Len
Sutton
316 Senna Street
Marietta, Georgia, 30064 - United
States
len.sutton@securtec.net - +1(770)380-2249
Summary
Extensive
successful experience assisting large-scale organizations in providing and
operating effective, secure information systems and networks.
Experience includes providing leadership
in developing and administering successful enterprise programs for:
·
Assessing, improving, and
administering security and compliance programs per statutes, regulatory and
industry standards, i.e.,
o Privacy,
PCI, GDPR, GLB, CCPA, HIPAA, PIPEDA/PIPA, PII/PNP, COPPA
o SOX,
SOC1, SOC2, BSA, AML, SAR, KYC, COSO, FFIEC, SSAE 18, SAS70/SSAE-16
·
Physical and information
security/cybersecurity, privacy, compliance, and risk management
o Physical
Access, Identity & Authentication (IAM), Electronic Surveillance
o Biometric,
PIV, FIPS, Campus, Enterprise
·
Cybersecurity & Managed Security
Services – i.e., Alienvault, SecureWorks, TrustNet
·
IT planning, architecture,
implementation, integration, change management
·
Effectiveness & operational
improvements for enterprise IT & key business processes
·
Audit, Assessment, & Improvement
of security, compliance, privacy, risk, internal controls
·
Payments/Acceptance - Merchant
Services, Consumer Loyalty, Retail, Telecomm, Mobile Payments, eWallet,
Prepaid, Cashless/Unattended/Vending, (Visa, MasterCard, PCI), EMV, Chip and
Pin, Prepaid, Alternative Payments
·
Healthcare, P&C Insurance
·
Fraud Prevention, Detection,
Response
·
Strategic Planning - Enterprise
Systems, Infrastructure, Security
·
Due Diligence regarding key business
processes and IT systems, infrastructure,
and IT function
·
Strategic Planning & Management
of Information Technology Function
·
Healthcare Provider Claims &
Payment Processes, HIPAA
Securtec
Management & Consultant -
CSO, Security, Compliance
1996 – Present
Location - Atlanta
Assisting clients in planning, implementing, and improving mission-critical information systems, infrastructure, and business processes. Providing enterprise consulting and advisory services in information technology management, security, privacy, compliance, internal controls, and risk management. Serving medium and large clients in corporate, governmental, and higher education sectors. Representative clients and engagements include:
· IT consulting and project management services for the US and international divisions of international telecommunication corporation
· Assisted AT&T Wireless in due diligence, security and management controls related to US and Latin America operations
· Developing Managed Security service/delivery programs utilizing SecureWorks and AlienVault for major managed security services providers (MSSP).
· SOC1, SOC2, PCI, Sarbanes Oxley, SAS70/SSAE16, Security, and Privacy programs for Healthcare and Financial Services.
· Delivering cybersecurity, privacy, compliance, and related consulting and validation services.
· Assess and improve privacy programs - i.e., vs California Consumer Privacy ACT (CCPA) and the EU General Data Protection Regulation (GDPR).
· Providing best-of-breed security management (MSS/MSSP) solutions and services to assist quality organizations in assuring the security of their information systems and networks.
· Technology assessments and strategic IT planning for US banking and higher education clients.
· Disaster & Continuity plans (DRP/BCP) for financial services, power utilities.
·
Comprehensive security and internal controls
assessments of public universities and state government agencies.
TrustNet Inc.
Director, Vice
President - Managed Security Services
2016 – 2021
Location - Atlanta
Responsible throughout the sales and service delivery for:
· Delivering cybersecurity, privacy, compliance (e.g., SOC 1, SOC2), and related consulting and validation services.
· Assisting clients in assessing-and-improving privacy programs- i.e., vs California Consumer Privacy ACT (CCPA) and the EU General Data Protection Regulation (GDPR).
· Providing best-of-breed security management (MSS/MSSP) solutions and services to assist quality organizations in assuring the security of their information systems and networks.
Secureworks
Enterprise
Solutions Advisor
2014 – 2016
Location - Atlanta
For this leading provider of Managed Security Services, provided consulting/advisory assistance to Secureworks and to key accounts - e.g., in developing and expanding managed security services and customer relationships.
