Andrew Laffey
West Des Moines,IA
Summary
Experienced Information Security and Technology Manager well-versed in infrastructure, security planning and daily operations management. Forward-thinking and strategic leader with 20 years of Technology experience in Financial Services and Insurance Industry. Recognized for cost-effective system improvements, operational streamlining and positive leadership style.
Overview
21
21
years of professional experience
Work History
Director of Information Security
American Enterprise Group, Inc
11.2020 - Current
- Led a team of security professionals in identifying and mitigating risks, conducting vulnerability assessments, and implementing security controls.
- Coordinated with business units to ensure security policies and procedures were aligned with business objectives and regulatory requirements.
- Oversaw design and implementation of Azure Cloud Security Controls.
- Oversaw the development of incident response plans and worked with external partners to conduct regular executive level tabletop communication exercises to test and refine them.
- Helped develop Third Party Risk Management Program and collaborated with third-party vendors and partners to ensure their compliance with security policies and standards.
- Prepared and presented reports to the executive team and board of directors on the state of the organization's security posture.
Information Security Manager
American Enterprise Group, Inc
08.2016 - 11.2020
- Developed and implemented an enterprise-wide information security program to protect critical data and systems against cyber threats.
- Played key role in on-going network design, reevaluation and optimization to keep pace with company growth.
- Oversaw the implementation of security controls, including firewalls, intrusion detection systems, anti-malware, application whitelisting and access controls.
- Oversaw the day-to-day operations of the information security team, including managing budgets and allocating resources.
- Participated in incident response and investigation efforts, working closely with legal and law enforcement agencies as necessary.
- Implemented security awareness training programs for employees to promote a security-conscious culture.
Systems\Security Analyst
American Enterprise Group, Inc
07.2002 - 08.2016
- Installed, modified, and repaired software and hardware to resolve technical issues.
- Led Migration from Physical Hardware to VMware Virtual Infrastructure
- Provided on-call support for critical issues related to IT Issues.
- Maintained Security Software and Patching Processes
- Explained technical information in clear terms to non-technical individuals to promote better understanding.
Education
Bachelor of Science - Managment of Information Systems
High School Diploma -
Skills
- Security Program Design and Implementation
- ISO 27001, NIST, CIS Frameworks
- HIPPA, PCI, MAR Compliance
- Third Party Risk Management
- Vendor Management
- Budgeting
Certification
- CISM - Certified Information Systems Manager
- ITIL Foundations
- Vmware Certified Professional 5
- AIIM Enterprise Content Management Specialist (ECMS)
Timeline
Director of Information Security - American Enterprise Group, Inc
11.2020 - Current
Information Security Manager - American Enterprise Group, Inc
08.2016 - 11.2020
Systems\Security Analyst - American Enterprise Group, Inc
07.2002 - 08.2016
Hamilton College - Bachelor of Science, Managment of Information Systems
Woodward-Granger High School - High School Diploma,
- CISM - Certified Information Systems Manager
- ITIL Foundations
- Vmware Certified Professional 5
- AIIM Enterprise Content Management Specialist (ECMS)
Similar Profiles
Douglas RumpleDouglas Rumple
Sales Relationship Manager at American Enterprise GroupSales Relationship Manager at American Enterprise Group
Guadalupe AcostaGuadalupe Acosta
Janitor at American EnterpriseJanitor at American Enterprise
AMBER M. GARFOOTAMBER M. GARFOOT
Lead Human Resources Business Partner at American Family Insurance EnterpriseLead Human Resources Business Partner at American Family Insurance Enterprise