securtech.us

Leonard (Len) Sutton
CISSP, CISA
EXPERTISE
Strategic Enterprise IT Planning
Security, Privacy, Risk, Compliance
IT Audit & Internal Controls
Secure Product Development - SDLC
Design, Build, and Administer
Enterprise Security/Privacy
Compliance Programs
3960 Stilesboro Rd NW
Kennesaw, GA 30152
(480) 442-2249
len.sutton@securtec.net
INDUSTRIES - SECTORS
Financial Institutions & Service
Providers
Merchant Services, Acquiring
Mobile Payments, E-Wallet
Cellular, Telecom, Utilities
Private, Governmental, Higher Ed
Insurance & Claims Processing
OWNER – SECURE TECHNOLOGY SYSTEMS
ATLANTA, GA
8/1996 - Present
As sole owner of management consulting and audit services firm:
 Provided consulting, project management, and audit services to medium and large
clients in corporate, governmental, and higher education sectors.
 Representative clients and engagements included:
 AT&T, BellSouth, Southern Company, State of Georgia.
 IT consulting and project management services for the US and international
divisions of a major international telecommunication corporation.
 Sarbanes Oxley controls program for a publicly owned financial services
corporation operating in the credit card and finance sectors.
 Technology assessments and strategic IT planning for a Northeastern US Banking
and financial services organization.
 Successful development of a corporate-wide disaster recovery and business
continuity plan for a large publicly held power utility.
 Assessments of security and controls with agencies of the State of Georgia,
including the Departments of Transportation, Audits, Revenue, Juvenile Justice, the
Board of Regents, and two large state university institutions.
CHIEF SECURITY OFFICER – APRIVA,
SCOTTSDALE, AZ
1/2008 – 12/2013
Oversight and administration of security and compliance for the Mobile Payment
services Apriva provides to all major US retail banking institutions:
 Successfully prevented breach or compromise of information assets and networks.
 Maintained compliance with security and privacy related requirements of industry
and statutory/governmental regulations.
 Provided security and privacy related requirements and oversight for development
of payment products and services.
 Worked closely with lines-of-business and legal counsel on risk and compliance
implications of customer and third party relationships/agreements.
 Designed, implemented, and administered physical security systems and processes
for IT and corporate office facilities.
 Coordinated business continuation preparedness for IT infrastructure, data centers,
and key business processes.
Secure Technology Systems – 3960 Stilesboro Road NW – Kennesaw, GA 30152 – (480) 442-2249
Len Sutton
page 2/3
VP CISO CHIEF SECURITY OFFICER - GLOBAL PAYMENTS, INC. 6/2000 – 2/2005
ATLANTA, GA
Security and Compliance responsibility for the world's third largest payment service
provider.
 Protected highly sensitive information assets from breach or compromise.
 Developed and administered compliance and security programs related to Global
Payment's merchant customers, third party service providers, and independent sales
organizations (ISOs).
 Directed internal programs necessary to meet industry and statutory regulations –
including
Sarbanes Oxley, Gramm-Leach-Bliley Act (GLB), Patriot Act, and Canada's Privacy
Act and Personal Information Protection and Electronic Documents Act (PIPEDA).
 Developed policies and administered compliance and security programs related to
Global Payment's business partners, its merchant customers, and its independent
sales organizations (ISOs).
 Successfully protected highly sensitive information assets from breach or
compromise.
MANAGER - COOPERS & LYBRAND (PWC)
ATLANTA, GA
6/1987-7/1996
Strategic Planning and IT Consulting with over 50 major enterprises – many of whom
operated in highly regulated business sectors. These included telecommunications and
manufacturing companies operating in multiple State jurisdictions and Internationally,
and subject to State, Federal, and extra-US regulatory requirements.
Provided IT-Audit services to a broad range of business and government. In this
capacity assisted the senior auditors in planning and executing effective audit programs
that appropriately integrated the skills and tools of the IT-Audit teams.
Provided similar IT-Audit services to the State of Georgia’s Department of Audits,
assisting the Department in providing comprehensive assessments of the system of
internal controls within the business processes and IT functions of major state agencies
- including the Departments of Revenue, General Services, Juvenile Justice, and N State
Universities.
Led four large-scale engagements to provide independent auditor’s report on the
internal controls of service providers (e.g., SAS70), including Blue Cross and Blue Shield
of Georgia. Typical efforts included a cross-section of the firm’s financial and IT audit
resources in performing broad-scale assessments of the internal controls within the
clients’ business processes and general IT controls.




