Senior Manager Regulatory Compliance

SEEKING CYBER SECURITY SENIOR OPPORTUNITY GOVERNANCE, RISK & COMPLIANCE

IT Security Threat & Risk Management Security Engineering IT Operations Cybersecurity executive with 12+ years of leadership experience integrating security & privacy frameworks into business operations across healthcare, energy, airlines, and government sectors. Expertise in enterprise security strategies, SOC optimization, and cyber threat mitigation while aligning security initiatives with business objectives. Proven track record in managing multimillion-dollar security budgets, deploying SIEM, SOAR, EDR, and MDR solutions, and ensuring compliance with GDPR, FedRAMP, PCI DSS, HIPAA, NIST and 27001. Experienced in incident response, regulatory compliance, and risk management, ensuring the protection of sensitive assets while driving operational efficiency. Successfully increased security maturity from Level 1 to 4, implementing structured governance, risk management, and advanced controls to enhance organizational resilience and compliance readiness.

Prof Certs: CISSP, CISM, CPP, CIPP/US, FSO, ISSO Security Operations Governance, Risk & Compliance (GRC) Threat Intelligence & Incident Response Privacy Controls Regulatory Compliance (PCI DSS, HIPAA, HITRUST GDPR NIST, 27001), FedRAMP Security Engineering Risk Assessments Third-Party Risks SOC Optimization & Management Vulnerability & Remediation Cloud & Network Security vCISO Identity & Access Management (IAM) Policy Development & Implementation Executive Stakeholder Collaboration Budget & Resource Management Security Awareness & Training Zero Trust Architecture Strategic Roadmaps & Metrics Aptihealth Inc – Transforming Healthcare, Albany, NY Mar 2022 to Present Senior Manager Cybersecurity, Privacy & Compliance (CISO)

• Led the development and execution of a cybersecurity alerting strategy that secured a fast-growing healthcare company serving members, reducing cyber incidents by 45%. Led security due diligence for mergers and acquisitions (M&A), assessing cybersecurity risks and regulatory compliance of potential acquisition targets.

• Implemented an advanced Security Operations Center (SOC), reducing incident response time by 60% and improving detection capabilities. Developed risk mitigation strategies that reduced integration vulnerabilities by 40%, ensuring a seamless and secure transition of assets and data post-acquisition. Established enterprise-wide risk management frameworks, ensuring 98% compliance with PCI DSS, HIPAA, and NIST standards, which reduced audit findings by 70%.

• Designed and implemented a company-wide security awareness training program, reducing phishing incidents by 80%. Partnered with legal and compliance teams to streamline data governance policies, ensuring regulatory adherence and reducing potential data exposure risks. Implemented advanced endpoint detection and response solutions, increasing malware detection efficiency by 50%. Implemented GDPR compliance, reducing data privacy violations by 30% and enhancing customer trust. Northern Quest Resorts & Casino, Spokane, WA July 2021 to Feb 2022 Network / Cybersecurity Manager (CISO)

• Designed and executed a Zero Trust security model that improved network segmentation and reduced unauthorized access attempts by 50%. Led a cybersecurity team of 3 professionals to implement an advanced endpoint detection and response (EDR) system, network operations, application security decreasing malware-related threats by 75%.

• Spearheaded a third-party risk management program that identified and mitigated 80% of potential vendor security risks within six months. Led the integration of SIEM and SOAR platforms, improving real-time threat intelligence and incident response automation, reducing response times by 60%.

• Conducted business continuity and disaster recovery (BC/DR) planning, successfully executing simulation exercises that ensured zero data loss. Enhanced security logging and monitoring systems, increasing real-time threat detection accuracy by 40%. Managed third-party security risk assessments, mitigating supply chain vulnerabilities and strengthening compliance with gaming and hospitality regulations. Strengthened AWS, Azure, and Google Cloud environments, ensuring compliance with best standards and securing multi-cloud infrastructures. Enhanced security logging and monitoring systems, improving real-time threat detection and response capabilities by 40%.

• Upgraded EDR and MDR capabilities, decreasing mean time to detect (MTTD) and mean time to respond (MTTR) by 55%. ID-Coeur D’ Alene 206-***-**** REGINALD J. WILLIAMS *********@*****.*** LinkedIn

Eliminated 98% of outdated AD & App accounts,

ensuring audit compliance

Saved $1M by removing obsolete data

Reduced security incidents by 90%

Led a 16-member security team, enhancing

communication and collaboration

Maintained 100% data integrity across all assignments

U.S. Army Military Intelligence Officer (Captain) with Top Secret SBI/SCI clearance

Secured a $7M airline cybersecurity budget, achieving PCI compliance in 6 months, 1M transactions per day

Developed the BISO program for Target

SIGNATURE STRENGTHS

CAREER SUCCESS

Xcel Energy, Minneapolis, MN Apr 2020 to July 2021 Information Security Consultant (External)

• Directed an enterprise-wide security operations initiative that reduced compliance gaps by 30% and ensured alignment with federal regulatory standards. Led a team of three security professionals in executing advanced threat detection and response protocols, mitigating 85% of critical vulnerabilities within key operational systems.

