Profiles search
Gerard D.
Expert Information Security Consultant at Nike WHQ - CISM|CDPSE|CIGE|MCP|MCSA
New Orleans, LA, United States
Details
Experience:
Provide critical input and mentorship to ensure that Nike business processes, applications, and solutions are aligned with Corporate Information Security standards when considering key priorities such as business requirements, industry threat landscape, and risk appetite of Nike, Inc.
Work closely with Nike Business and Technical teams end-to-end in releasing secure and compliant infrastructure, applications and experiences at the speed of business.
Partner with internal business and technology teams to provide experienced security guidance into design and implementation of Nike’s Global Technology capabilities
Consult with both technology and business teams to identify priorities and security capability requirements and incorporate these requirements into the security strategy.
Provide input to overall risk strategy for supported development and engineering teams.
Define and implement risk mitigations roadmaps and for supported partner teams
Define business and technology requirements to teams responsible for enterprise security solution development.
2021 : Present
Nike
Expert Information Security Consultant
Work directly with business units to facilitate IT risk assessment & risk management processes, & work with stakeholders on identifying acceptable levels of residual risk
Provide relevant cybersecurity and IT security subject matter advice, findings, and recommendations to customers.
Provide direction, support & in-house consulting. Facilitate a metrics & reporting framework to measure efficiency & effectiveness of information security program, facilitate appropriate resource allocation, & increase maturity of security
Working with stakeholders throughout the enterprise on identifying acceptable levels of residual risk
Liaise among information security team & privacy, corporate compliance, audit, legal & HR management teams as required
Ensuring security programs are following regulations and policies to minimize and/or eliminate risk
Develops, reviews, and approves security policies, controls, and cyber incident response planning and training
Works closely with senior executives and leaders in defining objectives and budget for information security, while building relationships
2020 : 2021
DXC Technology
Security Services Delivery Lead
Provide relevant cybersecurity and IT security subject matter advice, findings, and recommendations to customers.
Work with the General Manager to assist in developing business for the office
Proactively identify and apply opportunities for continuous process improvement, including application of industry best practices and methodology/reporting process automation in assigned tasks.
Serves as a subject matter expert (SME) for performing security and threat assessments.
Drive innovation to sustain and automate the cyber operations by designing and working with cyber engineering team.
Perform regular performance reviews as well as provide input to matrixed direct report performance reviews
Perform network-based penetration testing and related technical activities.
Independently leads computer incident investigations, determining the cause of the security incident and preserving evidence for potential legal action.
Responds to alerts from various monitoring systems and platforms to address potentially malicious events in a timely manner.
Detects the full spectrum of known cyber-attacks (e.g., DDoS, malware, phishing, ransomware & others) along with any security and compliance violations.
Security review of encryption policies, sensor policies for IDS/IPS, Firewalls, web security gateway, logging.
Leading network and application security personnel, developing strategy, setting goals and providing performance and professional development feedback
2019 : 2020
DXC Technology
Cyber Security Consultant | Security Operations Lead
Work directly with business units to facilitate IT risk assessment & risk management processes, & work with stakeholders on identifying acceptable levels of residual risk
Create a framework for roles & responsibilities with regard to information ownership, classification, accountability & protection
Develop & enhance an information security management framework using appropriate elements from : International Organization for Standardization (ISO) 2700X, ITIL, COBIT/Risk IT & National Institute of Standards & Technology (NIST)
Provide strategic risk guidance for IT projects, including evaluation & recommendation of technical controls
Liaise with IT architecture team to ensure alignment between security & enterprise architectures, coordinating strategic planning implicit in se architectures. Coordinate information security & IT risk management projects with resources from IT organization & business unit teams
Create & manage a unified & flexible control framework to integrate & normalize changing requirements resulting from global laws, standards & regulations. Ensure that security programs are in compliance with laws, regulations & policies to minimize or eliminate risk & audit findings
Liaise among information security team & privacy, corporate compliance, audit, legal & HR management teams as required
Define & facilitate information security risk assessment, including reporting & oversight of treatment efforts to address negative findings. Manage security incidents & events to protect
2017 : 2019
Volunteers of America Southeast Louisiana
Chief Information Security Officer
Ensure ongoing analysis of information security threats, vulnerabilities, and market trends. Determine potential impact on the organization’s risk posture
Manage client's information security organization, consisting of direct reports & indirect reports including hiring, training, staff
Develop, maintain & publish information security policies, standards & guidelines
Recognized and respected as a leader in the IT organization
2015 : 2017
First NBC Bank
Enterprise Application Security Manager
Work closely with Nike Business and Technical teams end-to-end in releasing secure and compliant infrastructure, applications and experiences at the speed of business.
