Leonard (Len) Sutton CISSP, CISA EXPERTISE Strategic Enterprise IT Planning Security, Privacy, Risk, Compliance IT Audit & Internal Controls Secure Product Development - SDLC Design, Build, and Administer Enterprise Security/Privacy Compliance Programs 3960 Stilesboro Rd NW Kennesaw, GA 30152 (480) 442-2249 len.sutton@securtec.net INDUSTRIES - SECTORS Financial Institutions & Service Providers Merchant Services, Acquiring Mobile Payments, E-Wallet Cellular, Telecom, Utilities Private, Governmental, Higher Ed Insurance & Claims Processing OWNER – SECURE TECHNOLOGY SYSTEMS ATLANTA, GA 8/1996 - Present As sole owner of management consulting and audit services firm: Provided consulting, project management, and audit services to medium and large clients in corporate, governmental, and higher education sectors. Representative clients and engagements included: AT&T, BellSouth, Southern Company, State of Georgia. IT consulting and project management services for the US and international divisions of a major international telecommunication corporation. Sarbanes Oxley controls program for a publicly owned financial services corporation operating in the credit card and finance sectors. Technology assessments and strategic IT planning for a Northeastern US Banking and financial services organization. Successful development of a corporate-wide disaster recovery and business continuity plan for a large publicly held power utility. Assessments of security and controls with agencies of the State of Georgia, including the Departments of Transportation, Audits, Revenue, Juvenile Justice, the Board of Regents, and two large state university institutions. CHIEF SECURITY OFFICER – APRIVA, SCOTTSDALE, AZ 1/2008 – 12/2013 Oversight and administration of security and compliance for the Mobile Payment services Apriva provides to all major US retail banking institutions: Successfully prevented breach or compromise of information assets and networks. Maintained compliance with security and privacy related requirements of industry and statutory/governmental regulations. Provided security and privacy related requirements and oversight for development of payment products and services. Worked closely with lines-of-business and legal counsel on risk and compliance implications of customer and third party relationships/agreements. Designed, implemented, and administered physical security systems and processes for IT and corporate office facilities. Coordinated business continuation preparedness for IT infrastructure, data centers, and key business processes. Secure Technology Systems – 3960 Stilesboro Road NW – Kennesaw, GA 30152 – (480) 442-2249 Len Sutton page 2/3 VP CISO CHIEF SECURITY OFFICER - GLOBAL PAYMENTS, INC. 6/2000 – 2/2005 ATLANTA, GA Security and Compliance responsibility for the world's third largest payment service provider. Protected highly sensitive information assets from breach or compromise. Developed and administered compliance and security programs related to Global Payment's merchant customers, third party service providers, and independent sales organizations (ISOs). Directed internal programs necessary to meet industry and statutory regulations – including Sarbanes Oxley, Gramm-Leach-Bliley Act (GLB), Patriot Act, and Canada's Privacy Act and Personal Information Protection and Electronic Documents Act (PIPEDA). Developed policies and administered compliance and security programs related to Global Payment's business partners, its merchant customers, and its independent sales organizations (ISOs). Successfully protected highly sensitive information assets from breach or compromise. MANAGER - COOPERS & LYBRAND (PWC) ATLANTA, GA 6/1987-7/1996 Strategic Planning and IT Consulting with over 50 major enterprises – many of whom operated in highly regulated business sectors. These included telecommunications and manufacturing companies operating in multiple State jurisdictions and Internationally, and subject to State, Federal, and extra-US regulatory requirements. Provided IT-Audit services to a broad range of business and government. In this capacity assisted the senior auditors in planning and executing effective audit programs that appropriately integrated the skills and tools of the IT-Audit teams. Provided similar IT-Audit services to the State of Georgia’s Department of Audits, assisting the Department in providing comprehensive assessments of the system of internal controls within the business processes and IT functions of major state agencies - including the Departments of Revenue, General Services, Juvenile Justice, and N State Universities. Led four large-scale engagements to provide independent auditor’s report on the internal controls of service providers (e.g., SAS70), including Blue Cross and Blue Shield of Georgia. Typical efforts included a cross-section of the firm’s financial and IT audit resources in performing broad-scale assessments of the internal controls within the clients’ business processes and general IT controls. Delivery of large-scale IT consulting, assessment/improvement, and planning services Participated throughout the sales and delivery of services. Typical projects addressed information security, strategic planning, SDLC, business continuation, efficiency and control improvements, internal controls, and SAS70. Representative clients included Southern Company Services, AT&T, Blue Cross and Blue Shield of Georgia, GTE/Contel, Rhone Poulenc Chemicals, State of Georgia. Secure Technology Systems – 3960 Stilesboro Road NW – Kennesaw, GA 30152 – (480) 442-2249 Len Sutton VICE PRESIDENT INFORMATION TECHNOLOGY – SUNTRUST ATLANTA, GA page 3/3 6/1980-6/1987 Early in my career I was fortunate to have attained VP responsibility for the IT systems and network infrastructure of a very large regional bank (SunTrust). I began with the bank as a “systems engineer” responsible for installing, configuring, and supporting the bank’s IBM-based online systems. I was rapidly promoted to Vice President of Information Technology – reporting directly to the CIO/SVP of IT - and for five years managed and oversaw a 24-person technical team responsible for all technology planning, implementation, software development environments and programs, systems and application development and change management, and support for SunTrust's entire banking systems and information technology infrastructure. While in that role I led my team through successfully automating the bank’s entire branch banking network of over 200 banking locations, maintained high levels of availability and performance of all banking systems and networks while supporting the company's corporate entity, its twelve divisions, its corporate and retail banking networks, and providing IT services for 120 community banking companies located throughout the Southeast U.S. During this period my team also successfully implemented and administered enterprisewide security over all bank-operated applications, and developed and maintained business continuation procedures for networks and systems. EDUCATION AND PROFESSIONAL Bachelor of Arts, Political Science - Florida State University Certification – CISA, CISSP Lead Editor and Contributing Writer - HANDBOOK OF IT AUDITING, (Warren/Gorham/Lamont) Information Systems Audit and Control Association (ISACA)- Member since 1992 of this globally recognized organization for security professionals. InfraGard - member since 2004 - InfraGard is a Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) sponsored by FBI and DHS. Representative to industry standards groups: American National Standards Institution (ANSI x9) – US’ chartered financial industry standards body. Payment Card Industry Council (PCI) - Industry standards body for card-based payments – i.e., PCI-DSS, PA-DSS, P2PE, PTS Other Technology Skills/Experience Mainframe tools: ACF/2, CICS, DB2, GDG, IBM Utilities, IMS, JCL, JES, PDS, PROC, RACF, SDSF, SORT, TSO, VSAM PKI, Digital Certificate Authority, Biometric Authentication Physical Access & Security - PIV, FIPS 201, Electronic Surveillance Microsoft Windows Server, Active Directory Network and Data Communications: IP, SNA, Bisync, Async, Firewalls, Web/Cloud security IBM & Intel Assembler, Cobol, C, PL1, Crystal Reports, Monarch, Microsoft Office. Excel, Project, Visio, Sharepoint Secure Technology Systems – 3960 Stilesboro Road NW – Kennesaw, GA 30152 – (480) 442-2249
© Copyright 2024