Lacey Zinser

Leads, maintains and improves operations and functions of security team while effectively managing crises in fast-paced environment.

• Focuses on issue identification and resolution, partnering across organization, understanding risk appetite, and driving overall risk management improvements
• Careful fiscal management allows the department to realize significantly impact enterprise security risk
• Carrying out a pro-active approach results in management of wide range of security activities from engagement with "C" suite personnel to ensure organizational alignment and strategic support for core activities, to assuring compliance with national and state regulations, all the way to engineering to security improvements with the industrial unit engineers

Key Accomplishments:

Developed cross unit, collaborative programs to support goals of enterprise cyber security governance committee to reasonably protect entire organization against cyber threats, as well as to be prepared to identify, respond, and recover from these threats. Activities include:

• Partnered with compliance and operational technology teams to develop, test, and improve organization’s cyber incident response capabilities
• Instituted cross unit security awareness program with mandatory baseline training, live security events that resulted in positive outcomes such as 30% reduction in phishing email click rates. Collaborate with physical security team on security intelligence awareness and customer fraud response
• Formulated security policy and assurance methodologies to efficiently and consistently apply controls to sufficiently lower cyber risk. Teamed with physical security to ensure compliance on DHS Chemical Facility Anti-terrorism (CFAT) program
• Road mapped, collaborated, and lead implementation on major technology and process improvements to support security risk reductions. Partnered with CIP team to extend existing secure supply chain initiative to support new NERC requirements

Administered Information Technology Security program to lower technology specific cyber risk. Provided consulting type services to industrial business units for DCS, ICS and SCADA for system level security risk management improvements. Coordinated with compliance, legal, physical security, customer service and communications teams to improve overall enterprise risk management.

• Monitored for, investigated and responded to potential cyber events
• Oversaw access control management to ensure only authorized users and devices access OUC environments
• Assessed and recommended security improvements for information technology initiatives
• Provided consultation security services to operational technology teams for key projects
• Collaborated with Legal and Customer Service teams to lower compliance risk for identity theft deterrence and privacy regulations
• Instituted and chaired information technology standards committee resulting in improved governance
• Chaired and streamlined IT change management committee resulting in transparent efficient process
• Monitored computer virus trending to determine when to update virus protection systems
• Recommend improvements in technology systems and procedures
• Performed risk analyses to identify appropriate security countermeasures
• Conducted security assessment to identify vulnerabilities
• Implemented technology to provide security risk insights
• Developed plans to safeguard data against unauthorized modification, destruction or disclosure

Focused on security systems automation and processes, planning, issue analysis and resolution, and international team collaboration.

Supplied project planning and implementation for corporate Information Security team. Deployed enterprise wide server and network security automation toolset. Integral in providing more secure, consistent and compliant environment in multi-site cross-platform setting. Focused on security systems, policy and process development, issue analysis and resolution, audit readiness, international team collaboration, and automation. Led team in defining corporate best practices for secure remote access hardware and software configuration.

• Conducted security audits to identify vulnerabilities.
  Reviewed violations of computer security procedures and developed mitigation plans.
• Developed plans to safeguard computer files against modification, destruction or disclosure.
• Monitored use of data files and regulated access to protect secure information.
• Encrypted data to protect confidential information.
• Engineered, maintained and repaired security systems.
• Resolved security, audit or compliance issues while providing exceptional client support.

Accomplishments included:

• Administered security compliance tracking web application. Increased reporting by 40% in 3 months.
• Transitioned security tasks for 7 major customer environments from domestic operating system administrators to international security administrators achieving separation of duties.
• Analyzed and redesigned access request process for major customer resulting in more secure access scheme and freeing 45% of security administration team’s work cycles to focus on higher level security concerns.
• Collaborated with security team on and presented Active Directory redesign project plan to optimize use of group policies in complex multisite environment with low impact transitional phases that was adopted for deployment company-wide.

Member of key team dedicated to ensuring confidentiality, integrity and availability of 6 commercial programs and 2 state government programs as well as internal infrastructure program.

