Jeff Flashcards
Jeffrey Ker, MBA
Senior Manager Client Program Management at Asurion
Serves as a program and product relationship manager between Asurion and one of the “Big 3” telecommunications companies. Responsible for exceeding client expectations through delivery of client programs, services, and initiatives. Primarily responsible for supporting in-market technology products and effectively managing to client contractual commitments.
A product manager is the person who identifies the customer need and the larger business objectives that a product or feature will fulfill, articulates what success looks like for a product, and rallies a team to turn that vision into a reality.
Product manager responsibilities
Specific responsibilities vary depending on the size of the organization. In larger organizations, for instance, product managers are embedded within teams of specialists. Researchers, analysts, and marketers help gather input, while developers and designers manage the day-to-day execution, draw up designs, test prototypes, and find bugs. These product managers have more help, but they also spend more time aligning these stakeholders behind a specific vision.
On the flip side, product managers at smaller organizations spend less time getting everyone to agree, but more time doing the hands-on work that comes with defining a vision and seeing it through.
Broadly speaking, though, a good product manager will spend his or her time on a handful of tasks.
Understanding and representing user needs.
Monitoring the market and developing competitive analyses.
Defining a vision for a product.
Aligning stakeholders around the vision for the product.
Prioritizing product features and capabilities.
Creating a shared brain across larger teams to empower independent decision-making.
Experience of going through a full product lifecycle, integrating customer feedback into product requirements, driving prioritization and pre/post-launch execution
•
Experience driving projects with cross-functional colleagues.10. Experience developing social products, technologies and platforms.11
•
Experience building products that protect or isolate data, communicate about privacy or data access, or prevent privacy incidents.12
•
Proven experience functioning in a regulated environment
Dianne Rose, CRISC, CISA, PMP
Director of Security Risk Management at Asurion
• IT leader specialized in Security, Risk Management, Audit and Compliance (PCI, SOX, SOC1). • Experienced with security control frameworks (NIST CSF, PCI DSS, ISO 27002, etc) and capability maturity models. • Strong communication, inter-personal, organizational and time management skills. • Open FAIR, CRISC, CISA and PMP certified. Experience Asurion Asurion 8 years 2 months Director of Security Risk Management Jul 2016 - Present5 years 7 months Nashville, Tennessee Director of Audit, Compliance and Risk Jan 2018 - Oct 201810 months IT Security - Senior Auditor Dec 2013 - Jul 20162 years 8 months Greater Nashville Area, TN Dish Network Dish Network 7 years 4 months IT Compliance - Disaster Recovery Program Manager Oct 2012 - Oct 20131 year 1 month IT Compliance - PCI/SOX Program Manager Jul 2006 - Oct 20126 years 4 months Electronic Data Systems Electronic Data Systems 7 years Service Management Center (SMC) - Project Team Leader 2002 - 20064 years Service Management Center (SMC) - Project Analyst 1999 - 20023 years
IT Operations - Mainframe Systems Engineer
1997 - 19992 years
IT Operations - Analyst
1996 - 19971 year
IT Operations - Mainframe Computer Operator
1995 - 19961 year
Heather Adams Mills
Director of Information Security & Risk Management at Community Health Systems
Director, Information Security & Risk Management
Sep 2021 - Present5 months
Franklin, Tennessee, United States
Information Security Project Management and Transformation
PCI DSS Compliance and Audit Testing Enterprise Wide
Sarbanes–Oxley (SOX) Audits and Assessments
Vendor/3rd Party Security Risk Audits and Assessments
Governance, Risk and Compliance Tool Development and Administration
iSeries Security Engineering
Promoting Interoperability Security Assessments and Remediation
HIPAA Security Risk Assessments and Remediation
Security Policy and Standards Governance
Security Awareness, Communications and Training
Show less
Manager, Information Security Risk Management
Jul 2018 - Sep 20213 years 3 months
Franklin, TN
Lead a team of 15 security engineers along with multiple contract engagement
PCI DSS Compliance and Audit Testing Enterprise Wide
Sarbanes–Oxley (SOX) Audits and Assessments
Vendor/3rd Party Security Risk Audits and Assessments
Governance, Risk and Compliance Tool Development and Administration
iSeries Security Engineering Governance & Project Management
Promoting Interoperability Security Assessments and Remediation
HIPAA Security Risk Assessments and Remediation
Encryption Governance
Security Policy and Standards Governance
Security Awareness, Communications and Training
Show less
Marcel Murry , CISSP
Network Security Architect at Asurion
Network Security Architect Asurion Jul 2019 - Present2 years 7 months Nashville, Tennessee Licenses & Certifications Certified Information Systems Security Professional (CISSP) Graphic Certified Information Systems Security Professional (CISSP) (ISC)² Issued Nov 2020 Nutanix NPP Graphic Nutanix NPP Nutanix
Robert Crump
Sr. Manager, Privacy, Risk & Compliance at Asurion
Data privacy, compliance, and information security professional with experience in the technology industry and civil litigation. Certified Information Privacy Professional (CIPP) and licensed attorney with a J.D. from Vanderbilt University Law School.
