MATTHEW HALL

Directed day-to-day tactical and strategic activities of Information Security Team. Provided direction to staff in alignment with achieving security goals of partner organizations. Identified key industry, regulatory, and statutory requirements and designed comprehensive information security operations to meet required objectives.

• Built compliance driven, highly effective Information Security Organizations for client partners
• Performed gap analysis against regulatory compliance frameworks to develop organizational risk profile and qualified remediation plan
• Developed and implemented layered security approach to safeguard and protect protected and sensitive data types

Act as Security Leader, Security Architect, Senior Analyst, Incident Response Analyst, Vulnerability Management Analyst, and Cybersecurity partner for various clients. Advocate best practice and secure posture based upon regulation (HIPAA, PCI, CCPA, GDPR) and established frameworks such as NIST 800-53, 800-171, CMMC, and ISO 27001. Provide project management, architecture assessments, security recommendations, policy and procedure creation, and business continuity instruction.

• Develop, implement, build and execute comprehensive security programs
• Execute security and business continuity risk assessments and provide recommendations that balance risk management with business objectives
• Lead discussions for risk-informed adjudication of control exception requests and assist business units with appropriate documentation and communication of approval/rejection
• Serve as strategic partner and security thought leader to lead implementation and maintenance of information security program within designated business units
• Act as CISO providing independent and objective oversight and monitoring of information security and business continuity programs within designated business unit(s)
• Facilitate bidirectional communication between business units and enterprise security while advocating for both in balanced manner
• Consult with and advise business and IT leaders in proactively establishing, implementing, and monitoring information security controls within designated business unit(s)
• Perform architecture assessments with focus on detective and preventive controls
• Execute gap analysis, converting findings into actionable project plans with achievable goals
• Initiate and coordinate incident response activities between centralized incident response team and business unit technical teams in accordance with Incident Response process
• Provide program updates to senior/executive management, risk management committees, and program stakeholders within designated business units
• Capture customer requirements and perform analysis, including generation and review of statement of work (SOW), serve as point of contact, and maintain interaction with Customer and Customer's Information Security department
• Serve as Incident Response Security leader with focus on generating forensic analysis, impact analysis, remediation steps, and restoration

Directed day-to-day workflow of IT Infrastructure Operations Team with 14 direct reports, and additional 15 indirect reports. Staff composed of managers, network engineers, architects, and system administrators spanning several infrastructure technologies including virtual compute, VDI, server OS, DevOps, storage & backup, network routing and switching, and endpoint security and patching.

• Developed, implemented, and maintained day-to-day support and interaction model between Network Operations Center (NOC) and Corporate IT/IT Infrastructure Engineering and Operations teams including incident escalation and trouble resolution workflows
• Engineered and enforced strategy to ensure high availability of systems and applications across organization ensuring 24/7/365 availability
• Shepherded project management with focus on translating business requirements into actionable tasks and deliverable solutions from technology teams
• Developed, reviewed, and enforced service level agreements
• Oversight of root cause analysis on SLA misses and outages with development of remediation plans
• Provided Change Management oversight and risk assessment analysis for technology changes, including upgrades, patches and functionality improvements
• Developed and coordinated strategic direction and operating plans to meet executive requirements
• Established key infrastructure policies while supporting team in maintaining and executing procedure development
• Determined metrics, defined measurables, and conducted executive review of reports on performance of enterprise environments and efficiency of department
• Defined roles, recruited engineers, hired personnel, trained resources, and provided quarterly, semi-annual, and annual performance evaluations to staff
• Provided oversight and solutions implementation in execution of disaster recovery project including hands on oversight of data center construction, equipment setup, installation, and fail-over testing
• Managed vendor relationships including contract negotiation and SOW review
• Spec and requisitioned infrastructure hardware, including oversight of installation
• Implemented, monitored, and managed network circuits and redundant connections
• Ensured compliance with regulatory frameworks including PCI and SOX.

Directed day-to-day operations of company. Recruited, hired, trained, and disciplined staff. Coordinated efforts of staff to ensure client SLAs were met. Organized all work-streams within company to facilitate seamless customer on-boarding. Provided help desk, and infrastructure support to several small and medium sized businesses including educational facilities, medical facilities and law offices.

• Orchestrated operations of help desk, call center, client training, technical support team, and network operations center (NOC) team to achieve customer requirements and provide best-in-class service
• Developed, implemented, and oversaw technical support center to provide on-demand server, network, office hardware, and application support for clients
• Performed on-demand needs assessments, then requisitioned, and implemented client ticket systems (ZenDesk, Spiceworks, Jira Service Desk, QuickBase, etc.)
• Undertook proof-of-concept testing, requisition, and implementation of electronic medical records (EMR) system (hardware and software)
• Developed staff training program in support of transition to newly implemented EMR software platform
• Developed and executed zero-downtime project plan to migrate onsite IT services to collocation center for offsite disaster recovery and business continuity
• Oversaw growth and expansion of company more than 400%
• Developed, documented, and produced all policies and procedures for organization
• Reduced employee turnover by 90% through providing training, performance incentives, and benefits
• Directed staff while making daily financial impact decisions.