Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Contact Information
Name: bruce BLANK
Email: bruceblank (at) aol (dot) com [email concealed]
Location: melville, , United States
Position/Title: VP, Information Security
Resume: Bruce Blank, MBA, CISM

57 Colony Drive, Holbrook, New York 11741

Home: 631-475-9524 Cell: 631-655-3505 email: bruceblank (at) aol (dot) com [email concealed]

Summary Experienced professional with extensive background in Information Technology Risk Management including; Security/Information Management, Organizational Management, Disaster Recovery, Risk/Compliance and Project Management. Successfully built, managed, maintained and audited IT Security and Disaster Recovery programs for the world’s largest financial services companies. Implemented controls to allow companies to pass State and Federal regulatory audits. Implemented change processes and procedures to grow the company from a 30 person IT organization to a near 500 person staff. Delivered cost effective solutions that integrates security risk management principles across the enterprise. Worked hands on with IT Staff and Executive level management to gain support and reduce risks throughout the enterprise. Built and supported Disaster Recovery and Business Continuity programs for several large companies.



Awards • Over 15 years experience in IT Security Management and Disaster Recovery and Business Continuity Program Management

• Audit Management and Response

• Regulatory Knowledge (i.e., Sox, Glba, Hippa, OTS, FTC)

• Keen Organizational Management Abilities

• BS, MS and MBA Degrees, St. Josephs College - 2000, 2002, 2006

• Certified Information Security Manager (CISM. ISACA #0402238) Jan. 2004

• Certificate in Human Resource Management, 2000

• Disaster Recovery Institute Certificate - 1990

• Awarded the LI Sharper Award in Human Resource Management, SHRM LI College Chapter

American Home Mortgage Finance Co Sept. 2002-Aug. 2007

Chief Corporate Security and IT Administrative Services Director

Designed and implemented several comprehensive programs to reduce risk and achieve audit compliance across the company. The programs include: Information Security, Physical Security, Change Management and Disaster Recovery/Business Continuity. Acted as primary SOX IT Audit Management project leader – interfacing heavily with both internal and external Audit partners. Assured timely risk reduction practices were implemented to protect all Businesses Lines, Clients and the Corporation.

• Established and grew IT Security Functions and Department (40 Staff)

• Implemented Disaster Recovery and Business Continuity programs across the enterprise.

• Implemented Physical Security, Paper Shredding across the enterprise.

• Acted as primary IT contact and project managing all IT based audits (internal, External and Regulatory)

• Responsible for IT Resource and Hiring (140 staff since 1/2007)

• Key IT Vendor Management Negotiator

Citigroup June 2000– Sept 2002

VP, Audit Manager

Successfully established, improved and managed various control initiatives across various Citigroup North America business lines. Created consistent risk based processes to improve controls within many computing platforms. Worked with the Banks governing bodies (Legal/Human Resources, Compliance & other Audit partners) to understand the impact of new and existing policies on Operations and liaise with global counterparts to roll out new initiatives and consistently deliver projects on time, -in particular Continuity of Business Planning and Account Ownership. Worked with teams to create standardization of risk reporting across regions and products as appropriate. Established risk reporting for new products and incorporated new risk metric indicators into reporting for upper Audit Management. Implemented Audits’ Business Continuity plans and tested the plans with our Audit peers worldwide.

AXA Equitable Oct. 1998-June 2000

VP, Data Security

Managed the IT Security functions for Axa/Equitable. Successfully developed remote access technology solutions using smart card technologies. Implemented ongoing Risk Awareness programs for both technology and the business areas and discussed issues surrounding privacy, confidentiality and proper use of company resources to reduce risk. Successfully managed disaster recovery drills at alternate relocation facilities and have implemented an enterprise wide change management system.

Merrill Lynch July 1998 – Oct. 1998

As a consultant, I was primarily responsible for working with technology areas to help design a “Security Operational Plan” for a major business division. I acted as a liaison and consensus builder between the clients’ information services, business functions and the technical solutions team, to ensure that the business and organizational solutions were proposed and developed by technology fit the organizations needs with regards to having security issues and solutions identified and embedded in corporate initiatives. My knowledge of technology and the business allowed me to identify high-level change within the division involving people, processes and technology to economically reduce risk.

Union Bank of Switzerland May 1990 – July 1998

VP, Data Security

As Vice President and Manager of Computer Security for the North America region, I accomplished many tasks and built an IT Security organization up to the merger with Swiss Bank Corporation in 1998.

Accomplishments include:

Security Architecture Re-Building

Managed process for changing; Identification and Authentication, Single-Sign-On, Encryption Services, Virus Protection, Access Control mechanisms, Audit repository for monitoring system and user access controls, ACE/VPN Securid rollout to over 5000 staff members.

Internet Firewall Architecture

Solicited vendors, purchased and managed the Corporate Internet Firewall development initiative using CheckPoint One hardware.

Policy and Standards Development

Development and communication of policies and best practices; standards and guidelines for Information Security, Business Resumption Planning, Internet Usage, E-Mail and Network Communications.

Security Awareness Programs

Initiated Information Security training programs for all IT and Business departments. These programs won praise from the Federal Reserve Audit management teams.

Information Security Evaluation and Assessment

Identification of Security Requirements and the evaluation and support of existing and new architectures processes and tools to support business requirements regarding state of systems and applications.

On-line Security Administration

Centralized management and administration of client server, mid/main frame platforms and dozens of business applications.

Business Recovery Planning and Coordination

Development and maintenance of Business Unit and Data Center recovery plans, testing and project management.

Audit Review and Response

Coordination of Audit and Regulatory reviews. Prepared responses of reviews for senior management.

Security Product Evaluation and Support

Evaluation of the new security products, support and vendor contacts including price negotiations.

Security Monitoring and Investigation

Established complex computer security monitoring criteria and supported the investigation process by understanding current complex legal issues by attending HR Law and Computer Security Law seminars. Reviewed and helped implement monitoring tools as ISS, DEC/Dectective, Netappliance Smartfilter, Wardialing, SEOS

Professional Accomplishments, Articles, Workshops

 Invited Speaker and Presented Technology ideas at ISSA and SAS conferences.

 "MVS Security and the use of SAS Software to Gather SMF Data”, SAS Institute

 "Data Security, Who Owns the Responsibility?” Computer Security Institute

 "How Do You Maintain Security While Developing a Disaster Recovery Plan?” Disaster Recovery Journal

 "Distributed Systems Security Perspectives”, Belden Menkus Associates

Webmaster and Volunteer Chairperson for the National Alliance for Autism Research, now AutismSpeaks.Org, Long Island Chapter, 2001, 2002, 2003.



Privacy Statement
Copyright 2009, SecurityFocus