Additional Info

Job title of nominated professional (or team name)VP Enterprise Security & Privacy
Company (where nominated professional or team is working)LearnVest, Inc.
Websitehttp://learnvest.com
Company size (employees)100 - 499
CountryUnited States

Overview

• ISO 27002 Attestation and Transition from 2005 to 2013 Standard
• Payment Card Industry Data Security Standard (PCI-DSS) Attestation
• Shared Assessment Group Attestation
• TRUSTe Privacy Certification
• Enterprise 2 Factor Authentication (2FA) and Single Sign-On (SSO)
• Privacy Control
• Enterprise Change from Discretionary Access Control (DAC) to Role-Based Access Control (RBAC)
• Instantiation of Robust Change Management Process Including Onboarding and Offboarding Employees
• Authored more than 65 Security Policies and Procedures (Information Security, Disaster Recovery, Business Continuity, Change Management, Etc.)
• Instantiated the Vulnerability Management Program
• Created and Managed the Security Audit Program (access control, permissions, authentication, confidentiality, integrity)
• Created and management the Security Training Program
• Created and management a new and improved Compliance Training Program
• Created and managed the Third Party Vendor Security Audits and Reviews Program
• Created and managed Physical Security Program (cameras, access control, privacy film and filters, etc.)
• Lead Security during the Acquisition Analysis and Post to Northwest Mutual
• Lead Compliance during the Acquisition Analysis and Post to Northwest Mutual
• Instituted new Compliance Program taking compliance from 10% to 100% compliance within 6 weeks
• Lead the company acquisition effort in security, privacy, compliance, policies & procedures (Northwestern Mutual, May 11, 2015 finalized)
• Successfully passed SEC Compliance Audit by Cipperman Compliance Services
• Author of over 22 information security & data privacy published magazine articles
• Speaker at professional meetings such as ISSA, CSA, SDSUG, FinTech
• Sr. Fellow of ISSA; Privacy by Design Ambassador; IATAC (SME), and member of many other professional organizations
• Certifications include CISSP, CASP, CRISC, CCISO, LPT, ECSA, CEH, CNDA, CIWSA, CIWSP, CCSK, CWNA, GSEC, MCP, MCTS SQL Server, Security+, Security+ CE, Project+, ITILv3, NSA/CNSS NSTISSI 4011-4016
• Actively engaged in the information security community; trains others in CASP, CISSP, and Security+
• Order of the Sword and Shield – Professional Honor Society
• Over 175 CPEs per year

Accomplishments

• Lead the company acquisition effort in security, privacy, compliance, policies & procedures (Northwestern Mutual - Fortune 100 company)
• Instituted new Compliance Program taking compliance from 10% to 100% compliance within 6 weeks
• Lead the company certification efforts ISO 27002 Attestation and Transition from 2005 to 2013 Standard; Payment Card Industry Data Security Standard (PCI-DSS) Attestation; BITS Shared Assessment Group Lite (SIG & AUP) Attestation; and TRUSTe Privacy Certification