SUMMARY

• A proven, results - oriented manager who executes IT security vision and strategy demonstrating quantifiable results.
• Strong business acumen with ability to execute a variety of IT security business development strategies to establish market presence and increase revenue and profitability.
• Successful at building and leading world-class business and executive-level relationships.
• Skillful at conducting and motivating multidisciplinary teams towards the achievement of business goals. Highly adaptable with excellent interpersonal skills.
• Seeking a Senior Leadership position in the management of technology solutions leveraging strengths in Managing Global IT & Cybersecurity organizations .
• Major Account Development and Management Industry Regulatory Compliance and Risk Mitigation Strong Technology and Project Operational Background.
• Strategic Technology Alliances and Partnerships Strong P&L IT Practice Experience Expertise in Enterprise Security and IT Solutions Architecture and Deployment.
• Expertise Forming and Leading Multidisciplinary teams.

PROFESSIONAL EXPERIENCE

Confidential, TUCSON, AZ

Cybersecurity Advisor Consultant

Responsibilities:

• Providing risk management and cybersecurity advisory services to Ventana Medical Systems, Roche Group’s (a global life science company) medical device division to meet regulatory (FDA, Chinese FDA, NIST, HIPAA, PCI, ISO) compliance requirements by analyzing security lifecycle management for pre/post-market medical devices development and support, and establishing first line of defense (FLOD) risk management framework.
• Reviewing governance services by working with global cross organizational teams in revising cybersecurity related policies, directives, standards, and SOPs to support global and local product lifecycle development, rollout, and maintenance processes covering risk management, incident response, identity and access, vulnerability management, and secure software development lifecycle.

Confidential, PHOENIX, AZ, USA

Senior Director, IT Governance

Responsibilities:

• As direct report to CISO led an IT GRC organization of 4 direct managers (2 Sr. Managers, 2 Managers) and 17 team members. Expanded and transformed Risk Management team into a high performance GRC organization to provide multiple lines of cybersecurity defense within a year
• Gained executive buy in with a 3-year Cybersecurity GRC roadmap to meet PCI-DSS, HIPAA, NIST security compliance requirements and automate processes for Vendor Risk Management, Vulnerability Management, Risk Register, Cloud Security and Risk Assessments, Policy Exceptions, and Issues Management using the RSAM tool.
• Reduced corporate security risk by 50% through creation of 10 new Data Security policies and standards roll out to support security policies compliance and exceptions with HIPAA and NIST 800-53 to support P2PE PCI, Encryption, Identity & Access, Certificates, Cloud and Mobile Security architectures to support execution of 10 security projects in record six months.
• Reduced company’s PCI-DSS risk exposure by 90% through P2PE vendor selection and roll out of technology and supporting processes as well as remediation of over 350 vulnerabilities/issues identified across all facilities to meet annual PCI-DSS 3.2 P2PE attestation requirements.
• Achieved 95% customer satisfaction through creation of GRC service catalog with measurable metrics presented through GRC/CIO dashboards and reports to management.
• Oversaw 4 new M&A initiatives through execution of M&A/Joint Venture IT risk due diligence and IT systems/process integration while working with 3rd party service providers (COTS, Cloud solutions, Healthcare Providers).
• Achieved 50% operational efficiency and reduced Cybersecurity 2016 budget by $4 million using Agile DevOps methodology to help support and operationalize 15 Cybersecurity projects (SOC, Security Engineering, Identity and Access, GRC, Network Security, Mobile, Cloud, BigData, DLP), while overseeing roll out of RSAM tool based security assessments across all Confidential 38 facilities.
• Managed a $5+ million yearly budget to support rollout of P2PE devices to meet PCI-DSS P2PE Compliance and RSAM GRC tool and processes improvements across the organization.
• Achieved 90% Office of Civil Rights (OCR) HIPAA Security Rule compliance and risk assessment requirements for enterprise and all Dignity 38 hospitals by engaging a 3rd party security provider
• Was an active participant of internal PCI Governance, Privacy & Compliance, General Counsel/Legal, IT Standards, IT Vendor Management, Policy Exceptions Issues Management Governance committees interfacing with SVP/VPs, Senior Directors, Corporate Compliance, and other senior leaders.