Partner with internal business and technology teams to provide experienced security guidance into design and implementation of Nike’s Global Technology capabilities
Consult with both technology and business teams to identify priorities and security capability requirements and incorporate these requirements into the security strategy.
Provide input to overall risk strategy for supported development and engineering teams.
Define and implement risk mitigations roadmaps and for supported partner teams
Define business and technology requirements to teams responsible for enterprise security solution development.
2021 : Present
Nike
Expert Information Security Consultant
Work directly with business units to facilitate IT risk assessment & risk management processes, & work with stakeholders on identifying acceptable levels of residual risk
Provide relevant cybersecurity and IT security subject matter advice, findings, and recommendations to customers.
Provide direction, support & in-house consulting. Facilitate a metrics & reporting framework to measure efficiency & effectiveness of information security program, facilitate appropriate resource allocation, & increase maturity of security
Working with stakeholders throughout the enterprise on identifying acceptable levels of residual risk
Liaise among information security team & privacy, corporate compliance, audit, legal & HR management teams as required
Ensuring security programs are following regulations and policies to minimize and/or eliminate risk
Develops, reviews, and approves security policies, controls, and cyber incident response planning and training
Works closely with senior executives and leaders in defining objectives and budget for information security, while building relationships
2020 : 2021
DXC Technology
Security Services Delivery Lead
Provide relevant cybersecurity and IT security subject matter advice, findings, and recommendations to customers.
Work with the General Manager to assist in developing business for the office
Proactively identify and apply opportunities for continuous process improvement, including application of industry best practices and methodology/reporting process automation in assigned tasks.
Serves as a subject matter expert (SME) for performing security and threat assessments.
Drive innovation to sustain and automate the cyber operations by designing and working with cyber engineering team.
Perform regular performance reviews as well as provide input to matrixed direct report performance reviews
Perform network-based penetration testing and related technical activities.
Independently leads computer incident investigations, determining the cause of the security incident and preserving evidence for potential legal action.
Responds to alerts from various monitoring systems and platforms to address potentially malicious events in a timely manner.
Detects the full spectrum of known cyber-attacks (e.g., DDoS, malware, phishing, ransomware & others) along with any security and compliance violations.
Security review of encryption policies, sensor policies for IDS/IPS, Firewalls, web security gateway, logging.
Leading network and application security personnel, developing strategy, setting goals and providing performance and professional development feedback
2019 : 2020
DXC Technology
Cyber Security Consultant | Security Operations Lead
Work directly with business units to facilitate IT risk assessment & risk management processes, & work with stakeholders on identifying acceptable levels of residual risk
Create a framework for roles & responsibilities with regard to information ownership, classification, accountability & protection
Develop & enhance an information security management framework using appropriate elements from : International Organization for Standardization (ISO) 2700X, ITIL, COBIT/Risk IT & National Institute of Standards & Technology (NIST)
Provide strategic risk guidance for IT projects, including evaluation & recommendation of technical controls
Liaise with IT architecture team to ensure alignment between security & enterprise architectures, coordinating strategic planning implicit in se architectures. Coordinate information security & IT risk management projects with resources from IT organization & business unit teams
Create & manage a unified & flexible control framework to integrate & normalize changing requirements resulting from global laws, standards & regulations. Ensure that security programs are in compliance with laws, regulations & policies to minimize or eliminate risk & audit findings
Liaise among information security team & privacy, corporate compliance, audit, legal & HR management teams as required
Define & facilitate information security risk assessment, including reporting & oversight of treatment efforts to address negative findings. Manage security incidents & events to protect
2017 : 2019
Volunteers of America Southeast Louisiana
Chief Information Security Officer
Ensure ongoing analysis of information security threats, vulnerabilities, and market trends. Determine potential impact on the organization’s risk posture
Manage client's information security organization, consisting of direct reports & indirect reports including hiring, training, staff
Develop, maintain & publish information security policies, standards & guidelines
Recognized and respected as a leader in the IT organization
2015 : 2017
First NBC Bank
Enterprise Application Security Manager
Company:
Nike
About
Information Technology executive with a broad range of technology, management, finance, disaster recovery and business administration experience. A change agent and innovator with over 10 years of progressively responsible professional experience in corporate, nonprofit and educational settings. Creative, versatile and adept at establishing innovative solutions to reduce IT expenses, driving business innovation, protecting data and increasing cyber security all while accelerating business growth and gaining a competitive edge.
Profile Photo
