This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "User:Eric Bonnell"

From OWASP
Jump to: navigation, search
m (Creating user page with biography of new user.)
 
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
Information Risk Management/Security Professional
+
Information Security and Risk Manager, Advance America, Inc.
 +
 
 +
Certified Secure Software Lifecycle Professional (CSSLP) #99621, Feb 2009
  
Certified Secure Software Lifecycle Professional (CSSLP) #99621, Feb 2009
 
 
Certified Information Systems Security Professional (CISSP) #99621, Jan 2007
 
Certified Information Systems Security Professional (CISSP) #99621, Jan 2007
  
Information Systems Security Association (ISSA) #3124900 - President Eastern Iowa Chapter
+
Information Systems Security Association (ISSA) #3124900 - President Eastern Iowa Chapter 2009-2010
  
 
Information Systems Audit and Control Association (ISACA) #431044
 
Information Systems Audit and Control Association (ISACA) #431044
 
Develop and monitor major Information Risk and Information Security program components for AEGON companies, comprised of 20 business units within the US and Canada. Prepare operational and trend reports for presentation to senior management. Partnered closely with Legal, Operation Risk Management and Internal Audit to align processes and procedures.
 
 
- Revised and published Information Security Policy to align with ISO 27002:2005 as well as regulatory, statutory and industry requirements (e.g., GLBA, HIPAA, SOX, PCI, CA SB-1386, MA 201 CMR 17.00, etc.).
 
 
- Implemented Information Security Policy Request for Change (RFC) process, leveraging existing technology, to effectively capture the due diligence related to the submission, analysis, vetting and version control of policy and program documentation.
 
 
- Combined processes and tools for assessment of Information Risk and Information Security Compliance, eliminating redundant information and process steps taken to provide effective high-level enterprise and divisional performance metrics to senior management.
 
 
- Consulted regularly with Divisional Information Security Officers, business customers and IT subject matter experts throughout the company to prioritize required control remediation activities based upon business risk, including:
 
  - computer hardening controls
 
  - enhancements to change management and system development lifecycle (SDLC) processes
 
  - classification and management of information assets
 
  - development and implementation of awareness and training materials.
 
 
- Provided additional program support for:
 
  - Information Classification and Management – consulted on assessing business unit implementation of program processes and controls.
 
  - Information Security Incident Response – led enterprise-wide Incident Security Response Team when required.
 
  - Information Risk Awareness and Training – contributed to quarterly newsletter, on-line training materials and presentations.
 

Latest revision as of 20:18, 12 June 2010

Information Security and Risk Manager, Advance America, Inc.

Certified Secure Software Lifecycle Professional (CSSLP) #99621, Feb 2009

Certified Information Systems Security Professional (CISSP) #99621, Jan 2007

Information Systems Security Association (ISSA) #3124900 - President Eastern Iowa Chapter 2009-2010

Information Systems Audit and Control Association (ISACA) #431044

Retrieved from "https://wiki.owasp.org/index.php?title=User:Eric_Bonnell&oldid=84835"