• Prepared multi-site operations for audit readiness and compliance with regulatory standards organizations including FISMA, NIST, SOX, HIPAA, and SAS 70
• Developed, implemented and maintained processes and controls to secure multi-site, cross-platform (mainframe, UNIX, Linux, Novell and Windows) environments. Responded to escalated CIRT issues for major customers
• Maintained system integrity by performing internal audits of systems and processes, users, group utilization and remote access (VPN). Utilized vulnerability assessment tools, penetration test results, log reporting, and configuration management tools
• Monitored security and account management for Active Directory and MS Exchange by global support teams

Key Accomplishments:

• Designed layered protection scheme in collaboration with security, operating systems, networking, intrusion detection and penetration testing teams to secure application, operating system and networking environments
• Comprehensively supported programs and auditors during audit periods resulting in positive audit outcomes
• Led annual internal program self audits and quarterly program security reviews. Achieved compliance with corporate and regulatory standards. Methodology developed was used as template for corporate compliance

Provided outsourced consulting services to major commercial customers:

• Installed and maintained Windows servers in multi-site WAN environment.
• Designed, implemented and tested disaster recovery / business continuity plans for customers.
• Prepared customer programs for security audit compliance and supported during audit periods.
• Configured and supported standard tool sets including Active Directory, enterprise applications (email server, mobile device management, SQL, WSUS, patching deployment, SharePoint, and backup systems), monitoring tools (Tivoli, HP Insight Manager), remote connectivity and security (McAfee Symantec/Norton, GFI LanGuard).
• Initiated, developed and scheduled team projects plans. Supported change control process through project planning.
• Trained, provided documentation, coordinated daily tasks and acted as liaison to international system administrators.

Key Accomplishments:

• Designed and delivered midrange disaster recovery planning services to major customers.
• Supported customers onsite and remotely during successful disaster recovery tests.
• Recognized by state and local government programs for securing Windows server environment to meet or exceed corporate, customer and regulatory standards.

• Led implementation and integration of major corporate client/server applications including ERP, HRIS, and financial systems utilizing project management skills.
• Analyzed, designed, tested, debugged, optimized, documented, implemented systems and applications to meet business requirements.
• Installed, supported, upgraded corporate enterprise solutions including Windows Server, remote access services, Citrix, electronic records management (RDMS) in multi-site WAN environment.
• Supported escalated enterprise application issue resolution for field offices and other business lines.

Administered, secured, tuned, monitored, upgraded hardware and software on 30 critical servers in 500+ node 7x24 Windows/UNIX multi-site LAN/WAN environment. Prepared and managed annual budget encompassing client/server solutions.

• Analyzed complex project server issues and worked on large enterprise and business-critical applications.
• Project lead for successful timely implementation of ERP Great Plains systems.
• Led server infrastructure development, quality assurance, staging and production systems.
• Implemented, developed and tested installation and update of file servers, print servers and application servers in all departments.
• Diagnosed and executed resolution for all 3rd tier software, hardware and network support issues.
• Received Real3D Corporate Recognition Award for client/server implementation.

Installed, administered, secured and supported Novell and Windows Server operating systems in networked environment.

Provided Windows, Microsoft Office and email server support.
Managed backup servers and tape libraries (IBM, HP, and Quantum).

Supervised hardware/laptop lab staff and maintained spare parts and inventory.

• Oversaw and managed operational and security requirements for numerous computers in network, related systems administration and regular maintenance.
• Successfully implemented and maintained Citrix virtualized multi-user server and clients resulting in improved remote access functionality.
• Maintained reliability thorough understanding of local area and wide area networking and components.
• Received letters of commendation from Caltex Board of Directors.

Administered technical support as member of Microsoft launch team for Windows operating system. Supported installation, configuration, networking, and usage issues for customers.

• Chosen to furnish Premier, contract and fee-based weekend support.
• Exceeded daily and monthly support goals with average of 110%.
• Recognized for outstanding customer service by Microsoft POS team.