APRIVA
Chief Security Officer / CSO,
Risk, Compliance
2008 – 2013
Location - Scottsdale, AZ
For this major payment technology and services provider, provided key management oversight and administration of Security, Compliance, and Risk programs. Responsibilities included:
· Key executive responsible for security, privacy, compliance, and related risk management for this highly secure provider of secure mobile communications solutions and excellent “mobile payments” products and services.
· Heavily involved throughout product/service development life cycle in developing and operating Apriva’s excellent “mobile payment”, loyalty, E-Wallet, prepaid/closed-loop, and cashless vending solutions.
· Actively supporting efforts with and on behalf of major customers and business partners, including Pepsi, Bank of America, Wells Fargo, First Data.
· Worked effectively with cross-functional teams, including product, engineering, operational, marketing, legal counsel, and sales teams, in defining, developing, and delivering quality products and services.
· CSO responsibilities included:
o Planning and oversight of hosted and Web-located payment processing network, systems infrastructures, and services.
o Oversight of development and operation of security-related processes and components, i.e., identity & access, PKI, digital certificate authority, cryptography, P2PE/Point-to-Point Encryption, Tokenization, SDLC, firewalls, IDS/IPS, PCI-DSS, PADS, PIV, FIPS.
o Management of security, privacy, and regulatory compliance of company products/services, including:
§ AprivaPay
§ Mobile Payment Solutions for Apple & Android
§ AprivaLife
§ eWallet, Loyalty, Prepaid
§ Hosted/Cloud payment services
§ Card Present, eCommerce/MOTO
§ Payment Gateway/Transport
§ Provided oversight for development of secure mobile payment, Wallet, and loyalty products
§ Defined and improved security and control related information technology infrastructure, corporate policies, and business processes
§ Designed and administered PIV/FIPS physical security for all facilities
§ Coordinated business continuation preparedness for two geographically diverse data centers and supporting infrastructure
§ Successfully protected highly sensitive information assets from breach, compromise, or related Security or Privacy failures.
Global
Payments, Inc
CSO, Vice
President Information Security, Privacy, Risk, and Compliance
2000 – 2005
Location - Atlanta
For one of the world’s largest provider of payment services, successfully fulfilled senior management responsibilities over the security and compliance requirements of one of the world's largest payment service providers. Performed executive management oversight in establishing and administering all programs and procedures related to:
· Security - confidentiality, integrity, availability
· Privacy Statutes and Regulations – Governmental and Industry
· Compliance – government, Industry, Agreements
· Risk Management for all information systems and related technology infrastructure
· Business Continuity and Physical Security for all business units and corporate facilities.
Accomplishments included:
· Developed, implemented, and administered corporate-wide security policies, procedures, and functions.
· Directed internal programs necessary to meet industry and statutory regulations – including Sarbanes Oxley, privacy statues - i.e., Gramm-Leach-Bliley Act (GLB), Personal Information Protection and Electronic Documents Act (PIPEDA), US Patriot Act, etc.
· Developed policies and administered security and compliance programs related to Global Payment's own business operations
· Established and administered the company’s Risk and Oversight programs for Security, Risk, and Compliance programs related to:
o 50,000+ merchant services customers, and
o 400+ partners, sales channels, independent sales organizations (ISOs), vendors and third-parties.
· Successfully protected highly sensitive information assets from breach, compromise, or related Security or Privacy failures.
PWC –
PriceWaterhouseCoopers (Coopers & Lybrand)
Sr. Manager -
IT Consulting and Assurance Services
1987 – 1996
Location - Atlanta
Served as manager and/or lead consultant performing extensive client engagements for over 50 major enterprises. Representative engagements included US and internationally located clients operating within a broad range of business sectors – e.g., financial services, healthcare, telecommunications, manufacturing, chemicals, and pharmaceuticals.
· Representative engagements included:
o Assessment, operational improvements, and planning regarding clients’ IT systems, networks, infrastructure, operations, and organizational structure.
o Strategic IT Planning – Defining requirements and in-depth, forward-looking plans that enable the enterprise to make best use of information technology.
o Evaluating the effectiveness and integrity of core business processes and the related operational and financial reporting.
o Key Business Systems life cycle – e.g., Requirements planning, Build/Buy/Selection, Implementation
o Business Continuation preparedness.
· Representative clients operating within:
o Business sectors including financial services, healthcare, telecommunications, and manufacturing,
o
Nation-wide (US) and Internationally - and subject to multiple State, Federal, and
extra-US regulatory requirements.