Solutions-focused Information Security Professional with solid proficiency in areas of Compliance, Governance, Auditing, Project Management, and Risk Mitigation. Strong knowledge in regulations including Sarbanes Oxley (SOX404), VISA Payment Card Industry Data Security Standards (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), and State and Government Regulations, in addition to utilizing frameworks such as, ISO 27001/27002, ITIL
Solutions-focused Information Security Professional with solid proficiency in areas of Compliance, Governance, Auditing, Project Management, and Risk Mitigation. Strong knowledge in regulations including Sarbanes Oxley (SOX404), VISA Payment Card Industry Data Security Standards (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), and State and Government Regulations, in addition to utilizing frameworks such as, ISO 27001/27002, ITIL and COBIT4.1, for Risk Assessments. Excellent analytical skills with keen ability to quickly identify non-compliant issues, ensure remediation of non-compliance with industry best practice and smooth completion of audits/assessments.
Director of Security and Compliance Operations @ From September 2012 to Present (3 years 4 months) Managing Director of Compliance Services @ Responsible for managing the delivery of security assessment services that provide visibility on client vulnerabilities and tangible value in solving security problems. Manages the direct impact on national business development, account engagement, and ownership responsibilities that cover IOActive's broad client base and standard compliance services including PCI, risk management, advisory, and cloud computing. Employs proficiency in governance, auditing, information security, project management and risk mitigation. From April 2010 to September 2012 (2 years 6 months) Information Security & Compliance - Team Lead @ Responsible for managing and maintaining VISA PCI and HIPAA Compliance standards companywide, providing compliance recommendations to protect sensitive data and determine effective remediation. Supervise IS Compliance Team by setting goals and objectives, conducting performance management and succession planning, and developing assessment strategies and methodologies to improve accuracy and productivity.. From July 2007 to March 2010 (2 years 9 months) Managing Security Consultant @ Managed large, complex and strategic client projects, with consistent record of on-time and within budget completion. Ensured that project initiatives were met, by providing direction, monitoring and management of company resources. Responsible for meeting or exceeding revenue goals, assigning and managing consulting resources dedicated to client projects, and working closely with sales team to manage client and delivery expectations. Assigned efficient profit/loss procedures and executed breakout of project/resource-specific tasks to ensure effective use of personnel, systems, and project management tools, including work plans, agendas, and status reports, resulting in optimum efficiency and revenue that was fair to all parties. From January 2006 to July 2007 (1 year 7 months) Principal Security Consultant @ Responsible for managing, assessing and supporting large enterprise clients with a focus on VISA Payment Card Industry requirements and security industry Best Practices. Provided guidance and expertise to internal sales and consulting teams in Payment Card Industry Data Security Standards requirements, penetration testing, and application assessments. Also offered advisement to teams in additional areas of security architecture design for cashless environment point of sale, review and evaluation of Third Party Products for new potential partners, and support end user opportunities for established partnerships. From December 2005 to January 2006 (2 months) Wide Area Network Engineer @ Responsible for overseeing the administration of entire Wide Area Network (WAN), including design and optimization of network infrastructure, site configurations, and maintenance of Information Technology Security. Managed technical security issues and maintained company compliance standards for Local Area Network, Wide Area Network, and Application and Data Processing. Provided LAN/WAN network support, maintenance, testing, configuring, and future capability planning. Performed quarterly disaster recovery testing, mitigation, and documentation. Created policies, procedures, guidelines/baselines, contingency plans, and implementation/maintenance documentation for LAN/WAN environment. Collaborated with VP of Information Security and other senior management to develop risk assessments, business impact analysis, and business continuity plans for LAN/WAN and applications. From July 2003 to August 2005 (2 years 2 months) IT Consultant @ Responsible for planning, coordinating, and providing technical expertise for key client projects across multiple functional areas. Responsibilities included monitoring network performance to identify network limitations and issues, and recommending solutions to improve overall network configurations. Collaborated with team members and clients to determine specific network requirements. Provided project management support throughout lifecycle of projects. From September 2000 to July 2003 (2 years 11 months)
Bachelor of Science in Business Administration, Operations Management @ University of Arizona From 1997 to 2001 Michael Vitolo is skilled in: Information Security Management, PCI DSS, HIPAA/HITECH, PA-DSS, ASV, ISO27001/27002, CMR17, Goverance, Project Management, Enterprise Risk Management, Risk Mitigation, Security Architecture Design, Risk Management, Security, Programme Governance
Looking for a different
Get an email address for anyone on LinkedIn with the ContactOut Chrome extension