Profiles search
Chad Tracy CISSP
Director of Information Security, Privacy and Compliance at Bates College
Waterville, ME, United States
Details
Education:
Bachelor of Science (BS)
Information Systems Security
ECPI University
2009 : 2010
Lawrence High School, Fairfield, Maine
1990 : 1994
Information Systems Security
ECPI University
2009 : 2010
Lawrence High School, Fairfield, Maine
1990 : 1994
Experience:
I am responsible for coordinating a comprehensive College-wide program in information security and privacy to ensure that the College is complying with all applicable laws and standards. I work directly with leadership throughout the College to develop and implement a program that mitigates risks throughout the institution, while balancing security and business needs. I am fully committed in ensuring that data in all forms, as well as the systems and networks used to transmit, store and provide access to those data are designed, configured and operated in a manner that ensures security, integrity, privacy, and compliance with statutory and regulatory requirements.
KEY ACCOUNTABILITIES
- Coordinate Bates' Information Security Program
- In collaboration with the College community, assume overall responsibility for developing and
maintaining the campus information security roadmap for ensuring the security of technology
services, computer systems, data networks and data
- Balance the need to provide vision, strategy, and long-range planning with hands-on responsibilities
- Conduct and review ongoing vulnerability assessments of networks and systems
- Develop, maintain, and review security configuration data on firewalls and related security software
and/or services
- Inspect system and network log and event data for integrity and anomalous activity
- Responsible for responding to auditor inquiries related to information security, privacy, and compliance
- Assist in vendor product/services assessments to evaluate information security risks
- Assist campus partners in issues of data collection and storage for privacy implications
- Interface with law enforcement and government agencies, as needed
- Facilitate the communication of policies, practices, and awareness to the College community as a
whole
- Act as a member of the IT Management Team to achieve functional, organizational, and budgetary
goals.
2018 : Present
Bates College
Director of Information Security, Privacy and Compliance
I was responsible for the strategic and operational direction of Colby’s information security program. I worked collaboratively with campus leadership and stakeholder groups to build shared ownership of information security across the institution. I developed and maintained programs including information security policy and standards; information security awareness and training; information security incident response and management; risk assessment and management; and information security-related information technology (IT) architecture.
As the director of information security I demonstrated a commitment to ensure that data in all forms, as well as the systems and networks used to transmit, store, and provide access to it were designed, configured, and operated in a manner that ensured security, integrity, privacy, and compliance with statutory and regulatory requirements.
2015 : 2018
Colby College
Director of Information Security
Job Purpose :
As the Senior Information Security Support Analyst I am responsible for information security readiness through designing and delivering information security education, training, and awareness activities; leading incident response; maintaining information security policy; and managing compliance of federal, state, and industry mandated programs and university security policies.
Recent accomplishments in Information Security Compliance in 2015 :
Significant changes in the Payment Card Industry warranted increased involvement from Information Security as the requirements increased by 30% with more than 70 requirement changes. Of significance, external penetration testing increased to 20 merchants versus 5. Through the RFP process I competitively obtained a 3-year penetration testing contract as well as a 4-year compliance validation services contract. The penetration testing contract provide in-site assessment of controls to prevent remote system access, while the compliance validation services contract provides for an assessment portal, external scanning, and quality security assessor (QSA) services. I took the lead in re-writing the UMS requirements and processes in a Credit Card Administrative Practice Letter (APL).
To mitigate the increased rigor of PCI-DSS 3.0 coupled with the long-lasting technical complexities of the self-assessment process for merchants, I implemented a new practice in which IT prepares an attestation for merchants. This resulted in a much simpler and streamlined approach where each responsible IT department attest to only the requirements within their core competencies.
Recent accomplishments in incident response for 2015 :
In Information Security, responding expeditiously to incidents continues to be the highest priority. Internal notification to senior leaders are typically performed within hours of discovery. Contracts for expedited individual notification and credit monitoring and forensic services were attained.
2011 : 2015
University of Maine System
Senior Information Security Support Analyst
I provided customer support in the form of hardware and software for 16 Rite Aid Pharmacies and ensured proper preventive maintenance of Wincor Point-Of-Sale registers, Dell workstations, Linux and Windows servers, Lexmark laser printers, and peripherals was completed.
Responded to all open tickets and expediently resolved tickets to comply with SLAs. Managed field services roll out of 16 store's hardware upgrade which included; Cisco firewalls 851, registers Wincor, workstations, servers, and printers. Installation and configuration was completed at the store level.
Manage over 750 assets in 16 stores over one of the largest geographical locations in the company with an accuracy rating over 99%.
2002 : 2011
Rite Aid
Level 3 Field Technician
Managed teams of 50 enlisted men and woman in both food preparation and the storing of food rations, while preparing over 3000 meals daily.
Managed two dry provisions store room with unprecedented perfect inventories every time. Value of stores was valued at $500,000 dollars.
