Alexander Scott, CISSP

Technology & Security Innovation | Risk Management | Cross-Functional Leadership

Boyne City, MI, United States

Details

Education: Bachelor of Science

Information Systems Security

ITT Technical Institute

2010 : 2015

Experience: As a Director of Information Security, I provide technical direction, strategic vision, and effective leadership for the organization's cybersecurity program, safeguarding students' and employees' information. Leveraging analytical skills, I tactfully negotiate contracts with third parties, conduct risk assessments, and ensure compliance with regulatory requirements. I utilize my communication skills to collaborate with cross-functional IT teams to design and suggest secure solutions according to business needs. I update the Senior Executive Staff and Board of Directors on risk and remediation plans. I play an integral role in overseeing and allocating a cybersecurity budget to meet business needs. In addition, I act as the core decision-maker for all vendor contract negotiations.

Highlights of accomplishments in this role include :

• Increased company growth by implementing strategic plans, conducting risk assessments during due diligence, and leading the acquisition and transition to the UTI brand.

• Designed and rolled out a security program to fulfill all new regulatory requirements and GLBA safeguards.

• Envisioned and presented a five-year security roadmap in alignment with the organization's growth plans.

2022 : Present

Universal Technical Institute, Inc.

Director Information Security

In this tenure, I redeveloped and deployed cybersecurity, risk management, and compliance programs aligned with business goals. Boosted team performance by serving as a hands-on technical lead and mentor. I used my leadership acumen to build and manage the organization's cybersecurity team for recruiting, training, and leading new staff. Apart from this, I headed overall information security department operations.

Highlights of accomplishments in this role include :

• Implemented new technology to minimize disruption to employees and faculty during the COVID period, ensuring the successful transition to a remote work environment.

• Orchestrated and led a comprehensive cybersecurity training and awareness program.

• Structured risk management program to identify and evaluate the security and operational risks to business executives.

• Steered efforts to re-architect the company's Azure environment in alignment with Microsoft and industry best practices.

2020 : 2022

Universal Technical Institute, Inc.

Information Security Manager

My core focus during this role was to eliminate security gaps by utilizing and applying technologies. I was tasked with creating a risk management program to identify gaps and build risk remediation. This role has also allowed me to ensure compliance requirements with PCI, FERPA, GLBA, HIPAA, and CCPA. I showed remarkable talent in developing information security programs from the ground up, including policy, risk management, tech, compliance, and regulatory standpoint.

Highlights of accomplishments in this role include :

• Launched the organization's first cybersecurity program and deployed MFA throughout the organization.

• Installed Microsoft's Cloud App Security platform to deliver CASB services.

• Formulated an effective data loss prevention strategy using ForcePoint and Azure Information Protection.

• Utilized InsightVM and AppSpider for the development of a vulnerability management program.

• Implemented Rapid7's InsightIDR SIEM to support security operations.

• Conceptualized an incident response plan, including a comprehensive crisis communication and data breach plan.

2015 : 2020

Universal Technical Institute

Information Security Engineer

In this position, I improved the organization security posture by designing policies and deploying security technologies. I built associations with business staff to develop and deploy policies, procedures, and security controls for supporting HIPAA compliance. I managed security tools to detect and respond to cybersecurity threats. I proactively engaged senior leadership to discuss risks and the organization's security posture. In harmony with these duties, I led the successful implementation of Sophos e-mail gateway, full disk encryption, web filtering, endpoint protection products, and internal Microsoft Public Key Infrastructure.

Highlights of accomplishments in this role include :

• Minimized risk by building the program from the ground up and tackling regulation challenges.

• Streamlined company technical operations by complying with HIPAA security and privacy requirements.

• Designed and employed a vulnerability management program leveraging Nexpose.

• Devised and proposed an effective SIEM solution utilizing AlienVault.

2013 : 2015

Hospice of the Valley

Information Security Officer

While working here as Manager, Information Technology, I was instrumental in overseeing a wide range of IT duties for the entire Western region, including seven corporate offices and hundreds of managed properties. I organized 50% travel throughout the western US to liaise with various corporate leaders of each state, fulfilling technical needs and interacting with property owners to address support requests. I supervised and advised infrastructure team supporting Greystar's western region, including seven corporate offices and various multi-family properties. To drive innovation across all IT activities, I provided end-to-end infrastructure support, ensured security operations management, and coordinated PCI compliance efforts.

Highlights of accomplishments in this role include :

• Increased customer satisfaction by guiding staff and property owners regarding delivering IT support to clients.

• Established and launched two new corporate offices across the Western Region.

• Set and achieved SLAs while enabling process improvements for leases and supporting corporate offices.

• Protected guest computers at all properties by implementing Deep Freeze software.

2011 : 2013

Greystar

IT Manager

Company: Universal Technical Institute, Inc.

Years of Experience: 16

Skills

CASB, CISSP, Cloud Security, CompTIA Security+ Certified, DLP, ForcePoint, HIPAA, Information Security Management, JSA, MobileIron, Nessus, NeXpose, Payment Card Industry Data Security Standard (PCI DSS), QRadar, Qualys, Risk Management, Security Information and Event Management (SIEM), Security Policy, UserInsight, Vulnerability Management

About

As a risk-focused and analytical professional, I have proven experience in formulating and implementing effective security strategies and frameworks to protect an organization's cyber and technology assets.

With 15+ years of experience, my greatest successes are based on excellence in information security, cross-functional leadership, and risk management. I hold a proven record of delivering cutting-edge security solutions to reduce organizational risk while ensuring the confidentiality and integrity of electronic information. Leveraging my leadership and problem-solving capabilities, I have helped Universal Technical Institute to successfully transition into a remote work environment by implementing new technology that minimized disruption to employees and faculty during the COVID period.

I am well-versed in overseeing the deployment of EDR, FIM, DLP, CASB, automation, and firewall enhancements to enable proactive risk management. As a determined leader with a keen focus on team performance and collaboration with cross-functional departments, I have successfully led technical and non-technical teams in technology integrations, security compliance, and process improvement.

A few of my career highlights include:

• Increased company growth by implementing strategic plans, conducting risk assessments during due diligence, and leading the acquisition and transition of companies to the UTI brand at Universal Technical Institute.

• Envisioned and presented a five-year security roadmap in alignment with the organization's growth plans.

• Orchestrated and led a comprehensive cybersecurity training and awareness program for team members.

• Oversaw the deployment of numerous new security tools and enhancements, such as EDR, FIM, DLP, CASB, automation, firewall enhancements, incident response enhancements, and SIEM enhancements.