Director of Information Security
Resume:
Spencer Bain, Senior IT and IDM Security Manager email: ******@*****.***
Key Skills:
IT Security Audit and Assessment
System Monitoring & Control
Vulnerability Management Administration
Incident Response & Disaster Recovery Development
Network & System Security
Authentication & Access Control
HIPAA, PCI & SOX Regulatory Audit
System/Network Hardening Design & Integration Planning
Multitier Network Architectures
Patch management& Build hardening
IT Audit and Assessment for Controls/Regulation Compliance
Recent Project Highlights
Retail Sector: Developed security platform from the grassroots of the former IT teams responsibilities. Identifying Shadow IT and maturity process improvement road mapping. Performed PCI DSS Assessment for a major box retailer with over 1500 stores. Helped redefine their environments. Managed their third party vendors, established roles and responsibilities for 3 separate vendors. Communicated all PCI documentation with the Assessors. Reviewed and processed all documentation to the PCI DSS 3.1 standards. Worked directly with technical writers to reform policies and procedures to fit ISO 27000 standards using 27002 as a controls mechanism.
Health Care Sector: Directed a team that remediated major audit finds to comply with SOX standards under HIPAA compliance. Assisted with set up of support function to ensure consistency in user access and provisioning process. Performed data analysis to ensure unique identities for Identity & Access Management roles based access integration.
Hospitality Sector: Managed technology departments for large Hotel and convention Center properties. Liaison to 300+ events per month for corporate and private clients. Performed high level accounting, P&L and projected gross statements as facility director. Increased network complexity on access design and traffic monitoring.
Financial Sector: In compliance with regulatory standards and governmental sanctions for over 16 different governing bodies. Identified and answered major breach concerns. Spearheaded the effort to harden server admin access across 15 domains.
Fortune 500 Sector: Moved from desktop support to site SME for 3 specific areas of technology. Created standard operating procedure for new technology installs and images.
Audit Sector: Created security controls framework based on ISO 27002, NIST, COSO 2013, COBIT, and SANS 20 for one of the big 4. Authored Security Standards for the Enterprise Management team. Confirmed and documented existing processes and compared to policies to ensure best practices were being used.
Security Technologies
EDR, MDR, XDR Active Directory; Novell Console 1; RSA; Juniper; SCCM; Multifactor Authentication; Lotus Notes; Exchange& Lync Management; Risk Assessment; Disaster Recovery; Incident Response; InfoSec & Remedy request systems
Systems:
Windows Server and Endpoint (All current formats); Macintosh; IOS; Blackberry, Android, REHL 6-9
Network:
LANs; WANs; VPNs; Routers; Firewalls; TCP/IP; VOIP; VLan
Software:
MS Office (Word, Excel, Outlook, Access, PowerPoint; SharePoint); PowerShell; SQL Server Management Studio; SAP; SailPoint; Service Now; Netwrix Auditor; Ballast; Qualys; Cyberark; Remedy; BMC BCM; Reliaquest (Grey Matter), Microsoft Defender
IT Experience
Acadia Healthcare Director of Cybersecurity 6/24 - 2/25
Lead team of cyber security professionals to identify and isolate incidents
Coordinate threat discovery and investigations
Policy management and evaluation
Red team, Blue team, Purple team activities and training
Penetration testing RFP process and implementation
Author of Numerous policies and procedures
Implementing SSDLC process for mature onboarding and integration of solutions
Developed SLAs and SLOs for reporting metrics and retention
Risk register framework and process for communicating to leadership
Forensics reporting to Leadership, Root Cause Analysis template authorship and ownership
Vulnerability management development into a dashboard and publication on a Display Screen
SOC management and reporting
Kirkland’s Home, Brentwood TN Information Security Manager 10/21 – 5-24
