Michael Bowers Resume


Published on

Michael Bowers Operational Risk, Risk Management, Information Security Management resume.

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Michael Bowers Resume

  1. 1. Michael Bowers CISSP, PMP7049 Sedgebrook Dr. West ♦ Stanley, NC 28164Phone: 704.996.2317 E-Mail: m.bowers@me.com IT Risk Management Profile Over 10 years Information Technology (IT) risk management experience enabling business-based decisions regarding technology vulnerabilities & risk through effective risk & vulnerability assessment, vendor management & organizational leadership. Passionate, persuasive and articulate; communicates effectively with technology & business stakeholders to protect against reputational and/or financial harm. Summary of Operational Risk and Security Technology Skills:  Security assessment: 3rd party and internal risk assessments including discovery, documentation, writing/updating the security plan and writing the Executive Summary  Methodology: Information Security Risk Assessment (ISRA), SDLC  Standards/Regulatory: OWASP, PCI DSS, FFIEC Handbook, ISO17799/2700X, SOX (Section 404), COBIT, ITIL, BITS and COSO  Operational Risk Tools: Archer eGRC, SPARC, Policyworks, Foundation Plan Guidebook, Vendor Management System of Record (SOR), CICAT and CRAS+  Platforms: Windows Server, Active Directory, Red Hat, AIX, Solaris, HP-UX, SuSE, SQL Server, Oracle, DB2, IBM System Z, Cisco, VMWare, Citrix, Check Point, HP OpenView, Remedy/Pac2000 and cloud/Software-as-a-Service offerings (Siebel, Salesforce.com)  Security Technologies: Symantec Endpoint Protection, Symantec Vontu (DLP), Cisco HIDS/NIDS & HIPS/NIPS, Nessus, Fortiscan, Wireshark, Symantec ESM, TripWire, BigFix, Qualys, nCircle application scanning, Guardium, Imperva, RSA envision (SIEM), Channel Secure, Top Secret, PKI, PGP  Utilizing Lean & Six Sigma principles in optimizing business processes  Leading staff and matrix resources (ISOs, SMEs, stakeholders) in identifying and mitigating risk using best practice technical and nontechnical detective and preventive controls  Building best practice information security framework(s) and optimizing a broad set of security technologies for risk, threat & vulnerability management Experience Bank of America, Application Security Governance – eCommerce & Payments August 2012 – present Manager: Rob Abbott Contractor responsible for building the application security governance program for Bank AmeriDeals and the eCommerce and Payments technology platforms within Consumer Small Business Banking & Technology and Operations. Wells Fargo, IT Risk Management Consultant June 2011 – August 2012 Responsible for partnering with Business Information Security Officers, Technology Operations Group teams and infrastructure platform subject matter experts to facilitate completion of sparc requests that update Wells Fargo information security foundation plans:  Lead discovery, documentation, assessment and risk mitigation efforts associated with the Information Security Risk Assessment (ISRA) process  Update information security foundation plans for in scope Wells Fargo systems, applications, business processes, infrastructure and vendor solutions; documenting vulnerabilities, compliance with Wells Fargo policies, standards and technical security baselines and ensuring action plans are initiated to mitigate identified risks
  2. 2.  Produce assessment executive summaries that are clear, concise, align to Enterprise Information Management standards and enable Wells Fargo ISOs and lines of business to accept and/or mitigate operational risks  Partner with Site Review, Code Review and Security Architecture teams in discovery and assessment activities to ensure complete documentation  Serve as a Subject Matter Expert (SME) on Wells Fargo information security policy, standards, baselines and Information Security Risk Assessment ProcessBank of America, Third Party Risk Assessment Consultant August 2009 – December 2010Responsible for leading Bank of America supplier assessments to identify, document and mitigate riskassociated with PCI DSS, FFIEC, bank policies and standards and industry best practices to ensure theprotection of customer data and reputational/financial risk to Bank of America.  