forensic investigations and trend analysis, and configured phishing campaigns to bolster the security awareness program.

Wipro Remote

Senior Principal Managing Consultant Risk Compliance and Assurance Jun 2019 - Mar 2020

•Developed and implemented comprehensive IT security solutions, including strategies for compliance with CCPA and GDPR, enhancing organizational adherence to data privacy regulations.

•Conducted thorough risk assessments and compliance reviews across multiple frameworks and regulations, reducing technical debt in Microsoft Azure and improving cybersecurity posture.

•Led process reengineering and control enhancement initiatives, resulting in improved security management processes and operational efficiencies.

•Implemented and tested /continuous delivery (CI/CT/CD)

•Managed Healthcare Information Systems project in Azure executing against technical debt items (Humana).

Avantor Radnor, PA Senior Security Engineer Consultant Feb 2019 - Jun 2019

•Conducted a comprehensive assessment of SIEM and SOC implementations to identify and address process gaps, risks, and regulatory requirements, while providing expert guidance on LogRhythm configuration and rules.

•Developed and managed strategies for incident response, breach prevention, and digital forensics, including the configuration of CrowdStrike for AI-driven endpoint monitoring and vulnerability management.

•Coordinated and responded to technical assistance requests, ensuring compliance with SLAs and internal policies, and effectively communicated resolutions through the ticketing system.

W.R. Berkley (Randstad Consulting) Wilmington, DE

Senior Cybersecurity, Policy, Risk, Governance and Compliance Consultant Oct 2017 - Feb 2019

•Developed comprehensive cybersecurity frameworks (NIST, ISO27001, COBIT, SOX) to enhance IT governance processes, ensuring compliance with regulatory standards such as 23 NYCRR Part 500 and GDPR.

•Managed the implementation of RSA Archer GRC Suite, providing oversight on business compliance and risk metrics, while assessing enterprise risk using FAIR methodology to guide remediation strategies.

•Designed and deployed security solutions including CrowdStrike and reverse proxy integration to mitigate vulnerabilities and enhance SIEM processes, improving overall security posture and compliance.

Lockheed Martin

Assurance Cybersecurity Senior Manager - Cyber Governance, Risk and Aug 2015 - Jun 2017 Compliance

•Directed a team of 20 Security Engineers in developing enterprise solutions to enable business strategies, including the implementation of advanced metrics for comprehensive cyber risk management.

•Defined and implemented an enterprise-wide cybersecurity governance, risk, and compliance strategy, managing a budget of approximately $5M to establish policies and manage cyber risks to closure.

•Developed and managed cyber governance risk and compliance tools and strategies, including a risk register and control library, and led the rollout of compliance modules aligned with regulatory frameworks such as NIST 800-53/171 and ISO27001.

•Collaborated across departments to enhance business resiliency efforts, developed business continuity and disaster recovery plans, and represented cybersecurity interests on the IT Asset Management Center of Excellence Board.

PHH Mortgage (Robert Half/Protiviti) Mount Laurel, NJ

Senior Risk Management (Consulting) Mar 2015 - Aug 2015

•Conducted comprehensive risk assessments across multiple sectors, focusing on areas such as enterprise risk, corporate governance, regulatory compliance, and cybersecurity, while managing risk assessment and remediation strategies for regional centers.

•Developed and implemented a threat and controls library, mapping threats to controls using an integrated security framework aligned with risk management methodologies like COSO, ISO, and NIST, and provided strategic guidance for GRC tool implementation.

•Enhanced security frameworks by integrating CrowdStrike with SIEM tools for improved incident response and linking device telemetry with adaptive access controls to optimize data loss prevention and authentication processes.

Comcast, Inc. Philadelphia, PA

Sr. Manager, GRC, Financial Reporting and Vendor Security Assurance Sep 2012 - Dec 2014

•Led the policy council to establish and maintain robust standards and controls within technology implementations, enhancing compliance with financial reporting requirements and optimizing budget usage by 10% through strategic system consolidation and retirement.

•Oversaw the identification and remediation of critical vulnerabilities in line with regulatory standards, and managed the compliance reporting process for Payment Card Industry Data Security Standards (PCI-DSS), collaborating with various security operations teams to bolster vulnerability prevention and resolution strategies.

