Ben Rothke
Clifton
Summary
Senior information security and risk management professional. Career incorporates a successful track record across corporate and consulting roles, securing IT assets for numerous Fortune 1000 companies. Areas of expertise include analyzing and addressing cybersecurity, information risk, and regulatory compliance requirements to protect corporate data assets and business opportunities, and to maximize revenue in alignment with corporate goals and initiatives.
Overview
31
31
years of professional experience
1
1
Certification
Work History
Senior Information Security Manager
Experian
New York
06.2019 - Current
- Manage all aspects of information security, risk management, cloud security, vendor management, and compliance.
- Ensure regulatory compliance for ISO 27001, ISO 27017, ISO 27018, CSA STAR, HIPAA, and SOC 2.
- Perform reviews and gap analysis of information security policies and processes
- Manage risk management for EMS-related risks via the Archer platform
- Provide information security, privacy, and risk management training
- Vendor & 3rd-party security management
- Cloud security (PaaS, SaaS, IaaS)
- M&A due diligence (security, privacy, cloud computing)
- Post-acquisition security, risk management, and privacy audits
- Manage cloud & application penetration testing program
- Information security mentor in the Women in Experian (WiE) mentorship program
Principal Security Consultant
Nettitude, Inc.
New York
01.2015 - 06.2019
- For an auto protection firm, performed complete PCI DSS 3.2 assessment including submission of their report on compliance (RoC). Reviewed and validated all 12 section of the PCI compliance requires.
- For an American-based media, data and marketing services and venture capital organization, performed a GDPR gap analysis, which followed with a data mapping exercise to assist the firm in preparing for GDPR.
- For a hedge fund, performed a gap analysis for compliance against SEC OCIE cybersecurity preparedness initiative requirements. Reviewed their 3-year information security budget and performed security spending forecasts, making recommendations for adequate and effective information security spending.
- For a number of clients, performed ISO 27001:2013 gap analysis. Created required documentation, including: statement of applicability, policies, processes and standards in support of the firm's 27001 accreditation effort. Created risk register mapping information security risks for ISO compliance.
- For a managed hosting service provider, performed PCI DSS v3.2.1 assessment and issued report on compliance (RoC) for their PCI compliant hosting solution. Created their Assertion of Responsibilities and Shared Responsibility Model documentation to ensure their clients understood their PCI security responsibilities.
- For an automotive behavior prediction technology software firm; currently their information security interface/virtual CISO to a number of automobile manufacturers they provide services to.
- For a financial securities firm, updated their set of information security and privacy policies to ensure compliance with industry regulations, legal requirements and best practices.
- For a retail firm, as the PCI QSA, performed a PCI gap analysis. Identified area of non-compliance against PCI DSS. Reviewed their point of sale application implementation for PA-DSS compliance.
- For a healthcare provider, updated their information security policies to bring them up to speed to meet HIPAA, HITECH and HITRUST requirements.
- Member of the 2018 PCI SSC Cloud Security Special Interest Group (SIG). Provide expertise for the PCI DSS Cloud Computing Guideline.
- Spoke at the RSA 2018 conference on ransomware, and Infosec World Conference on data destruction.
- Nettitude is an award-winning provider of cyber security, compliance, infrastructure, security architecture and incident response services to organizations across the US.
Manager - Information Security
Wyndham Worldwide
Parsippany
05.2011 - 12.2014
- Member of the Wyndham Worldwide information security risk management group. Interface with CO and staff within the various business units; Corporate, Exchange & Rentals (RCI), Vacation Ownership & Wyndham Hotel Group
- Responsible for numerous areas of global information security, privacy and risk management
- Accountable for aspects of the information security and privacy lifecycles
- Created corporate-wide cloud security strategy and directive documentation, leading initiative for deployment of cloud services across the 4 corporate business units. This cloud security framework enables decision makers to know what security, privacy and risk criteria to use when selecting a SaaS, IaaS or PaaS provider.
- Launched information security vendor risk management process. Developed assessments to ensure that thirdparty firms that have access to Wyndham data maintain adequate security and privacy control to secure Wyndham data they will store, process or transmit.
- Wyndham Worldwide is the world's largest hospitality firm generating $5 billion in revenue annual. Wyndham has resorts, hotels and timeshares spanning across six continents.
