IT Director Resume

Title
IT Director

Primary Skills
21 years of experience in high-level consulting and managerial positions within the information technology industry

Location
US-IL-Naperville (will consider relocating)

Posted
Jan-25-09

SUMMARY OF SKILLS
* 21 years of experience in high-level consulting and managerial positions within the information technology industry
* Extensive background in application development but the last 10 years of career has focused exclusively on information security.
* Recognized expert in application security testing and assessment; a frequent speaker to C-level audiences on the importance of application security throughout the lifecycle. Has spoken at CAMP IT in Chicago on application security.
* Knowledge of regulatory requirements, security standards and compliance issues (HIPPA, Sarbanes Oxley, ISO 17799, CobiT v4.1, and Payment Card Industry Data Security Standard (PCI DSS)).
* Excellent technical knowledge and hands on experience covering diverse enterprise solutions, products, tools and concepts.
* Diplomatic Leadership Skills and proven ability to think strategically as well as practically about how technology impacts business
* Over entire career has maintained proven track record of delivering projects on time, on budget, and that have actually worked.

EXPERIENCE
Master Risk Management Security Consultant - 2008 to Present
Health Care Services Corporation, Chicago, IL
Responsible for designing, implementing, and continuously updating the security consulting process supporting enterprise information security policies and standards; Providing solutions to resolve gaps in security; and providing architecture and infrastructure guidance for applications, operating systems and networks.
* Directed proof of concept project for enterprise wide data protection and access control for portable storage devices for which I was awarded a distinguished achievement award.
* Information Security lead on defining security requirements for enterprise wide Security Event Management and Log Correlation project. Provided enterprise implementable security recommendations for mitigating risk to the project team.
* Developed regulatory driven methodology for quantifying risk to the enterprise introduced by policy exceptions, and implemented standards for analyzing exception requests.
* Responsible for integrating security within the enterprise system development lifecycle and defining artifacts to ensure compliance with information security standards from project inception to completion.
* Initiated information security metrics program to define and capture metrics for quarterly reports to executive officer leadership.

Secure Application Architect - 2007 to 2008
Halock Security Labs, Schaumburg, IL
Responsible for definition and implementation of application security architecture, including policy, design, implementation guidance, compliance, and process definition. Collaborate with application development teams, infrastructure security architects, and security policy experts to define an integrated framework of application security policy and architecture and the guidance necessary for its consistent implementation.
* Responsible for definition and scope of core secure application service offerings, including systems design, data protection and secure software development lifecycle.
* Initiated and created training programs to provide security awareness and secure application development training to management personnel and software development teams.
* Reviewed and evaluated vendor product offerings to select tools and services to be utilized in client consultant projects. Established vendor partnerships and successfully introduced new client services which took advantage of the tools and partnerships.
* Consult clients on matters of application security and provide SME advice on software development projects for a variety of clients.

Director, Information Security - 2006 to 2007
Intersoft Corporation, Oak Brook, IL
Responsible for Information Security consulting practice charged with creating and maintaining core security consulting services for all technology platforms. Management of all security projects, including developing project plans, defining project goals and objectives, specifying tasks and how goals will be achieved, what resources are needed, and associating budgets and timelines for completion of projects, processes and procedures.
* Created and ran the Information Security office charged with creating and maintaining core security consulting services for all technology platforms.
* Initiated a roadmap project to build PKI for distributed infrastructure to enable communication over public networks and reducing telecom costs by over 50%.
* Maintained information security processes and security control standards for application development and technology deployment.
* Developed business practices for evaluating new security technology, conducting vulnerability assessments and reviewing security application architecture solutions for distributed systems.

Managing Technical Consultant - 2000 to 2006
Intersoft Corporation, Oak Brook, IL
Responsibilities include architecture and development of secure solutions, including web applications, web services, client/server applications, network infrastructure and other information security projects. Use in-depth consulting skills, business knowledge, and information security expertise to effectively integrate risk management into the clients' business environment. Identify strategy with recommendations; provide additional resources and implement solutions.
* Security lead for an electronic marketing system to support customer loyalty programs and electronic coupon clearing which enabled the client to raise over 6 million in venture capital and ultimately led to their acquisition.
* Architected an enterprise level secure Sales Force Automation system which provided real time data communications which increased sales force productivity by 15% to 30%.
* Multiple projects involving identification and remediation of web application and web services security vulnerabilities and security integration throughout the application development lifecycle.
* Developed Security Policies, Guidelines, Standards and issue specific policies for Email, Internet and Network Security for Intersoft and multiple clients.
* Supervised a team of 3 consultants and effectively managed all aspects of information security, infrastructure and telecommunications for Intersoft and selected clients.

