Paul Simon Heckel

Summary of Qualifications

• Over eight years of information technology experience including three years in information technology strategic management, four years project management, and two years in internal audit
• Experience in designing information technology architectures, information security programs, strategies, policies, procedures, and security baseline standards, network architectures, system migration plans, regulatory compliance roadmaps, and identity and access management solutions
• Masters degree in technology management with a curriculum focus on electronic commerce
• Expert technical ability, solid business background, knowledge and expertise of industry security and privacy regulations, and superb written and verbal communication skills
• Highly detail oriented with extreme attention to quality and knowledge sharing

Employment History

Head of Global Content Management & Strategy

• Lead and influence all areas of the company to ensure best practices in digital asset management and reuse of content across business applications, business processes and websites
• Collaborate closely with project teams composed of information architects, publishing specialists, content creators, visual designers, business analysts, and software developers in all aspects and phases of project redesign
• Hands on delivery during early phases of Content Management System roll-out
• Deliver prioritised plans for creation of CMS templates and implementation plans along with complimentary client-facing documentation
• Develop and oversee the standards of content creation included in the solution including naming conventions, instructional copy and other interface textual elements, plans for enhancing, editing and reformatting of existing and newly created content, creation of in-depth taxonomies and metadata documentation and a related search optimization plan
• Lead Interwoven vendor relationship regarding the performance of all commercial components, roadmap, and upgrades
• Lead and manage team of TeamSite developers to deliver high quality templates, workflow and code in a timely manner across a variety of projects, across all MDD businesse

Group Auditor

• Redesigned IT internal control framework and requirements to fully align with COBIT and executed global IT audit plan
• Served on Global IT Steering Committee chartered to organize and prioritize portfolio of development and integration projects
• Participated in quarterly business reviews with senior executives covering over 30 business units each quarter
• Co-developed annual audit plans, schedules, and budget
• Served as lead auditor on 10 and conducted over 20 audits examining accounting, finance, human resources, and IT controls
• Developed, implemented, tested, and deployed web-based internal audit issue tracking database
• Performed independent assessment of IT Security Management and Governance and presented findings to Group CIO

• Big Three US Automotive: Identity and Access Management Architecture Residence
  
  • Project manager and solution architect for global identity and access management strategy, technology requirements definition, product selection, architecture design, detailed system design, product configuration, and software development of global access management technology platform
  • Presented global access management technology architecture alternatives to executive stakeholders and facilitated selection of technical design
  • Developed strategy for integrating 100 financially significant applications into newly developed access management business process and technology framework
  • Co-managed $1.6 million fixed price project budget
  • Managed team of six software developers and two architects delivering over 200 functional requirements operating within rigorous system delivery lifecycle methodology
  • Eliminated paper and fax-based access request and approval process for PeopleSoft
  • Published identity and access management service delivery methodology to internal knowledge base and presented summary webcast to fellow security practitioners

• Fortune 150 Gas and Electric Utility: Identity and Access Management Assessment and Strategy Development
  • Technology architecture team lead in performing assessment, identifying over 100 deficiencies, and developing  regulatory compliance driven three-year road map of recommended projects
  • Analyzed and redesigned supporting business processes and defined performance metrics for optimized process control and efficiency
  • Consolidated identity management infrastructure from 38 custom applications and batch processes to a single centralized service-oriented application and enabled repurposing of 10 security administrators
  • Presented project findings and recommendations to 60 customer stakeholders during two day workshop

• Fortune 100 Pharmaceutical: Global Network Architecture Assessment and Strategy Development
  • Security subject matter specialist in performing assessment of wide area network, local area networks, voice and video networks, firewalls, intrusion detection systems, virtual private networks, and QoS
  • Redesigned MPLS network architecture  reduced telecommunication providers from 50 to two, removed internet traffic from corporate network, centralized global remote access connectivity, and enabled company to focus on core business competencies
  • Presented findings and recommendations to executive stakeholders and facilitated selection of future technology direction for global network infrastructure

• Venture Capital: Incident response planning and execution
  • Developed customized incident response plan detailing technology and process controls required to address  hostile executive termination
  • Provided guidance and support to customer resources during incident response plan execution

• Consumer Products: IAM Strategy and Regulatory Compliance Roadmap
  • Project manager and subject matter specialist for development of identity and access management strategy development of compliance road map
  • Developed return on investment calculator  to support executive decisions on strategic and tactical compliance initiatives and solutions

• Various clients
  • Performed HIPAA compliance assessment for network of 14 hospitals
  • Defined minimum security baseline standards for web servers and wireless network technology
  • SAS-70 - Customized work plan and executed testing scripts to perform IT audit of global web server and anti-virus infrastructures
  • Identified discrepancies of encryption implementation between wide area and local area networks

• Product manager for product security requirements that mitigated high risk security vulnerabilities
• Designed, developed, and implemented Open Text’s Security Management System incorporating policies and processes for vulnerability reporting, incident response, decision matrices, patching, and testing
• Published and maintained relevant Open Text Security Management System materials in web-based collaboration tool for optimal interaction with employees and customers
• Coordinated and delivered responses to all customer security concerns with particular attention to customers in pharmaceuticals, government, and financial services
• Developed and performed vulnerability assessments and penetration tests on web-based and client-server products

• Responsible for end-to-end quality assurance of development lifecycle for web-based, enterprise content management software
• Developed new software development lifecycle approaches to reduce time to market while incrementally improving software quality
• Developed detailed test strategies and test cases to validate the implementation of functional and technical requirements
• Tracked and resolved over 1000 product defects
• Led software project planning activities to define product development lifecycles and product road maps

Educational History

• Degree in Technology Management
• Curriculum focus on electronic commerce, internet applications, and information security
• Designed and developed business-to-business collaboration and marketplace portal for consortium of metal manufacturers in capstone course project

• Major  in Comparative Literature, minor in Spanish
• Curriculum focus on literary criticism and interpretive theory

Professional Skills

Regulatory Compliance

• Familiarity with IT General Controls, COBIT, Sarbanes-Oxley IT Audits,  SAS 70

• Microsoft IIS, iPlanet, SunOne, Sun Web and Application Server, Apache, Tomcat, JRun, JBOSS, ServletExec

• Oracle, MS SQL Server, Sybase, MySQL

• Windows (2000, XP, 2003, Vista), Solaris, HP-UX, RedHat, Fedora Core, CentOS, Debian (Ubuntu)

• Basic Java, OScript (proprietary to Open Text), SQL, PERL
• Basic HTML, JavaScript, XML, XPRESS (proprietary to Sun Microsystems), WebLingo (proprietary to Open Text), JSP, Servlets

• Sun Java Enterprise System (Identity Manager 6.0, 7.0, Identity Auditor, Access Manager, and Directory Server)
• Vaau RBACx
• Approva BizRights
• Tivoli Access Manager for Operating Systems (TAMOS)

• Open VPN, Aventail VPN
• Snort Intrusion Detection System
• NMap, Nessus, LanGuard, HTTP proxy tools

Professional Memberships

• Member of ISC2
• Member of Institute of Internal Auditors

Interests & Hobbies

• Music, literature, art, cooking
• Outdoor recreation: soccer, tennis, golf, running, mountain biking, hiking, and camping
• "Do it yourself” computer systems, servers, and networks for streaming media, web content, and file sharing
• Volunteer web content management architect for Forward Theater Company

References available upon request.