career objective                              

results-driven senior information security consultant eager to contribute exceptional leadership, project management, and client relation skills toward actively supporting the employer in improving operational performance

profile                                                

ø  offer more than 14 years of progressive it experience, with expertise in  developing client-specific information security and risk management solutions and ensuring compliance with regulatory requirements

ø  diligently plan, conduct, and report on information security compliance audits and gap assessments; extensive practical knowledge of  health insurance portability and accountability act (hipaa), gramm-leach-bliley act (glba), sarbanes-oxley (sox), and payment card industry data security standards (pci-dss)

ø  serve as a subject matter expert and apply depth of knowledge towards developing and streamlining  standard operating procedures, compliance programs, and formal risk assessment processes; develop iso27001:2005, cobit, and nist information security frameworks

ø  lead operational, security architecture, wireless security, vulnerability assessment, system development lifecycle, secure code, access control, and physical security reviews

ø  demonstrated ability to build, train, and lead top-performing support teams; strategically plan and coordinate workflow and human resources

ø  dynamic organization, prioritization and time management skills; consistently achieve critical deadlines while maintaining high quality standards

ø  proactive team player equally effective in independent and collaborative environments

 

~ key achievements ~

• successfully increased efficiency and quality of service for trustwave s external retail merchant and service provider client base; work closely with all levels of personnel in compliance auditing and documentation
• entrusted with oversight of key accounts, including two of the largest retail merchants in the midwest, as senior information risk management consultant with aeritae; effectively restructured security team, established standard operating procedures, and delivered ongoing training and support as well as quarterly pci dss program status reports
• assigned to execute diverse projects for major ernst & young clients from the healthcare, nonprofit, and private sectors; created it governance frameworks and performed pre-implementation project audits, it general control reviews, and sas70 type ii reviews
• effectively steered critical hipaa security management and compliance project for leading midwest-based insurance company
• developed risk management program framework for large minneapolis-area hospital and performed hipaa security assessments for major lending institution; actively boosted shavlik s profitability through vendor relationship management and providing interdepartmental support
• designed an integrated risk-based security posture leading to a sustainable and repeatable program framework in line with hipaa guidelines and nurses care s business development initiatives
• introduced information security program, policies, and standards for the pennsylvania higher education assistance agency; created agency-wide information security awareness and training site

 

continued

stephanie lane                                                                                                                                                                                    page 2

professional experience                

trustwave, insert city, il                                                                                               6/08 c present

senior information security consultant

 

aeritae consulting group, insert city, mn                                                                                      4/07 c 6/08

senior information risk management consultant

 

ernst & young, minneapolis, mn                                                                                                10/06 c 4/07

technology, security, and risk services

 

shavlik technologies, minneapolis, mn                                                                                      3/05 c 10/06

senior information security consultant

 

nurses care, inc., middletown, oh                                                                                             10/03 c 3/05

information security officer

 

pennsylvania higher education assistance agency, harrisburg, pa                                           10/02 c 10/03

information security coordinator / officer

 

f3 solutions group, omaha, ne                                                                                                  1/02 c 6/02

hipaa security consultant

                         

mutual of omaha, omaha, ne                                                                                                    7/98 c 12/01

information security specialist

 

cinergy corporation, cincinnati, oh                                                                                             3/95 c 7/98

information systems engineer

education                                           

bellevue university, omaha, ne

bachelor of science in business information systems

• gpa: 4.0; dean s list

           

~ certifications ~

visa-pci qualified data security professional (qdsp)                                                               2006 c 2009

certified information security manager (cism)                                                                                       2007

isms iso27001 lead provisional auditor                                                                                               2007

 

~ professional affiliations ~

information systems audit and control association (isaca), minneapolis, mn                                       2009

international register of certified auditors (irca)                                                                                  2008