Senior Director of Information Technology Resume

Title
Senior Director of Information Technology

Primary Skills
To provide management-level leadership, guidance, and value in the delivery of multi-faceted information system solut...

Location
US-CA-San Jose (will consider relocating)

Posted
Jan-21-09


SENIOR DIRECTOR OF INFORMATION TECHNOLOGY

Veteran Information Technology (IT) professional providing management-level leadership, guidance, and value in the delivery of multi-faceted information system solutions and services. Proven expertise in the development and delivery of organizational information, security and privacy strategies, creation of comprehensive multi-year actionable roadmaps from introduction through implementation, IT risk and control definitions and assessments leveraging formal industry-leading frameworks and methodologies, and regulatory and privacy compliance 'gap analysis' engagements. Demonstrated track record of developing and maintaining technical, business unit, and executive-level relationships and corroborating technical, process, and business objectives to organizational goals while concurrently delivering prioritized capabilities both on-time and within budget.


Strategic Analysis & Planning * Regulatory Compliance * Global Project Management
Policy & Standards Definition * Risk Mitigation * Process Design & Improvement
Best Practices * Budgeting * Team Building * Vendor Management


PROFESSIONAL EXPERIENCE

PRICEWATERHOUSECOOPERS (PwC), SAN JOSE, California * 2004 - 2008

DIRECTOR - Advisory Services, West Region Security & Privacy Practice
Successful identification, creation and delivery of global and local information security technology and risk management programs and projects including the development of project value propositions, formation of project approaches, creation and management of project teams, and program and project economics. Developed and communicated multi-level (technical and management) messages and presentations addressing all aspects of information security, technology management, and identity management. Detailed security compliance review and implementation expertise utilizing a comprehensive set of technologies and addressing multi-type platforms: of recent note, enterprise security management, data loss prevention (DLP), eDiscovery, and security assessment software. Also, deep, multi-year expertise developing and deploying privacy and security policies leveraging industry-leading frameworks and methodologies (ISO, ITIL, COBIT), targeting regulatory compliance (SOX, PCI, HIPAA, FFIEC, GLBA).

Recent Key Projects and Capabilities (additional examples available upon request):

- Architected and delivered a nationally-focused standards-based information security management framework infrastructure inclusive of a phased, multi-project four year roadmap. This effort addressed and prioritized all aspects of enterprise information technology, evaluated internal vs. external sourcing options and comprehensively identified specific governance, risk, and compliance (GRC) functions. As an integrated effort, all vital business units were involved and included: among others, finance, legal, purchasing, human resources, operations, and audit. The organizational philosophy was transformed from a tactical, tools-based approach to a strategic, risk-based focus best aligned to address current and future business objectives. The organization now has an actionable information security strategy which addresses regulatory requirements, prioritizes information, security and privacy efforts, and identifies and better mitigates organizational risk.

- Designed, integrated, and delivered a global security monitoring effort for a worldwide payment card transaction processing company. Based on industry-leading practices and methodologies, this effort addressed the creation, vetting, coordination, and socialization of the business, technical, and process requirements, identification and agreement of roles and responsibilities, establishment of regional and local data and process flows, Key Performance Indicators (KPIs), Service Level Agreements (SLAs), and identification and integration of critical security events, alerts, and incidents. The deployment and integration of this technology now allows the organization to quickly identify and address regional and global efforts to mitigate information threats, eliminate duplications of effort, while simultaneously addressing regulatory requirements. In addition to the technical advantages, this risk-based effort addresses one of the organization's key business objectives: namely, "protect the brand."

AL LUTZ * Page 2 * al119119@westpost.net


CISCO SYSTEMS, Santa Clara, California * 2000 - 2004
Security Services Project Manager / Cisco Pix Firewall Product Manager

Led and supported project management and business development efforts of large-scale, multi-geographic security engagements for Cisco's Advanced Services for Network Security consulting practice. Targeted services involve the education of and compliance with SOX, HIPAA, and other similar-type regulations, trending and gap analysis, and methodology creation and acceptance. Performed day-to-day, on-site management of penetration testing and security posture assessments, security policy & strategy development efforts, network security implementation reviews & development, TCP/IP telephony security reviews, and network security optimization.