Senior Consultant - 1996 to 2000
Intersoft Corporation, Deerfield, IL
Responsible for designing, implementing, and supporting internet infrastructure and interactive Web applications for clients. Duties included web design, e-commerce, systems analysis, troubleshooting, and quality control and network architecture.
* Designed and developed secure communications software as part of a "core engine" to automate POS data collection which supported over 3500 retain stores' nationwide. Spanning multiple technology platforms, stores could transmit data securely and consistently to a server farm on a daily basis. Innovations introduced reduced telecommunications costs by as much as 60%.
* Designed and built network and communications infrastructure for multi-site company offices. Responsible for implementing all facets of TCP based networking and establishing VPN communications between the sites. Managed configuration and deployment of routers, switches and firewalls and ultimately intranet and internet servers.
* Utilized thorough knowledge of Internet applications, web page design, and HTML programming to create and maintain interactive, multi-page web sites.
* Designed and implemented B2B system for CPG marketing company. Created interfaces and web services to allow business partners access transaction data from multiple servers across a wide area network and the internet.
* Performed security audits for multiple client application environments and network infrastructures.

Consultant - 1993 to 1996
Intersoft Corporation, Deerfield, IL
Responsible for writing, testing, and maintaining programs, software and documentation for clients. Consult with managerial and engineering and technical personnel to clarify program intent, identify problems, and suggest changes.
* Development lead on an entire Point Of Sale Data Collection, Cleansing, and Data Warehousing System for major US CPG chain. Reduced out-of-stock items in the range of between 5 up to 30%, which increased individual store revenue by 1 to 2% per year
* Optimized existing application code by identifying and rewriting inefficient subroutines, reducing processing time by over 75% for some jobs.
* Develop multi platform programs to interpret and clean binary data files before importing the data into various databases and systems. The programs replaced legacy code and after implementation, processing time for the systems was reduced from 20 minutes per file to 4 minutes per file.
* Created a solution which eliminated manual modem reset processes in a POS data collection system installed in over 2000 retail stores which resulting in significant time and cost savings.

Consultant - 1991 to 1993
Morrison Rooney Associates, Chicago, IL
Consultant on and a variety of software development and network infrastructure projects. Responsible for all in-house development and building out PC based consulting services.
* Network infrastructure project for Illinois governmental department where I was responsible for design and installation of OS/2 and Novell networks, including the roll out of IBM database server which provided a development environment for mainframe developers which reduced development costs by 25%.
* Programmer on a 250,000 dollar PC multi user client/server project for tracking and dispensing government grants.

Programmer - 1988 to 1991
I.C. Software, Portadown, U.K.
Responsible for coding applications according to detailed design documentation and specifications. Developed test plans and created end user documentation.
* Developer of educational computer aided design software packages used in thousands of schools throughout the U.K.
* Coded a PC based relational database system which was used for tracking student grades and progress and creating term reports.

EDUCATION
B.A., Computer Science - 1988
Queens University of Belfast

Advanced Programming Courses - 1992
Northwestern University, Chicago

CERTIFICATIONS
* E|CSP, EC-Council 2008. Certified Secure Programmer
* C|EH, EC-Council 2008. Certified Ethical Hacker
* C|EI, EC-Council 2008. Certified EC-Council Instructor
* CISSP, ISC2 2007. Certified Information Systems Security Professional
* ICAD, IBM 2005. Certified Associate Developer
* Security+, CompTIA 2005. Security+ Certified Professional
* MCP, Microsoft 2003. Microsoft Certified Professional
WebMethods 2003. Certified Business Partner Integration Developer

WebMethods 2001. Certified WebMethods Developer

PROFESSIONAL ORGANIZATIONS
OWASP (Open Web Application Security Project) 2008

ISSA (Information Systems Security Association) 2005

CSI (Computer Security Institute) 2006

Certifications
See above


You must be logged in and have a current resume access subscription. Login or Register »

Resumes in Naperville, IL | Resumes in Illinois

View other IT Director resumes