Gideon T. Rasmussen

Gideon T. Rasmussen

PCI Compliance Manager at Bank of America - CISSP, CISA, CISM, CIPP

Charlotte, North Carolina Area

Current
Past
  • Director, Technical Operations at International Creative Management, Inc.
  • Infrastructure Security Manager at AIG

see less...

2 more...

Recommended
Gideon T. has 20 recommendations 20 people have recommended Gideon T.
Connections
500+ connections
Industry
Management Consulting
Websites

Gideon T. Rasmussen’s Summary

Information Security Manager with 10 years experience in fortune 50 and military organizations. Aligns with business management and considers how security initiatives can reduce risk and provide competitive advantage. Background consists of information security, regulatory compliance, auditing, infrastructure and operations focus.

Possesses a strong auditing background. Experience includes assessments of entire organizations, IT departments, large corporate data centers, hosting providers and secure facilities. Methodologies include ISO 17799, PCI DSS, FISAP and DoD certification and accreditation (DITSCAP).

Recognized as a change agent. Has proven problem solving, project management, and interpersonal skills. Utilizes an effective combination of management expertise and hands-on technical skills. Directs thorough on-site information security audits and manages resolution of the findings. Effects cultural change through awareness programs and security advocacy.

Gideon T. Rasmussen’s Specialties:

· Information Security Management
· Information Security Audit
· Regulatory Compliance
· Program Development
· Risk Management
· Layered Monitoring
· Incident Response
· Policy/Standards Development
· Security Awareness Programs
· Insider Threat Mitigation
· Physical Security
· Business Liaison

Gideon T. Rasmussen’s Experience

  • PCI Compliance Manager

    Bank of America

    (Public Company; BAC; Banking industry)

    July 2006Present (3 years 5 months)

    Established a Merchant PCI Compliance Program. Manages a team of seven: Defined processes, procedures, risk ranking methodology, custom application business requirements, service level agreements and reporting. Team activities include evaluating PCI assessment reports in consideration of merchant compliance, remediation tracking and close integration with BA Merchant Services. Promoted to Tech Manager and Senior Tech Manager (10/07 and 11/08, respectively).

  • On-Site Supplier Assessor (Sapphire Consultant)

    Bank of America

    (Public Company; 10,001 or more employees; BAC; Banking industry)

    January 2006July 2006 (7 months)

    Conducted on-site security assessments of external IT suppliers. Accomplished risk-based security program assessments including evaluation of firewalls, networking, encryption, application security, system hardening and access control. Remaining test procedures were distributed across the 10 domains of ISO 17799. Mentored new team members. Strong contributor to the complete re-write of the on-line assessment program to align with new baseline controls. Converted to full-time Vice President position.

  • Information Security Officer (Consultant)

    Pfizer, Inc.

    (Public Company; 10,001 or more employees; PFE; Information Technology and Services industry)

    April 2005December 2005 (9 months)

    Trained and designated as an Information Security Officer (ISO). Ensured information protection ratings and related compensating controls were implemented. Interpreted vulnerability assessment scans and ensured findings were addressed. Considered technical security policy exception requests. Conducted non-standard account reviews and Sarbanes Oxley system audits (e.g. systematic removal of accesses, least privilege and system hardening). Participated in the requirements phase of new projects. Reviewed security activities to ensure that appropriate policies and procedures were followed. Established a security awareness program. Conducted mass security briefings and office space reviews. Contributed to revisions of the global security web site and the ISO handbook and training program. Member of the global Compliance and Standards and Security Privacy Services teams.

  • Senior Network Security Engineer

    CyberGuard

    (Public Company; 501-1000 employees; CGFW; Information Technology and Services industry)

    July 2003April 2005 (1 year 10 months)

    Designated as the Security Liaison, established security steering committee and site security representatives. Significantly revised the corporate information security policy to include recent international acquisitions. Conducted Sarbanes Oxley security audits using Cobit framework. Established security awareness program. Selected as company employee of the month February 2005. Wrote customer security bulletins and security articles. Monitored security forums and mailing lists.

