Expert Details
Information Security Governance, Risk Management and Compliance
ID: 726274
Indiana, USA
Assisted with implementation of ISO 27001 information security management system for data center/BPO services providerProvided Information Security Management System (ISMS) implementation consulting during project execution and through registration for an
industry-leading company that achieved ISO 27001 certification on the first auditAssisted a major U.S. pharmaceutical company with updating its information security compliance framework to reflect ISO 27001 process requirements and controls and coordinating its information security compliance processes with the Global Privacy Office efforts in successful certification to the U.S. Department of Commerce Safe Harbor Framework for international data transfers in the clinical divisionCollaborated on legal and regulatory requirements review for ISO 27001 implementation for a major U.S. credit card issuer (information security management system received certified in 2006) as well as for a major U.S. life and annuities company (ISMS certified in 2008)Developed and delivered information security management workshop for a retail industry leadership group
Education
| Year | Degree | Subject | Institution |
|---|---|---|---|
| Year: 1988 | Degree: Ph.D. | Subject: Philosophy | Institution: University of Kentucky |
| Year: 1984 | Degree: MA | Subject: Philosophy | Institution: Southern Illinois University Carbondale |
| Year: 1978 | Degree: BA | Subject: History | Institution: Indiana University Indianapolis |
Work History
| Years | Employer | Title | Department |
|---|---|---|---|
| Years: 2006 to 2009 | Employer: JBW Group International | Title: Principal Consultant | Department: |
Responsibilities:Expert is responsible for assisting clients with design, implementation and assessment of information security and privacy management programs |
|||
| Years | Employer | Title | Department |
| Years: 2004 to 2005 | Employer: Synomos | Title: Senior VP, Policy Advisory Services | Department: |
Responsibilities:Expert was responsible for designing the implementation strategy and requirements for adapting Synomos’ data policy management and access control technology to specific regulatory environments |
|||
| Years | Employer | Title | Department |
| Years: 2002 to 2004 | Employer: Independent Information Security & Privacy Consultant | Title: Principal | Department: |
Responsibilities:Expert was responsible for assisting clients with design, implementation and assessment of information security and privacy management programs |
|||
| Years | Employer | Title | Department |
| Years: 2001 to 2002 | Employer: Guardent | Title: VP, Privacy and Information Policy | Department: |
Responsibilities:Expert served as a member of the Executive Management Team and was responsible for ensuring the appropriate design and integration of privacy consulting within Guardent security consulting and managed security services |
|||
| Years | Employer | Title | Department |
| Years: 1997 to 2001 | Employer: PricewaterhouseCoopers, LLP | Title: Senior Manager | Department: |
Responsibilities:Expert was responsible for assisting clients with design, implementation and assessment of privacy management and compliance assurance programs |
|||
International Experience
| Years | Country / Region | Summary |
|---|---|---|
| Years: to Present | Country / Region: Hong Kong | Summary: Assisted Hong Kong Privacy Commissioner's Office with development of its compliance assessment methodology for the HK data protection ordinance |
| Years: to Present | Country / Region: Canada | Summary: Assisted clients with assessments and development of programs to meet national and provincial data protection compliance requirements |
| Years: to Present | Country / Region: Canada | Summary: Assisted Ontario Privacy Commissioner's Office with development of the initial version of its Privacy Diagnostic Tool (a self-assessment tool for business to check compliance with the Personal Information Protection and Electronic Documents Act) |
| Years: to Present | Country / Region: Poland | Summary: Assisted global division of a US financial services client with assessment of the data protection program in its Warsaw subsidiary |
Additional Experience
| Training / Seminars |
|---|
| ISO 27001 (Information Security Management Systems) lead auditor training; ISO 27001 for Chief Privacy Officers- Integrating Information Privacy and Security Management; delivered advisory workshop on information security and privacy self-regulatory initiatives to retail industry leaders; delivered client workshops and conference sessions on various topics related to design and implementation of information security and privacy governance, risk management and compliance processes |
| Vendor Selection |
|---|
| Vendor risk management and assessment related to information security and privacy (legal/regulatory requirements for 3rd party service provider management, data transfers to 3rd parties, business associate requirements, etc) |
| Marketing Experience |
|---|
| Delivered information security and privacy governance, risk management and compliance consulting to Fortune 500 and other companies in financial services, telecommunications and pharmaceutical industries; electronic voting systems; outsource IT service/business process providers; experienced with information privacy and security issues in the retail industry |
| Other Relevant Experience |
|---|
| IRCA certified ISO 27001 Auditor; experienced in development, implementation and assessment of information security management systems conforming to ISO 27001; experience in developing information security and privacy programs to meet US, European and Canadian legal and regulatory requirements |