•Developed and executed third-party and vendor risk assessments, integrated compliance frameworks such as ICFR with ISO controls, and directed the implementation of security awareness programs, ensuring comprehensive protection of company assets and alignment with regulatory guidelines.

Campbell Soup Company Camden, NJ

Global IT Security Change Control Sr. Manager /Service Delivery Manager Jun 2005 - Sep 2012

•Directed the development and implementation of a global IT change control strategy, optimizing, standardizing, and centralizing operational processes to enhance system and data center efficiencies.

•Led initiatives to streamline and retire legacy systems, successfully recovering 20% of the allocated budget, while also providing strategic direction for IT change, configuration, release, and asset management.

•Managed global application and operations teams, focusing on training, development, and performance, and collaborated on manufacturing audits to ensure IT security controls for plant floor equipment.

•Oversaw the integration of business and IT applications using ITIL framework, and evaluated compliance with industry standards and regulations, including PCI, SOX, and ISO 27001/27002, to address and resolve information security and compliance gaps.

Drexel University, Information System Security Assurance

Adjunct Professor as Schedule Permits - as Schedule

Permits

•Developed and delivered a comprehensive curriculum for Information System Security Assurance, facilitating both theoretical understanding and practical application through tailored projects and coursework.

•Provided personalized guidance and support to students via one-on-one meetings, enhancing their grasp of complex concepts and ensuring successful course completion.

EDUCATION

Colorado Technical University

Master of Science, Managed Information System Security

Eastern University

Bachelor of Arts, Organizational Behavior

CERTIFICATIONS

FAIR Quantitative Information Risk Management

Microsoft Azure

ICS SCADA Systems

Qualys Vulnerability Management Certified Specialist

LogRhythm SIEM Certified Specialist

KPMG/ISACA CISM Bootcamp – Certification in Progress

CISSP Bootcamp

ITIL Foundations Version 3

Security Certification and Accreditation

Information System Security Management Certification

Information System Security

SAP – Auditing and Securing SAP’s Enterprise Services Architecture

Sarbanes-Oxley Compliance (SOX)

Masters - Project Management

HP Quality Center

Systems Administrator I

Database Administrator I, II

Empowering Your Staff

Conflict Resolution

Coaching Skills

First Line Supervisor Training

Certified Paralegal

Certified Tax Professional

Notary

SKILLS

FAIR Risk Strategies • Microsoft Azure • BigID Data Analytics and Privacy Compliance • LogRhythm SIEM • FireEye

• Cisco Managed Service Platform • Darktrace • Qualys Vulnerability Management • Rapid7 Nexpose • QRadar •

SolarWinds • McAfee Anti-Virus • SAP Supply Chain Suite • SAP Security Audits • Financial Planning Tools • IT

Project Management • IT Audit • ISO27001 and ISO27002 • eDiscovery Compliance • PCI-DSS Compliance • SSAE

18 Reviews • ServiceNow • Rsam GRC • Archer GRC • Risk Control and Tracking System (RCTS) • OpenPages FCM

(Financial Controls Management) • Hipaa • Mercury Interactive Automated Testing Tools for Web Applications

•ClearQuest/ClearCase • Documentum (Information Lifecycle Management) • PLM • Capability Maturity Model

Integrated (CMMI) • Microsoft Projects • Visio • Clarity Project Management • Six Sigma (Yellow Belt) • NIKU

Project Workbench Solution • Primavera • Magic Call Center Solutions • Remedy Information Technology Service

Management • ServiceNow (SNOW) • Jira • Peregrine and Conturi Call Center Solutions • Lotus Notes • Domino

Server • Oracle Financials • Siebel and PeopleSoft CRM Solutions • Kintana – Enterprise Change Management

Solution • Windows NT/2000 • LAN/WAN and OS/390 Administration • Unix • Linux • Solaris 2.x Novel Netware

•Servers • Hubs • Routers • Switches • PCs • Java • XML • C++ • SQL • TCP/Ip • Ipx • Sentinel Data Integrator •

Percussion Notrix Data Integrator • Microsoft Office • Network Security • Risk Assessment • Team Collaboration

•Threat Analysis • Regulatory Compliance • Incident Response • Communication • Problem Solving • Project

Management • Leadership • PCI • DevOps • FedRAMP • DevSecOps • Budget Management • Policy Development • Team Management • Emergency Response • Facility Maintenance



Contact this candidate