SUMMARY:

• 17+ years of experience with results - oriented Information Security vision and strategy demonstrating quantifiable results. Strong business acumen with ability to execute a variety of IT security business development strategies to establish and protect market presence and increase revenue and profitability.
• Seasoned in Security, Identity and Access Management, Federation, Security Intelligence, Risk & IAM Governance, AWS Cloud Computing and Virtualization, Vulnerability Assessment, Software Development and Enterprise Application Integration.
• Security compliance requirements, automation processes (Vendor Risk Management, Vulnerability Management Oversight, Risk Register, Cloud Risk and Security Assessments, Policy Exceptions Issues Management) using RSAM tool.
• Managed all identity and access management (IAM), data protection, forensic and eDiscovery services and is a QSA for PCI compliance. He is currently located in Goochland, VA.
• Chet Loveland has 17+ years of experience with results-oriented Information Security vision and strategy demonstrating quantifiable results. Strong business acumen with ability to execute a variety of IT security business development strategies to establish market presence and increase revenue and profitability.
• Managed a security budget of over 2 million and Developed and managed multiple NIST compliance program.
• Seasoned in Security, Identity and Access Management, Federation, Security Intelligence, Risk & IAM Governance, AWS Cloud Computing and Virtualization, Vulnerability Assessment, Software Development and Enterprise Application Integration.
• Developed process and procedures for E-discovery and litigation for a global company
• Developed and implement hundreds of policies, processes, and standards and Risk assessment and management for global system changes including an email system, replacing ten disparate email systems to one.
• Established and managed multiple vulnerability management programs
• Recognized expert in 3rd party vendor security compliance assessment and verification and AWS Cloud vendor risk assessor (SaaS, PaaS, and IaaS).
• Expert in IT supply chain from a security perspective.
• Ensure PCI, SOX, HIPAA, NIST 800-x, COBIT, COSO and ISO 27001 compliance.
• Implemented KPI and metrics for continued and improved compliance and Managed hundreds of computer related incidents identification and response and Chair of global security governance forums.
• Designed and deployed secure IT architecture in China and in person information security training of 2,000 employees.
• Security gate keeper for SDLC - Agile processes.
• Leader in access and ID management, including AWS Cloud federation and Risk management for business risk / reward decisions.
• Led multiple incident management and data breach recovery and Global project management experience.

TECHNICAL SKILLS:

Security/Technology Frameworks: NIST 800-X, ISO 27000X, FFIEC, HIPAA, PCI-DSS, SOX, SANS Top20, OWASP.

Cloud Vendors: Oracle, Amazon AWS, Microsoft Azure.

Operating Systems: UNIX, Linux, HP-UX Non-Stop, Windows, AS/400 and mainframes.

Security Tools/Technologies: Oracle Identity & Access Management Suite (OID, OVD, OUD, OAM, OIM, OAAM, OIF), Active Directory/ADAM, CA SiteMinder, SAML 2.0, OpenSSO, OAuth 2.0, OpenID, Shibboleth, RSAM GRC, ForgeRock IDM (OAM, LDAP, OIM), PKI Certificate Management, Data Loss Prevention (DLP), Web Proxy, Load Balancers.

PROFESSIONAL EXPERIENCE

Confidential, Richmond, VA

Global Information Security Cloud Architect

Responsibilities:

• Confidential is a global pharmaceutical company helping people with opioid dependence.
• Developed and implemented the global information security program focusing on the AWS Cloud First outsourcing model for the infrastructure and applications.
• Assessed risk management practices including corporate governance, data management, security operations, crisis management, risk control self-assessments balanced scorecards and key risk indicators presented to the Board of Directors, emerging risk data analysis.
• Including vendor management, network monitoring, incident management, governance, risk assessments, ID management, rights management, security awareness, standard operation procedures, polices and processes.
• Vendor Management: assessed vendor management controls for service providers including managed security service providers.
• Security compliance requirements, automation processes (Vendor Risk Management, Vulnerability Management Oversight, Risk Register, Cloud Risk and Security Assessments, Policy Exceptions Issues Management) using RSAM tool.
• Developed data loss prevention processes and Successful separation from the parent company of Confidential and Implement the numerous security features of Office 365.
• Using Enterprise Governance, Risk, And Compliance (eGRC), architect the management system for compliance requirements, policies, risk assessment, and remediation tracking, spanning across multiple domains and multiple business.
• Implement risk management process to evaluate, communicate, and manage enterprise risks and associating findings.
• Responsible for managing global technology risk operations and implementing security and technology controls policy, strategy, and programs.
• Managed all identity and access management (IAM), data protection, forensic and eDiscovery services.

