|Email:||bruceblank (at) aol (dot) com [email concealed]|
|Location:||melville, , United States|
|Position/Title:||VP, Information Security|
Bruce Blank, MBA, CISM
57 Colony Drive, Holbrook, New York 11741
Home: 631-475-9524 Cell: 631-655-3505 email: bruceblank (at) aol (dot) com [email concealed]
Summary Experienced professional with extensive background in Information Technology Risk Management including; Security/Information Management, Organizational Management, Disaster Recovery, Risk/Compliance and Project Management. Successfully built, managed, maintained and audited IT Security and Disaster Recovery programs for the worlds largest financial services companies. Implemented controls to allow companies to pass State and Federal regulatory audits. Implemented change processes and procedures to grow the company from a 30 person IT organization to a near 500 person staff. Delivered cost effective solutions that integrates security risk management principles across the enterprise. Worked hands on with IT Staff and Executive level management to gain support and reduce risks throughout the enterprise. Built and supported Disaster Recovery and Business Continuity programs for several large companies.
Awards Over 15 years experience in IT Security Management and Disaster Recovery and Business Continuity Program Management
Audit Management and Response
Regulatory Knowledge (i.e., Sox, Glba, Hippa, OTS, FTC)
Keen Organizational Management Abilities
BS, MS and MBA Degrees, St. Josephs College - 2000, 2002, 2006
Certified Information Security Manager (CISM. ISACA #0402238) Jan. 2004
Certificate in Human Resource Management, 2000
Disaster Recovery Institute Certificate - 1990
Awarded the LI Sharper Award in Human Resource Management, SHRM LI College Chapter
American Home Mortgage Finance Co Sept. 2002-Aug. 2007
Chief Corporate Security and IT Administrative Services Director
Designed and implemented several comprehensive programs to reduce risk and achieve audit compliance across the company. The programs include: Information Security, Physical Security, Change Management and Disaster Recovery/Business Continuity. Acted as primary SOX IT Audit Management project leader interfacing heavily with both internal and external Audit partners. Assured timely risk reduction practices were implemented to protect all Businesses Lines, Clients and the Corporation.
Established and grew IT Security Functions and Department (40 Staff)
Implemented Disaster Recovery and Business Continuity programs across the enterprise.
Implemented Physical Security, Paper Shredding across the enterprise.
Acted as primary IT contact and project managing all IT based audits (internal, External and Regulatory)
Responsible for IT Resource and Hiring (140 staff since 1/2007)
Key IT Vendor Management Negotiator
Citigroup June 2000 Sept 2002
VP, Audit Manager
Successfully established, improved and managed various control initiatives across various Citigroup North America business lines. Created consistent risk based processes to improve controls within many computing platforms. Worked with the Banks governing bodies (Legal/Human Resources, Compliance & other Audit partners) to understand the impact of new and existing policies on Operations and liaise with global counterparts to roll out new initiatives and consistently deliver projects on time, -in particular Continuity of Business Planning and Account Ownership. Worked with teams to create standardization of risk reporting across regions and products as appropriate. Established risk reporting for new products and incorporated new risk metric indicators into reporting for upper Audit Management. Implemented Audits Business Continuity plans and tested the plans with our Audit peers worldwide.
AXA Equitable Oct. 1998-June 2000
VP, Data Security
Managed the IT Security functions for Axa/Equitable. Successfully developed remote access technology solutions using smart card technologies. Implemented ongoing Risk Awareness programs for both technology and the business areas and discussed issues surrounding privacy, confidentiality and proper use of company resources to reduce risk. Successfully managed disaster recovery drills at alternate relocation facilities and have implemented an enterprise wide change management system.
Merrill Lynch July 1998 Oct. 1998
As a consultant, I was primarily responsible for working with technology areas to help design a Security Operational Plan for a major business division. I acted as a liaison and consensus builder between the clients information services, business functions and the technical solutions team, to ensure that the business and organizational solutions were proposed and developed by technology fit the organizations needs with regards to having security issues and solutions identified and embedded in corporate initiatives. My knowledge of technology and the business allowed me to identify high-level change within the division involving people, processes and technology to economically reduce risk.
Union Bank of Switzerland May 1990 July 1998
VP, Data Security
As Vice President and Manager of Computer Security for the North America region, I accomplished many tasks and built an IT Security organization up to the merger with Swiss Bank Corporation in 1998.
Security Architecture Re-Building
Managed process for changing; Identification and Authentication, Single-Sign-On, Encryption Services, Virus Protection, Access Control mechanisms, Audit repository for monitoring system and user access controls, ACE/VPN Securid rollout to over 5000 staff members.
Internet Firewall Architecture
Solicited vendors, purchased and managed the Corporate Internet Firewall development initiative using CheckPoint One hardware.
Policy and Standards Development
Development and communication of policies and best practices; standards and guidelines for Information Security, Business Resumption Planning, Internet Usage, E-Mail and Network Communications.
Security Awareness Programs
Initiated Information Security training programs for all IT and Business departments. These programs won praise from the Federal Reserve Audit management teams.
Information Security Evaluation and Assessment
Identification of Security Requirements and the evaluation and support of existing and new architectures processes and tools to support business requirements regarding state of systems and applications.
On-line Security Administration
Centralized management and administration of client server, mid/main frame platforms and dozens of business applications.
Business Recovery Planning and Coordination
Development and maintenance of Business Unit and Data Center recovery plans, testing and project management.
Audit Review and Response
Coordination of Audit and Regulatory reviews. Prepared responses of reviews for senior management.
Security Product Evaluation and Support
Evaluation of the new security products, support and vendor contacts including price negotiations.
Security Monitoring and Investigation
Established complex computer security monitoring criteria and supported the investigation process by understanding current complex legal issues by attending HR Law and Computer Security Law seminars. Reviewed and helped implement monitoring tools as ISS, DEC/Dectective, Netappliance Smartfilter, Wardialing, SEOS
Professional Accomplishments, Articles, Workshops
 Invited Speaker and Presented Technology ideas at ISSA and SAS conferences.
 "MVS Security and the use of SAS Software to Gather SMF Data, SAS Institute
 "Data Security, Who Owns the Responsibility? Computer Security Institute
 "How Do You Maintain Security While Developing a Disaster Recovery Plan? Disaster Recovery Journal
 "Distributed Systems Security Perspectives, Belden Menkus Associates
Webmaster and Volunteer Chairperson for the National Alliance for Autism Research, now AutismSpeaks.Org, Long Island Chapter, 2001, 2002, 2003.