| Contact Information | |
| Name: | Tammy Clark |
| Email: | asecuresolution (at) gmail (dot) com [email concealed] |
| Location: | Atlanta, Georgia, United States |
| Resume | |
| Position/Title: | CISO |
| Resume: |
TAMMY L. CLARK, CISSP, PMP, CISM, CISA, HISP, ITIL, Information Technology and Security (ISMS, QMS, SMS, and BCMS) Auditor asecuresolution (at) gmail (dot) com [email concealed] 404 509 6763 Desired Industry: Financial Services/Corporate/Higher Education/Consultancies/Information Security/Risk and Compliance Management Desired Job Location: Open With Full Relo Pkg Type of Position: Full-Time Permanent/Contract Desired Wage: NEGOTIABLE U.S. Work Authorization: Yes Job Level: Director/Consultant Willing to Travel: Yes Highest Degree Attained: Dual Baccalaureate Degrees (MIS/Accounting) Willing to Relocate: Yes—relo package req Objective: Although I have developed and managed all facets of an effective and robust information security program, my primary interest is in the governance arena, including risk management, compliance, metrics, strategic planning, developing an ISMS (Information Security Management System), auditing, risk treatment plans, etc. Experience: • 2000-Present: CISO Georgia State University, Atlanta, Georgia Developed information security program from the ground floor in 2000. Developed security plan and initiatives under ISO 27001/27002 frameworks, including the development of an Information Security Management System (ISMS), risk management program, risk treatment plans, assessments, corrective action plans, compliance programs, metrics, ISO 27001 certification plans and audits, security awareness training, application of controls and security methods, conducting internal audits, vulnerability assessments and security reviews, incident management and response, negotiating and collaborating with multiple vendors to test and implement a wide variety of centrally managed security solutions (IPS, Antivirus, Automated Risk Assessment engine, Identity Management System, Encryption, Application Scanning, Vulnerability Assessments, IDS, Firewalls, Anomaly Detection, etc.) Manage direct and indirect reports (3-10) in the completion of operational, strategic, and tactical duties at Georgia State University. Serve as the university’s Chief Information Security Officer with responsibility for preventing data breaches and security incidents, protection of sensitive and confidential information stores, assurance of C.I.A. in information technology environs, ensuring compliance with regulatory requirements and university policies, assessing risk and developing countermeasures on an ongoing basis. Serve as project manager on cross disciplinary teams (staff, faculty, students) completing information security related endeavors at the University. Approval authority for information technology funding requests and responsible for conducting risk assessments of all proposed projects and vendor implementations. Advise committees and internal auditors reporting to the President of the University. Present at national and international conferences on IT security governance and technical solutions; consult (and advise) external organizations (corporate and higher education) in developing robust and effective information security programs. Accomplishments: No Sensitive/Confidential data breaches in the eight years the information security program at GSU has been operational; Reduced security incidents by 98% by late 2004; saved the University upwards of $1,000,000 due to negotiation of vendor discounts on security solutions; advancement of program from reactive to proactive managed approach in three years; GSU is the first university nationwide to be certified in ISO 27001 in May 08; viewed as a ‘role model’ by the University of Georgia system (35 public universities) as well as the EDUCAUSE organization (upwards of 5000 member institutions); negotiated with PGP to secure favorable pricing for the entire USG system on formal training and full disk encryption licensing; Serve as a consultant on several research proposals initiated by GSU faculty members, corporate partners, and researchers throughout the university that are seeking funding for information security research and projects that will design operational services for higher education; Co-Leader on EDUCAUSE Security Task Force Policy Working Group, involved in writing a template for an information security plan based on ISO 27001 for EDUCAUSE; involved in developing an ECAR bulletin on information security governance; Secure Computing Initiative developed in 2004 ensured the University was compliant in HIPAA, GLBA, Visa PCI, FERPA, DMCA, etc.; Security Awareness programs lauded for both content and approach that reaches out to