Reginald J. Williams
Coeur D'Alene,ID
Summary
Cybersecurity leader with 15+ years of expertise in safeguarding valuable company assets, including privacy, intellectual property, customer-sensitive data, and critical business systems. Skilled in balancing data accessibility and implementing cloud security technologies. Renowned for enhancing corporate efficiencies, reducing risk, and mitigating future impact. Maintains a stellar record of zero data and privacy breaches. Utilizes a pragmatic situational leadership approach, combined with integrity and an engaging communications style, to synchronize teams, effectively communicate goals, mission, and vision statements, and gain executive buy-in.
Overview
31
31
years of professional experience
1
1
Certification
Work History
Senior Manager Cybersecurity, Privacy & Compliance (CISO)
Aptihealth Inc
03.2022 - Current
- Cybersecurity, security audits, Privacy, and compliance reporting for 350,000 members
- Delivered cybersecurity, security audits, Privacy, and compliance reporting for members
- Lead / direct cybersecurity audits & compliance issues members, employees, staff, and leadership
- Successfully passed security audits where previously failed
- Reported to the Chief Technology Officer successfully ensured that cybersecurity resource allocation aligned with senior executives
- Create strategic roadmaps and plans to ensure the availability, integrity, and confidentiality of patient/customer information
- Standardized cybersecurity procedures/protocols across company
- Developed and deployed Archer@ risk assessments, internal and vendor findings, and exceptions; presented best-practice solutions
- Revised vulnerability scanning/penetration program results delivered workflows and program development to top management
- Prepared CSO recommendations for operational improvements and planned/led periodic security team meetings
- Coordinated, identified, and accessed management groups to deliver quarterly reviews on enterprise-wide accounts, persuasively leadership on complex approaches in simple terms for GRC threat Intel
Network / Cybersecurity Manager (CISO)
Northern Quest Resorts & Casino
07.2021 - 02.2022
- Lead all aspects of cybersecurity for two hotels, two casinos, and golf course - 60K square-feet
- Manage network firewalls, servers, switch devices, desktops, and laptop devices
- Direct cybersecurity program for online sports betting / gaming technologies and plan in production, on time, on budget
- Navigate security awareness education/phishing for hotel/casino organization
- Guide team to facilitate compliance to OWASP, HIPAA, HITRUST, GDPR, DSS PCI and NIST standards
- Procure SOC for 24/7/365 network coverage
- Purchase multiple security products in vulnerability management scanning, IDS, PKI, end point security, procure of new switch/ hardware, reducing end-of-life equipment
- Create risk assessment security plan for gaming network and support from CIO / gaming business leadership
- Support network, systems administration (SYSADM), and application team to review AD, application security / accounts, hotel reservations, help desk, special state reports, Active Directory, MS Azure, Windows, and account management analysis / reviews
- Secured remote access, drove efficiencies, executed security architecture, data retention and classification management
- Unveiled robust incident management plans with superb disaster recovery at casino accomplished
- Transformed casino security maturity level from zero to seven within 15 months
- Eliminated 98% of old or staled accounts, passing external audits in timely manner
- Removed and clean up active directory accounts
- Implemented VPN and MFA for remote access
- Mitigated 95% of staled and unused application accounts and passed 3 external audits for 120+ different applications
- Reduced forty pieces of old stored datasaved $1M
- Identified and retained data based upon data classification
- Created data retention policy and data classification procedure
- Lead security for DevOps, OS365, Azure and AWS infrastructures using Agile
- Drove 90% fewer security incidents
- Rolled out phishing training on monthly basis to include metrics and reporting
- Educated staff on navigating unusual external emails
- Briefed business executives on Threat Intelligence on a quarterly basis
- Led 5 staff and 20 indirect staff of Help Desk professionals
Information Security Consultant (External)
Xcel Energy
04.2020 - 07.2021
- Drove expertise on governance risk and compliance strategies, coordinated with CSO to devise and deploy information security goals
- Significantly decreased vulnerabilities and improved vulnerability scanning, penetration testing, and delivered real-time reports
Information Security Consultant
MN State Department of Transportation & Avanade
11.2017 - 03.2020
- Performed security risk assessments, created external customer documents, including multiple security policies/standards, procedures, and response plans for networked systems
- Directed installation of MS Enterprise software on 5,000 desktops and laptops to manage major security event
- Drove remote access from devices
- Proposed recommendations to state government agencies for MS Azure innovations investment / capital expenses in cloud technology and infrastructure to secure data/applications
Security Consultant
Blue Cross Blue Shield (BCBS) of MN
02.2014 - 11.2017
- Supported HITRUST initiatives by performing staff interviews, risk assessments, and audits on multiple systems
- Efficiently safeguarded patient data according to highest risk management and compliance standards / supplier evaluations
- Collected and analyzed security artifacts, screenshots, procedure documents; performed gap analysis and related reporting
- Created information security documentation for administrative, technical, and physical security controls in alignment with HIPAA, HITRUST, PCI, and federal/state security mandates using project management principles
- Fostered secure remote access with launch of secure VPN system with user-based authentication to 100% of remote using metrics and reporting; enabled authenticated users to access systems
- Quarterly VPN review and OS365 accounts for removal
- Promoted successful passing of all audits via due diligence and commitment to stringent regulatory compliance
- Executed sixty risk and control assessments on servers, applications, and medical equipment and devices
- Provided expertise and guidance on physical areas, information security, and privacy findings
- Improved technologies and cut lead times in completion of business continuity process improvements risk management
- Gained sixty business control assessments / technical consulting / capital expenses
- Completed forty third-party security risk assessments
- Provided recommendations with vendors on findings and remediation
Information Protection Manager
CIGNA
01.2011 - 02.2014
- Completed thirty-five vendor management risk/privacy assessments across global-wide enterprise
- Drove vendor anti-breach measures via precise analysis of current technical controls/policies and physical security
- Achieved cost-effective results while reducing risks and vulnerabilities
- Supported enterprise wide IS security program that fuelled corporate governance, compliance, define requirements and implemented internal controls
Security Consultant
MEDTRONIC
01.2007 - 01.2011
- Led and managed security consulting for global privacy security office (GPSO)
- Conducted 145 external assessments
- Established strong alliances; executed strategic goals coordinated with vendors, CIOs, business leaders, and IS officers
Chief Information Security Officer
MS State Department of Employment & Economic Development
01.2003 - 01.2007
Manager, IS, Engineering Group
Delta Airlines
01.1998 - 01.2003
- Managed and motivated employees to be productive and engaged in work.