Lead discovery, documentation, assessment and risk mitigation efforts associated with the Supplier Information Security Assessment process  Develop assessment work papers and executive summaries by performing onsite and offsite reviews of high risk suppliers  Partner with Supplier Management, Supplier technology and business teams and Business Continuity SMEs to fully document the general control environment for suppliers including operational (people, process & technology) and physical & environment controls  Facilitate and coordinate risk mitigating planning and execution in collaboration with supplier and business teams  Produce assessment executive summaries that are clear, concise, align to Enterprise Information Management standards and enable Bank of America ISOs and lines of business to accept and/or mitigate operational risks  Serve as a Subject Matter Expert (SME) on Bank of America information security policy, PCI DSS controls, enterprise resiliency and the Supplier Information Security Risk Assessment processAlly Financial, Sr. Project Manager – IT Security Consultant March 2009 – August 2009Responsible for partnering with Information Security Architecture, Information Security Operations andTechnology & Operations Group (TOG) and strategic partners (KPMG/E&Y) in developing the operationalrisk framework for the newly created bank holding company encompassing GMAC Mortgage, ConsumerFinance Group and GMAC Insurance:  Provided technical leadership in collaboration with business & technology stakeholders to design high-level solutions & financial/resource forecasts for Symantec DLP (Vontu), Security Scanning, Security Event & Incident Management (SIEM) and technical baselines development  Provided project management for Plan, Define & Construct phases in partnership with TOG & strategic partners in developing the operating model & key solutions that remediate regulatory gaps for the new bank  Produced key program deliverables including deployment plans, Business Requirements Documents (BRDs), Technical Specifications Documents, high-level scope statements, project milestone forecasts and marshaled resources for Construct and Deploy activities  Led hiring and on-boarding of project managers and technical leads for respective program projects  Responsible for assessing the current state of information security foundation plans for Ally Financial high risk (based on revenue generation & reputational impact) and developing the future state operational process 2
  3. 3. Doosan International, Senior IT Manager March 2008 – March 2009Responsible for leading cross-organizational Sales, Inventory & Operations Planning (SIOP) and technologyinfrastructure programs charged with developing the organizational resources & capabilities that providesthe operational framework to sustain the new U.S. business formed by acquisition:  Reported to PMO Director; partner with CIO organization and Booz Allen Hamilton to define best practices and project delivery & reporting framework  Achieved successful transition from multi-platform Transition Service Agreements (TSAs) for technology and business process services provided by the divesting organization  Led capital & expense planning as well as Business Case development & funding approval  Developed Program and Project Charters, sourcing strategies, Project Plans and key deliverables in a maturing project management competency organization/culture  Partnered closely with the CIO, Korean counterparts and business executives to demonstrate the value of a PMO in terms of benefits achievement, repeatable & sustainable process, transparency, demand planning, alignment to strategic objectives & development of organizational assets  Led all aspects of project, resource and task definition, execution and transition to operations  Planned & facilitated working sessions to define Work Breakdown Structure (WBS), resource allocations, identify interdependencies and mentor project managersLincoln Financial Media Company, Director of Information Technology June 2005 – March 2008Member of Senior Leadership Team responsible for IT Operations, IT Service Delivery, Broadcast SystemsSupport and strategic planning:  Reported to President, Raycom Sports; managed all aspects of Information Technology including network and telecommunications infrastructure, mobile units (analog & high def), business applications (CRM, Microsoft Dynamics, inventory management, production graphics, editing systems, etc.) and the web platform  Provided forecasting & stewardship of $500k in operating and capital expenditures  Partnered with Sales & Marketing to develop competitive product strategies that A) strengthen ad agency offerings, B) create additional revenue streams, C) create client value-add, D) increase sponsorship opportunities and D) further incentivize sales teams  Championed multi-faceted sales improvement initiative utilizing LEAN and Six Sigma, Root Cause Analysis and Management by Fact (MBF) techniques to deliver a Salesforce.com CRM solution that resulted in a year one increase of 20% in closing agency and client contract opportunities  Partnered with Raycom Media Company CIO, division business leads, Sales & Marketing and media partners to create a joint-venture “non-revenue” sports production business  Developed organization resources to ensure project success, managing risks, issues, scope