Confidential,DENVER, CO, USA

Associate Director, Identity and Access Management

Responsibilities:

• Reduced employees sign-on and security issues by 50% for Australian Sydney Transportation for its mobile (BYOD, CPOD) and web IAM applications by developing IAM security architecture and roadmap while working with team of global consultants and customer resources.
• Worked with team of consultants in providing IAM, PKI, and Information Security advisory services to MyAbility, a healthcare clearinghouse, help assess maturity of 5 security business applications and in-house PKI solution, and made a business case for migration to COTS/Cloud IAM and PKI solutions to mature customer security program, achieve regulatory compliance, and reduce IT overall risk.
• Provided IAM advisory services to Facebook through an IAM program assessment to help reduce integration, and customer identity and access issues while providing a new IAM roadmap including development of custom IDM solution to meet growing cloud applications identity requirements.
• Led two IAM work streams, each compromising of multiple consultants to architect and deliver Oracle Identity and Access Management cloud solution for one of leading clinical trial organization. Successfully rolled out Phase I of the project for both identity and access management by integrating 10 applications and systems, thereby reducing operational issues by 50% in a record 3 month time frame. Also provided thought leadership to a leading investment banking client on privileged identity management vendor selection.
• Improved services sales and overall user digital experience by 30% while working with senior practice leader and global sales team in the rollout of new practice material and corporate website improvements.

Confidential, Denver, CO, USA

Principal, Technology & Security Leader

Responsibilities:

• Improved user experience by working with Colorado Dept. of Human Services in the rollout of new and secure child care provider application across all Colorado childcares while working with team of consultants in the development and rollout of web security and identity and access management life cycle technology.
• Worked with CGI Federal in stabilizing Colorado Health Exchange website and overall security architectural infrastructure setup and identity management to help meet HIPAA regulatory compliance requirements and improve consumer personal healthcare plan enrollment experience.
• Reduced Colorado Department of Education IT costs by 30% by providing enterprise IT and Security Strategies, resulting in in integration of Hybrid Cloud (Private, Public) SaaS applications with on-premise enterprise IAM and IT Engineering security investments.

Confidential, CO

Senior Manager

Responsibilities:

• Helped Kaiser Permanente’s health care security organization cut down operational costs by 50% and meet 100% compliance requirements by leading a team of consultants in integrating Kaiser SOX applications with a risk based central Identity web access and LDAP directory services solution.
• Helped Kaiser Permanente security teams to address its SOX and HIPAA regulations while reducing operational costs by 50% through adoption of Role Based Identity Access and Entitlements Certification services solution.
• Developed a $3-5 million operational cost (CAPEX, OPEX) savings multiyear business plan for Kaiser Permanente security organization through development of quantitative and a qualitative costs benefits analysis by comparing multiple vendors’ role based access products and solutions.
• Worked on business development opportunities covering Oracle Security Patch Management, Cloud based Identity and Access Management, and GRC security solutions by advising key customers to help reduce their operational costs and meet multiple industry regulatory requirements.
• Re-created security delivery go to market IT security collateral and delivery methodologies globally across E&Y’s security practice.
• Attended Executive business development and other security trainings covering Data Loss Prevention (DLP), Governance, Risk, and Compliance (GRC), and Cloud Services and Vendor Risk Management topics.

Confidential, Denver, CO, USA

Principal, Technology & Security Leader

Responsibilities:

• Reduced operational costs by 50% for JM Smucker consumer goods customer in the rollout of enterprise grade identity security infrastructure hosted on both private and Amazon AWS cloud infrastructure through security architecture and implementation services.
• Drove 25% operational efficiencies and improved user experience through automation of business processes and business applications integration of Identity and Access Management solutions to University of Colorado Denver to handle users digital (students, faculty, employees, contractors) identities and access.
• Improved city constituents’ user experience by 50% by providing security architecture and advisory services to City of Denver by crafting a IAM security roadmap and assisting various teams in the rollout of security infrastructure using federated web identity and access provisioning solutions.
• Delivered 25% IT operational improvements and $2 million cost reduction to US Navy Special Warfare Division.

