SlideShare a Scribd company logo

mcdonald.thomas.resume11-15

Download as DOCX, PDF
T
Thomas McDonald
1 of 3
THOMAS T. MCDONALD, CISA, MBA www.linkedin.com/in/ThomasTMcDonald Tom.T.McDonald@gmail.com 716-474-8869 PRO F E S S IO N AL SUM M ARY Director, Information Systems Security with 17 years of experience creatingstrategic alliances with organization leaders to effectively align with and support key business initiatives. Establish,plan,and administer policies, procedures and programs for the information security function and evaluatecyber security risk. Industry Experience Health Care, Manufacturing,Banking Functional Experience Cyber Security,Risk Management, Project/Program Management Information Security Expertise: • Vulnerability Assessments • Single Sign On • Identity Management Systems • Mobile Device Management • HIPAA Standards • PCI/Data Security Standard (PCI DSS) • EPCS Security • Incident Response • Vendor Risk Management • Contract & Vendor Negotiation • Security Architecture • Disaster Recovery Enterprise PRO F E S S IO N AL EX P E RIE N CE FIRST NIAGARA BANK, Buffalo, New York 6/15 - present Top 25 US bank with 37 billion in retail and commercial assets. Vice President, TechnologyRisk Management Created strategic alliances with organization leaders toeffectively align with and support key business initiatives.  Independent validated and tested information security controls to ensurecompliance with Sarbanes- Oxley and Gramm-Leach-Bliley regulations.  Independent validated, tested and implemented information security controls.  Participated in development and analysis of information technology risk control self-assessment, and reviewed and developed information technology policies, standards,and guidance documents.  Identified and mitigated information technology risk.  Independent validated, tested and implemented information security controls.  Identified and mitigated information technology risk. KALEIDA HEALTH, Buffalo, New York 1998 - 2015 Healthcare provider serving eight counties with state-of-the-art technology and comprehensive healthcare services. Director, Information System & TechnologySecurity – HIPAA Security Officer Established, managed, and maintained a corporatewideinformation security program toprotect information assets.Identified, evaluated and reported on information security risks tomeet compliance and regulatory requirements.Proactively worked with business units to implement practices; documented policies, procedures and standards for information security.  Implemented Information Systems & TechnologySecurity Program for the organization.  Hired a successful support staff to implement IT controls and safeguards.  Identified security risks, threats and vulnerabilities on the networks,operatingsystems,applications and new technology initiatives.  Provided technical analysis in the development, testing and operation of firewalls,intrusion detection systems IPS/IDS, enterpriseanti-virus,data lost prevention,vulnerability management and EPCS Security.
Thomas T. McDonald Page 2 PRO F E S S IO N AL EX P E RIE N CE (CO N T IN UE D )  Implemented Single Sign On solution using proximity badges (HealthCast/Imprivata).  Implemented Identity ManagementSystem (Courion) for provisioningrole based access, password synch, password resets and terminations.Implemented internet filteringsoftware(Websenseand Forefront).  Reviewed/audited operational configurations and security controls for applications and operating systems.  Designed and executed vulnerability assessments, penetration tests,security audits and implemented PCI Data Security Standards.  Developed a Mobile Device Management policy and implemented MDM softwaresolution.  Implemented two factor authentication (2FA) access solution (Anakam).  Implemented workstation encryption software solution and SFTP.  Chaired HealtheLink Health Information Exchange’s Security Committee since 2006.  Led in the governance process to influence projects toadhere to HIPAA Security Rule, HITRUST Common Security Framework,PCI DSS requirements, Sarbanes-Oxley Act (SOX), stateand federal regulations.  Supported Legaland Compliance & Audit Departments eDiscovery requirements. GOODYEAR DUNLOP TIRE CORPORATION, Buffalo, New York 1993 - 1998 Part of Goodyear Tire & Rubber Company that makes tires bearing the Dunlop brand name. Information Systems Auditor Developed, documented and maintained information system audits plans for corporateInformation Technology Department. Identified information security weaknesses and developed gap analysis and remediation plans to resolve issues. Worked with external auditors on analyzinginformation system controls and safeguar ds.  Developed, designed and implemented UNIX based networks, NSF security,ftp controls, trusted hosts,r- tools, and file permissions.  Audited mainframe and distributed platforms as well as Windows,UNIX, RACF and Relational Database Management Systems.  Effectively managed information security projects; assessed financial/operational impact and systems risk. HSBC (MARINE MIDLAND BANK), Buffalo, New York 1991 - 1993 British multinational banking and financial services company headquartered in London, EDP Audit Officer Oversaw a team of staff auditors performingEDP audits on: MVS, CICS, DB2, IDMS, IMS, ACF2, Data Center, High End Processor,and LANs, IBM Mainframe, Tandem’s Wire,Unisys ACH Electric Data Interchange(EDI). Worked with line management to minimize riskand instituteproper controls.  Developed system flow charts, performed risk analysis,and defined audit controls criteria and objectives. NATIONAL CITY CORP, Cleveland, Ohio 1990 - 1991 Regional bank holding company based in Cleveland, Ohio EDP Auditor ED UCAT IO N CANISIUS COLLEGE ST.BONAVENTURE UNIVERSITY Master Business Administration, MBA Bachelor Business Administration, BBA
Thomas T. McDonald Page 3 C E RT IF ICAT IO N Certified Information System Auditor, CISA TRAIN IN G /DE VE L O P M E N T Cyber Security Evaluation Tool CSET, Intrusion Detection Systems IPS/IDS, HIPAA, Identity Management Systems,Privacy Auditing AF F IL IAT IO N S Information Systems Audit and Control Association ISACA WNY, FBI Citizen Academy Buffalo, InfraGard Buffalo, Sandy Beach Park Club, Sandy Beach Yacht Club