Senior Security Consultant
BT Professional Services
New York
11.2006 - 05.2011
- For a year-long project for the CISO of a New York energy company, assisting in the development of a comprehensive information security program. Included security assessments, reviews against policy compliance and project management and participation in the corporate smart grid security group.
- For an international bank, reviewed 18 of the bank's most critical application for security and regulatory compliance. Interviewed application owners and BISO's and wrote-up application security risk assessment for each application, detailing specific organizational and application risks and vulnerabilities.
- For a diversified health care benefits company, performed evaluation of the encryption adherence (encryption deployment, maintenance and tracking) to the 'American Recovery and Reinvestment Act (ARRA)', and determined if their current Windows Storage meets ARRA/HITECH requirements.
- For a publisher of computer and video games, created a security framework and assisted in the design of a Security and Risk Assessment methodology that allowed them to evaluate the controls, designs, privacy and management practices for services that they outsource to third parties.
- For the world's largest motion picture exhibitor, as the PCI QSA designed incident response plan for PCI compliance and created short-term and long-term remediation plans for PCI compliance.
- British Telecom Professional Services is a 5+ billion provider of worldwide services and solutions that help enterprises effectively use technology to drive business growth.
Director - Security Technology Implementation
AXA Equitable Life Insurance
New York
01.2006 - 10.2006
- Managed information security technology implementation group. The group's primary purpose is to both bring new security and privacy technologies into the organization and to stabilize and put processes in place to globally support these initiatives.
- Member of the Corporate Global Security Council and Corporate Information Security Forum for strategic security projects and initiatives. Included in these projects is budgeting and financial planning for cost effective deployment.
Senior Security Consultant
ThruPoint, Inc.
New York
04.2003 - 01.2006
- Worked with the CISO and senior IT leaders to determine acceptable levels of risk for organizations.
- Assisted in the design and created a Brokerage Global SOC (Security Operations Center); assisted in their HIPAA security and privacy remediation compliance efforts for large health care provider.
- ThruPoint (now Acuative) is an IT services and best-of-breed technology solutions professional services firm.
Garden State InfoSecurity
Clifton
06.2001 - 04.2003
Baltimore Technologies
New York
11.2000 - 06.2001
eB Networks
Edison
10.1999 - 11.2000
Ernst & Young
New York
10.1997 - 10.1999
Coopers & Lybrand
New York
09.1996 - 10.1997
Citibank
New York
06.1995 - 09.1996
Education
Bachelor of Arts - Education
SUNY Empire State College
Saratoga Springs, NY06-1987
Skills
- Business Technology Solutions
- Operational Security
- Secure Cloud Services
- Security Risk Frameworks
- Enterprise Architecture
- Encryption & Key Management
- Security Awareness
- Application Security Assessments
- PCI DSS Compliance
Certification
- CISSP
- CISA
Thought Leadership
InfosecWorld 2025 - Effectively Implementing and Managing Electronic Data Disposal and Destruction, Secure 360 - Design before implementation, using a methodology for security deployment, Webinar - Behind the Book - Cybersecurity First Principles with Rick Howard, How not to hire for a senior information security role, LinkedIn Job Scams - the Ultimate Invisible Gorilla, The Best Information Security Books of 2025, Computer Security: 20 Things Every Employee Should Know, McGraw-Hill, Author, The Definitive Guide to PCI DSS Version 4: Documentation, Compliance, and Management, Apress, Co-author
Related Expertise
CISSP, CISA, CGEIT, CISM, CRISC, CDPSE, PCI QSA, PCI ISA, Cloud Security Alliance (CSA), Information Shield, Cybersecurity Canon
Timeline
Senior Information Security Manager
Experian
06.2019 - Current
Principal Security Consultant
Nettitude, Inc.
01.2015 - 06.2019
Manager - Information Security
Wyndham Worldwide
05.2011 - 12.2014
Senior Security Consultant
BT Professional Services
11.2006 - 05.2011
Director - Security Technology Implementation
AXA Equitable Life Insurance
01.2006 - 10.2006
Senior Security Consultant
ThruPoint, Inc.
04.2003 - 01.2006
Garden State InfoSecurity
06.2001 - 04.2003
Baltimore Technologies
11.2000 - 06.2001
eB Networks
10.1999 - 11.2000
Ernst & Young
10.1997 - 10.1999
Coopers & Lybrand
09.1996 - 10.1997
Citibank
06.1995 - 09.1996
Bachelor of Arts - Education
SUNY Empire State College