Emiley R. Gardellini - Security and Risk 2
Chris Gida - Security and Risk 4
Christopher Gida
Technology Audit and Compliance Sr. Manager at Asurion
I am an information security expert helping organizations balance data protection requirements with meeting business goals and objectives. My diverse background in business concepts, management experience, technical skills and information security expertise allows me to interact will all levels within the organization and define successful solutions. I am driven by the opportunity to create custom solutions for organizations that provide data protection and are easy to implement/support.
Asurion Graphic Technology Audit and Compliance Sr. Manager Asurion Jul 2021 - Present7 months Nashville, Tennessee, United States Cyware Graphic Global Risk and Compliance Manager Cyware Mar 2021 - Present11 months NCC Group NCC Group 4 years 8 months Director - Risk Management & Governance Jun 2017 - Mar 20213 years 10 months Sr. leader of the US RMG consultant team. Practice owner for services related to Third Party Risk Management, Threat & Risk Management, Cybersecurity Reviews, and Transaction Services. Responsible for entire delivery/service lifecycle: sales/marketing, forecasting, engagement management, closeout and relationship management. Principal Security Consultant Aug 2016 - Jun 201711 months Greater Atlanta Area Subject matter expert (SME) and delivery lead for large and complex engagements. Engagements included long‐term work with fortune 50 organizations and the design, development, implementation and execution of major programs.
Working knowledge and experience in the following regulatory, compliance and control frameworks:
Healthcare
• HIPAA/HITECH/Omnibus/Breach Notification
• HITRUST
• FDA UL2900
Payment Processes & Digital Currency
• SWIFT/FedWire/CHIPS
• PCI DSS
• Texas SM 1037
• BitLicense - 23 DFS Part 200 Virtual Currencies
Risk Frameworks
• NIST 800-30
• ISO 27005
Privacy
• ISO 27701
• GDPR/CCPA
• NIST CSF Privacy
• GAPP
Misc
• ISO 27001/02
• CAIQ & CSA STAR
• CIS Top 20 CSC
• SOC 2
• SOX
• NIST 800-53
• FedRAMP
• Microsoft SSPA
• NYCRR 500
• Shared Assessments SIG
Show less
Solutionary
Solutionary
4 years 5 months
Sr. Manager Professional Security Services
May 2014 - Aug 20162 years 4 months
Greater Omaha Area
Major Responsibilities:
• Supported three Managers and 15 Consultants within the GRC team to complete more than 80 engagements accounting for $4.5 million in revenue. Achieved revenue goals to meet and exceed the 33% increase year over.
• Managed a budget of $160,000 for the GRC team, including training and development.
• Demonstrated ability to manage and lead a team despite constant growth, changes and challenges.
• Created and executed on a strategy plan to support Consultants and improve process efficiency while remaining in alignment with the overall objectives of the company.
• Redefined the consulting model internally to create a less complicated yet more predictable method for resource allocation and capacity planning.
• Defined and implemented core pieces of the GRC team function: job descriptions, issues and escalations procedures, disciplinary procedures, IDP’s and promotion plans, employee recognition program, 120 day plans for new hires, training documentation, recruiting procedures, metrics dashboard for performance tracking, service catalog, etc.
• Challenged the GRC team to contest old processes and to push new ideas and solutions for process improvement and better customer service.
• Empowered the GRC team to independently execute on daily operations in accordance with documented processes and procedures, with new items or exceptions needing additional input.
• Started the design and implementation of a GRC tool for the automation of engagements.
• Created an oversight team/function for metrics, reporting and accountability for the Professional Security Services department.
• Sat on the Internal Audit committee and provided direction on identified risks and the execution of the internal audit plan
Positions Held:
Sr. Manager Professional Security Services
Manager SCS Oversight
Show less
Senior Security Consultant
Apr 2012 - May 20142 years 2 months
Greater Omaha Area
Major Responsibilities:
• Performed security assessments for a variety of Clients including small 50 person shops to fortune 40 organizations. Assessments types performed include HIPAA, HITRUST, ISO 27001/02, PCI, SANS T20 and VRM across all industry verticals.
• Designed and implemented the standardized Assessment Process followed by the GRC team, including supporting methodologies: sampling, maturity, risk assessment, etc.
• Demonstrated ability to execute on eight separate assessments concurrently each varying on type, deliverable and timeline requirements.
• Created repeatable processes to execute on technical testing procedures and document results within work-papers.
• Lead multi team engagements to execute on large and complex assessments, including resources from my team and across the organization.
