Profiles search
Jim Harbin, CISSP, GIAC, CTPRP
Information Security Manager at Electric Power Research Institute (EPRI)
Monroe, NC, United States
Details
Education:
BS
Information Technology
University of North Florida
1994 : 1999
Information Technology
University of North Florida
1994 : 1999
Experience:
Reporting to the CISO, providing technical leadership for IT security strategy and architecture development/design, system and software requirements, analysis, specification, implementation, testing, integration and accreditation of trusted systems. Evaluating and executing the technical security vulnerabilities and control measures of various network, operating system, database and enterprise applications (IOS, UNIX, Linux, Windows, DB2, MS SQL, Oracle, SAP, etc.) to prevent external parties from improperly accessing company information, interfering with operations, or otherwise jeopardizing EPRI’s ability to conduct business. Where Information Security audit oversight (rather than technical oversight) is required as a mitigating control for sensitive processes, establishing and maintaining necessary audit regimens to satisfy those controls.
2019 : Present
Electric Power Research Institute (EPRI)
Information Security Manager
Responsible for managing a highly technical information security team with organization-wide information security objectives having high risk and complexity. Working with and influencing senior information security, information technology and line of business management to identify, formulate, and implement information security solutions and controls for functional areas managed to mitigate risk. My Security team is responsible for complex and innovative solutions addressing functions including : vulnerability detection, threat analysis, forensics, penetration testing of infrastructure and applications, network intrusion and development/implementation of vulnerability mitigation strategies; identifying security risks and governing solutions for the company's networks and virtual private networks, application systems, security tools, key public infrastructures, authentication and directory services, and access management services to ensure the security of the network and confidential data. Responsible for having a broad awareness of the state of information security across the enterprise and industry and influencing changes to information security policy, standards and procedures for systems/applications/tools.
2018 : 2018
SPX Corporation
Security Manager
Manage team responsible for working with both Lowe’s International Operations, Allied/3rd Party partners and Technology Vendors to ensure that appropriate security controls are in alignment with regulatory, legal, or contractual requirements. We identify potential risks/findings and provide remediation guidance to strengthen their security posture. This requires both the team and me to communicate and work with all levels of the organization, from sales individuals to C-Level executives.
Position also has me traveling to remote locations to perform on-site assessments for Vendors who are sharing sensitive data (PII, sales, internal trade secret) in order to augment our remote risk assessment process and questionnaire.
2016 : 2018
Lowe's Companies, Inc.
Information Security Manager - Third Party and Vendor Risk Management
Manager over the Network Monitoring (aka Blue) Team and Cyber Threat Intelligence Team. Responsible for logging, monitoring, and alerting with McAfee IDS, RSA envision, IBM QRadar, RedSeal, RSA SecurID. Working with Internal Auditing Team to ensure PCI compliance and provide evidence thereof.
Current role is also Key Manager for TR-39/TG-3 Debit PIN Acceptance compliance including : managing key component holder, inventory of components, and management of key rotation activities.
Also responsible for Security Incident Response handling. Currently working to further develop our Incident Response Plans and Guide to continuously improve the IR process.
2014 : 2016
Lowe's Companies, Inc.
Information Security Manager - Cyber Threat Intelligence
Manager over Administrative Security team. Responsible for policies, procedures, security baselines, vendor security/risk assessments. Team primarily uses SharePoint, RSA Archer, and Microsoft Office products.
2012 : 2014
Lowe's Home Improvement
Information Security Manager - Administrative Security
2019 : Present
Electric Power Research Institute (EPRI)
Information Security Manager
Responsible for managing a highly technical information security team with organization-wide information security objectives having high risk and complexity. Working with and influencing senior information security, information technology and line of business management to identify, formulate, and implement information security solutions and controls for functional areas managed to mitigate risk. My Security team is responsible for complex and innovative solutions addressing functions including : vulnerability detection, threat analysis, forensics, penetration testing of infrastructure and applications, network intrusion and development/implementation of vulnerability mitigation strategies; identifying security risks and governing solutions for the company's networks and virtual private networks, application systems, security tools, key public infrastructures, authentication and directory services, and access management services to ensure the security of the network and confidential data. Responsible for having a broad awareness of the state of information security across the enterprise and industry and influencing changes to information security policy, standards and procedures for systems/applications/tools.
2018 : 2018
SPX Corporation
Security Manager
Manage team responsible for working with both Lowe’s International Operations, Allied/3rd Party partners and Technology Vendors to ensure that appropriate security controls are in alignment with regulatory, legal, or contractual requirements. We identify potential risks/findings and provide remediation guidance to strengthen their security posture. This requires both the team and me to communicate and work with all levels of the organization, from sales individuals to C-Level executives.
Position also has me traveling to remote locations to perform on-site assessments for Vendors who are sharing sensitive data (PII, sales, internal trade secret) in order to augment our remote risk assessment process and questionnaire.
2016 : 2018
Lowe's Companies, Inc.
Information Security Manager - Third Party and Vendor Risk Management
Manager over the Network Monitoring (aka Blue) Team and Cyber Threat Intelligence Team. Responsible for logging, monitoring, and alerting with McAfee IDS, RSA envision, IBM QRadar, RedSeal, RSA SecurID. Working with Internal Auditing Team to ensure PCI compliance and provide evidence thereof.
Current role is also Key Manager for TR-39/TG-3 Debit PIN Acceptance compliance including : managing key component holder, inventory of components, and management of key rotation activities.
Also responsible for Security Incident Response handling. Currently working to further develop our Incident Response Plans and Guide to continuously improve the IR process.
2014 : 2016
Lowe's Companies, Inc.
Information Security Manager - Cyber Threat Intelligence
Manager over Administrative Security team. Responsible for policies, procedures, security baselines, vendor security/risk assessments. Team primarily uses SharePoint, RSA Archer, and Microsoft Office products.
2012 : 2014
Lowe's Home Improvement
Information Security Manager - Administrative Security
Company:
Electric Power Research Institute (EPRI)
Years of Experience:
24
Skills
CISSP, Computer Security, Disaster Recovery, Incident Response, Information Security, Management, Network Monitoring Tools, Network Security, PCI DSS, QRadar, Risk Management, RSA enVision, RSA SecurID, RSA Tokens, Security, Security Awareness, Two-factor Authentication, Windows Server, Two-factor
About
Experienced Information Security Manager with a demonstrated history of working in the retail industry. Skilled in Network Monitoring Tools, Payment Card Industry Data Security Standard (PCI DSS), Incident Response, Information Security, two-factor Authentication, Third Party Risk Management, and Cyber Threat Intelligence. Strong operations professional with a BS focused in Information Technology from University of North Florida.
Profile Photo
