Experience

Burgess

• Wine & Spirits
• 1 - 100 Employee

• Chief Security Officer

  • Nov 2016 - Present

  Alexandria, Virginia Provide vision and executive leadership for developing and implementing IT and Security technology initiatives. Drive IT/Security strategic and operational planning by fostering innovation, prioritizing initiatives, and coordinating the evaluation, deployment, and management of current and future IT/Security systems. Manage an annual budget of 5.5 million dollars. • Led the organization to obtain HiTrust and SOC type 2 compliance in 2017. Maintain HiTrust and SOC compliance annually.… Show more Provide vision and executive leadership for developing and implementing IT and Security technology initiatives. Drive IT/Security strategic and operational planning by fostering innovation, prioritizing initiatives, and coordinating the evaluation, deployment, and management of current and future IT/Security systems. Manage an annual budget of 5.5 million dollars. • Led the organization to obtain HiTrust and SOC type 2 compliance in 2017. Maintain HiTrust and SOC compliance annually. Authored and developed the policies, procedures, and training curriculum on Information Security and HIPAA data privacy. • Conceived and led development of private cloud network in Azure to support Burgess Group Source SaaS applications. • Provided a blueprint for deploying technologies, including Security Information & Event Monitoring (SIEM), Data Loss Protection, and Identity & Access Management to provide a real-time internal Security Operations Center (SOC) capability. • Created a Computer Incident Response Business Resumption Program (i.e., Disaster Recovery & Business Continuity process to includes Plans, Testing, & Training) to safeguard Burgess Group. • Incident Response Team (IRT) Manager: Lead all responses to any internal or external incidents and managed all communications with C-Level staff, corporate communication, and law enforcement as needed. Show less



ARC

• United States
• Financial Services
• 1 - 100 Employee

• Senior Manager Information Security Operations

  • Feb 2006 - Nov 2016

  Arlington VA Oversaw process to identify and evaluate all critical systems. Designed and implemented security processes and procedures and performed cost benefit analysis on all recommended strategies while ensuring all activities remained within the corporate risk management budget of $5.1 million. Collaborated with external auditors to conduct in-depth compliance audits and penetration testing and presented the results to executive management. Served as the Incident Response Team (IRT)… Show more Oversaw process to identify and evaluate all critical systems. Designed and implemented security processes and procedures and performed cost benefit analysis on all recommended strategies while ensuring all activities remained within the corporate risk management budget of $5.1 million. Collaborated with external auditors to conduct in-depth compliance audits and penetration testing and presented the results to executive management. Served as the Incident Response Team (IRT) Manager. • Built a dedicated, action-oriented Network/Security team of 12 by instilling a culture of open dialogue and collaboration. • Met with CIO, CRO, CISO, and Director of IT to discuss project priorities and any conflict between projects and/or personnel. • Oversaw the outsourcing of facilities operations. The project reduced the yearly cost for facilities by 20 percent. • Prepared detailed RFPs for various infrastructure and security projects. • Re-negotiated several vendor contracts, reduced number of vendors providing services and saved 14 percent per year. • Developed curricula and facilitated security awareness training. • Created a risk assessment process for vulnerability management. • Planned, designed, and implemented enterprise-wide security systems that included implementing a next generation firewall, DLP, deploying an application firewall and detailed logging of database activity to monitor sensitive data. • Designed and implemented a SIEM that took in 80 million events a day and reduced that down to an average of 20 actionable items to review by the operations team each day. Show less