Experience

• 

  Blue Cross Blue Shield Association

  • Greater Chicago Area

  • Privacy Administrator

    • Nov 2016 - Oct 2019
    • Greater Chicago Area

    Coordinated management responses to HIPAA privacy incidents both internal to the Association and those that involved third parties. Primary point person on third party privacy and security risk management. Second level Data Leakage Program (DLP) incident response.Conducted classroom training for new employee orientation. Developed quarterly on-line training topics for HIPAA privacy and information security.

• 

  Sears Holding Corp

  • Hoffman Estates, IL

  • Information Technology Risk Manager

    • Dec 2014 - Oct 2016
    • Hoffman Estates, IL

    Team leader for third party risk for Payment Card Industry compliance Consultant / facilitator for other PCI compliance issues like encryption, access controls, etc.

• 

  Office Depot / OfficeMax

  • 263 Shuman Blvd, Naperville, IL 60563

  • IT Compliance Manager

    • Mar 2009 - Dec 2014
    • 263 Shuman Blvd, Naperville, IL 60563

    Assessed information security controls related to PCI, SOX, HIPAA and privacy breach notification mandates. Implemented an IT control framework on OpenPages and managed control testing, issue tracking and remediation monitoring and reporting processes for SOX IT controls, PCI/DSS Requirements, and state and federal privacy mandates. Monitored and reported on the PCI certification status of international affiliates and coordinated remediation assistance when needed.Assessed compliance of enterprise and web privacy policies with state and federal privacy mandates, Fair Information Practice Principles, and advised business projects on privacy requirements.Managed Third Party Information Security Risk by monitoring third party relationships, assessing risk and sensitivity of data flows, and occasionally performed on-site assessments of third party privacy and security controls. Monitored third party compliance certification status for high-risk relationships.Assisted information security policy management process and enterprise security awareness program.

• 

  Deloitte & Touche

  • 111 South Wacker Drive, Chicago, IL 60606

  • Manager, Enterprise Risk Services

    • Feb 2005 - Jan 2009
    • 111 South Wacker Drive, Chicago, IL 60606

    Managed major client relationship in the healthcare industry for IT Security Consulting and IT Audit services. IT Audit Manager for a range of information security, business continuity and compliance audits involving HIPAA, COBIT v4, ISO 17799 and ITIL. Team leader for information vulnerability assessments including attack and penetration testing. Served clients in healthcare, professional services, manufacturing and retail industries.

• 

  BDO Seidman, LLP

  • Project Manager

    • Jul 2002 - Jan 2005

    Sarbanes-Oxley review and implementation with Audit Technology Risk Management practice. Business development and service delivery for IT consulting services including network infrastructure and information security. Penetration Testing, Vulnerability Assessments, HIPAA Security Compliance and general infrastructure implementation services. Also functioned as business analyst and project manager for functional enhancements to the BDO Alliance portal.

• 

  Accenture

  • 161 North Clark Street, Chicago, IL 60601

  • Senior Manager

    • 1981 - 2001
    • 161 North Clark Street, Chicago, IL 60601

    Senior Manager, Information Security, 1998 – 2001Program leader for global IT Security function and team leader of IT Risk Management group. Responsible for defining, communicating, and enforcing security policies; planning security infrastructure and managing incident response, forensics investigations, and anti-virus distributions.Program Director for Network Services and Information Security, 1995 – 1998Responsible for enterprise network architecture and information security – sourcing strategy, development and maintenance of network architecture components such as remote access, secure client connectivity, VPN, enterprise directory, and access controls.Manager of Integration Management, 1991 – 1995Team leader in global IT group responsible for developing, maintaining, and enforcing global standards for laptops, servers, and networking hardware and services.Manager (Consulting Practice), 1985 – 1991Client service, practice promotion, and proposal development in all industries. Emphasis on Fortune 1000 clients and large projects with emerging workstation-based client/server technologies.Senior Consultant, 1981 – 1985Client service in government and utilities industries with emphasis in data networks. Mainframe OS conversions and network design and implementation for Fortune 1000 clients’ projects.

• 

  Blue Cross Blue Shield of Wisconsin

  • 4117 N Teutonia Ave, Milwaukee, WI

  • Systems Programmer

    • Jan 1976 - Apr 1981
    • 4117 N Teutonia Ave, Milwaukee, WI

    Application programmer (COBOL and IBM Assember Language) for a dental claims application.Systems Programmer and capacity planner for IBM mainframe data center.