SUMMARY

Qualified leader with solid ability to develop/implement strategies and relationships resulting in a strong connection with the customer and business. Proven ability to build enterprise connectivity firmly aligned with business initiatives and global goals to support sales growth. Over 20 years of IT project/program management, information security, risk management, compliance management, and data privacy protection experience. Expertise in planning, organizing, CRM and negotiations experience with proven track record in the ability to build, lead, and motivate teams. Experience and skill in performing interpretive analysis, risk assessments, privacy impact assessments, and synthesis of information insights and key takeaways on critical projects.

Experience:

Confidential

Sr. Global InfoSec Governance Manager

• Governance Oversight ensured Information Security Office is aligned and contributes to corporate compliance, risk, audit and business code of conduct strategies.
• Policies/Standards and Certifications developed and implemented key information security policies and privacy standards. Certifications include ISO-27001, ISO-27002, SOC2/BITS, HIPAA, ISO20000, PCI DSS, CSA STAR.
• Completed successful SOC2 Audit with no findings, Completed ISO27001 Certification for North America, Canada, Brazil, Mexico, Asia, Australia, New Zealand, Asia, and Europe Region.
• Compliance Management ensured compliance with approved information security policies and standards and that deficiencies identified during compliance assessments are re-mediated.
• Reporting identified and communicated appropriate security performance and risk indicators to measure the success of the Information Security and Privacy program.
• Security Awareness and Training defined and delivered information security training and awareness, and privacy training to the business and IT organization on a global scale.
• Developed and performed Privacy Impact Assessments and IT Security Risk Assessments.
• Developed and implemented the Information Security and Risk Management governance program to include security policies, standards and procedures, security compliance management, metrics, security training and awareness, data privacy and protection.

Confidential

Sr. Manager

• Responsible for managing general and detailed documentation describing system specifications and operating instructions, revises existing systems and procedures to correct deficiencies, maintained effective documentation handling, and ensured mandatory timelines were met in accordance with Government requirements.
• Planned, developed, organized, coordinated, and managed information technology projects using Centers for Disease Control CDC and Management of Information Systems Office MISO approved techniques, processes, and tools.
• Worked with Sr. Management and Govt. officials to develop security and privacy initiatives that aligned with strategic goals for IT solutions and security documentation.
• Acted as liaison between IT and business owners to facilitate a good working relationship and thorough understanding of IT security, policy, compliance, and privacy goals.
• Identified gaps and deficiencies in governance, processes to aid in meeting strategic functional goals.
• Conducted cost/benefit analysis, risk assessments, monitored and reviewed project process, acted as liaison with customers, identified and resolved issues for both Certification and Accreditation C A process and project management
• Responsible for the management of direct personnel
• Responsible for managing large scale IT projects using the SDLC methodology including planning, development, integration, resolving POAM OIG audit related issues, and implementation resulting in the Authority to Operate for that system
• Supported Management Information Systems Office MISO as part of the Certification Accreditation C A team lead to work with various system Stewards during a system's lifecycle assisting Stewards in developing characterization data, creating the system's POA M, and preparing for the risk mitigation in order to receive final authorization to operate ATO for the system.
• Responsible for informing management of weaknesses identified during the mitigation process and for working with ISSOs and system owners to reduce risk
• Knowledge of FISMA, OMB Circular A-130, FIPS 199-201, and NIST SP 800 series related to qualitative and quantitative research and analytical methodologies, and vulnerability assessment tools associated with the Federal Certification and Accreditation process.
• Knowledge of HIPAA, Privacy Act, HITECH Act

Confidential

Sr. Manager

• Supported the CDC Office of the Chief Information Security Officer Information Security Program as part of the Information Security team in working with various Technical and Business Stewards during a system's lifecycle assisted the Stewards in developing Federal and CDC-compliant System Security Plans SSP , analyzed vulnerability reports, assisted in the development and testing of Business Continuity Plans BCP , and developed and documented standard operating procedures regarding security information content in relation to the National Institute of Standards Technology NIST .
• Managed large scale IT projects using the SDLC methodology including planning, development, integration, and implementation resulting in the Authority to Operate for that system.
• Used project management methodologies/processes, such as Microsoft Project/Microsoft Project Server to conduct critical path analysis.
• Prepared Certification Accreditation documentation for submission to CDC/OCISO for compliance measurement against privacy and IT security requirements/laws.
• Responsible for informing management of weaknesses identified during the mitigation process and for working with ISSOs and system owners to reduce potential risks related to the CDC
• Managed, developed, and implemented privacy policy and privacy impact assessments.