1994 : 2001
US Navy
Cook
KEY ACCOUNTABILITIES
- Coordinate Bates' Information Security Program
- In collaboration with the College community, assume overall responsibility for developing and
maintaining the campus information security roadmap for ensuring the security of technology
services, computer systems, data networks and data
- Balance the need to provide vision, strategy, and long-range planning with hands-on responsibilities
- Conduct and review ongoing vulnerability assessments of networks and systems
- Develop, maintain, and review security configuration data on firewalls and related security software
and/or services
- Inspect system and network log and event data for integrity and anomalous activity
- Responsible for responding to auditor inquiries related to information security, privacy, and compliance
- Assist in vendor product/services assessments to evaluate information security risks
- Assist campus partners in issues of data collection and storage for privacy implications
- Interface with law enforcement and government agencies, as needed
- Facilitate the communication of policies, practices, and awareness to the College community as a
whole
- Act as a member of the IT Management Team to achieve functional, organizational, and budgetary
goals.
2018 : Present
Bates College
Director of Information Security, Privacy and Compliance
I was responsible for the strategic and operational direction of Colby’s information security program. I worked collaboratively with campus leadership and stakeholder groups to build shared ownership of information security across the institution. I developed and maintained programs including information security policy and standards; information security awareness and training; information security incident response and management; risk assessment and management; and information security-related information technology (IT) architecture.
As the director of information security I demonstrated a commitment to ensure that data in all forms, as well as the systems and networks used to transmit, store, and provide access to it were designed, configured, and operated in a manner that ensured security, integrity, privacy, and compliance with statutory and regulatory requirements.
2015 : 2018
Colby College
Director of Information Security
Job Purpose :
As the Senior Information Security Support Analyst I am responsible for information security readiness through designing and delivering information security education, training, and awareness activities; leading incident response; maintaining information security policy; and managing compliance of federal, state, and industry mandated programs and university security policies.
Recent accomplishments in Information Security Compliance in 2015 :
Significant changes in the Payment Card Industry warranted increased involvement from Information Security as the requirements increased by 30% with more than 70 requirement changes. Of significance, external penetration testing increased to 20 merchants versus 5. Through the RFP process I competitively obtained a 3-year penetration testing contract as well as a 4-year compliance validation services contract. The penetration testing contract provide in-site assessment of controls to prevent remote system access, while the compliance validation services contract provides for an assessment portal, external scanning, and quality security assessor (QSA) services. I took the lead in re-writing the UMS requirements and processes in a Credit Card Administrative Practice Letter (APL).
To mitigate the increased rigor of PCI-DSS 3.0 coupled with the long-lasting technical complexities of the self-assessment process for merchants, I implemented a new practice in which IT prepares an attestation for merchants. This resulted in a much simpler and streamlined approach where each responsible IT department attest to only the requirements within their core competencies.
Recent accomplishments in incident response for 2015 :
In Information Security, responding expeditiously to incidents continues to be the highest priority. Internal notification to senior leaders are typically performed within hours of discovery. Contracts for expedited individual notification and credit monitoring and forensic services were attained.
2011 : 2015
University of Maine System
Senior Information Security Support Analyst
I provided customer support in the form of hardware and software for 16 Rite Aid Pharmacies and ensured proper preventive maintenance of Wincor Point-Of-Sale registers, Dell workstations, Linux and Windows servers, Lexmark laser printers, and peripherals was completed.
Responded to all open tickets and expediently resolved tickets to comply with SLAs. Managed field services roll out of 16 store's hardware upgrade which included; Cisco firewalls 851, registers Wincor, workstations, servers, and printers. Installation and configuration was completed at the store level.
Manage over 750 assets in 16 stores over one of the largest geographical locations in the company with an accuracy rating over 99%.
2002 : 2011
Rite Aid
Level 3 Field Technician
Managed teams of 50 enlisted men and woman in both food preparation and the storing of food rations, while preparing over 3000 meals daily.
Managed two dry provisions store room with unprecedented perfect inventories every time. Value of stores was valued at $500,000 dollars.
1994 : 2001
US Navy
Cook
Company:
Bates College
Years of Experience:
28
Skills
Cloud Security, Computer Forensics, Computer Security, FERPA, Firewalls, Governance, Risk Management, and Compliance (GRC), HIPAA, Incident Response, Information Assurance, Information Security, Information Security Awareness, Information Technology, Intrusion Detection, IT Security Assessments, PCI DSS, PCI Standards, Risk Assessment, Security Audits, Security Training, Troubleshooting, Wireless Networking
About
Experienced Director Information Security with a demonstrated history of working in the higher education industry. Skilled in, Information Security Awareness, Information Assurance, Information Security, data governance, compliance (FERPA, HIPAA, PCI) and Information Technology. Strong information technology professional with a Bachelor of Science (BS) focused in Information Systems Security from ECPI University.
Profile Photo