Confidential, Richmond, VA

Global Information Security Officer/ IT Risk Privacy Compliance

Responsibilities:

• Confidential a fortune 500 power and energy company supplies electricity, nuclear, and gas power to Virginia, West Virginia, Ohio Pennsylvania and North Carolina.
• Provided security architecture and implementation to JM Smucker consumer goods customer in the rollout of enterprise grade identity security infrastructure hosted on a private and Amazon AWS Cloud infrastructure and reduced operational costs 50%.
• Risk Management Operations: established the bank's technology risk management policy, strategy, framework, and roadmap. Developed and managed services to assess access and identity management, change management, data governance, incident management, network firewalls, and vendor risk management.
• Developed a sustainable program for ongoing NIST compliance using the 800-53 series of security and privacy controls in a diverse and heterogeneous environment with multiple business units for regulated and non-regulated services.
• Developed a mature program to ensure the confidentially of employees, customers and shareholders personal information.
• Several discipline or endeavor to develop a unified approach to interrelated tasks and events within an enterprise, including among other things: risk management, policy management, compliance management, continuity of business management, asset management, audit management, threat management, incident/event management, vendor management.
• Including internal risk and controls and external 3rd party risk analysis and Core member in defining the risk appetite of the organization.

Confidential, Bedford, MA

Global Information Security Cloud Architect

Responsibilities:

• Confidential, a SaaS company, acquired by Genesys Communications, is a customer experience management company delivering AWS Cloud-based mobile marketing, customer care, and collections/payments solutions. More than 450 global clients, including nearly 50 Fortune 500 companies, using multi-channel communications, management platforms to power 2.5 billion personalized and compliant customer interactions.
• Support and assist in policy and procedure creation, updates and modifications, conducting IA analysis, security assessments, developing strategic implementation of risk management framework, supporting certification and accreditation processes, and documentation.
• Conduct Security Risk Assessment on all new applications, IT Systems or changes to existing IT systems to verify if they satisfy established security baseline before adoption into Corporate Regional offices.
• Executed on PCI Level 1 compliance, HIPAA and HITECH, GLBA, protecting the sensitive customer data entrusted to Confidential .
• Risk assessment driver and approver in the SDLC (AGILE) software development for bi-weekly software changes/updates/new features.
• Point for all internal and external auditors of large retailers and financial services reviewing the security and privacy controls in place including 10 of the largest banks in North America.
• Driving force for continued compliance to all applicable national and international regulations.
• Closely work with new and existing customers to ensure compliance to contractual requirements.

Confidential, Richmond, VA

Senior Enterprise Information Security Architect

Responsibilities:

• Confidential is a seven billion fortune 500 packaging company with 23,000 employees in 30 countries.
• Directed the global information security and privacy of the information technology environment including SAP, JD Edwards and other global applications for all national and international locations. Executed on SOX, COBIT, ISO 17799, PCI DSS, and C-TPAT compliance for distributed and mainframe operations.
• Conduct Security Risk Assessment on new Vendors and annual Vendor Risk Assessment.
• Including strategic support through gap and complex analysis, studies, examinations and tactical implementation of security principles, practices, standards, policies, procedures, documentation, risk management, project management and audit compliance.
• Worked on business development opportunities covering Oracle Security Patch Management and AWS Cloud based Identity and Access Management security solutions by advising key customers help reduce their operational costs and meet risk remediation as well as yearly multiple industry regulatory requirements.
• Developed, maintained, communicating, and executed international and enterprise wide information security and privacy policies, standards, procedures, guidelines, security awareness and audit compliance monitoring.
• Manage highly technical staff responsible for ensuring appropriate security and privacy controls exist and enforced globally.
• Provide security, privacy, and infrastructure leadership in transitioning Confidential from a national paper company to an international packaging solutions company.
• Provided oversight, consulting and execution in planning, development design, and execution of security tools and security access methods needed to protect the computing environment to Confidential and other service providers serving as the focal point for Confidential ’s global security and privacy practices.
• Direct efforts to address global security and privacy incidents and investigations including ethical hacking using industry tools.
• Work with business units to determine need for change in security design, additional controls and or privacy and implementation based on security violations, incidents and exceptions.
• Led confidential global security investigations, partnering with business units, Human Resources, and Legal.
• Recognize and identify potential areas where security and access control risks may exist and implement/change policies and procedures as needed.
• Significantly reduced information exposure on two terabytes of data.
• Implemented tokenized credit card processes for PCI compliance and provide cyber security risk analysis for global business unites, SaaS, and AWS Cloud email system which reduced 10 disparate email systems to one.
• Drove adoption of SAP GRC and Archer risk management tools.

