Sunday, April 17, 2016

Experienced Cybersecurity Leader Looking in Los Angeles Area

John R. Tooley, CISSP, CISM, CCSP

Lake Balboa, CA 91406 || (818) 398-9764 || || LinkedIn: John Tooley, CISSP, CISM. CCSP

Vice President of Information Security

Strategic Planning & Execution || Information Security Management || Security Architecture, Design & Engineering
Global Security & Privacy Regulations || Threat & Vulnerability Management || Cross-Functional Team Leadership

Accomplished, outcome-driven Information/Cyber Security Leader with more than 20 years of established management expertise across all aspects of security disciplines: information security, cyber-risk and vulnerability management, threat modeling/analysis, and security intelligence. Proven record of success in providing strategic direction and oversight for enterprise information security and IT risk and compliance policies, principles, procedures, and practices.

Repeated success in leading and collaborating with cross-functional teams of IT experts, senior management, board-level executives, and key stakeholders in identifying corporate policy improvement opportunities, evaluating technical and business risk, and leading security related initiatives―across all risk categories; operations, compliance, IT, legal, and financial. Solid knowledge of compliance (PCI-DSS, HIPAA, ISO, SOX, etc.), and security governing bodies.


Security Strategy & Design || Secure Development || Incident Response || Virtualization Security || Compliance Oversight
Global Policy Development || Cloud Strategy & Governance || Data Loss Prevention (DLP) || Security Analytics || BYOD Security
Security Information Event Management (SIEM) || Secure Agile Development || Identity & Access Management (IAM/PIM)
Compliance Frameworks (PCI, SOX, HIPPA, SOC1&2) || Security Frameworks (NIST, ISO2700x, 20 Critical Controls)


ENTERTAINMENT PARTNERS, Burbank, CA                                                                                                                                  3/2010‒3/2016
Vice President of Information Security

       Played an instrumental role in providing leadership direction, guidance, and strategy for the Information Security Office; liaised between cross-functional teams, bringing groups together to share information and resources, and creating superior outcomes and process for Entertainment Partners.
       Offered guidance and counseling to the CEO and a 12-member leadership team, working closely with the legal and technology leaders, in defining objectives for information security. Assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
       Designed and implemented an enterprise-wide Information Security program, from the ground up, that consistently met business objectives and exceeding expectations for leadership and market valuation. Provided Due Diligence support and integration strategy for corporate mergers and acquisitions.
       Acted as primary control point during significant information security incidents and provide leadership for breach response and notification actions for the company. Represented Entertainment Partners on committees and organizations, including all client-facing collaborations.
       Delivered 40% overall program reduction, successfully eliminating non-value-add programs by streamlining capital and operational expenses, redefining structures, processes, and ROI-based resource alignment.
       Established annual and long-range security and compliance goals, define security strategies, metrics, and program services; and create maturity models and roadmaps for continual program improvements.

WARNER MUSIC GROUP, Burbank, CA                                                                                                                                               9/2007‒3/2010
Global IT Security Manager

       Designed Strategic Roadmap for Information Security. Key objectives focused on a defense-in-depth Security Architecture including implementation of a global Intrusion Protection strategy and advanced end-point defenses.
       Identified and assessed Information Security risks and exposures through the creation of a structured Vulnerability Assessment program encompassing application, database, and infrastructure components.
       Performed operational monitoring of critical enterprise resources and managed security project architecture to include allocation and assignment of resources, oversight of consulting, and signoff of security requirements.
       Developed and maintained Global Information Security policies.
       Coordinated Security Awareness program and materials to support information security standards and procedures related to specific business objectives, security product implementations and best practices.

John R. Tooley, CISSP, CISM                                                                   2/2

Lake Balboa, CA 91406 || (818) 398-9764 || || LinkedIn: John Tooley, CISSP, CISM. CCSP


HARVARD-WESTLAKE SCHOOL, Studio City, CA                                                                                                                          6/1997‒4/2006
Network and Security Manager

       Led the Information Security group charged with handling all aspects of corporate compliance and information security efforts; including vulnerability and threat assessment, remediation, and virus mitigation.
       Audited enterprise security infrastructures and successfully established and implemented procedures and toolsets for conducting network, operating system and application vulnerability identification and testing. Documented the identified security gaps and performed remediation efforts.
       Served as active lead in the Campus Information Security Committee. Committee activities included an oversight function to ensure consistent Security focus and execution across all of the divisions along with reviewing new Security technologies and techniques.
       Managed and supervised Systems Administrators for all Windows, Unix, and Networking activities; leveraging in-house expertise; and provided Security and Network services resulting in significant cost savings to the divisions.
       Instituted a dependable corporate-wide, centralized backup system.
       Negotiated and managed Vendor contracts associated with the Enterprise Network and Security functions.
       Attained consistent 99.999% up-time by implementing disaster recovery and fault tolerance strategies.


Bachelor of Applied Science in Computer and Information Systems Security/Information Assurance

Associate of Science in Computer Science

ISC2, Los Angeles, CA (2002‒Present)
Certification―CISSP―Certified Information Systems Security Professional # 39513
Certification―CCSP―Certified Cloud Security Professional, Expected 2016

ISACA, Las Vegas, NV (2011‒Present)
Certification―CISM―Certified Information Security Manager # 1117598

SANS INSTITUTE (2001‒2015)
Certification―Network Penetration Testing and Ethical Hacking
Certification―Virtualization and Private Cloud Security
Certification―Top 20 Controls, Implementation and Audit
Certification―Law of Data Security and Investigations

Certification―Security Strategic Planning, Policy and Leadership

No comments:

Post a Comment