Confidential

Director, Data Privacy and Information Management

• Managed multi-million dollar budget
• Created global board of directors which involved gaining a commitment from Senior Board of Company officers, to ensure data privacy directives would be supported and implemented
• Developed and lead Data Privacy Task Force which included project managers represented across all business divisions
• Developed and documented privacy policies and processes for Hotel Executive Board, corporate employees and hotel properties
• Implemented IT projects for compliance requirements mandated by global and US based governmental regulatory bodies
• Served as first point of contact for Webmaster and consumer questions/complaints re: privacy
• Developed accountability matrix to address breaches of security and identification of vulnerable areas to the business
• Served as SME for Hospitality industry to FTC on Privacy
• Developed comprehensive privacy program that included training, education, reporting and compliance guidelines for all corporate employees
• Identified and recommended areas of vulnerability and served as SME for implementation of changes
• Conducted thorough Privacy assessment of IT systems and business processes including vulnerability assessments of all current and proposed IT systems and risk assessment/impact reporting and data mapping for the business including cost of services, cost of ownership, and return on investment.
• Implemented a control mechanism for system administrators to receive, acknowledge and comply with system vulnerability alert notifications

Global IT Strategy Manager

• Developed strategic plan across business and IT to ensure future sales growth including developing of business case analysis for assigned IT projects, programs, or tasks, cost of services, cost of ownership, and return on investment
• Work with Regional Heads, CIO and CEO to determine strategies for IT on a Global scale
• Developed and facilitated workshops to determine individual area objectives, goals, standards, and measurements OGSM's to drive IT objectives
• Ensured linkage to business strategies with IT strategies
• Advised in deployment/implementation phase of tactics that support strategies
• People Development and Succession Planning
• Balanced Scorecard
• Risk Assessment

Confidential

Project Manager, Customer View Book of Records

• This project was the predecessor of the data privacy initiative regarding consumer/customer data collection
• Served as SME in the development and implementation of strategic sales plans for existing and prospective global and domestic customers through tracking of existing customer information
• Developed business needs or a customer view for all key constituents
• Development of a single source data base to capture customer information
• Worked with IS Account Management to determine right short and long-term solutions
• Determined iterative process of what is doable against the needs desired to meet project deliverables
• Created timeline with key milestones and identified and managed project teams to determine privacy and IT security risk
• Analyzed imperative needs and nice to have needs so that constituents could meet them but also meet project timelines and deliverables
• Determined privacy vulnerabilities for systems for collection of customer data

Project Manager, Confidential

• Analyzed and developed database to capture in-outlet survey and Business Market Unit responses in order to determine acquisition recommendations.
• Managed collection of information for 700 audit results, analysis of data, summary and recommendations based on findings
• Responsible for action as contact point and liaison within that system and reporting results based on account team and parent customer
• Managed timeframe for work plan steps and proposal
• Compiled reports and presentations and analyzed data to be used by account team and development of customer proposal
• Assisted in presentation development for customer in regards to future sales opportunities and growth objectives

Customer Linkage Manager

Confidential

• Managed six project managers in their efforts to decentralize customers for AE, financial, marketing and sales reporting
• Compiled customer data into central data warehouse this later became the data warehouse for all customer data collection.
• Developed full project plan and key objectives for National Account Executives NAE to drive customer sales
• Delivered comprehensive project plan which detailed resources needed, financial backing and sponsors on time with full disclosure to Senior Board of Officers ahead of schedule
• Gained Senior Officer buy-in of project and developed implementation plan

Memberships/Publications:

• Project Management Institute PMI Member
• International Association for Privacy Professionals IAPP Member
• Compliance Weekly October 2012 one of 15 Executives interviewed on risk, compliance, and privacy
• Insights on Governance, Risk and Compliance, Fighting to Close the Gap, Ernst and Young 2013 Global Information Security Survey
• Published White Paper Information Governance and Security Recall
• ISACA