• Assisted organizations with building security programs, methodologies and processes based on identified gaps.
Positions Held:
Sr. Security Consultant
Security Consultant
Show less
Humana
Humana
3 years 11 months
Internal Audit Consultant
Apr 2011 - Apr 20121 year 1 month
Louisville, Kentucky Area
Major Responsibilities:
• Provided assurance around the effectiveness and efficiency of various Humana operational processes. Lead engagements impacting multiple business lines across the organization. Engagements included risk audits, consulting reviews, process maturity assessments and enterprise risk management evaluations.
• Conducted SOX and SSAE 16 testing for Application Development, Change Control, Information Security, and Computer and Network Operations.
• Facilitated risk assessment discussions with key management regarding strategic, operational, and compliance components as part of the CEO’s enterprise risk management initiative.
• Lead the execution of specific audit engagements designed to test risk and control practices.
Show less
Security Operations Consultant
Mar 2010 - Apr 20111 year 2 months
Louisville, Kentucky Area
Major Responsibilities:
• Lead security audits within corporate and on new Humana acquisitions. Conducted in-depth security assurance and compliance reviews. Played a key role in leading and conducting the first cross-organizational security review on a business partner
• Redesigned and managed the business associate review process and became the point-of-contact for consulting business associates. Lead a multi department team, consisting of Privacy, Security, Internal Audit, and IT/Business owners for onsite assessments.
• Created a comprehensive control framework for Humana, based on the ISO 27000 series and the HITRUST CSF. The framework incorporated all relevant regulations, security frameworks, and best practices. Responsible for many of the edits/updates added to the 2010 HITRUST CSF.
• Redesigned the security assurance review work program for conducting audits. Also, created formalized templates, work paper documentation, scheduling, and communications.
• Managed and redesigned the rogue wireless detection program. Expanded the program to include additional offices, which extended coverage from 30% to 80% of Humana (including over 22,000 employees, 15 states and 31 offices).
• Used corporate class vulnerability analysis tools to find vulnerabilities in websites, applications, databases, operating systems, and network devices. Became the owner of an AS/400 scanning tool.
• Created a model for redesigning the information security department. The model improved communication, streamlined workflow, centralized input requests, simplified the customer facing service catalog, incorporated project management, standardized deliverables, and incorporated key metrics.
Show less
Security Operations Analyst
Jun 2008 - Mar 20101 year 10 months
Louisville, Kentucky Area
Brown-Forman Graphic
Intern - Information Security Analyst
Brown-Forman
Oct 2006 - Jun 20081 year 9 months
Louisville, Kentucky Area
Major Responsibilities:
• Managed the process for access requests. Set up new user accounts, change requests and the termination process. Assisted with the design and implementation of role based access control. Conducted audits on user and super user accounts for internal audit and compliance efforts.
• Enforced Segregation of Duties procedures for sensitive file shares and SAP roles, objects, and transaction codes.
• Took over the processes for managing the corporate web filter.
• Documented all policies and procedures for the Information Security team.
Show less
University of Louisville Graphic
Residential Area Technology Specialist
University of Louisville
Jul 2005 - Dec 20061 year 6 months
Louisville, Kentucky Area
Conducted onsite support including the setup of computers, installing anti malware and patches, establishing internet connections, and training students on secure and safe practices. Designed and implement a program for the service to more than 3000 students in the dorm rooms during opening weekend. Lead a team of 3 other specialists.
Implemented a Norton Ghost solution to streamline the process to reformat computer lab computers. Assisted in the rollout of a network access control solution that segregated student computers in a separate VLAN that did not have the latest patches, definitions, and updates.
Jay Exum
Chief Trust and Privacy Officer, Asurion
Chief Privacy Officer
Asurion
Aug 2021 - Present6 months
Raleigh-Durham-Chapel Hill Area; Nashville, TN
ICON plc Graphic
Assistant General Counsel, Executive Director and Global Privacy Officer
ICON plc
Feb 2020 - Aug 20211 year 7 months
Raleigh, NC
Chief Privacy Officer, Privacy Counsel
SAS
Feb 2017 - Feb 20203 years 1 month
Cary, NC
Toshiba Global Commerce Solutions Graphic
Assistant General Counsel and Chief Compliance Officer
Toshiba Global Commerce Solutions
Oct 2013 - Jan 20173 years 4 months
Research Triangle Park, NC
• Responsible for designing, implementing and maintaining ethics and compliance program for new Toshiba subsidiary.
• Lead team responsible for corporate governance and compliance issues in 47 countries.
• Serve as lead in litigation matters, including HR-oriented claims and business disputes; engage and manage outside counsel as needed for litigation.