• Provided strategic cybersecurity recommendations to executive leadership, influencing security investments that bolstered infrastructure resilience. Designed and implemented predictive risk modeling frameworks, improving proactive threat mitigation by 45%.

• Developed and deployed company-wide security awareness initiatives that increased employee participation in training programs by 70%. Developed cybersecurity risk frameworks to improve threat modeling and predictive analytics for security incident prevention.

Information Security Consultant; MN State Department of Transportation & Avanade (Nov 2017–Mar 2020)

• Developed a cloud security strategy that enhanced state-level data protection and saved $500,000 in operational costs.

• Oversaw deployment of Microsoft Enterprise security solutions for 5,000 endpoints, increasing endpoint protection by 25%.

• Led 40+ security risk assessments, reducing vulnerabilities by 40% and instilling a proactive cybersecurity culture.

• Strengthened access management by deploying multi-factor authentication (MFA) across all agency systems, reducing unauthorized access incidents by 60%. Designed and executed a comprehensive security audit framework that improved response time to security threats by 35%.

Security Consultant; Blue Cross Blue Shield (BCBS) of MN (Feb 2014–Nov 2017)

• Ensured 100% compliance in HITRUST certifications, strengthening security frameworks for multi-location healthcare facilities.

• Executed over 60 risk assessments, resolving 75% of vulnerabilities within six months, improving system resilience.

• Implemented VPN and endpoint security solutions, increasing secure remote access efficiency by 20%.

• Conducted regular security tabletop exercises, enhancing incident response readiness for potential cyber threats.

• Collaborated with IT leadership to integrate automated compliance tracking, reducing regulatory reporting effort by 70%. Information Protection Manager; CIGNA, Minneapolis, MN (Jan 2011–Feb 2014)

• Led a global vendor risk management program that assessed 35+ suppliers, reducing third-party security risks by 50%.

• Maintained compliance with internal audit requirements for three consecutive years, achieving zero audit findings and reinforcing governance structures. Spearheaded data protection initiatives ensured proper classification and handling of sensitive company and customer data.

• Implemented advanced endpoint encryption solutions, ensuring 100% compliance with healthcare data security regulations. Security Consultant; MEDTRONIC, Minneapolis, MN (Jan 2007–Jan 2011)

• Conducted 145 security assessments, achieving a 95% satisfaction rating from executive leadership for actionable security improvements. Led the development and implementation of cybersecurity policies that reduced organizational risks by 80%.

• Developed security awareness programs that resulted in a 50% reduction in phishing incidents over two years.

• Optimized patch management strategies, achieving a 99% compliance rate for security updates across enterprise infrastructure. Past Success: Chief Information Security Officer, MN State Department of Employment & Economic Development, St. Paul, MN (2003–2007) Manager, IS, Engineering Group, Delta Airlines (1998–2003); Manager, Information Security, The Boeing Company, Seattle, WA (1994–1998)

• Adjunct Professor Information Risk & Cybersecurity - ITT Technical Institute, Eden Prairie, MN

• Master of Arts, Organizational Development and Leadership – Gonzaga University, Spokane, WA

• Bachelors Business Administration, Management – Wharton Business School – University of Pennsylvania, Philadelphia, PA

• Certified Protection Professional (CPP) Board Credentialed Security Management # 731649 ASIS Int’l

• Certified Information Security Manager (CISM), # 1220689 ISACA 2012

• Certified Information Systems Security Professional (CISSP), # 25951 ISC2 2001 & Leader / Supervisory Proctor of 20 exam sessions

• Certified Information Privacy Professional (CIPP/US), # 83333I IAPP 2012 Member: American Society for Industrial Security (ASIS) International, International Association of Privacy Professionals (IAPP), Information Systems Audit and Control Association (ISACA), InfraGard, ISC2 Professional reference recommendations at https://www.linkedin.com/in/reginaldjwilliams/ EDUCATION & TRAINING POST CERTS / AFFILIATIONS

EARLIER SECURITY ENGAGEMENTS EXPERTISE

206-***-**** *********@*****.*** REGINALD J. WILLIAMS

Contact this candidate