a diverse user community to educate them on safe computing practices Previous Employers: • 1999 – Internet Security Systems, Atlanta Georgia—Information Security Solutions Technical Support Consultant • 1997-1998 – Hewlett Packard/Volt Technical Svcs, Atlanta Georgia-–Systems Engineer, Information Security Consultant and Team Lead • 1996-1997 – Georgia Pacific Corporation, Building Products, Atlanta Georgia – Systems Engineer, Information Security Consultant and Team Lead • 1994-1996 – Ft McPherson, Atlanta Georgia –Systems Engineer and Information Security Consultant • 1986-1994 – Norton AFB, San Bernardino CA – Information Security Consultant and First Level Manager Education and Certifications: CISSP – Certified Information Systems Security Professional PMP - Project Management Professional CISM-Certified Information Security Manager CISA-Certified Information Security Auditor HISP-Holistic Information Security Practitioner ISO 27001 Auditor – Information Security Management Systems ISO 9001 Auditor – Quality Management Systems ISO 20000 Auditor – Service Management Systems BS 25999 Auditor – Business Continuity Management Systems ITIL Foundations COBIT Foundations Leadership and Team Building Diplomacy and Effective Communication Attainment of Certified Information Privacy Professional credential prior to June 2008 Affiliations: The International Information Systems Security Certification Consortium, (ISC)² Information Systems Audit and Control Association (ISACA) Member #414960 Project Management Institute (PMI) IAPP IRCA EDUCAUSE CISO Executive Council Information Systems Security Association IT Service Management Forum (ITIL) HISP (Holistic Information Security Practitioner) Institute Board of Directors REN-ISAC Higher Education Information Sharing Center Executive Alliances, Inc., Information Security Executive of the Year Awards Skills: Governance (ISO 27001, 27002, 9001, 20000, COBIT, ITIL): Designing information security programs, plans, policies, procedures, frameworks, controls under multiple standards. Risk Management (Process, methodology, conducting risk assessments iaw standards, using automated tools, mapping to controls, completing RTP’s, designing CAR’s (corrective action plans), maintaining information on current threat and risk levels and developing countermeasures. Compliance (HIPAA, Visa PCI, Sox, GLBA, DMCA, etc.): Developing strategic compliance plans, matrices, actionable objectives, and development of initiatives, policies, projects, training, and security solutions deployments to ensure organizational compliance Project Management: Empowering talented security practitioners to develop effective and ingenious solutions and initiatives that foster continuous improvements—knowledgeable and adept at both PMI’s Project Management Body of Knowledge pedagogy, as well as Shewart/Deming’s ‘Plan-Do-Check-Act’ model that is widely utilized in governance. Incident Management: Designing security architectures to detect, prevent, respond, mitigate events, mobilizing Computer Security Incident Response Executive and Member Teams, selection of security monitoring systems, development of operational and tactical capabilities, incident investigations, coordination with law enforcement agencies, crisis management and team building Security Awareness: Development of customized training courses and in-person educational sessions/presentations Security Solutions: Proteus Risk Management, ISS Proventia’ IPS/Anomaly Detection, Lancope ID 1000/Stealthwatch, McAfee EPO, Intrushield IPS, Foundstone Vulnerability Assessment system, Symantec corporate antivirus, PGP Encryption suite, CORE penetration testing, multiple application and web scanning solutions, multiple vulnerability assessment systems, multiple anti-spam and gateway antivirus systems Audits and Compliance Reviews: Conducting internal/external audits of information security controls and documentation for evidence of compliance, effectiveness, gap analysis, corrective and preventive actions, ISO 27001 certification, risk and vulnerability assessments Additional Information: Infragard Atlanta Nov 07: http://www.infragardatlanta.org/modules/extcal/event.php?event=7 EDUCAUSE Presentations: http://www.educause.edu/PeerDirectory/750?ID=89110 AUSCERT 2007 Presentations: http://conference.auscert.org.au/conf2007/program_schedule.html Secureworld Atlanta Presentation: http://www.secureworldexpo.com/events/conference-details.php?cid=1435 Information Security Executive of the Year Awards: http://iseawards.com/regional/southEast/ http://www.infosecaward.com/regional/southEast/southeast_judges07.php http://www.infosecaward.com/press/nomineesNews.php References: I will be happy to provide multiple references after our initial conversation. |