Recommended

The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Byron Jackson Resume - 2016
Byron Jackson Resume - 2016Byron Jackson Resume - 2016
Byron Jackson Resume - 2016Byron Jackson
 
Information Security Officer Internet Resume Leon Blum Copy
Information Security Officer Internet Resume Leon Blum CopyInformation Security Officer Internet Resume Leon Blum Copy
Information Security Officer Internet Resume Leon Blum CopyLblum1234
 
Secure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingSecure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingCCI Training Center
 
Secure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingSecure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingCCI Training Center
 
True Cost of Data Breaches
True Cost of Data BreachesTrue Cost of Data Breaches
True Cost of Data BreachesMatthew Rosenquist
 
002.itsecurity bcp v1
002.itsecurity bcp v1002.itsecurity bcp v1
002.itsecurity bcp v1Mohammad Ashfaqur Rahman
 
Pivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityPivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityMatthew Rosenquist
 

Recommended

The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Byron Jackson Resume - 2016
Byron Jackson Resume - 2016Byron Jackson Resume - 2016
Byron Jackson Resume - 2016Byron Jackson
 
Information Security Officer Internet Resume Leon Blum Copy
Information Security Officer Internet Resume Leon Blum CopyInformation Security Officer Internet Resume Leon Blum Copy
Information Security Officer Internet Resume Leon Blum CopyLblum1234
 
Secure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingSecure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingCCI Training Center
 
Secure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingSecure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingCCI Training Center
 
True Cost of Data Breaches
True Cost of Data BreachesTrue Cost of Data Breaches
True Cost of Data BreachesMatthew Rosenquist
 
002.itsecurity bcp v1
002.itsecurity bcp v1002.itsecurity bcp v1
002.itsecurity bcp v1Mohammad Ashfaqur Rahman
 
Pivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityPivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityMatthew Rosenquist
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Bloxx
 
The Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew RosenquistThe Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew RosenquistMatthew Rosenquist
 
