Philip Harris
Fort Worth,TX
Summary
Senior Information Security and Privacy professional with over 30 years of experience in Banking, Brokerage, Insurance, Manufacturing, Pharmacy, Consumer Retail, Industry Research, and Software systems, focused on developing and implementing strategic information security and privacy programs and projects resulting in a proactive and pragmatic balance between security risk versus business need, significantly decreased security threats and vulnerabilities, and compliance with regulatory (i.e., HIPAA, PCI, SOX, etc) and corporate policies against a rapidly changing technological and threat landscape. Pragmatic professional with solid experience in leadership roles. Adept at implementing strategic business plans, driving growth and improving operations. Skilled in financial management and stakeholder relations. Collaborative and dedicated to building and leading talented and motivated individuals.
Overview
30
30
years of professional experience
1
1
Certification
Work History
Chief Technology Officer
eMagined Security, Inc
07.2014 - Current
- Provide security consulting services to organizations across a variety of industries
- Engagements include: Provide executive 'virtual' CISO services to develop and drive forward security objectives, assess the current state of security, perform risk assessments, develop policies, develop budget, Developed Risk Management technology that expedites the security assessment process including total cost of ownership, strategic roadmap and vision
- Develop and deliver Board of Directors' security presentations and updates
- Work customers to identify, understand and define business problems related to security, create effective strategies for success, and develop pragmatic solutions that both make a difference and address business needs
- Provide guidance in the areas of security program maturity, architecture, strategy and resilience to sophisticated attacks leveraging a combination of next generation security program concepts, advanced security intelligence capabilities, and mastery of security fundamentals.
Sr. Principal Information Security Strategist
Symantec Corporation
06.2009 - 06.2014
- Provided key security leadership and direction for strategic direction and vision to aide in driving solution enhancements and capabilities addressing customer needs supporting business vision and goals
- Directly supports Security Business Unit Executives, Sales Organizations and Customers as an extension of Symantec's CTO Office
- Provide security strategy and direction as a trusted advisor to security executives, business leaders, and IT executives and management to large enterprise customers.
Information Security Consultant
eMagined Security, Inc
04.2006 - 05.2009
- Provided security consulting services to major financial services organizations
- Engagements include: Managed PCI certification assessment by coordinating assessor team activities with management, developed and implemented technical project plan, and documented and reported status
- Delivered technical project plan required for regulatory and audit compliance program
- Performed technical vulnerability assessment for critical enterprise access ingress system
- Provided security architecture and design leadership of a compliance management framework.
Vice President, Chief Information Security Officer
Washington Mutual Card Services (formerly Providian Financial)
09.2005 - 04.2006
- Responsible for consolidating, leading and re-building Information Security and Business Continuity functions
- Primary responsibilities include planning, preparation and execution of activities required for integration of functions with the corporate parent organization while maintaining and enhancing security posture for the business unit
- Consolidated, staffed and led existing information security and business continuity functions
- Developed, delivered and executed plans to consolidate and integrate the information security and business continuity functions between the new business unit and corporate security organization
- Organized and refocused major projects including: Audit and Compliance Remediation; Security Environment Vulnerability Assessments (PCI, Application, and Network); Annual Business and Technology Recovery Exercises; and Business Impact Assessment Program
- Developed and implemented executive Information Security dashboard metrics, reports and supporting processes.
Information Security Consultant
eMagined Security LLC
02.2005 - 11.2005
- Provided consulting services to major financial services organizations
- Sample engagements include: Delivered technical project plan required for regulatory and audit compliance program
- Provided project management services, and detailed and executive-level reporting for annual penetration testing
- Establishing framework and proposal for integrated executive and departmental dashboard reporting
- Provided consulting support for development of a compliance management framework.
Vice President, Information Security Officer
Safeway, Inc.
