Hoover, AL 35244 404.558.7694
cochran.infosec@charter.net
https://www.linkedin.com/in/alandcochran/
Information Security Specialist & Advisor
Strengthening Organizations Through Tailored, Comprehensive Security Programs and Processes
Information Security professional with deep experience having delivered reliable information security programs and running enterprise security operations for financial institutions, payment processors, health care providers, a managed security services company and startups. Expertise across all aspects of the “business of information security” including IS strategy, security engineering, operations, incident response, service management, regulatory expertise, and information security governance. Ability to influence strategic decisions and building strong stakeholder relationships. Earned and maintains designation as a Certified Information Systems Security Professional (CISSP) and ITIL v3.
CORE COMPETENCIES
Information Security, Cybersecurity and Compliance | Enterprise Security Strategy | Security Operations, FFIEC, PCI and FBI Information Security Mandates | Information Security Assessments | Security Operations Center Startup and Management | Road Warrior |
Professional Experience
BBVA Compass Bank | Birmingham, AL 2016 – 2018
Senior Vice President, Cyber Security & Entity Management
Oversaw information protection functions under the Entity Management program. Provided leadership for information security engineering, operations, access management, and rights provisioning functions across parent company and subsidiaries.
- Created the entity management program that standardized information security, fraud management, IT risk management, and business continuity / disaster recovery functions across 12 BBVA companies in the US.
- Implemented the continuous improvement model (CIM) comprised of security assessment, risk analysis / evaluation, gap remediation, and maturity improvement functions.
- Performed information security, fraud management, and IT risk program evaluations for BBVA companies.
Global Payments Worldwide | Atlanta, GA 2011 – 2016
Vice President, Information Security
Led the information protection and security of global payments businesses in four worldwide regions. Applied assessments, planning, process / technology implementation, security testing, communication, and leadership reporting actions. Conducted reviews with each region / country to resolve security issues.
- Performed recurring security / risk assessments and implemented improvements for 14 businesses worldwide.
- Drove information security and risk due diligence evaluations for corporate mergers and acquisitions and orchestrated post-acquisition secure integration of technologies and businesses.
- Developed a three-year security strategy emphasizing core / worldwide security and secure products and services while providing updates to the board of directors and corporate leadership.
- Implemented an information security program managing all security intrusion and post-event responses.
- Restructured the information security department to encompass policy and governance, risk management, core, web and end protection (CWEP), threat vulnerability management (TVM), access controls, logging, and forensics.
- Managed the worldwide information security program with offices in North America, Brazil, United Kingdom, Czech Republic, Russian Federation, Philippines, Taiwan, Hong Kong, and Malta.
Cochran-US | Hoover, AL 2010 – 2011
Vice President, Information Security
Consulted on structure and leadership on security governance, security operations, and policy / risk management programs that balanced security practices with business needs.
- Implemented security and operational controls, service management program and delivery, security processes, identity and access management, IS strategy execution, and SLA management responsibilities.
- Served as a trusted information security advisor to multiple corporations, IT divisions, and IS departments improving IS operational posture, and delivering business value through effective and efficient security services.
- Led data security review technology / business risk management programs for application service providers and electronic payment companies in USA and multiple countries.
kaiser permanente | Oakland, CA 2008 – 2010
Executive Director, Information Security and Data Protection
Directed information security risk management leadership and oversight for 6 million members and 126,000 employees. Established operations strategy for the health plan, hospital and medical offices, and physician group. Led the services and operations department.
- Restructured the information security division, services, SLAs, and operations processes.
- Developed an IS services catalog framework and a service offering inventory to support client needs.
- Enhanced IAM access/role management / provisioning services.
TSYS Inc. | Columbus, GA 2005 – 2008
Senior Director, Information Security
Managed information security for the world’s third largest electric payments and merchant network provider in eight US and four international locations. Oversaw the strengthening and operation of TSYS’ IAM service offerings, application selection, workflow architectures, program development, operational support, and financial management. Designed and implemented TSYS’ first (through third) PCI DSS compliance programs.
- Implemented TSYS’ first CyberSecurity operations center enabling 24×7 surveillance and response.
- Developed the TSYS DataStore security program, a risk management methodology based on identification of sensitive data and observed data storage / handling.
- Incorporated PCI requirements into daily support functions for continuous adherence to DSS guidelines.
- 100% compliance earned for more than four years for this class one provider.
- Conceptualized the automated encryption key management processes for an electronic payments processor.
- Installed two factor authentication services for internet-facing applications capable of providing personally identifiable information (PII) to 4 million customers.
AMSOUTH BANK | Birmingham, AL 2002 – 2005
Senior Director, Information Security
Drove the information security division supporting 660 branches, two data/network centers, and 16,000 employees. Formed an information security policy and standards governance council to sanction policies and standards with multiple financial institutions with senior management participating from business and infrastructure divisions.
- Built a vendor management program structured by ITIL concepts and incorporated third party security assessments with legal and procurement services supporting 100+ vendor relationships within first year of operation.
- Led distributed systems, server / mid-range, mainframe, data and voice network environment and implemented a security operations center supporting Cisco firewalls, ISS IDS, TippingPoint IPS, McAfee AV, and desktop encryption.
Guardent, inc. | Boston, MA 2000 – 2002
Senior Director, Managed Information Security Services
Developed the managed security service, including firewalls, intrusion detection / prevention, malware, and incident response program, for this startup. Spearheaded a team of expert information security analysts and technicians to build a world-class cybersecurity operations center.
- Implemented a security operations center providing 24×7 support for 400+ managed security services environments.
- Enabled rapid implementation of security control environments by developing an automated device provisioning application and workflow.
education & Professional Development
Bachelor of Science in Accounting & Finance, Fordham University
People Leadership, Synovous Leadership Academy
Certified Information Systems Security Professional (CISSP) #96489
ITIL v3
Information Systems Security Association (ISSA), Member
Information Systems Audit and Control Association (ISACA), Member
InfraGARD, Member