Information security principles
Information security principlesInformation security principles
Information security principlesDan Morrill
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessnewbie2019
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hackamrutharam
 
Managing Enterprise Risk: Why U No Haz Metrics?
Managing Enterprise Risk: Why U No Haz Metrics?Managing Enterprise Risk: Why U No Haz Metrics?
Managing Enterprise Risk: Why U No Haz Metrics?John D. Johnson
 
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...UBM_Design_Central
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurityMatthew Rosenquist
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtJohn D. Johnson
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?Jonathan Sinclair
 
Protecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthProtecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthPECB
 
From Cave Man to Business Man, the Evolution of the CISO to CIRO
From Cave Man to Business Man, the Evolution of the CISO to CIROFrom Cave Man to Business Man, the Evolution of the CISO to CIRO
From Cave Man to Business Man, the Evolution of the CISO to CIROPriyanka Aash
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsOurCrowd
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMatthew Rosenquist
 
Data Center Security Market — Explore latest facts on networking 2025
Data Center Security Market — Explore latest facts on networking 2025Data Center Security Market — Explore latest facts on networking 2025
Data Center Security Market — Explore latest facts on networking 2025Arushi00
 
The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)Kroll
 
Rothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizationsRothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizationsBen Rothke
 
Manual de operacion
Manual de operacionManual de operacion
Manual de operacionDaniel Ortega
 
Manual windows-2008-server
Manual windows-2008-serverManual windows-2008-server
Manual windows-2008-serverJose Davila Lazarinos
 

More Related Content

What's hot

Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Bloxx
 
The Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew RosenquistThe Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew RosenquistMatthew Rosenquist
 
Information security principles
Information security principlesInformation security principles
Information security principlesDan Morrill
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessnewbie2019
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hackamrutharam
 
Managing Enterprise Risk: Why U No Haz Metrics?
Managing Enterprise Risk: Why U No Haz Metrics?Managing Enterprise Risk: Why U No Haz Metrics?
Managing Enterprise Risk: Why U No Haz Metrics?John D. Johnson
 
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...UBM_Design_Central
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurityMatthew Rosenquist
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtJohn D. Johnson
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?Jonathan Sinclair
 
Protecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthProtecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthPECB
 
From Cave Man to Business Man, the Evolution of the CISO to CIRO
From Cave Man to Business Man, the Evolution of the CISO to CIROFrom Cave Man to Business Man, the Evolution of the CISO to CIRO
From Cave Man to Business Man, the Evolution of the CISO to CIROPriyanka Aash
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsOurCrowd
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMatthew Rosenquist
 
Data Center Security Market — Explore latest facts on networking 2025
Data Center Security Market — Explore latest facts on networking 2025Data Center Security Market — Explore latest facts on networking 2025
Data Center Security Market — Explore latest facts on networking 2025Arushi00
 
The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)Kroll
 
Rothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizationsRothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizationsBen Rothke
 

What's hot (20)

Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges
 
The Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew RosenquistThe Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew Rosenquist
 
Information security principles
Information security principlesInformation security principles
Information security principles
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awareness
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hack
 
Managing Enterprise Risk: Why U No Haz Metrics?
Managing Enterprise Risk: Why U No Haz Metrics?Managing Enterprise Risk: Why U No Haz Metrics?
Managing Enterprise Risk: Why U No Haz Metrics?
 
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?
 
Protecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthProtecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in Depth
 
From Cave Man to Business Man, the Evolution of the CISO to CIRO
From Cave Man to Business Man, the Evolution of the CISO to CIROFrom Cave Man to Business Man, the Evolution of the CISO to CIRO
From Cave Man to Business Man, the Evolution of the CISO to CIRO
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for Investors
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
 
Data Center Security Market — Explore latest facts on networking 2025
Data Center Security Market — Explore latest facts on networking 2025Data Center Security Market — Explore latest facts on networking 2025
Data Center Security Market — Explore latest facts on networking 2025
 
The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)
 
Rothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizationsRothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizations
 

Viewers also liked

Rhonda Spindler - Event Trends 2015
Rhonda Spindler - Event Trends 2015Rhonda Spindler - Event Trends 2015
Rhonda Spindler - Event Trends 2015Rhonda Spindler
 
Alex Gubanov Resume
Alex Gubanov ResumeAlex Gubanov Resume
Alex Gubanov ResumeAlex Gubanov
 
GT Technology for the New Silk Road
GT Technology for the New Silk Road GT Technology for the New Silk Road
GT Technology for the New Silk Road Don Miller
 
始計⑧相手の弱点研究をするには??
始計⑧相手の弱点研究をするには??始計⑧相手の弱点研究をするには??
始計⑧相手の弱点研究をするには??YujiSuzue
 
Los Santos Inocentes
Los Santos InocentesLos Santos Inocentes
Los Santos InocentesJuanGa6
 
[Webinar] How Big Data and Machine Learning Are Transforming ITSM
[Webinar] How Big Data and Machine Learning Are Transforming ITSM[Webinar] How Big Data and Machine Learning Are Transforming ITSM
[Webinar] How Big Data and Machine Learning Are Transforming ITSMSunView Software, Inc.
 
USEFUL JUDGMENT ON 138
USEFUL JUDGMENT ON 138USEFUL JUDGMENT ON 138
USEFUL JUDGMENT ON 138arjun randhir
 
Amazing Origami Art - A Cool Japanese Paper Art
Amazing Origami Art - A Cool Japanese Paper ArtAmazing Origami Art - A Cool Japanese Paper Art
Amazing Origami Art - A Cool Japanese Paper ArtTargetseo.com
 
Ο τόπος μας - Τα φυσικά χαρακτηριστικά του (Πτολεμαΐδα Εορδαίας) Κεφ. 5 : Μελ...
Ο τόπος μας - Τα φυσικά χαρακτηριστικά του (Πτολεμαΐδα Εορδαίας) Κεφ. 5 : Μελ...Ο τόπος μας - Τα φυσικά χαρακτηριστικά του (Πτολεμαΐδα Εορδαίας) Κεφ. 5 : Μελ...
Ο τόπος μας - Τα φυσικά χαρακτηριστικά του (Πτολεμαΐδα Εορδαίας) Κεφ. 5 : Μελ...Ηλιάδης Ηλίας
 
Plan Lector 2016 I.E. Juan Miguel Pérez Rengifo - Tarapoto - Perú
Plan Lector 2016 I.E. Juan Miguel Pérez Rengifo - Tarapoto - PerúPlan Lector 2016 I.E. Juan Miguel Pérez Rengifo - Tarapoto - Perú
Plan Lector 2016 I.E. Juan Miguel Pérez Rengifo - Tarapoto - PerúConnie Philipps
 

Viewers also liked (16)

Manual de operacion
Manual de operacionManual de operacion
Manual de operacion
 
Manual windows-2008-server
Manual windows-2008-serverManual windows-2008-server
Manual windows-2008-server
 
Rhonda Spindler - Event Trends 2015
Rhonda Spindler - Event Trends 2015Rhonda Spindler - Event Trends 2015
Rhonda Spindler - Event Trends 2015
 
Saji Kumar-PP & Visa Copy
Saji Kumar-PP & Visa CopySaji Kumar-PP & Visa Copy
Saji Kumar-PP & Visa Copy
 
Alex Gubanov Resume
Alex Gubanov ResumeAlex Gubanov Resume
Alex Gubanov Resume
 
text Review
text Reviewtext Review
text Review
 
GT Technology for the New Silk Road
GT Technology for the New Silk Road GT Technology for the New Silk Road
GT Technology for the New Silk Road
 
始計⑧相手の弱点研究をするには??
始計⑧相手の弱点研究をするには??始計⑧相手の弱点研究をするには??
始計⑧相手の弱点研究をするには??
 
