Profiles search

Michael Swinarski

CISO | CISSP, CISM, GIAC | Transformational Security Leader
Portland, OR, United States

Details

Education: Bachelor of Science

Computer Information Systems

Northern Arizona University, College of Business Administration

1993 : 1999
Experience: Leverage expertise as a hands-on leader to support all aspects of Information Security, Risk Management, Privacy, and governance for this national provider of industry-leading solutions for workers’ compensation, automotive, and health & disability management industries. Partner with the CISO & Privacy Officer to develop and launch strategy, execute roadmaps, and provide customer assurance.

➥ SECURITY PROGRAM : Builds and executes roadmaps based on NIST Cybersecurity Framework to uphold the principles of confidentiality, integrity, & availability. Manage cybersecurity programs to minimize emerging threats.

➥ CUSTOMER ASSURANCE : Facilitate security, privacy, audit & compliance activities to safeguard organizational data, featuring HITRUST Risk-based, (r2) Validated Assessment, SOC 1, SOC 2, & SOC 3 audits. Support new and prospective customers’ requests for critical security information.

➥ STAKEHOLDER MANAGEMENT : Build trust, and consensus with effective partnerships across the organization to achieve mission.

➥ RISK MANAGEMENT : Documented risk management policies and procedures to achieve corporate goals, protect business assets, and effectively manage risk. Promote quality management by instituting Corrective Action Plans to address performance gaps impacting business growth.

➥ VULNERABILITY MANAGMNET : Provide governance to operations featuring application security, business continuity, and vulnerability management.

➥ VENDER RISK MANAGEMENT : Design and launch Third Party Vendor Risk Management program to reduce risk by assessing processes and mitigating issues affiliated with vendor providers. Assist business to make informed decisions concerning supply chain risk.

➥ INCEDENT RESPONSE : Update incident handling policies and procedures to more clearly align with NIST 800-61. Provide governance to daily Security Operations Center (SOC) activities to monitor, prevent, detect, investigate, and respond to cyber threats. Act as point of escalation.

2021 : Present

CorVel Corporation

Deputy Chief Information Security Officer (CISO)

Working for a financial company with a focus on short- and long-term disability insurance, I strategized and executed the “Protect and Prevent” tier of an information security and compliance program. Here, I steered ISO 27001 certification, SOC1 attestation, and met various regulations with associated documentation, policies, processes, and technical controls.

I led a team of 10-12 within IT security and introduced methodology based on industry standards to manage risks. As a trusted IT risk and security subject matter expert, I estimated potential attacks on software applications, infrastructure changes, and configuration management using the NIST risk management and cybersecurity frameworks.

➥ DIGITAL TRANSFORMATION : I focused on lean practices and Agile within IT, across the organization. I articulated the IT strategy and implemented the SAFE Agile framework. I guided the team in building an Agile competency center to develop the engineers.

➥ PRIVACY RESPONSE : Implemented tooling and streamlined processes to improve incident response for Privacy concerns.

➥ ENGINEER MANAGEMENT : I assigned roles within the product team and instituted a new approach to information security and software development. We embedded security into Agile project teams.

➥ QUARTERLY DELIVERY COMMITMENTS : I articulated quarter plans and metrics on each project. The team exceeded target goals 16% on average in 2020.

➥ PROCESS IMPROVEMENT AND OPTIMIZATION : I introduced lean metrics to understand waste and improve internal and external processes. This slashed turnaround requests by 60% over 6 months and cut request processing time from 30+ to 3 to 5 days.

➥ PROFESSIONAL DEVELOPMENT : I steered certification for the team (Azure, Certified Information Security Professional (CISP), CISA Information Systems Auditor, Certified Information Security Manager (CISM)).

➥ EMPLOYEE ENGAGEMENT : I achieved 100% participation in 2020 engagement survey, with 98% employee engagement rating.

2016 : 2021

The Standard

Director in Information Security

I built data storage solutions focused on confidentiality, integrity and availability of the data (CIA Triad). In partnership with auditors, I created authentication and role-based access controls; I introduced more available solutions and reduced outage time needed for patches. Here, I designed database solutions that protect the confidentiality, integrity, and availability of data assets.

➥ I migrated databases to modern Identity Access Management using Active Directory.

➥ I centralized database name resolution with LDAP solution that became the basis of future modernization projects.

2010 : 2016

The Standard

Database Infrastructure Engineering Technical Lead, IT Enterprise Services

2009 : 2010

Magellan Health

Oracle Database Administrator

2008 : 2009

Coventry Health Care, an Aetna Company

SQL Server Database Administrator
Company: CorVel Corporation
Years of Experience: 27

Skills

Application Security, Business Information, Capability Development, Cloud Computing, Cloud Security, Cross-functional Team Leadership, Cyber, Cyber Defense, Cyber Policy, Cybersecurity, Data Center, Data Security, DevSecOps, Disaster Recovery, High Availability, Information Security, Information Security Management, Information Security Management System (ISMS), Information Technology, Integration, ISO 27001, ISO Standards, IT Risk Management, Leadership, Management, Networking, Network Security, NIST, NIST 800-53, NIST CFS, Policies & Procedures Development, Policy Development, Program Management, Project Management, Risk Assessment, Risk Management, Role-Based Access Control (RBAC), RSA Archer, Security, Security Awareness, Security Management, SOC 2, Software Development Life Cycle (SDLC), Strategy, Team Leadership, Thought Leadership, Vendor Management, Vulnerability Assessment, Vulnerability Management, SQL Server Database Administration, Microsoft SQL Server, Performance Tuning, Patch Management, Analysis, business intelligence, CRM, Data Migration, Data Warehousing, Database Design, Databases, etl, Process Improvement, SDLC, SQL Tuning, SSIS, SSRS, Servers, SharePoint, Software Documentation, Solaris, System Administration, Technical Support, Testing, Troubleshooting, Visio, SQL Server Database, Cross-functional Team, Training

About

➥ I am a visionary, collaborative, and innovative Information Security Leader with extensive experience in guiding IT Security strategy, governance, processes, and team development.

➥ I focus on building consensus, ensuring compliance, and decreasing costs in every program I undertake.

➥ I offer a servant leadership style with a commitment to responding with dignity and grace, supporting teams in quality performance and certifications, and listening to all contributors.

➥ My teams know me as a leader committed to advancing their capabilities and celebrating successes to encourage everyone’s best work.



KEY HIGHLIGHTS:



✔ A strong focus on highly available infrastructure, effective access controls, and clean, efficient data processes.

✔ The utmost attention to confidentiality, integrity, and availability (the “CIA Triad”).

✔ Ability to propose solutions in the ever-changing threat landscape, while being mindful of the fact that every system includes people, processes, as well as technology.

✔ Committed to enabling the business to move forward in a more secure manner and to avoid a culture of “No”.



I am always glad to share my expertise, and I look forward to connecting with you!