Profiles search
Scott Perry, CISSP, CISM
Director of Information Security at Zywave
Charlotte, NC, United States
Details
Education:
Bachelor of Science Degree
Marketing/ Management
Mankato State University
1991 : 1993
Associate of Arts
Computer Science
Austin Community College
1989 : 1991
Lyle HIgh School
1987 : 1991
Marketing/ Management
Mankato State University
1991 : 1993
Associate of Arts
Computer Science
Austin Community College
1989 : 1991
Lyle HIgh School
1987 : 1991
Experience:
2022 : Present
Zywave
Director of Information Security
2016 : 2022
AmWINS Group
Director of Cyber Security
- Oversee enterprise vulnerability scans understanding the current network topology
- Manage network and application penetration tests using both outside providers and internal Penetration Testing Team
- Manage the Patch Management governance process
- Manage the assessment of vulnerabilities identified in scan reports and penetration reports to determine and rank risk
- Oversee the assessment of threat advisories to determine vulnerability and impact to the enterprise
- Monitor patch rotation cycle to ensure critical security patches are deployed
- Manage the remediation and/or mitigation strategies with security team and business owners to address and/or resolve business risks associated with vulnerabilities
- Monitor remediation and/or mitigation progress to ensure vulnerabilities are addressed in a timely manner
- Maintain an understanding of information security threats and possible impacts to the enterprise
- Assist others in interpreting, understanding, and applying information security policies and standards to mitigate information security risks.
- Collaborate closely with members of Information Security and other organizations to ensure Enterprise goals are achieved
2014 : 2016
TIAA-CREF
Dir, Sr Information Security Manager of Vulnerability Identification
- deploy/manage vulnerability scanning software
- Monitor company infrastructure to ensure they adhere to compliance standards
- Manage the Cyber Incident Response Center (CIRC)
- Mange DLP toolset to make sure the company data is protected and breaches do not occur
- Manage the penetration testing for the company utilizing internal and external resources
- Assist in supporting firewalls and web proxies
- Support a centralized SIEM and manage alerts from tools feeding into the SIEM
- Manage various tools that monitor the network from a security perspective, Incident response, and a eGRC tool
2012 : 2014
ECMC
Sr Cyber Security Engineer
• Proactively identify security threats to prevent cyber-attacks before they occur
• Manage application vulnerability and source code scanning
• Implement “self scanning” for development teams to improve the SDLC process
• Manage Penetration Testing by internal and external resources to discover vulnerabilities
• Work with segments across the company to bring security awareness and training
• Created an Application Risk Dashboard to provide an overall view of how all applications compare in relation to vulnerabilities in apps, hosts, pen tests, patches, etc.
• Assist the Incident Response Team with security breaches and malware inspection
• Manage the Patch Management Governance process
• Perform assessments against M&A applications to ensure weaknesses are addressed
• Manage multi-million dollar project budgets regarding the Threat and Vulnerability Management Team as well managing the Training/Travel budget for the Security Architecture Team
• Mentor team members to ensure they continue to progress down the professional path they desire
2011 : 2012
UnitedHealth Group
Director, Threat and Vulnerability Management (Ethical Hacking)
Zywave
Director of Information Security
2016 : 2022
AmWINS Group
Director of Cyber Security
- Oversee enterprise vulnerability scans understanding the current network topology
- Manage network and application penetration tests using both outside providers and internal Penetration Testing Team
- Manage the Patch Management governance process
- Manage the assessment of vulnerabilities identified in scan reports and penetration reports to determine and rank risk
- Oversee the assessment of threat advisories to determine vulnerability and impact to the enterprise
- Monitor patch rotation cycle to ensure critical security patches are deployed
- Manage the remediation and/or mitigation strategies with security team and business owners to address and/or resolve business risks associated with vulnerabilities
- Monitor remediation and/or mitigation progress to ensure vulnerabilities are addressed in a timely manner
- Maintain an understanding of information security threats and possible impacts to the enterprise
- Assist others in interpreting, understanding, and applying information security policies and standards to mitigate information security risks.
- Collaborate closely with members of Information Security and other organizations to ensure Enterprise goals are achieved
2014 : 2016
TIAA-CREF
Dir, Sr Information Security Manager of Vulnerability Identification
- deploy/manage vulnerability scanning software
- Monitor company infrastructure to ensure they adhere to compliance standards
- Manage the Cyber Incident Response Center (CIRC)
- Mange DLP toolset to make sure the company data is protected and breaches do not occur
- Manage the penetration testing for the company utilizing internal and external resources
- Assist in supporting firewalls and web proxies
- Support a centralized SIEM and manage alerts from tools feeding into the SIEM
- Manage various tools that monitor the network from a security perspective, Incident response, and a eGRC tool
2012 : 2014
ECMC
Sr Cyber Security Engineer
• Proactively identify security threats to prevent cyber-attacks before they occur
• Manage application vulnerability and source code scanning
• Implement “self scanning” for development teams to improve the SDLC process
• Manage Penetration Testing by internal and external resources to discover vulnerabilities
• Work with segments across the company to bring security awareness and training
• Created an Application Risk Dashboard to provide an overall view of how all applications compare in relation to vulnerabilities in apps, hosts, pen tests, patches, etc.
• Assist the Incident Response Team with security breaches and malware inspection
• Manage the Patch Management Governance process
• Perform assessments against M&A applications to ensure weaknesses are addressed
• Manage multi-million dollar project budgets regarding the Threat and Vulnerability Management Team as well managing the Training/Travel budget for the Security Architecture Team
• Mentor team members to ensure they continue to progress down the professional path they desire
2011 : 2012
UnitedHealth Group
Director, Threat and Vulnerability Management (Ethical Hacking)
Company:
Zywave
Years of Experience:
28
Spoken Language:
English
Skills
Application Security, Checkpoint, CISSP, Computer Forensics, Computer Security, Cybersecurity, Disaster Recovery, Firewalls, HIPAA, Information Security, Information Security Management, ITIL, Network Security, PCI DSS, Penetration Testing, Qualys, Risk Assessment, Risk Management, Security, Security Architecture Design, Security Audits, SoC, Symantec DLP, Vulnerability Assessment, Vulnerability Management, Security Architecture
Profile Photo