Confidential, Richmond, VA

Senior Information Security Officer/Lead

Responsibilities:

• Confidential (now Vangent) is a leading global provider of information management and strategic business process outsourcing services, serving the Confidential government, as well as commercial, education, and healthcare organizations.
• Managed HIPAA and FISMA compliance for the distributed and mainframe operations that are contracted by the Centers for Medicare/Medicaid (CMS) for contracts over ten billion dollars and key personnel on CMS contact center contract award of 440 million.
• This includes strategic support through gap and complex analysis, studies, examinations and implementation of security principles, practices, standards, policies, procedures, documentation, risk management, project management and audit compliance.
• Executed on compliance to Confidential and State Information Security requirement for over ten programs under the ownership of Department of Health and Human Services.
• This included strategic direction and counsel, hands-on security analysis, studies and examinations of security policies, procedures, documentation, implementation, compliance and audit requirements and project management to ensure defense-in-depth for the Confidential Government Solutions infrastructure.
• Ensured the implementation of the necessary controls, tools, and procedures to cost-effectively protect information assets from intentional or unintentional and unauthorized modifications, disclosure, or destruction by performing risk analysis and recommending potential security solutions/configurations and using NIST 800 series as the baseline.
• Developed security requirements and recommends solutions for new technology projects and changes to current program environments and applications.
• Achieved the execution of intrusion detection and monitoring as well as penetration studies to meet the business function requirements and regulatory demands.
• Execution of compliance in the programs including information security awareness programs, document security performance metrics, and communicating security strategies and writing Government System Security Plans.
• Advises the individual Government programs on current and future strategic security requirements, direction, and improvement opportunities and participates in project teams to ensure new applications and systems comply with established security regulations, policies, and standards.
• Directed program Risk Assessments and System Security Plans as well as the Disaster Recovery and Business Continuity Plans.
• Point-of-contact internally and externally for DR/BC plans on the programs.

Confidential, Richmond, VA

Senior Information Security Manager

Responsibilities:

• The Confidential Reserve is a quasi-Governmental entity responsible for the monetary system of the United States.
• Led the information security of distributed and mainframe operations including gap and complex analysis, studies, examinations and implementation of security principles, practices, standards, policies, procedures, documentation, risk management, project management and audit for the U.S Central Bank with over 1.5 Trillion dollars transferred electronically per day.
• Directed staff of 16 full-time personnel and hourly contractors that support the organization’s information security needs and Managed a security budget of over $2.02 million.
• Direct senior information security staff on complex gap and security analysis, studies and examinations of security policies, procedures, documentation, implementation, budget, compliance and audit requirements and project management to ensure defense-in-depth for the Confidential Reserve System.
• Transitioned the Confidential Reserve Information Technology (FRIT) organization from a risk averse organization to a risk management organization.
• Developing and updating information security principles, practices and standards.
• Trained over 700 staff in risk management and asset vulnerability assessment and security risk mitigation.
• Implemented a centralized information security support from 12 organizations into two. This reduced 30 staff nationwide.
• Managed the selection, negotiated the purchase, and implementation of information security tools to augment the information security posture of the Confidential Reserve System.
• Liaison to external audit engagements by the Governmental Accountability Office (GAO) and PriceWaterhouseCoopers (PWC) for Sarbanes-Oxley, COSO and FISMA for achieved compliance to government regulations.

Confidential, Richmond, VA

Senior Account Manager

Responsibilities:

• Bridged the gaps between information technology and business application development and distributed and mainframe computer support.
• This involves translating business requirement into the defined information technology framework.
• Provided customer support for the San Francisco, St. Louis, Minneapolis Reserve Banks, Board of Governors and the Home Mortgage Disclosure Act (HMDA) government application; built capabilities through program development, process development and strengthened relationships with customers.
• Served as project manager for both the Internet U.S. Treasury Offset Program and the U.S. Postal Service Postal Money Order image project to move these applications from the mainframe to the distributed platform.
• Led a high priority project for FRB San Francisco involving moving check processing from the 12th District to FRIT to meet year 2000 check application compliance issues.