    Provided level 2 technical and consulting services for organizations around the world. Diagnosed and resolved highly technical firewall and VPN issues in a mission critical 24x7 work environment. Worked independently on complex problems where analysis of situations or data requires an in depth evaluation of multiple factors. Prepared technology white papers and knowledge base entries for knowledge transfer and consistent accurate resolutions.

  • Director, Technical Operations

    International Creative Management, Inc.

    (Public Company; 201-500 employees; Media Production industry)

    February 2002August 2002 (7 months)

    Responsible for the operations of the New York office and information security throughout the organization. Conducted information security audits of the New York IT department and a hosting provider.

    Specified network and router configurations. Established configuration/hardening standards. Replaced firewall hardware throughout the enterprise. Drafted security policies. Conducted business continuity exercise with emergency action plans. Distributed INFOSEC advisories and ensured the vulnerabilities were addressed.

    Trained personnel in operations procedures and documentation. Established standby program with 24/7 response team, recall roster, and incident reporting. Established layered monitoring program. Maintained continuity through operations guides, build documentation, change logs, network diagrams and hardware-software inventories. Specified enterprise backup solution and Sun development and production infrastructure.

  • Infrastructure Security Manager

    AIG

    (Public Company; 10,001 or more employees; Insurance industry)

    November 2000February 2002 (1 year 4 months)

    Independent Consultant

    Responsible for the security and operations of 3 B2B websites. Stabilized and transitioned externally hosted web site. Created new DEV, UAT and production web environments in the New York office and corporate data center. Conducted on-site security assessments of a SOC, a hosting provider, and the corporate data center using ISO 17799 as a standard.

    Supervised system and application administrators. Established and enforced policies and procedures. Conducted high availability and monitoring testing. Established inident response and layered monitoring programs. Responsibilities also included disaster recovery, scheduling of activities during maintenance windows, hardware/software purchases, and support contracts. Accomplished hardening of operating systems and applications.

    Liaised between underwriters and security firms. Reviewed security audits and assessed the risk of issuing hacking/cyber extortion insurance to potential clients.

Additional Information

Gideon T. Rasmussen’s Websites:

Gideon T. Rasmussen’s Interests:

CISSP - Computer Information Systems Security Professional CISA - Certified Information Systems Auditor CISM - Certified Information Security Manager CIPP - Certified Information Privacy Professional IAM - NSA INFOSEC Assessment Methodology

Gideon T. Rasmussen’s Groups:

Charlotte ISSA Board Member (2007)
Charlotte ISACA
Charlotte IAPP
Charlotte RMA

  •    CSORoundtable
  •    Certified Information Systems Security Professionals (CISSP)
  •    Information Systems Security Association (ISSA)
  •    Information Security Community
  •    Certified Information Systems Auditor
  •    RMA (The Risk Management Association)
  •    Privacy Professionals
  •    Bank of America Associate & Alumni Network
  •    ISACA Professionals
  •    NSA-IAM (National Security Agency - INFOSEC Assessment Methodology)
  •    CISM Network
  •    M & A advisors
  •    The CIO Forum
  •    Payment Card Industry Network
  •    AIG
  •    US Air Force
  •    Department of Defense
  •    Pfizer
  •    Archer Community
  •    Merchant Acquirers
  •    Charlotte Chapter ISACA
  •    ISSA - Central Florida Chapter
  •    Techno Security & Digital Investigations Conference

Gideon T. Rasmussen’s Honors:

Graduate - FBI Citizens' Academy, Charlotte Field Office
Microsoft Security Most Valued Professional (MVP) 2007
CyberGuard Company Employee of the Month
USAF Veteran

Gideon T. Rasmussen’s Contact Settings

Interested In:

  • career opportunities
  • consulting offers
  • reference requests
  • getting back in touch

View Full Profile

Public profile powered by: LinkedIn

Create a public profile: Sign In or Join Now

View Gideon T. Rasmussen’s full profile:

  • See who you and Gideon T. Rasmussen know in common
  • Get introduced to Gideon T. Rasmussen
  • Contact Gideon T. Rasmussen directly

View Full Profile