512-897-9215 cccda930@westpost.net Summary I am an experienced senior manager with an extensive background in IT security, operations, governance, risk and compliance in the financial industry. I have a proven track record of utilizing leadership capabilities, team motivation, tech nical expertise, communication skills, negotiation capabilities and business acu men to achieve customer, business and corporate focused goals and solutions. Specialties IT risk and security management Identity and Access Management Change Management Service Desk Management Vendor and internal assessment programs Organization integration and outsourcing Global governance, risk and compliance programs Sarbanes Oxley controls and testing Audit activities including SAS70 Process and performance improvement Program management Experience SVP-Information Security & Risk Management BBVA Compass Bank (formerly Guaranty Bank) December 2007 - June 2010 Functional responsibilities included establishment of company wide information s ecurity policies, standards and procedures that were ISO and regulatory complian t, vulnerability management program and practices (state and event security mon itoring, perimeter security and configuration, patch management), computer secur ity incident response program and team, security architecture definition, inform ation security/technology risk assessments, identity and access management (acco unt administration and access certification), disaster recovery, technology vend or management and purchasing, change management and service desk management. I established and implemented a State of Security Program based on COSO and Cob IT control frameworks to mature the information security program and reduce expo sures over a two year period, established executive reporting on overall technol ogy risk posture to raise awareness and support of risk programs, implemented an MSSP security monitoring solution to save 40% of departmental expenses and incr ease coverage, consolidated security products to better position the overall sec urity posture, reduced vulnerability exposures by 80% by implementing patch mana gement, and implemented a formal security architecture program to ensure appropr iate protection of corporate information assets. Additionally, I defined the SO X IT controls and ensured IT had proper controls and checkpoints in place to ens ure a successful SOX program. I was also the Program Manager for the Data Rete ntion initiative based on FDIC and BBVA Compass' requirements to centralize all significant electronic data for regulatory retention purposes. VP-Information Risk Management JPMorgan Chase - Risk & Security Management January 2007 - March 2008 Functional responsibilities included establishment of a control framework to ens ure compliance with corporate standards, ensure a successful SOX Compliance Prog ram for the Risk & Security Management organization as well as ensure the proper SOX controls were established across the corporation. These included close wor king ties with two external audit firms to ensure entity-wide governance control s were in place along with support of all external and internal testing. It als o included being a primary contributing member of the Technology SOX Compliance Work Force to ensure controls were well defined, corporate wide test steps devel oped along with defining the appropriate testing organizations. In addition, my role required close alignment to JPMorgan Chase's internal audit department to assist in establishing the three year audit program of technology with a focus o n cross-division functions and controls. I was responsible for the management of a team of IT professionals to enhance th e overall technology posture and compliance of the Risk & Security Management or ganization. Risk & Security Management is the end-to-end information security t echnology organization overseeing and providing direction for all lines of busin ess within JPMorgan Chase. This is a centralized core organization responsible for vulnerability management (state and event security monitoring, perimeter sec urity and configuration, patch management, etc), identity and access management (account administration, access certification, security configuration, etc. acro ss all platforms), mainframe system security, Unix and Wintel system security ad ministration, AS400 system security, HP3000 system security, Tandem system secur ity, Active Directory, Oracle, Sybase, Lotus Notes email and application develo pment, and security tools (single sign-on, remote access, desktop encryption, et c). I also led the activities of information technology and operating risk man agement team for the Risk & Security Management area which covered the Outside S ervice Provider Program, establishment and maintenance of IT Policies and Standa rds, Key Encryption and the corporate technology Sarbanes-Oxley Program.
VP - Information Risk Management
JPMorgan Chase -Corporate Information Technology Risk Management November 2004 - January 2007 Functional responsibilities included the establishment of the Information Risk Management function for the Information Technology Risk Management division at t he corporate entity level. The risk agenda focused on compliance with all inter nal corporate standards and all external regulatory bodies globally (OCC, Federa l Reserve, Japan FSA, etc), legislative requirements (GLBA, SOX, etc), and creat ion and maintenance of the JPMorgan Chase IT Policies and Standards. This requi red a vision and strong strategic position to achieve results over a three to fi ve year period with annual milestones. I additionally developed and implemented a maturity model to enhance the effecti veness and efficiency of the corporate wide IT security program along with manag ed and communicated the corporate IT security vision and strategy to senior exec utive management and staff. VP - Information Security Manager IBM Global Services April 2003 - November 2004 JPMorgan Chase consolidated all technology from within various lines of business into the corporate level. This was done to ease the outsourcing of technology functions to IBM in April 2003. As part of this consolidation and the subsequen t movement to IBM, I moved to the corporate entity level and managed a division of Information Security for JPMorgan Chase then IBM. The division consisted of 70 IT security engineers and professionals supporting Unix and Windows environme nts and major business applications along with a compliance organization and pro cess improvement team. The base functions of the area were developing security solutions and providing security engineering, system security and application as surance and monitoring, identity and access administion (security administration ) for systems and applications and security tool deployments, information securi ty risk assessments, quality control reviews along with process improvements acr oss full technology division based on audit results, compliance reviews, etc. I was responsible for all facets of this division from the ground up starting wi th its inception and growth until the contract was cancelled with IBM and all te chnology was brought back to JPMorgan Chase in November 2004. I managed a mulit-million dollar budget with full financial planning responsibil ities, staff hiring, training, growth and performance metrics, senior management reporting to show value and support of corporate goals and initiatives. It als o included monthly meeting with JPMorgan Chase executive management to review me trics ensuring service level agreements were being made, risks were being addres s, and obtain JPMorgan Chase executive management buy-in on IBM future direction . I was also resposible for all interfaces with audit groups including IBM inte rnal audit, JPMorgan Chase internal audit, OCC, Federal Reserve and external aud it firms when audit scope covered technology components, processes and/or proced ures. I also established SAS70 Type II control objectives and supported subsequ ent testing as part of contractual requirements between IBM and JPMorgan Chase VP - Information Security & Risk Management JPMorgan Chase-Chase Home Mortgage January 1989 - April 2003 Functional responsibilities included the establishment of the Technology Risk Ma nagement division for Chase Home Mortgage, the mortgage line of business within JPMorgan Chase. The base functions included information security and technology risk policies/standards/procedures, information security risk assessments, risk and compliance assessments, identity and access management (access administrati on, access certification) for all systems and business applications, system secu rity and application monitoring/analysis, change management, version control and code distribution of business applications, disaster recovery, Lotus Notes ema il database development, and technology help desk functions. I was responsible for all facets of this division from the ground up starting with its inception a nd growing it to its full capacity. I managed a multi-million dollar budget with full financial planning responsibil ities, staff hiring, training, growth and performance metrics, senior management reporting to show value and support of corporate goals and initiatives along wi th all in-house technology control assessments to ensure compliance with GLBA or other regulatory requirements. I was also responsible for audit group interact ions including internal audit, OCC, Federal Reserve and external audit firms whe n audit scope covered technology components, processes and/or procedures. AVP -Secondary Marketing Manager JPMorgan Chase-Chase Home Mortgage November 1988 - January 1989 Functional responsibilities were the management of secondary marketing pricing f or Chase Home Mortgage. The function was responsible for mortgage origination p ricing offered to internal loan originations, wholesale originations and corresp ondent lending. This was a new function based on the movement of the Chase Home Mortgage relocation from New Jersey to Florida.