05.2003 - 01.2005
- Responsible for implementing strategic security program to proactively and pragmatically protect and secure corporate information assets
- Developed, staffed, and led a high performing, world-class information security function
- Organized and refocused eight multi-million dollar security projects to remediate audit findings
- Implemented an Information Security program creating demonstrable business value to the customer
- Developed and implemented full suite of Information Security policies, standards and procedures
- Established processes and services to manage regulatory drivers such as HIPAA, PCI & SOX
- Spearheaded implementation of in-depth technology vulnerability assessments and security awareness programs to manage risk and enhance cultural awareness of information security
- Developed and implemented incident management process and procedures.
Vice President, Global Information Risk Manager
JP Morgan Chase
04.2002 - 05.2003
- Managed and led an effective Global Risk Consulting practice, targeted to all technology-related issues focused on delivery of high quality in depth risk management services and training
- Provided continuous technology and facility vulnerability assessments and influenced the customer to implement cost-effective and pragmatic security controls and/or solutions
- Cultivated global customer relationships to foster increased awareness of risk within the business environment through awareness training and communications
- Provided support to Business Continuity and Contingency exercises and events globally
- Conducted business and Third Party process, technology and facility Due Diligence and Physical Security Assessments globally.
Managing Director, Information Security Risk Management; Technical Director, Technology Risk Management; Strategy and Architecture; Security Engineering
Charles Schwab & Co., Inc.
10.1996 - 04.2002
- Managed and led an effective corporate Risk Consulting practice targeted to all technology-related projects focused on delivery of high quality in-depth security risk assessments.
Sr. Staff, Security Engineering; Interim Manager, Security Engineering
Fidelity Investments
01.1995 - 01.1996
Education
UC Berkeley
01.2002
B.S. Degree - Management Information Systems
University of Phoenix
01.2000
A.S. Degree - Computer Programming
N.E. Institute of Technology
01.1987
Skills
- Operations Management
- IT Infrastructure Management
- Strategic Planning
- Training and mentoring
- Risk Management
- Staff Management
- Contractor Oversight
- Data Analysis
- Project Management
- Data Collection
- Negotiation
- IT risk management
- Product Management
- Information Security
- System Architecture
- Budget Administration
- Enterprise Architecture
- Software Architecture
- Cybersecurity Expertise
- IT Governance
- Corporate strategy development
- Technology Roadmapping
- Data Privacy Compliance
- Leadership and People Development
- Teamwork and Collaboration
- Problem-Solving
- Executive Leadership
- Excellent Communication
- Organizational Skills
- Analytical Thinking
- Employee Motivation and Performance
- Compliance Oversight
- Performance metrics analysis
Wideranginginformationsecurityexpertise
- Enterprise security Strategy / Architecture
- Effective Risk Assessment / Secure Process Flows
- Threat / Vulnerability Assessment
- Security Policies / Standards
Comprehensivetechnologyexperience
- Cloud and Mobile Technologies
- Multi-Tier / Multi-Platform Client Server
- ECommerce / Networks
- Offshore / Outsourcing
Certificationsandmemberships
- Certified Information Systems Security Professional (CISSP)
- Certified Cloud Security Professional (CCSK)
- International Information Systems Security Certification Consortium (ISC2)
- Information Systems Security Association, Silicon Valley and San Francisco Chapters
Technicalsummary
HIPPA, PCI, ISO 27000/1/2, Process Engineering, Risk Assessment, Program Management, Project Management, Legislation and Regulation Analysis, Technical Writer, Windows, Unix, AIX, MVS, Oracle, LDAP, DNS, UDB/DB2, SQL, CICS, MQ, NDM, FTP, IIOP, WAP, PCT, SSL, HTTP, ACF2, Top Secret, RACF, SSH, SecurID, Kerberos, CGI, ActivX, Java, Servlet, Assembler, AES, 3DES, SHA, MD5, RC4, RSA, PGP, Web Gateways, Endpoint Controls, Intrusion Detection and Prevention, Anti-Malware, Content Monitoring, Monitor, Logs, Forensics, Integration, QUALYS Vulnerability Management, Identity and Access Management, Threat and Vulnerability Management, Incident Management and Vulnerability Assessments, IOS/Droid Mobile Security, Cloud Security.