Policy and Procedural audit for security standards NIST; PCI; SOX;
Vendor Risk Management
Policy administration, review, edit, & audit
SOX Regulatory compliance and audit
Access Control Audit – working directly with 3rd party auditors for successful controls testing
Identity Management – Management of Provisioning team - Quarterly User Access Reviews – weekly termination checks
Vulnerability Management – weekly Vuln reviews with Patch and Configuration teams
Board Communications and charting of security operations
Information Security Platform development and design
Change Management Program development and implementation
Incident Response – Plan design and management Table-top discussions with Business partners and IT teams
Surgery Partners, Brentwood TN IT Security Engineer 6/2019 – 9/2021
Policy and Procedural audit for security standards NIST; HIPPA; SOX
Vendor Risk Management
Policy administration, review, edit, approval
SOX Regulatory compliance and audit
Access Control Audit
SailPoint Engineer – Design and Certification
Manual User Access Reviews for Applications and ePHI for SOX Audit
Vulnerability Management Administration and implementation of Qualys platform
HIPAA Audit and Compliance administration
IT Risk Management Administration
Overall maturity mapping and planning for Surgery Partners Security Posture
Delek US, Franklin TN Information Security Engineer 1/2018-4/2019
Security Standards NIST; PCI DSS 3.x
Vendor Risk Management
Policy administration, review, edit, approval
Contract review for Risk management
SOX Regulatory compliance and analysis
Vulnerability Scanning and Patch Validation/Remediation of Vulnerabilities
PCI Assessment Project Management, I run the security validation for PCI and support the Project team for any PCI questions.
Documentation design review, validate compliances for policies and procedures
Identity Access Management, administer the PAM solution
Administer Vulnerability Management initiatives
Risk Analytics for projects, systems and business initiatives
Migration of PCI practices from an acquisition of a fortune 500 company to compliance with current standards and regulations.
Systems/Network Architecture review for compliance
System/Database design and security, Review configurations of systems and databases for risk analysis and PCI compliance
Tractor Supply Company, Brentwood TN Risk & Compliance Senior Analyst, 08/2015–01/2018
Security Standards ISO 27002-2013; PCI DSS 3.x
Drive C-Level meetings and presentations with a custom slide deck
Decoded PCI DSS standards and presented each team with responsibility for artifacts and evidence.
Created timetables and due dates for review process with QSA and 3rd party
Took leading role in 3rd party roles and responsibilities defining meetings
Tracked all documentation created by TSC as well as 3rd party to meet PCI needs
Uploaded and maintained doc repository for 3rd party and QSA for PCI
Correlated all PCI efforts for TSC and its affiliates
Templated and vetted all documentation for QSA readiness
Training in Service NOW GRC platform
SAP Audit, Risk Management, and remediation
DELOITTE LLP, Hermitage TN Security Controls Analyst, 03/2015 – 06/2015
Security Standards Coso 2013; San 20; ISO 27002; & Cobit for Deloitte’s Enterprise Management Team
Process Includes Bringing all Heads of each team into conferences to start and develop the conversation about the security process and procedure.
Each team gives feedback as analyzed and processed under the new standards – progress presented to the director
Key pain points are identified and scoped, then projected are designed to answer each need and documented.
Bench marks are created at a high level – Risk Assessment Goals were conceived and presented for Disaster recovery & Incidence response.
Arch-site development for event logging and standardization.
SCCM profile builds for patch management and power shell scripting pushes for event log scenarios for Windows, Linux, & Virtual servers
Disaster recovery and incident response process and procedure evaluation and implementation.
