Information Security Specialist
2341 Janesville Lane Henderson, Nevada 89044
Summary of Qualifications
- Project Manager with extensive program and project manager experience including process, systems and operations development; redesign; implementation; compliance (SOX, PCI); continuity of business; and information security and privacy.
- Developed and implemented global Education, Awareness and Communication Information Security & Privacy programs.
- Participant in Citigroup’s Quality Initiative as a facilitator and as an instructor. The Quality Initiative integrates business process management and improvement methods consistent with the methodologies of Six Sigma and Cross Functional Process Mapping.
- Managed Pearson’s Information Security & Privacy (IS&P) Awareness, Communication and Education (ACE) programs including curriculum development, translations into multiple languages and delivery via an internal Learning Management System (LMS) to achieve compliance with global information security and privacy practices and initiatives across the organization; track and provide reports on progress to Senior Management.
- Provided a center of excellence for the global Governance, Risk & Compliance (GRC) program including: Design, implement and support GRC processes and solutions; Develop risk/vulnerability assessment programs and questionnaires to aid in the identification and mitigation of security and privacy risks; Deploy, train and provide operational procedures to business units on the use of GRC solution; Utilize GRC solution for assessments, reporting and remediation activities.
- Maintained a currency of policies, laws, regulations and standards within the GRC solution and manage the GRC solution as base for Enterprise Risk Management (ERM) platform and implement related solutions as required.
- Provided support for Risk-MAPP, LLC an information security and privacy consulting firm including: draft and review of policies, processes and procedures; design collateral materials; design educational programs, research compliance issues.
- Managed Merrill Lynch’s (ML) Information Security & Privacy (IS&P) Awareness, Communication and Education (ACE) programs and initiatives across the organization including third party vendors and contractors.
- Developed and implemented the ML annual Mandatory Tutorial on Information Security and Privacy for employees and implemented a version for affiliated third parties.
- Coordinator the design of an electronic Information Security & Privacy Officer (ISPO) toolkit containing new resources as well as a restructuring of multiple paper-based and electronic tools currently in use. Managed the content and was responsible for the IS&P website.
- Project managed the IS&P Metrics Program which established a common method of collecting, reporting and analyzing the effectiveness of the IS&P programs and initiatives.
- Mentored and supervised a team project for incoming college graduates for the ML New Hire University Program. Supervisor for the top performing analyst and continued as mentor for other team participants.
- Managed the CISO Awareness, Communication and Education (ACE) Programs including curriculum design, development, enhancements and delivery globally. Responsibilities included the coordination, scheduling and delivery of Introductory, Technical, and Train the Trainer Information Security (IS) programs. Developed and analyzed education and awareness metrics to monitor coverage, performance and to measure effectiveness.
- Researched, piloted and implemented distance learning and e-learning initiatives that utilized the web to reach a wider audience in a cost effective manner. Developed IS education modules designed for targeted audiences.
- Coordinated the initiative to migrate from an Introduction to Information Security to an IS Risk Management methodology program.
- Managed the CISO website and supported Legal, Regulatory and Compliance efforts for CISO.
- Assisted the Senior Vice President of Contracts Development by organizing and coordinating the efforts associated with Requests for Information (RFI) and Requests for Proposal (RFP). Participated in contract negotiations for the outsourcing of LAN and Desktop Information Technology Services, globally.
- Coordinated the creation, revision and distribution of documentation including : Contract Terms and Conditions, Statement of Work, Fee Schedules, Customer Site Schedules and Site Transition Schedules. Created the RFP Evaluation Document containing evaluation criteria, scoring guidelines and descriptions of each category.
- Supported the effort to train Citicorp employees in eighteen months. Taught Introduction to Citicorp Quality classes and provided facilitation support to teams starting quality improvement initiatives, working on real cycle time reduction and defect elimination efforts.
- Project Manager for the Customer Service Center’s (CSC) Re-Engineering Project, for the implementation of a Casebase Reasoning tool (CBR) Content Navigator™, a comprehensive set of applications and technology that allow for the search and retrieval of knowledge.
- Developed an Interdepartmental Service Level Agreement (SLA) and Continuity of Business Plan (COB) for CBR Content Navigator™.
- Managed external consultants and internal staff; acted as a liaison with Corporate Education and the Customer Service Center for the training of the pilot staff and the Help Desk staff; developed User Acceptance Tests and the CBR Utilization MIS report specifications.
- Facilitated the creation of a Self-Audit Kit; a tool set for determining the requirements for specific areas or organizations to be compliant with the Corporate Technology Framework and Policy Standards.
- Performed an analysis for the selection of a platform and of a third party vendor for the development of an on-line documentation system / central repository.
- Participated in the coordination of CGIN’s response for the internal controls in Global Service Operations Center, in reference to compliance with the Federal Deposit Insurance Corporation Improvement Act (FDICIA) and assisted in the 1995 Certificate of Compliance COB-BC177 Review Process for CGIN’s global operations.
3/2011 to 5/2016 Pearson Education Inc. / Principal Information Security & Privacy Analyst
3/2007 to 3/2011 Consultant
2003 to 03/2007 Merrill Lynch / Vice President Information Security & Privacy (IS&P)
1995 – 2003 Citigroup, Citicorp, Citibank NA
1999 – 2003 Citigroup Information Security Office (CISO) / Vice President
1998 – 1999 Citicorp Global Technology Infrastructure (CGTI) / Contracts Specialist
1996 – 1997 CGTI Service Quality / Process Design and Documentation / AVP
1995 – 1996 Citi Global Information Network (CGIN)/Quality Assurance & Compliance/AVP
1991 – 1995 Productivity Point International / Senior Account Manager
- Account/Project Manager for corporate clients in a national education organization that provided advanced technology training for personal computer applications.
- Responsible for marketing and direct sales of a full array of seminars and programs for technical support professionals and applications developers including Client/Server Technologies, Novell Education, Lotus Notes and Microsoft Technical Education Training and Services.
- Redesigned marketing and collateral materials including proposals, client letters and special event invitations.
- Directed all production processing including: optical scanning, imaging, word processing conversion and CDROM preparation. Developed and implemented new standards, forms and procedures to expedite work flow. Recruited and trained the technical, production and administrative staff.
- Directly reported to the New York Financial Area Director for Brokerage, Banking, Insurance and Accounting vertical segment markets. Managed a staff of technical/marketing specialists in key product areas and supported the Financial Area by developing and delivering comprehensive marketing and support programs for advanced technologies. Coordinated operations including budgets, forecasts, corporate reporting, and human resources.
- Created an Area Reference Center that included third party application solutions, competitor information, customer testimonials and reference accounts. Planned and coordinated Financial Area sales training programs, product introductions, executive customer presentations and conferences.
- Managed the transition from bundled system support to fee based consulting services.
1989 -– 1991 Data Conversion Laboratories Inc. / Production Manager
1985—1989 Wang Laboratories, Inc./NY Financial District Operations/Marketing Manager
BS (cum laude) Queens College, City University of New York – 1977
Citigroup Corporate Information Security Office Certification Program – 1999
CISSP – completed program 2003
Information Security Management Systems (ISMS) Auditor Certification - 2013
- Las Vegas CISO Group
- Pearson Women’s In Learning and Leadership
- Pearson Women in Technology
- Merrill Lynch’s Women’s Professional Network
- Citigroup’s Executives Women’s Forum
Information Security Forum - Speaker at the 2001 Conference in Toronto, Canada