GRC Lead

• Aug 2019 - Present

Senior Information Security Consultant

• Apr 2018 - Aug 2019

Positioned as the on-site CySIP Security Officer for a 2,000-person account team that provides information security services to one of the largest international retail food service providers. The position was responsible for responding to client deliverable needs in all aspects of information security, with a primary emphasis on security awareness and providing secure application development direction. Reviewed and selected application security testing tools for use on the global account. Accomplishments: • Developed secure coding guidelines • Tested and remediated the findings of various application security tests. • Provided four security awareness training modules to ensure secure coding best practices were followed with an emphasis on adhering to OWASP top ten best practices. Also planned the long-term security awareness program direction. • Coordinated the tracking of over 700 application assets into the client asset tracking tool. • Assisted the client on several occasions in managing and investigation of incidents and investigations. Identified and tracked all security contractual obligations, resulting in a detailed metrics report that was provided to the client.

Senior Information Security Consultant

• Jan 2018 - Apr 2018

Senior Information Security consultant currently working with Capgemini to deliver value to our clients by ensuring they obtain compliance with regulations, security frameworks, and best practices. Pat has recently helped various clients improve their security posture through: - Conducting and Governance, Risk, and Compliance (GRC) assessment for a critical infrastructure organization - Providing a project methodology to conduct a organization wide Role Based Access Control (RBAC) review for a critical infrastructure organization - Conducting a Role Based Access Control assessment for a a critical infrastructure organization - Performed a General Data Protection Regulation (GDPR) readiness assessment for a global electronics organization - Currently assisting a large global food services organization to align their application development and management with OWASP to reduce their risk profile.with internal and externally facing applications.

Managing Director of Information Security

• Sep 2017 - Jan 2018

ITPeopleNetwork, Aurora, Illinois 09/2017 – 01/2018 Managing Director, Information Security Positioned as the managing director of information security for ITPeopleNetwork (ITPN). The position was responsible for responding to client deliverable needs in all aspects of information security and growing the security practice by providing the right resources to our clients at the right price. Accomplishments: • Implemented a client security assessment methodology utilizing the NIST Risk Management Framework that was successfully executed at a large California based healthcare organization. • Conducted gap assessments for clients, particularly in the security policy areas. Created and restructured security policies and standards for the client. • Provided and executed third-party security assessment process which allowed the client to identify risk and improve their overall security posture and adhering to the NIST framework. In addition, this assessment provided the client with a complete analysis of how they would be graded if they were to be audited against other security frameworks, including PCI, ISO27001, and HIPPA. • Conducted a security assessment of the clients’ vulnerability management capability and identified major gaps and provided a road map for improvement. • Provided a road map and recommendations for the client to implement a Governance, Risk, and Compliance tool.

Senior Information Security Consultant

• Jun 2017 - Sep 2017

Consultant, Information Security Consulted with clients to promote governance, risk, and compliance functions within the clients’ organization. Accomplishments: • Designed and implemented a security awareness program for an 18,000-seat environment. • Integrated the security awareness on-line security awareness tool with the corporate learning management system. • Streamlined the internet gateway change request process to ensure accountability across IT functional areas. • Updated privacy and acceptable use policies to reflect current state and best practices.

Director Information Security, Kirkland & Ellis LLP

• Nov 2008 - Jan 2017

As the firms’ Information Security Director, I was responsible for the direction of the firm’s internal information security program for eight years. I developed and executed an information security strategy that grew the firm’s information security program from 2 staff and 3 technologies, to a staff of 12 supporting over 20 security technologies and processes. • Implemented a risk assessment methodology to ensure that all new technologies or process proposed to enter the firm’s global environment be adequately assessed for security vulnerabilities prior to approval and implementation, which ensured security controls and risks were identified. Maintained a risk registry of all risks identified as well as a process to fix or mitigate all risks. • Directed the implementation of technical solutions to reduce malware infections which resulted in a substantial reduction of workstation and laptop rebuilds by 90%. • Positioned and directed the firm’s efforts to achieve ISO 27001 certification over an 18-month period which alleviated security concerns of the firm clients. • Selected and directed the firms 3rd party annual assessment and remediation efforts which improved the overall security posture and met client requirements and regulatory requirements. • Directed various departments in the response of client security questionnaires and negotiated technical mitigating steps to ensure client satisfaction. This included the negotiation of compensating or mitigating controls to ensure the security posture was acceptable for financial and healthcare sector client’s requirements via PCI, HIPPA and other regulatory controls.

Subject Matter Expert Endpoint Security

• Nov 2002 - Nov 2008

Information Security program execution, forensic investigations, e-Discovery administration, endpoint security SME, risk assessments, network security, penetration testing. Information Security program execution, forensic investigations, e-Discovery administration, endpoint security SME, risk assessments, network security, penetration testing.

Director of Information Security

• Jul 1999 - Nov 2002

Responsible for providing technologies, projects, and services to defend the Andersen environment from threats. Developed tools and techniques for security assessment, penetration testing and compliance with standards in the Andersen environment. Served as the source of current status and knowledge of the firm's internal exposure to risk and requisite disaster recovery plans, treating risk holistically. Responsible for providing technologies, projects, and services to defend the Andersen environment from threats. Developed tools and techniques for security assessment, penetration testing and compliance with standards in the Andersen environment. Served as the source of current status and knowledge of the firm's internal exposure to risk and requisite disaster recovery plans, treating risk holistically.

Manager

• Sep 1994 - Jul 1999

Technical security consultant responsible for assessing the security efforts for this client, making immediate improvements and defining a long-term security strategy. Technical security consultant responsible for assessing the security efforts for this client, making immediate improvements and defining a long-term security strategy.

Computer Security Coordinator

• Sep 1988 - Sep 1994

Primary individual for implementing and administrating various informational security programs throughout the mainframe, LAN, and workstation environments. Programs implemented included centralization and decentralization of security responsibilities throughout the corporation, implementing virus prevention controls throughout the corporate LAN environment and installation and maintenance of a corporate-wide workstation security package. Primary individual for implementing and administrating various informational security programs throughout the mainframe, LAN, and workstation environments. Programs implemented included centralization and decentralization of security responsibilities throughout the corporation, implementing virus prevention controls throughout the corporate LAN environment and installation and maintenance of a corporate-wide workstation security package.