Design Thinking
Design ThinkingDesign Thinking
Design Thinking
 
Los Santos Inocentes
Los Santos InocentesLos Santos Inocentes
Los Santos Inocentes
 
[Webinar] How Big Data and Machine Learning Are Transforming ITSM
[Webinar] How Big Data and Machine Learning Are Transforming ITSM[Webinar] How Big Data and Machine Learning Are Transforming ITSM
[Webinar] How Big Data and Machine Learning Are Transforming ITSM
 
USEFUL JUDGMENT ON 138
USEFUL JUDGMENT ON 138USEFUL JUDGMENT ON 138
USEFUL JUDGMENT ON 138
 
Amazing Origami Art - A Cool Japanese Paper Art
Amazing Origami Art - A Cool Japanese Paper ArtAmazing Origami Art - A Cool Japanese Paper Art
Amazing Origami Art - A Cool Japanese Paper Art
 
Ο τόπος μας - Τα φυσικά χαρακτηριστικά του (Πτολεμαΐδα Εορδαίας) Κεφ. 5 : Μελ...
Ο τόπος μας - Τα φυσικά χαρακτηριστικά του (Πτολεμαΐδα Εορδαίας) Κεφ. 5 : Μελ...Ο τόπος μας - Τα φυσικά χαρακτηριστικά του (Πτολεμαΐδα Εορδαίας) Κεφ. 5 : Μελ...
Ο τόπος μας - Τα φυσικά χαρακτηριστικά του (Πτολεμαΐδα Εορδαίας) Κεφ. 5 : Μελ...
 
Plan Lector 2016 I.E. Juan Miguel Pérez Rengifo - Tarapoto - Perú
Plan Lector 2016 I.E. Juan Miguel Pérez Rengifo - Tarapoto - PerúPlan Lector 2016 I.E. Juan Miguel Pérez Rengifo - Tarapoto - Perú
Plan Lector 2016 I.E. Juan Miguel Pérez Rengifo - Tarapoto - Perú
 
Papiroflexia y geometría
Papiroflexia y geometríaPapiroflexia y geometría
Papiroflexia y geometría
 

Similar to mcdonald.thomas.resume11-15

Steve alameda burlingame ca
Steve alameda burlingame caSteve alameda burlingame ca
Steve alameda burlingame caSteve Alameda
 
Erwin (Chris) Carrow resume Brief 10-23-2015
Erwin (Chris) Carrow resume Brief 10-23-2015Erwin (Chris) Carrow resume Brief 10-23-2015
Erwin (Chris) Carrow resume Brief 10-23-2015Erwin Carrow
 
Albert G Info systems resume
Albert G Info systems resumeAlbert G Info systems resume
Albert G Info systems resumeAlbert Gonzales
 
Derek J Mezack Resume 2015-AppSec_k
Derek J Mezack Resume 2015-AppSec_kDerek J Mezack Resume 2015-AppSec_k
Derek J Mezack Resume 2015-AppSec_kDerek Mezack
 
general_resume_12 1 linked in
general_resume_12 1 linked ingeneral_resume_12 1 linked in
general_resume_12 1 linked inJohn Masiliunas
 
David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016David Patterson
 
Lancy-Curriculum Vitae
Lancy-Curriculum VitaeLancy-Curriculum Vitae
Lancy-Curriculum VitaeLancy Menezes
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesKroll
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsSirius
 

Similar to mcdonald.thomas.resume11-15 (20)

Jenkins_ Carlasha 2016 v1
Jenkins_ Carlasha 2016 v1Jenkins_ Carlasha 2016 v1
Jenkins_ Carlasha 2016 v1
 
TyroneResume[1]
TyroneResume[1]TyroneResume[1]
TyroneResume[1]
 
Steve alameda burlingame ca
Steve alameda burlingame caSteve alameda burlingame ca
Steve alameda burlingame ca
 