SAP security and GRC tools
COMMUNITY HEALTH SYSTEMS, Franklin, TN Implementation Security Analyst 3 09/2014 – 06/2015
Business analyst role project definition documentation for procedures and program infrastructure
Risk Assessment for data audit exports with HIPAA compliance
Active Directory resourcing for IDM tool
SCCM tool for laptop and desktop builds
SQL data base queries and scrubbing
IDM infrastructure audit and mainframe requisitioning via InfoSec & Remedy request systems
Security Audit for facilities and remediation of access securities for 80 sites and over 250,000 users
Direct Correspondence onsite with each IT Director to act as liaison to auditors
Documentation creation of logic and procedural workflows for audit sites
IDM procurement and implementation
BANK OF NEW YORK MELLON, Nashville, TN Information Security Admin, 09/2012 – 07/2014
Active Directory, Novell, & Juniper for 120,000 users – create – maintain – audit
SLO improved back log of over 4000 tickets within the first 6 weeks of employment
Exchange account creation and Lync messenger console – Exchange\Lotus Notes\Lync
High Risk Termination Processing and Incident response
Remote access implementation via RSA and Juniper console systems
Group policy provisioning and updates and documentation
Remedy and InfoSec ticket resolution tier 2 service level – on call back up tech for file management and other applications.
Same day provisioning standards realized for security and identity access tickets
Tarp Loan Custodial and international regulatory conventions for security measures for PCI Compliance
Windows Server admin/VPN Support for over 13,000 servers, clusters, 120,000 workstations and 40,000 VMs
General Motors/HP., Spring Hill, TN Network Architect/Engineer, 05/2012 – 09/2012
Active Directory role development for mobile touch devices including Blackberry devices
Scanning technology process and procedures for all plant scanning stations utilizing Virtual Comport assignment
Windows 7 migration project management for mobile devices for the entire GM IT Infrastructure PC and Server Hardening for production\deployment
Remote ticket resolution process development and documentation
Group Policy Provisioning and forced updated – Service Desk ticket management
Hardware Image management and installation – OS and driver solutions for Marquee Boards in production tracking
Scripting for new builds, applications, and Identities to meet security classifications for the plant
WAN and WAP architecture mapping for plant Firewall management & configuration of tables
Security Identity Infrastructure management for the plant
UBS FINANCIAL, Nashville, TN Desktop Support Admin, 02/2012 – 05/2012
Hardware Refresh Project for 18,000 Machines across the country
Sail point and share point database management for all sites
High risk Hardware builds for trading desks
Anti-virus and malware protection software
Group Policy provisioning and updates
PC and Server Hardening for deployment
Train and manage wipe techs for data recovery and storage
Driver Management for print queues and software pushes for each workstation and laptop
PC Image management working with delays and wipe crashes using PowerShell
PSAV, Nashville, TN Director of Event Technologies, 08/2011-01/2012
Network Admin and engineer for over 200 nodes and 20 access points for mobile networks and telephony
Video Conference streaming configuration and support for over 3,000 users at a time on a certified HD system
Connection/Port management for hotel network for over 300 users and 48 nodes and 104 access points and 30 printers
Network Security for all users and DHCP lease schedule and release. Anti-virus and malware protection software
Network/switch/router configuration support, DNS, WINS, TCP/IP connection and configuration
VOIP setup for setup for 40 users on a mobile network including IP segmentation/management
AMS, Nashville, TN Network Admin and Architect, 09/2010 – 08/2011
Wireless network design and installation for over 150 houses of worship
Cisco Command Line interface to setup VOIP, VPN, and Network security, DNS, WINS, TCP/IP Connectivity
Signal reinforcement with access point placement throughout existing construction
Network designed for a gigabit switches and cat6 certification firewall management & configuration
Anti-virus and malware protection software
Computer Satellite Networks, Nashville, TN Network Project Manager 09/2010 – 08/2011
Wireless Network design for over 300 McDonalds restraint locations
Network DNS, WINS, TCP/IP connections
Server Hardening for production\deployment
Wireless DMB upgrade and port configuration adding Streaming media server nodes to every store
Electrical and low voltage mounting and wiring for LCD monitoring and streaming media player for McAfee release
VoIP and satellite internet systems installation for rural stores and offices
Audit and configure switch and router settings using Cisco Client
Education
2019 Associate of Arts – Brigham Young University Idaho
2004 – 2006 Riverside Community College – Honors Society
2015-2017 PCIP – ISA for Tractor Supply
2019 – GIAC MGT514: Security Strategic Planning, Policy, and Leadership Certification
Contact this candidate