Delivery of large-scale IT consulting, assessment/improvement, and planning
services
Participated throughout the sales and delivery of services.
Typical projects addressed information security, strategic planning, SDLC, business
continuation, efficiency and control improvements, internal controls, and SAS70.
Representative clients included Southern Company Services, AT&T, Blue Cross and
Blue Shield of Georgia, GTE/Contel, Rhone Poulenc Chemicals, State of Georgia.
Secure Technology Systems – 3960 Stilesboro Road NW – Kennesaw, GA 30152 – (480) 442-2249
Len Sutton
VICE PRESIDENT INFORMATION TECHNOLOGY – SUNTRUST
ATLANTA, GA
page 3/3
6/1980-6/1987
Early in my career I was fortunate to have attained VP responsibility for the IT systems
and network infrastructure of a very large regional bank (SunTrust). I began with the
bank as a “systems engineer” responsible for installing, configuring, and supporting the
bank’s IBM-based online systems. I was rapidly promoted to Vice President of
Information Technology – reporting directly to the CIO/SVP of IT - and for five years
managed and oversaw a 24-person technical team responsible for all technology planning,
implementation, software development environments and programs, systems and
application development and change management, and support for SunTrust's entire
banking systems and information technology infrastructure.
While in that role I led my team through successfully automating the bank’s entire branch
banking network of over 200 banking locations, maintained high levels of availability and
performance of all banking systems and networks while supporting the company's
corporate entity, its twelve divisions, its corporate and retail banking networks, and
providing IT services for 120 community banking companies located throughout the
Southeast U.S.
During this period my team also successfully implemented and administered enterprisewide security over all bank-operated applications, and developed and maintained business
continuation procedures for networks and systems.
EDUCATION AND PROFESSIONAL







Bachelor of Arts, Political Science - Florida State University
Certification – CISA, CISSP
Lead Editor and Contributing Writer - HANDBOOK OF IT AUDITING,
(Warren/Gorham/Lamont)
Information Systems Audit and Control Association (ISACA)- Member since 1992 of
this globally recognized organization for security professionals.
InfraGard - member since 2004 - InfraGard is a Federal Bureau of Investigation (FBI)
and Department of Homeland Security (DHS) sponsored by FBI and DHS.
Representative to industry standards groups:
 American National Standards Institution (ANSI x9) – US’ chartered financial
industry standards body.
 Payment Card Industry Council (PCI) - Industry standards body for card-based
payments – i.e., PCI-DSS, PA-DSS, P2PE, PTS
Other Technology Skills/Experience
 Mainframe tools: ACF/2, CICS, DB2, GDG, IBM Utilities, IMS, JCL, JES, PDS,
PROC, RACF, SDSF, SORT, TSO, VSAM
 PKI, Digital Certificate Authority, Biometric Authentication
 Physical Access & Security - PIV, FIPS 201, Electronic Surveillance
 Microsoft Windows Server, Active Directory
 Network and Data Communications: IP, SNA, Bisync, Async, Firewalls, Web/Cloud
security
 IBM & Intel Assembler, Cobol, C, PL1, Crystal Reports, Monarch, Microsoft Office.
Excel, Project, Visio, Sharepoint
Secure Technology Systems – 3960 Stilesboro Road NW – Kennesaw, GA 30152 – (480) 442-2249