Profiles search
Doug Schaible
Manager, Information Security & Identity Access Management
Stockertown, PA, United States
Details
Education:
Linux Enterprise Incident Response
Information Security, Forensics
Mandiant FireEye
2020 : 2020
Helix Threat Analytics & Cyber Threat Hunting
Information Security
Mandiant FireEye
2020 : 2020
Investigations with FireEye Endpoint Security
Information Security
Mandiant FireEye
2020 : 2020
Defending Web Applications
DEV522
SANS
2012 : 2012
Ethical Hacking
Ethical Hacking
EC Council
2011 : 2011
Information Security, Forensics
Mandiant FireEye
2020 : 2020
Helix Threat Analytics & Cyber Threat Hunting
Information Security
Mandiant FireEye
2020 : 2020
Investigations with FireEye Endpoint Security
Information Security
Mandiant FireEye
2020 : 2020
Defending Web Applications
DEV522
SANS
2012 : 2012
Ethical Hacking
Ethical Hacking
EC Council
2011 : 2011
Experience:
2021 : Present
Victaulic
Manager, Information Security & Identity Access Management
Lead a team of Compliance Engineers responsible for maintaining compliance with both internal standards and external information security regulatory requirements.
Management of Tiffany's PCI-DSS v3.2 certification. Ensure all controls are effective and relevant to most current standards. Maintain the PCI scope and adjust as business processes change and new technology is introduced. Implement new processes and systems to address PCI requirements and reduce the overall business risk. Lead annual audits, coordinate evidence collection and review with multiple departments and external auditors.
Implement and maintain a comprehensive global vulnerability management program. Provision and maintain multiple solutions to identify, track and confirm remediation of vulnerabilities across all systems on both the corporate network and externally hosted solutions.
Provision and maintain a enterprise GRC solution to document issues/remediation plans as well as corrective actions.
2015 : 2021
Tiffany & Co.
Manager - IT Security Risk & Compliance
Management of ISO27001 compliance. Maintained internal policies, internal audit plan, continual improvement of policies and system, communications with executive leadership, and third party audits.
PCI-DSS compliance. architect new deployments, interface with multiple departments, complete internal auditing, manage third party auditors
Vulnerability and patch management and remediation to ensure systems are secure and are compliant with internal policies as well as PCI-DSS and customer requirements.
Risk Assessment. Develop risk assessments, identify and implement risk mitigations, present results to executives for approval of residual risks
Penetration testing in support of PCI-DSS requirements.
Support additional regulatory compliance : HIPAA, Safe Harbors, UK Data Protection act.
Disaster Recovery planning, testing, and reporting
Incident response planning and data forensics
Maintain Microsoft licensing across the entire global enterprise. Support multiple Enterprise and Select Agreements. Provide licensing consulting for all departments and regions in order to maintain compliance with titles owned.
2009 : 2015
kgb
US Security & Compliance Manager
Managed system administrators, database administrators, and desktop support staff. Responsible for budgets, employee performance, team leadership, delegation, and commmuniction
2006 : 2009
KGB_ (formerly InfoNXX)
Technical Services Manager
Purchased and maintained all computer and telecommunications equipment. Duties included desktop and application support, server support, network architecture, phone system architecture and support, disaster recovery, database architecture and support.
1999 : 2005
The Rodale Institute
Network Administrator
Victaulic
Manager, Information Security & Identity Access Management
Lead a team of Compliance Engineers responsible for maintaining compliance with both internal standards and external information security regulatory requirements.
Management of Tiffany's PCI-DSS v3.2 certification. Ensure all controls are effective and relevant to most current standards. Maintain the PCI scope and adjust as business processes change and new technology is introduced. Implement new processes and systems to address PCI requirements and reduce the overall business risk. Lead annual audits, coordinate evidence collection and review with multiple departments and external auditors.
Implement and maintain a comprehensive global vulnerability management program. Provision and maintain multiple solutions to identify, track and confirm remediation of vulnerabilities across all systems on both the corporate network and externally hosted solutions.
Provision and maintain a enterprise GRC solution to document issues/remediation plans as well as corrective actions.
2015 : 2021
Tiffany & Co.
Manager - IT Security Risk & Compliance
Management of ISO27001 compliance. Maintained internal policies, internal audit plan, continual improvement of policies and system, communications with executive leadership, and third party audits.
PCI-DSS compliance. architect new deployments, interface with multiple departments, complete internal auditing, manage third party auditors
Vulnerability and patch management and remediation to ensure systems are secure and are compliant with internal policies as well as PCI-DSS and customer requirements.
Risk Assessment. Develop risk assessments, identify and implement risk mitigations, present results to executives for approval of residual risks
Penetration testing in support of PCI-DSS requirements.
Support additional regulatory compliance : HIPAA, Safe Harbors, UK Data Protection act.
Disaster Recovery planning, testing, and reporting
Incident response planning and data forensics
Maintain Microsoft licensing across the entire global enterprise. Support multiple Enterprise and Select Agreements. Provide licensing consulting for all departments and regions in order to maintain compliance with titles owned.
2009 : 2015
kgb
US Security & Compliance Manager
Managed system administrators, database administrators, and desktop support staff. Responsible for budgets, employee performance, team leadership, delegation, and commmuniction
2006 : 2009
KGB_ (formerly InfoNXX)
Technical Services Manager
Purchased and maintained all computer and telecommunications equipment. Duties included desktop and application support, server support, network architecture, phone system architecture and support, disaster recovery, database architecture and support.
1999 : 2005
The Rodale Institute
Network Administrator
Company:
Victaulic
Years of Experience:
30
Skills
Active Directory, Databases, Data Center, Disaster Recovery, Enterprise Risk Management, HIPAA, Information Technology, Integration, ISO 27001, ITIL, IT Management, IT Service Management, IT Strategy, Management, Network Security, PCI DSS, Security, Software Documentation, Troubleshooting, Vendor Management, Enterprise Risk
About
25 years experience in the technology field in a variety of complex environments with a strong background in deploying and maintaining secure systems, internal and external communications, regulatory compliance, risk assessment, and disaster recovery as well as possessing strong interpersonal skills and project and staff management.
Profile Photo