Decode_Portfolio2016
Decode_Portfolio2016Decode_Portfolio2016
Decode_Portfolio2016
 
Erwin (Chris) Carrow resume Brief 10-23-2015
Erwin (Chris) Carrow resume Brief 10-23-2015Erwin (Chris) Carrow resume Brief 10-23-2015
Erwin (Chris) Carrow resume Brief 10-23-2015
 
Albert G Info systems resume
Albert G Info systems resumeAlbert G Info systems resume
Albert G Info systems resume
 
Derek J Mezack Resume 2015-AppSec_k
Derek J Mezack Resume 2015-AppSec_kDerek J Mezack Resume 2015-AppSec_k
Derek J Mezack Resume 2015-AppSec_k
 
general_resume_12 1 linked in
general_resume_12 1 linked ingeneral_resume_12 1 linked in
general_resume_12 1 linked in
 
CCA study group
CCA study groupCCA study group
CCA study group
 
David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016
 
Resume_JPMC_2016
Resume_JPMC_2016Resume_JPMC_2016
Resume_JPMC_2016
 
Lancy-Curriculum Vitae
Lancy-Curriculum VitaeLancy-Curriculum Vitae
Lancy-Curriculum Vitae
 
Irfan Ur Rehman
Irfan Ur RehmanIrfan Ur Rehman
Irfan Ur Rehman
 
IT WORK SAMPLES
IT WORK SAMPLESIT WORK SAMPLES
IT WORK SAMPLES
 
S Rod Simpson Resume
S Rod Simpson ResumeS Rod Simpson Resume
S Rod Simpson Resume
 
Eng Solutions - Capability Statement-Latest
Eng Solutions - Capability Statement-LatestEng Solutions - Capability Statement-Latest
Eng Solutions - Capability Statement-Latest
 
Michael Bowers Resume
Michael Bowers ResumeMichael Bowers Resume
Michael Bowers Resume
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & Responsibilities
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key Considerations
 
