Alan J.

Harrison
IT Consultant and Director, Harrison ProServ Limited, Cheshire, UK Mobile: +44 (0)7747 632947, E-mail alanjharrison@bcs.org LinkedIn: http://www.linkedin.com/in/alanharrison

Profile
With proven technical and management skills I am currently providing Information Security management for Capita, a major outsourcer, where I manage Information Risk for two clients. I am a Certified Information Systems Security Professional (CISSP) with strong Identity Management, Access Control, Governance, Risk, Compliance and Management credentials. Also I am ITIL-certified and ISO27001 and PCI-DSS trained and a holder of many IBM technical certificates. I have twenty years of real-world practice of IT development, support and management gained in blue-chip banks and utilities and can also draw on my consultancy experience with an IBM Premier Business Partner providing Security and Service Management solutions.

Key Skills
Information Security and Risk Management certified by CISSP credential from (ISC)2 ISO27001 implementation, Audit remediation, Risk Management and Sarbanes-Oxley compliance Identity and Access Management expert including Role-Based Access Control (RBAC) IBM Tivoli Identity Manager, Directory Integrator, LDAP and zSecure integration experience ITIL-certified Service Management; Incident, Problem & Change Management, Project Management Management skills backed by Barclays Leadership Development programme

Major Achievements
Oversight of Information Risk in the delivery of services to two large financial clients Delivered PCI-DSS compliance programme across two contact centres Implemented Security Controls for large financial to achieve ISO27001 and PCI DSS compliance Built System z Security Consultancy Practice from the ground up Architected mainframe Access Control strategy; recruited and managed technicians to deliver it Delivered Least Privilege, Role-Based Access Control for 30,000 RACF users for SOX compliance Delivered Access Controls of ISO27001 project making Barclays most secure online bank Implemented ITIL Processes and Test Strategy while managing 1500-incidents/year Support desk Implemented RACF security in CICS and SDSF; security-hardened 30 NetWare Servers

Education
B.Sc. Computer Science from Sheffield University, 1989 5 A-levels including Maths, Physics, Chemistry; 11 O-levels including English, Maths and German

Training
Security management training including CISSP in 2009 and ISO27001 in 2008 IBM System z Top Gun training leading to z Technical Specialist and z Software certificates in 2010 Barclays Leadership Development Programme 2008 (building on two previous management programmes in 1997 and 2000) ITIL foundation course (ISEB Foundation in Service Management) in 2006 Barclays Risk and Control Analysis and Sarbanes-Oxley training throughout 2007-9 Technical training including GSE and IBM zSecurity conferences, Tivoli zSecure workshop and RACF Advanced Topics 2009, IBMs Implementing RACF in CICS, and Novell Network Administration Time management, communications and similar personal effectiveness courses

Certifications and Positions

IBM System z Technical Support Specialist and IBM System z Software Top Gun, 2010 IBM Certified Tivoli Identity Manager Deployment Professional, 2010 Certified Information Systems Security Professional (CISSP) 2009 ISEB Foundation Certificate in Service Management (ITIL Foundation) 2006 Professional Member of BCS The Chartered Institute for IT (MBCS) since 2006 Member of the BCS Information Security Specialist Group (BCS-ISSG)

Alan J. Harrison
Employment
Information Security Manager (permanent), Capita, Manchester, Apr 2012 present Responsibilities Information Security Manager for the Manchester and Glasgow sites with responsibility for two clients plus divisional and group projects including a 7-figure SIEM implementation. Oversight of Information Risk including liaison with Operations, Audit, Compliance and Senior Management to ensure that Information security risks are identified, understood and addressed. Achievements Implemented a new Information Security Governance framework and policy set into my accounts, embedding good practice into the business and IT and driving down risk. Implemented new Infosec Dashboard providing actionable MI to the business and clients. Enhanced card payment controls in two sites to achieve PCI-DSS compliance. z Security Engineer (contract) Co-Operative Banking Group, Manchester, 2011 March 2012 Responsibilities Used z/OS, RACF and zSecure Expertise to tackle legacy risk, and deliver ISO27001 and PCI DSS Achievements Delivered largest zSecure Visual Client rollout in Europe enabling Enterprise password reset Implemented baseline controls on z Enterprise platform to achieve PCI DSS and ISO27001 Senior Security Consultant (contract to permanent), Pirean Ltd. Fareham 2009 2011 Responsibilities At Pirean I built a new, growing System z Security practice with responsibility for strategic direction, product development, resourcing, business development, marketing and pre-sales. System z evangelism; System z champion to the organisation, Security consultancy and training Achievements Architected the System z Security Practice strategy for Pirean and implemented it Grew Pireans z profile by authoring three white papers and exhibiting at several high profile events Authored several white papers including zSecure for PCI DSS compliance and a z/Journal article Access Services Technical Manager (permanent), Barclays Bank, Cheshire 2008 2009 Responsibilities All technical aspects of Barclays Access Control function on the Mainframe, Tande m and Unix platforms including consultancy, project delivery, technical support, incidents, problems and changes Ownership of standards and risks, administrative and technical controls, and governance activities Line Management, change boards, thought leadership and consultancy on access and RACF matters Achievements Built a technical team of seven from scratch in three months to deliver a programme to enhance z security and integrate with controls across the bank, including internal and external hires. Architected the mainframe access administration strategy: improved support via cross-training, increased cost recovery and leveraged tools such as zSecure driving down costs by 150k/year Delivered Access Controls for the banks ISO27001 programme Lead IT Security Specialist (contract to permanent), Barclays Bank, Cheshire 2006 2008 Responsibilities z/OS Security, Logical Access, RACF and Tivoli zSecure Subject Matter Expert RACF consultancy; design of technical solutions; leading implementations Achievements Least Privilege RBAC for 30,000 users delivered SOX compliance plus productivity worth 100k/yr Overhauled RACF Standards, Change process, DR plan and user account provisioning processes CSF/COBOL Developer (contract), RBS Insurance, Leeds 2005 2006 Lead Support Analyst/Analyst Developer (permanent), Astron, Cheshire 2001 2005 Implemented ITIL; Hardened printing security; Improved application quality with Test Strategy Operations Analyst/Senior Operations Analyst (perm), Barclays, Manchester 1995 2001 CA-Dispatch support and Local Security Manager (LSM) covering RACF, UNIX and Windows 95 Project Managed Data Centre migration; Implemented ISO9000 controls over CA-Dispatch Data Security Administrator/Ops Analyst (perm), Manweb plc, Chester 1990 1995 Managed two staff, RACF and NetWare servers; owned Security Policy aligned to BS7799