changes and resources to achieve expected benefitsIngersoll-Rand Company (IRC), Information Security Team Lead June 2004 – June 2005Responsible for executing on key aspects of security strategy and tactical initiatives that align with theshort and long-term operating plans including implementation of enterprise NIDS, HIDS and incidentresponse solutions & teams:  Reported to Shared Services Sr. Manager with dotted line to Shared Services CIO Office  Personally built and led core team of six to implement global Network IDS/IPS and HIDS/HIPS (Cisco solutions), Cisco NAC, NetForensics Security Information & Event Management (SIEM) and Computer Security Incident Response (CSIRT) process  Led the Executive IT Security Council committee meetings 3
  4. 4.  Developed project management plans for information security program with scope of approximately $2MM, 88 countries, UNIX and Windows-based platforms, core data center and third party hosting providers and all IRC business lines  Developed phase one information security roadmap encompassing industry best practices and ISO17799/27001 standards  Provided input into development of information security Key Performance Indicators (KPIs)  Managed professional services and project team resources, providing mentorship, assignment of work activities and performance management in developing a high performing team aligned with strategic goals and company core valuesBank of America, VP, Information Security Compliance June 2003 – June 2004Delivered major components of enterprise Six Sigma Green Belt project to consolidate multi-regulatoryassessment processes into a single tool and process:  Reported to SVP, CIS Compliance; chartered with leading tool development, process development, training development & delivery utilizing organizational and vendor resources  Managed project deliverables, risks and milestones from Project Initiation to Project Close utilizing CA Clarity for time and project reporting, Microsoft Project, CaliberRM for requirements management, etc.  Led development of the Risk Commander Compliance Reporting Tool (CRT) and regulatory gap analyses producing the consolidated question set mapped to specific controls to measure Line of Business (LOB) compliance with FFIEC, FDIC, GLBA, Basel II, ISO17799 and internal bank standards  Provided staff performance management and professional development for a team of fourLincoln Financial Media Company, Manager, Information Security June 2000 – March 2003Accountable for the planning, coordination, implementation and execution of the operational riskframework for Lincoln Financial Media Company (LFMC):  Write high-level information security plans for high risk applications, infrastructure and vendors  Design and lead computer security awareness training materials and campaigns to enhance operational risk awareness and communicate employee responsibilities  Defines and reviews security requirements and subsequently reviews complex systems to determine if they have been designed and established to comply with established standards  Serve as the Lincoln Financial information security SME for LFMC  Partner with Shared Services infrastructure, security architecture, application and business teams to identify security vulnerabilities and risk through comprehensive risk assessment  Led regional IT Directors, Security Architecture and Security Operations in optimizing the current information security tool set and developing an executive dashboard with KPIs for reporting vulnerabilities and risk including Symantec anti-virus, Cisco NIDS/HIDS, Nessus vulnerability findings and incidents via CSIRT and NetForensics (SIEM)  Facilitate the Executive IT Risk Committee meetings chartered with reviewing high level risks and formulating high level risk mitigation action plansPreferred Medical Marketing Company (PMMC), Senior Client Support May 1999 – May 2000Responsible for pre-sales and post-sales support of large-bed hospitals (500 and larger) in the West andMid-West territories including:  Mapping client HMO contracts to PMMC’s proprietary software; planning and leading client software implementations based on a VisualBasic/SQL database architecture  Partnering with clients’ patient accounting, contracts, information technology and cross- 4
  5. 5. functional stakeholders to identify payor under-payments  Generated approximately $1M in previously unpaid patient claims through utilizing PMMC’s software to analyze patient EOBs (Explanation of Benefits), ICD-9 and CPT medical billing codes and comparing with payor payments against HMO contract termsEducationCentral Piedmont Community College September 1989 – April 1991College Transfer ProgramStrayer University March 2008 – March 2009B.S. Business /Information Systems (Junior status with 80 hours accumulated / 3.2 GPA) 5