Summary

Mr. Chanaga is an expert information security professional with an exceptional 13+ year career track record in information security, technology, privacy, audit, architecture, regulatory compliance, governance and business.  For more than a decade Mr. Chanaga has been privileged to serve and consult to some of the world's most respected organizations in the United States, Canada, Latin America, and the United Kingdom. His writing includes collaboration as a co-author of the book Corporate Security in the Information Age (Aspatore).  Presently he serves on the Editorial Advisory Board for SCMagazine.com and boards for other innovative companies.CSOOnline.com called him “a man who's barreling down a road that most people are still trying to merge onto”, regarding his work as a visionary Chief Information Security Officer (CISO) in the healthcare industry. His leadership in that role earned an InfoWorld Top 100 Award for secure medical records for his organization.Mr. Chanaga is a Certified Information Systems Security Professional (CISSP) and Certified Information Systems Auditor (CISA).

Custom

BOARD & PROFESSIONAL MEMBERSHIPSBoard Member, Editorial Advisory Board, SC Magazine (www.scmagazine.com)Member, International Information Systems Security Certifications Consortium (www.isc2.org) Member, Information Systems Audit and Control Association (www.isaca.org)Member, U.S. FBI’s InfraGard Program (www.infragard.net)

PUBLICATIONSCo-author of book: Corporate Security in the Information AgeWeb Blog: My Information Technology & Security Blog (http://blog.csoboard.com)U.S. Citizen. Open to 100% travel or relocation, currently living in Dallas, Texas. Bilingual in English and Spanish.

Objective

Information Security, Audit, Architecture, Compliance,  Governance, Consulting, Security & Privacy, Risk Management, Digital Forensics, Strategy

Work History

Work History
Dec 2005 - Feb 2009

Enterprise Security Architect

CA, Inc. (Nasdaq: CA)

Vice President, Solution Strategy Security Software, promoted Vice President, Enterprise Architect Collaborate with C-level management teams of globally aligned companies and midsized companies in all industries to provide concrete guidance in information security governance and enterprise security management challenges. Member of national management team directing the North America Security Sales Business Unit for this leading independent provider of information technology (IT) management software. Advise clients on our portfolio of software products and services that span the areas of infrastructure management, security management, storage management and business service optimization. Use market experience, strategy, and competitive analysis to transform corporate goals into profits by cross-functional teaming to develop speed-to-market strategies for consultative and solutions-based sales teams. Help develop new and accelerate profitability of joint partnerships with global management consulting firms.

  • Helped customers resolve Identity Access Management & Enterprise Security Architecture compliance challenges to address regulatory compliance mandates including BS 7799, ISO 17799, ISO 27799, ISO 27001, ISO 27002, HIPAA, PCI DSS, PA-DSS, SB 1386, HiTrust CSF, Sarbanes Oxley, SOX, GLBA, FISMA.
  • Revitalized market position, accelerated growth for sales of information security services and solutions.
Jun 2003 - Jan 2005

Chief Information Security Officer (CISO)

Geisinger Health System

Chief Information Security Officer (CISO)Primary leadership force of information security and the privacy protection of the electronic medical records system operations, providing the overall information security management of more than $100M information technology assets. Ensured comprehensive risk management and regulatory compliance for the protection of patient health records, and delivery of information security services to protect the electronic medical records for over 2.3M patients. Managed a team of information security and technology personnel with responsibility for 3 hospitals and 30+ clinics in Pennsylvania. Managed information security budgets and expenditures while enforcing compliance with patient information privacy goals and health care information technology standards. Spearheaded strategic planning, employee information security training and awareness for 10,000 employees, and production tracking focused on maintaining superior organizational information security management performance. Liaised with the public, industry organizations, and information technology and security leaders on a national level. Provided representation in major events, serving as a key speaker and member of community and national boards.

  • Recipient of 2004 InfoWorld Top 100 Award for secure medical records of 2.5 million patients.
  • Partnered with business units to understand needs within the organization and provide solutions.
  • Managed the development and implementation of global security policy, standards, guidelines and procedures to ensure ongoing maintenance of enterprise information security.
Jun 2000 - May 2003

Lead IT Security Specialist

OAG Worldwide, Inc.

Lead IT Security Specialist, promotedIT Security SpecialistDeveloped innovative information technology/security management architecture and company-wide program to safeguard information systems for global flight information and data solutions company for the passenger aviation, air cargo logistics and business travel markets. Directed global security architecture for data centers based in the United States and the United Kingdom. Created information security department charged with the responsibility of the protection of OAG’s airline schedules database, containing future and historical flight details for 1,000 airlines and more than 3,500 airports. Developed and implemented company-wide policies and security training and awareness for all employees in Europe, the Americas and Asia. Led team of IT directors and information security specialists to safeguard the company's information technology assets and intellectual property.

  • Achieved 100% compliance of information security policies within first six months.
  • Built cross-divisional consensus focusing on overall information security strategies.

Education

Education

Skills

Skills

Information Security Management

Certifications

Certifications
Nov 2000 - Present

CISSP

ISC2.org
Nov 2000 - Present

CISA

ISACA