- Cross-trained existing employees to maximize team agility and performance.
- Controlled costs to keep business operating within budget and increase profits.
- Resolved staff member conflicts, actively listening to concerns and finding appropriate middle ground.
- Maximized performance by monitoring daily activities and mentoring team members.
- Lead 16 employees within the Security Engineering team of professionals
Manager, Information Security
The Boeing Company
01.1994 - 01.1998
Education
M.A. - Organizational Development and Leadership
Gonzaga University
Spokane, WAB.B.A. - Management
Wharton Business School - University of Pennsylvania
Philadelphia, PAInformation Risk & Security
ITT Technical Institute
Eden Prairie, MNSkills
- Cybersecurity Controls
- Business / Supplier Security
- Regulatory Compliance
- Risk Assessment / External Audits
- Program / Project Management
- Leadership / Operations
- Internal Controls / Technical Consulting
- Change Management / Facilitator
- Cloud Security
- Training & Awareness
- Infrastructure / Network Security
- Security Budgets & Metrics
- Strategic Communications
Major Accomplishments
- Obtained $7M airline budget, passed PCI in 6 months
- Co-writer ASIS Chief Security Officer (CSO) Guideline, world-wide
- Contacted by White House Personnel on Cybersecurity
- Zero data / privacy breaches during entire career
- Leadership & Management Degrees
- U.S. Army Military Intelligence Officer - Captain, Top Secret/SCI/SBI
- Lead / manage diverse cybersecurity teams resulting in passing audits
Certification
- CISSP
- CISM
- CPP
- CIPP/US
- FSO
- ISSO
Affiliations
- American Society for Industrial Security (ASIS) International
- International Association of Privacy Professionals (IAPP)
- Information Systems Audit and Control Association (ISACA)
- InfraGard
- ISC2
Timeline
Senior Manager Cybersecurity, Privacy & Compliance (CISO)
Aptihealth Inc
03.2022 - Current
Network / Cybersecurity Manager (CISO)
Northern Quest Resorts & Casino
07.2021 - 02.2022
Information Security Consultant (External)
Xcel Energy
04.2020 - 07.2021
Information Security Consultant
MN State Department of Transportation & Avanade
11.2017 - 03.2020
Security Consultant
Blue Cross Blue Shield (BCBS) of MN
02.2014 - 11.2017
Information Protection Manager
CIGNA
01.2011 - 02.2014
Security Consultant
MEDTRONIC
01.2007 - 01.2011
Chief Information Security Officer
MS State Department of Employment & Economic Development
01.2003 - 01.2007
Manager, IS, Engineering Group
Delta Airlines
01.1998 - 01.2003
Manager, Information Security
The Boeing Company
01.1994 - 01.1998
B.B.A. - Management
Wharton Business School - University of Pennsylvania
Information Risk & Security
ITT Technical Institute
M.A. - Organizational Development and Leadership
Gonzaga University
Similar Profiles
EMILY SCHUTTERSEMILY SCHUTTERS
Consumer Loan Processor at BECUConsumer Loan Processor at BECU
Sandra PaulsSandra Pauls
LPN at Valley OB/GYNLPN at Valley OB/GYN
Christy Gomez WhiteChristy Gomez White
Procurement Specialist at Self ContractedProcurement Specialist at Self Contracted
Kaden NelsonKaden Nelson
Apprentice Plumber at Sampson Plumbing and Heating Inc.Apprentice Plumber at Sampson Plumbing and Heating Inc.
NIKHIL THAKURNIKHIL THAKUR
Assistant Vice President at TrafiguraAssistant Vice President at Trafigura