Accomplishmenthighlights
- Provide strategic guidance enabling alignment between customer security priorities, threat landscape and rapidly changing technologies, especially relating to cloud and mobility, driving significant revenue.
- Orchestrated dramatic 300% per consultant improvement in efficiency and effectiveness of security and privacy vulnerability assessment and Third Party Due Diligence programs by developing and implementing streamlined methodologies, processes, deliverables, service levels and operating metrics resulting in increased quality, timeliness, cost-effectiveness, and accuracy of customer results.
- Designed and implemented a Security and Privacy Compliance Management Framework that enabled and empowered a large-scale IT organization to manage the systems development lifecycle, applications and data from creation/procurement to disposal resulting in the secure disposition of data and systems.
- Innovative enterprise security and privacy program leader with proven ability to identify and implement cost-effective solutions while leveraging existing technologies, using a combination of People, Process, and Solutions to maximize the overall investment and maintain over time.
Personal Information
Title: CISSP, CCSK
Accomplishments
- Achieved [Result] by introducing [Software] for [Type] tasks.
- Documented and resolved [Issue] which led to [Results].
- Supervised team of [Number] staff members.
- Achieved [Result] by completing [Task] with accuracy and efficiency.
- Achieved [Result] through effectively helping with [Task].
- Resolved product issue through consumer testing.
- Collaborated with team of [Number] in the development of [Project name].
Certification
- CISSP - Certified Information System Security Professional
- Certified [Job Title], [Company Name] - [Timeframe]
- [Area of certification] Training - [Timeframe]
- [Area of certification], [Company Name] - [Timeframe]
Timeline
Chief Technology Officer
eMagined Security, Inc
07.2014 - Current
Sr. Principal Information Security Strategist
Symantec Corporation
06.2009 - 06.2014
Information Security Consultant
eMagined Security, Inc
04.2006 - 05.2009
Vice President, Chief Information Security Officer
Washington Mutual Card Services (formerly Providian Financial)
09.2005 - 04.2006
Information Security Consultant
eMagined Security LLC
02.2005 - 11.2005
Vice President, Information Security Officer
Safeway, Inc.
05.2003 - 01.2005
Vice President, Global Information Risk Manager
JP Morgan Chase
04.2002 - 05.2003
Managing Director, Information Security Risk Management; Technical Director, Technology Risk Management; Strategy and Architecture; Security Engineering
Charles Schwab & Co., Inc.
10.1996 - 04.2002
Sr. Staff, Security Engineering; Interim Manager, Security Engineering
Fidelity Investments
01.1995 - 01.1996
UC Berkeley
B.S. Degree - Management Information Systems
University of Phoenix
A.S. Degree - Computer Programming
N.E. Institute of Technology
Similar Profiles
David SolarteDavid Solarte
Vulnerability Assessment and Penetration Tester at Emagined SecurityVulnerability Assessment and Penetration Tester at Emagined Security
Alvin ArmanyAlvin Armany
Building Evacuation Supervisor-Fire Watch-Security Professional SpecialistContingency at Arrow Security;Mulligan Security; Classic Security; MAXIMUM Security; Security USA Inc.;AlliedBarton Security ServicesBuilding Evacuation Supervisor-Fire Watch-Security Professional SpecialistContingency at Arrow Security;Mulligan Security; Classic Security; MAXIMUM Security; Security USA Inc.;AlliedBarton Security Services
Hibba Tul BaseerHibba Tul Baseer
Security Officer at Bardwood Security ,Leon Security & Samsic SecuritySecurity Officer at Bardwood Security ,Leon Security & Samsic Security
Marcos SalazarMarcos Salazar
Civil Engineering Intern at Charles Crook ConsultingCivil Engineering Intern at Charles Crook Consulting
Lillian KnothLillian Knoth
Shift Supervisor at StarbucksShift Supervisor at Starbucks