Michael Demma, CISSP
Details
Business Computer Information Technology
University of North Texas
1996 : 2000
Computer Science
University of Kentucky
Triumph Financial, Inc.
Business Information Security Officer
Advise the executive board as the subject matter expert on cybersecurity governance, compliance, and risk management strategy.
Align NIST 800-53 security and NIST 800-30 risk template with ISO 27001 common criteria and points of focus to achieve SOC II Type I report and ISO 27001 certification.
Respond to third party vendor risk management assessment audits (SIG, Remedy, Archer, TruSight Solutions) for blue-chip clients in the financial, healthcare, insurance, and medical verticals
Author and maintain policy management framework and documentation supporting the information security and enterprise resilience programs
Inspect tactical security operations - SIEM, penetration testing, threat, vulnerability, and exploit evaluation, patch management, intrusion detection and prevention, anti-virus/malware, identity access management, privileged access management, multi-factor authentication
Define tactical and strategic information security initiatives
Oversee the projects required to implement policy, standards, procedures, and guidelines to enhance the security posture and risk position of the organization.
Proactively introduce cyber-security strategies and concepts which align with executive defined mission and vision to advance business objectives
Protect critical electronic data assets and corporate reputation.
Oversee the information security, enterprise resilience, business continuity, disaster recovery, incident response, command, and control teams.
Create and present information security awareness, fraud, and privacy education curriculum to maintain annual continuing professional education requirements
Prescribe certification and professional education to meet or exceed client expectations and requirements
2015 : 2020
Systemware Inc.
Director, Information Security
Report to the Chief Financial Officer to forecast and oversee the technology infrastructure of the organization. My team procured and managed the mainframe and virtual Windows/Linux distributed computing, network, WAN and telecommunications services infrastructure.
1996 : 2015
Systemware Inc.
Information Technology Manager
Site Support / Network Administration
1994 : 1996
GTE
Consultant
Skills
Application Security, Business Analysis, Business Continuity, cyber-security, Cybersecurity, Data privacy, Data Security, Disaster Recovery, Enterprise Content Management, Enterprise Project Management (EPM), enterprise resilience, Identity & Access Management (IAM), Information Security, Information Security Management, Information Technology, Infrastructure, Integration, ISO 27001, IT Audit, Leadership, Linux, Management, Networking, Network Security, NIST 800-53, Oracle, Policy Management, policy management framework, Project Management, Risk Management, SAN, SDLC, Security, Security Incident Response, Security Leadership Project Management, Security Policy, SOC 2, SOC II, Software as a Service (SaaS), Solution Selling, SQL, Threat & Vulnerability Management, Unix, Virtualization, VMware, VPN, Vulnerability Scanning, Web Application Security, Enterprise Software, Professional Services, Cloud Computing, Business Intelligence, Microsoft SQL Server, VB.NET, Visio, Visual Basic, Enterprise Content
About
Experienced ISO with a demonstrated history of strategic information security solutions. Skilled cyber-security evangelist with experience in risk management, audit and remediation. Subscribes to a holistic approach to data security to protect the confidentiality, integrity and availability of data and services through the application of people, process and technology. Strong executive leader with a Bachelor of Science in Business Computer Information Systems from University of North Texas and Certified Information Systems Security Professional CISSP.
Profile Photo