Additionally, directed and managed internal Cisco organizations and external partners/customers in the definition, development, communication, and deliverance of Cisco's managed security products and solutions, specifically firewall and VPN technologies. Efforts required daily coordination with Cisco business development and service provider business units to define new technologies and business agreements, including cross-functional collaboration on competitive selling, pricing, market development, and field solutions.

NETWORK ASSOCIATES / PGP Security, Sunnyvale, California * 1995 - 2000
Manager, Systems Engineering

Exceeded quota in all quarters via the technical management of 10 security engineers covering the Western half of the United States.

LAW FIRM OF HOWREY & SIMON, Los Angeles, California * 1993 -1994
Director, MIS

Provided technical, hands-on security and systems management of the 500+ cross-platform production network of the 3rd largest litigation law firm in the US.

APPLE COMPUTER, Culver City, California * 1988 - 1993
Senior Systems Engineer

Provided high-level pre and post technical sales support for multiple business, education, and reseller accounts in Northern and Southern California, with a focus on computer security. Worked in conjunction with major account executives to create account coverage models, budgets, and forecasts.

GTE GOVERNMENT SYSTEMS, Mt. View, California * 1985 - 1988
Network Design Engineer

Designed, implemented, and managed campus-wide LAN's with multiple connections to the GTE infrastructure and other associated WAN's.

NATIONAL SECURITY AGENCY / UNITED STATES MARINE CORPS, Ft. Meade, MD * 1976 - 1985
Cryptographic Linguist

Monitored, collected and translated foreign voice and data communications for the US Government based on classified assignments. Supervised a platoon of 30+ data collection analysts in target jamming and signal acquisition scenarios.

EDUCATION

Master of Science in Systems Management
Major in Information Systems Management
University of Southern California

AL LUTZ
425 Conestoga Way * San Jose, California 95123
408-427-1443 * al119119@westpost.net



Dear Sir or Madam:

It's a pleasure to meet you. By way of introduction, I have a comprehensive and diverse information, security and risk management background that spans 25+ years of Big 4 consulting, industry vertical, and security vendor experience. This exposure allows me to provide management-level leadership, guidance, and value to companies across a wide range of disciplines, most recently in the retail and financial sectors.

I am first and foremost a problem-solver. I apply creative thinking and efficient solutions to my tasks to achieve focus and provide rapid delivery of results. I am a quick-study, and ready to take on any challenge in subject matter both familiar and foreign. This is something I have done with great success throughout my career.

Acting in various leadership and management roles at a global risk advisory and audit organization, I am recognized for my ability to bridge the communication gap between business and technology, working equally well with both. My goal is to establish and maintain creative, relevant, effective, and cost efficient information security, privacy, and risk management programs through people management, process improvement, communication and facilitation leading to lasting results and client satisfaction.

Several examples of my most recent career achievements with PricewaterhouseCoopers are:

* Design and development of an IT-focused governance, risk, and compliance (GRC) framework for a national retail clothing chain, inclusive of the evaluation of insourcing/outsourcing staffing models and a four-year information security strategy roadmap
* Design, development, deployment, and maintenance of a comprehensive set of global security monitoring processes and technologies, including the creation, socialization, acceptance, and deployment of business, process, and technical requirements for a multinational credit card processing organization
* National PwC point of contact for an industry-leading, enterprise-wide information security strategy framework
* National PwC point of contact for security monitoring processes and technologies
* West Coast PwC point of contact for identity theft and data loss prevention (DLP) technologies
* Northern California PwC liaison to Symantec for their security services and technology offerings, specifically Control Compliance Suite (CCS) and data loss prevention (DLP) technologies
* Analysis and modernization of multiple organizations' information security policies, procedures, and standards to reflect creation of and updates to industry-leading frameworks, methodologies, and regulations, i.e. ITILv2 to ITILv3, PCI1.1 to PCI 1.2, OCEG, etc.
* Multiple attack and penetration and vulnerability assessment engagements and proposals, including internal, external, web, and application risk assessments

I am now seeking a position with a company such as yours, and I am confident in my ability to enhance your organization. Enclosed is my resume, which contains more detailed information on my professional history. Please review and contact me at your earliest convenience. Thank you for your time and I look forward to your reply.

Sincerely,


Al Lutz

Certifications
See above


You must be logged in and have a current resume access subscription. Login or Register »

Resumes in San Jose, CA | Resumes in California

View other Senior Director of Information Technology resumes, IT Manager resumes