Confidential, Denver, CO, USA

Consulting Solutions Director

Responsibilities:

• Increased top line business growth through business transformation by developing new markets and grew existing markets for Oracle security and middleware consulting services through $2 million annual contract bookings for 3 straight years. Helped executive management push the annual security service bookings to over $20 million annually.
• Grew security practice to 75+ consultants, from 7 consultants, by developing new business from new and existing clientele, competitive marketing positioning, and business development and transformation.
• Collaborated in the hiring and training of 40 consultants and solution architects within the organization by working through candidate screening, interviewing, recruiting, and mentoring them as technology leaders marketable at premium consulting rates.
• Delivered over $10+ millions of IT and Information Security Transformation projects for variety of industries - financial, healthcare, education, manufacturing, high-tech, telecommunications, government, and others markets through IT cost reduction for M&A and market driven growth opportunities.
• Created over $1 billion in value creation for Oracle IAM Security product license and services sales through competitive security market analysis for M&A value creation and new products features development that resulted in Oracle acquisition of 5 security (Oblix, Thor, OctetString, BridgeStream, Bharosa) companies.
• Managed several cross-functional teams in the delivery of enterprise technology solutions across 30+ customer security and technology projects for Global 1000, Government, and SMB customers.
• Provided strategic IT services that resulted in repeated customer business to over 50% by delivering customer value through Oracle Insight executive engagements and acted as trusted adviser to customers ensuring maximum return on investment on their technology investments with over 90% customer satisfaction.
• Took security operational and business development responsibilities (October 2005 - February 2006) and sold consulting services in excess of 3000+ consulting man hours that resulted in excess of $800,000 of booked service revenue and placement of 30 consultants on billable consulting engagements.
• Led projects totaling average $1+ million/year consulting revenue for three straight years (2004 - 2007).
• As a mentor manager in 2006, mentored seven sub-ordinates (protégés) towards their career development as well as customer handling and project delivery skills.
• Designed and implemented highly scalable enterprise class software architecture for Oracle’s middleware technologies through hands-on approach for Fortune 1000 and Government clients.
• Performed marketing analysis against competitive vendor products that was presented to executive management to improve marketing message, forge alliances with OEM partners, as well as built case for product acquisitions of several security companies.

TECHNICAL SKILLS

Computer Languages: Java/J2EE, C/C++, Visual Basic, PowerShell, XML/XSLT, .NET

Security Tools/Technologies: Oracle Identity & Access Management Suite (OID, OVD, OUD, OAM, OIM, OAAM, OIF), Active Directory/ADAM, CA SiteMinder, SAML 2.0, OpenSSO, OAuth 2.0, OpenID, Shibboleth, RSAM GRC, ForgeRock IDM (OAM, LDAP, OIM), PKI Certificate Management, Privileged User Management, Data Loss Prevention (DLP), Web Proxy, Load Balancers, Cisco (Firewall, Routers, Switches), Enterprise and Cloud Security Architecture

Databases: Oracle 10/11g, Sybase, MySQL, SQL Server, HP-UX Non-Stop SQL

Operating Systems: UNIX, Linux, HP-UX Non-Stop, and Windows

Business Applications: Oracle eBusiness (R12,11i), PeopleSoft, Siebel CRM

Web Application Server: Oracle WebLogic, JBoss, Apache Tomcat, IIS

Cloud Vendors: Oracle, Amazon AWS, Microsoft Azure

Security/Technology Frameworks: NIST 800-X, ISO 27000X/14971, FFIEC, HIPAA, PCI-DSS, SOX, SANS Top20, FDA, OWASP, TOGAF, CSA