Dr. Charles Pak
Dr. Charles PakDr. Charles Pak
Dr. Charles Pak
 

mcdonald.thomas.resume11-15

  • 1. THOMAS T. MCDONALD, CISA, MBA www.linkedin.com/in/ThomasTMcDonald Tom.T.McDonald@gmail.com 716-474-8869 PRO F E S S IO N AL SUM M ARY Director, Information Systems Security with 17 years of experience creatingstrategic alliances with organization leaders to effectively align with and support key business initiatives. Establish,plan,and administer policies, procedures and programs for the information security function and evaluatecyber security risk. Industry Experience Health Care, Manufacturing,Banking Functional Experience Cyber Security,Risk Management, Project/Program Management Information Security Expertise: • Vulnerability Assessments • Single Sign On • Identity Management Systems • Mobile Device Management • HIPAA Standards • PCI/Data Security Standard (PCI DSS) • EPCS Security • Incident Response • Vendor Risk Management • Contract & Vendor Negotiation • Security Architecture • Disaster Recovery Enterprise PRO F E S S IO N AL EX P E RIE N CE FIRST NIAGARA BANK, Buffalo, New York 6/15 - present Top 25 US bank with 37 billion in retail and commercial assets. Vice President, TechnologyRisk Management Created strategic alliances with organization leaders toeffectively align with and support key business initiatives.  Independent validated and tested information security controls to ensurecompliance with Sarbanes- Oxley and Gramm-Leach-Bliley regulations.  Independent validated, tested and implemented information security controls.  Participated in development and analysis of information technology risk control self-assessment, and reviewed and developed information technology policies, standards,and guidance documents.  Identified and mitigated information technology risk.  Independent validated, tested and implemented information security controls.  Identified and mitigated information technology risk. KALEIDA HEALTH, Buffalo, New York 1998 - 2015 Healthcare provider serving eight counties with state-of-the-art technology and comprehensive healthcare services. Director, Information System & TechnologySecurity – HIPAA Security Officer Established, managed, and maintained a corporatewideinformation security program toprotect information assets.Identified, evaluated and reported on information security risks tomeet compliance and regulatory requirements.Proactively worked with business units to implement practices; documented policies, procedures and standards for information security.  Implemented Information Systems & TechnologySecurity Program for the organization.  Hired a successful support staff to implement IT controls and safeguards.  Identified security risks, threats and vulnerabilities on the networks,operatingsystems,applications and new technology initiatives.  Provided technical analysis in the development, testing and operation of firewalls,intrusion detection systems IPS/IDS, enterpriseanti-virus,data lost prevention,vulnerability management and EPCS Security.
  • 2. Thomas T. McDonald Page 2 PRO F E S S IO N AL EX P E RIE N CE (CO N T IN UE D )  Implemented Single Sign On solution using proximity badges (HealthCast/Imprivata).  Implemented Identity ManagementSystem (Courion) for provisioningrole based access, password synch, password resets and terminations.Implemented internet filteringsoftware(Websenseand Forefront).  Reviewed/audited operational configurations and security controls for applications and operating systems.  Designed and executed vulnerability assessments, penetration tests,security audits and implemented PCI Data Security Standards.  Developed a Mobile Device Management policy and implemented MDM softwaresolution.  Implemented two factor authentication (2FA) access solution (Anakam).  Implemented workstation encryption software solution and SFTP.  Chaired HealtheLink Health Information Exchange’s Security Committee since 2006.  Led in the governance process to influence projects toadhere to HIPAA Security Rule, HITRUST Common Security Framework,PCI DSS requirements, Sarbanes-Oxley Act (SOX), stateand federal regulations.  Supported Legaland Compliance & Audit Departments eDiscovery requirements. GOODYEAR DUNLOP TIRE CORPORATION, Buffalo, New York 1993 - 1998 Part of Goodyear Tire & Rubber Company that makes tires bearing the Dunlop brand name. Information Systems Auditor Developed, documented and maintained information system audits plans for corporateInformation Technology Department. Identified information security weaknesses and developed gap analysis and remediation plans to resolve issues. Worked with external auditors on analyzinginformation system controls and safeguar ds.  Developed, designed and implemented UNIX based networks, NSF security,ftp controls, trusted hosts,r- tools, and file permissions.  Audited mainframe and distributed platforms as well as Windows,UNIX, RACF and Relational Database Management Systems.  Effectively managed information security projects; assessed financial/operational impact and systems risk. HSBC (MARINE MIDLAND BANK), Buffalo, New York 1991 - 1993 British multinational banking and financial services company headquartered in London, EDP Audit Officer Oversaw a team of staff auditors performingEDP audits on: MVS, CICS, DB2, IDMS, IMS, ACF2, Data Center, High End Processor,and LANs, IBM Mainframe, Tandem’s Wire,Unisys ACH Electric Data Interchange(EDI). Worked with line management to minimize riskand instituteproper controls.  Developed system flow charts, performed risk analysis,and defined audit controls criteria and objectives. NATIONAL CITY CORP, Cleveland, Ohio 1990 - 1991 Regional bank holding company based in Cleveland, Ohio EDP Auditor ED UCAT IO N CANISIUS COLLEGE ST.BONAVENTURE UNIVERSITY Master Business Administration, MBA Bachelor Business Administration, BBA
  • 3. Thomas T. McDonald Page 3 C E RT IF ICAT IO N Certified Information System Auditor, CISA TRAIN IN G /DE VE L O P M E N T Cyber Security Evaluation Tool CSET, Intrusion Detection Systems IPS/IDS, HIPAA, Identity Management Systems,Privacy Auditing AF F IL IAT IO N S Information Systems Audit and Control Association ISACA WNY, FBI Citizen Academy Buffalo, InfraGard Buffalo, Sandy Beach Park Club, Sandy Beach Yacht Club