Sr. Manager Security Policy and Process @ Atlassian
Global Security Services Portfolio Manager @ Microsoft
Senior Manager, Information Security and Risk Management @ Microsoft
Bachelor of Arts, Radio, Television, and Film @
Southern Illinois University, Carbondale
Senior cyber security professional with a proven record in information security, IT risk, IT compliance and business continuity management. Key areas of expertise include: Information Security product management; cyber security; governance, risk and compliance management; developing and implementing information security and risk management programs; compliance with regulatory and industry obligations; business continuity and IT Audit. Experienced in
Senior cyber security professional with a proven record in information security, IT risk, IT compliance and business continuity management. Key areas of expertise include: Information Security product management; cyber security; governance, risk and compliance management; developing and implementing information security and risk management programs; compliance with regulatory and industry obligations; business continuity and IT Audit. Experienced in technology, telecom, financial services and manufacturing industries.
Specialties: Information Security, Information Management, IT Risk Management, IT Compliance Management, Business Continuity Management
Sr. Manager Security Policy and Process @ Develop, define and implement Information Security Management Program for Atlassian. From August 2015 to Present (5 months) Global Security Services Portfolio Manager @ • Global product manager over Information Security Consulting Portfolio; spanning Assess, Educate, and Operate service offerings.
• Lead the development of 20 individual offerings over two years to create a globally consistent and repeatable security services portfolio.
• Increased contribution margin by two fold for three security assessment offerings; five additional offerings in pipeline to be delivered in current fiscal year.
• Established and executed global sales education and go-to-market plan for new, updated and new market security offerings. Focused on Proven Customer Scenarios.
• Lead the global Premier Field Engineering Security Community of over 150 engineers, focused on connecting the field around common Centers of Excellence, and establishing sub-communities for global involvement and inclusion. Delivered training and presentations at Regional Community Conferences. From December 2011 to August 2015 (3 years 9 months) Sydney, AustraliaSenior Manager, Information Security and Risk Management @ • Lead the information security risk management program, including executing annual risk assessments and determining risk treatment plans targeted at Global Foundation Services, the cloud infrastructure division of Microsoft, as well as directing functional, targeted security risk assessments at other related entities. Coordinated with Enterprise Risk Management, Audit Committee and other cross-organizational risk management teams. Based program on ISO27005, ISO31000 and NIST 800-30/39 guidance.
• Managed IT security and operational risks and successful integration of five (5) acquisitions. Developed the security risk evaluation, assessment and remediation process for acquired companies in Microsoft Online Services. Developed assessment methodology based on ISO27001 controls, process and resource requirements for program, executed assessments, made recommendations for and tracked remediation projects.
• Led governance, risk and compliance (GRC) software vendor market analysis, recommended vendor for license based on market research. Implemented modules to support policy, risk, compliance, incident response, operational security reviews, and vulnerability scan request management processes. Deprecated eight independent tools and integrated data into a single platform for improved visibility and reporting.
• Member of a cross-organizational team directing the implementation of an enterprise-wide governance, risk and compliance program for all Online Services at Microsoft.
• Managed team of internal employees, including on-going performance evaluation and career mentoring. Managed vendors and contractors as appropriate for targeted projects. From November 2007 to May 2012 (4 years 7 months) Greater Seattle AreaManager @ Manager at Protiviti, an Independent Business and Technology Risk Consulting Firm, focusing on providing technology risk consulting.
• Performed a business continuity risk assessment, current state analysis, and built a 36-month strategy roadmap to manage business continuity risks and mature the business continuity program for a large wireless carrier.
• Led team to identify risks in the design and implementation of controls during a pre-implementation review of an ERP system for healthcare client.
• Managed team to identify and remediate gaps in information security practices for large wireless carrier. Developed and integrated security requirements into an existing SDLC process, including security requirement definition, testing of security requirements and accreditation of systems. From August 2006 to October 2007 (1 year 3 months) Manager and Senior Consultant @ Enterprise Risk Servivces, Security Services Group
• Reengineered internal IT operational and IT Security risk self-assessment process to align IT controls with corporate risk guidance, regulatory requirements and international information security standards for global financial services client.
• Established information security program for IT service provider of a multinational manufacturing/retail client including policy, technical standards and monitoring metrics.
• Performed global IT management process analysis for a large financial institution client utilizing ISO17799, FFIEC and GLBA as baseline; recommended IT operational and IT security control improvements.
• Lead multiple regulatory based information security audits on a variety of client environments and systems including Windows, UNIX/Linux, AS/400 and Mainframe; including General Computer Control, Sarbanes-Oxley, FFIEC and VISA CISP / Payment Card Industries (PCI) compliance.
• Conducted various controlled logical security, physical security and penetration/vulnerability assessments for multiple clients; recommended remediation projects and priorities; managed via the use of automated tools, test plans and scripts and related techniques. From September 2002 to July 2006 (3 years 11 months) Dallas/Fort Worth AreaLAN Administrator @ LAN Admin and Senior PC Tech at Deloitte's Internal IT Group.
• Regional team lead National Reduced Sign On Project utilizing Active Directory and National LAN and Desktop Planning Group standardizing desktop and server.
• Maintained production server environment consisting of various versions of Netware 4.x, 5.x, Windows NT 4.0 and 2000 servers in seven locations as well as a lab environment using Active Directory, Linux and Windows 2000. From November 1999 to September 2002 (2 years 11 months)
Masters of Science, Information Management @ University of Washington From 2006 to 2008 Bachelor of Arts, Radio, Television, and Film @ Southern Illinois University, Carbondale From 1993 to 1997 Bill Marriott is skilled in: Information Security, Security, Information Security Management, Business Continuity, IT Audit, Information Technology, ISO 27001, Enterprise Software, Security Audits, CISSP, Risk Management, Enterprise Risk Management, Computer Security, Governance, Program Management