• Advise on data privacy issues in the retail industry as they relate to TGCS’ role in the retail hardware, software and services…
Show more
U.S. Department of Justice Graphic
Assistant United States Attorney
U.S. Department of Justice
Jun 2004 - Oct 20139 years 5 months
Raleigh-Durham, North Carolina Area
• Investigated and prosecuted a wide variety of federal crimes occurring in North Carolina’s 44-county Eastern District, including white collar crimes, violent crimes, and computer and technology-enabled crimes.
• Engaged regularly in oral and written advocacy in federal court, including magistrate court, district court, and the 4th Circuit Court of Appeals.
• Served as lead counsel in successful criminal trials in multiple areas, including cases involving health care fraud, social security fraud, gun crime, and child sexual abuse and exploitation.
• Trained judges, prosecutors, and investigators in the newly independent nation of Kosovo as they sought to establish a more effective criminal justice system.
• Recipient of Attorney General Eric Holder’s Award for Outstanding Multi-Agency Operation in 2011.
Show less
IBM Graphic
In-House Counsel
IBM
2000 - 20044 years
• Negotiated software and intellectual property licensing agreements, including leading the team responsible for PC Division’s legal relationship with Microsoft and negotiation of IBM’s Windows license.
• Acted as division’s lead employment lawyer on site, responding to a wide variety of personnel matters at a site employing thousands of workers.
• Helped develop litigation strategy in dealing with major product liability matters.
• Counseled marketing teams on creation of effective, legally sound advertisements.
Show less
Quintiles Graphic
In-House Counsel
Quintiles
Jan 1999 - Sep 20001 year 9 months
RTP, NC
• Served as general corporate counsel for matters relating to mergers and acquisitions, real estate purchases and management, customer contracts and relationships, and acted as lead counsel for matters arising in the Pacific Rim.
Robinson, Bradshaw & Hinson Graphic
Associate
Robinson, Bradshaw & Hinson
Aug 1995 - Jan 19993 years 6 months
Charlotte, NC
• Practice focused on corporate and commercial real estate transactions including mergers and acquisitions, development of commercial properties, leasing, and general corporate work.
Education
Harvard Law School Harvard Law School Graphic
Harvard Law School
JD
1992 - 1995
University of North Carolina at Chapel Hill University of North Carolina at Chapel Hill Graphic
University of North Carolina at Chapel Hill
B.A.Economics, Psychology
1988 - 1992
Licenses & Certifications
Certified Information Privacy Professional - EU (CIPP/E) Graphic
Certified Information Privacy Professional - EU (CIPP/E)
IAPP - International Association of Privacy Professionals
Issued Jun 2020
Certified Information Privacy Manager (CIPM) Graphic
Certified Information Privacy Manager (CIPM)
IAPP - International Association of Privacy Professionals
Issued Feb 2020
Privacy Law Specialist Graphic
Privacy Law Specialist
IAPP - International Association of Privacy Professionals
Issued Feb 2020
Fellow of Information Privacy (FIP) Graphic
Fellow of Information Privacy (FIP)
IAPP - International Association of Privacy Professionals
Issued Dec 2019
Certified Information Privacy Technologist (CIPT) Graphic
Certified Information Privacy Technologist (CIPT)
IAPP - International Association of Privacy Professionals
Issued Nov 2019
CIPP/US Privacy Certification Graphic
CIPP/US Privacy Certification
IAPP - International Association of Privacy Professionals
Issued Feb 2016
Notary Public Graphic
~14 years of IT experience from gathering/understanding complex business requirements to designing, implementing scalable, cost and performance efficient technology solutions using best of Cloud technologies and micro service architecture like AWS, Node JS, React JS and various database technologies. Extensive experience on integration and service oriented architecture in technologies like TIBCO Business Works and other TIBCO technology suite, SQL/No-SQL database technologies like Oracle, Mongo/DynamoDB, SOAP and REST services.
Under Curling, Asurion has also evolved to offer a more retail-like omnichannel experience, in which the company’s 300 million-plus subscribers may contact the company via phone, online via webchat or through chatbots to discuss problems with their WiFi, pair their phones or smart speakers to Bluetooth or other tech issues. If a consumer shifts to another communications channel, Asurion “carries over” information about the issue to ensure a more fluid experience. In 2018, Asurion received a CIO 100 award for creating a AI-based recommendation engine that “learns” from customer interactions to better personalize its tech help service
Asurion, LLC uses 952 different technologies from 10 different vendors. They have above average use of several technologies including Apple IOS, Hazelcast and ArcGIS.
Product Categories
Asurion, LLC uses products from 10 different product categories. They are particularly heavy users of products in Database Management System, Software Frameworks, and Operating Systems.
What measurements would you take to protect an internal network from external threats?
What would you do if the system crashed after a change you implemented?
If you spotted a minor bug in an application, would you try to fix it yourself or mention it to the engineering team?
What policies would you create to ensure our employees properly use technological resources?
