Paul Raines

Work History

Work History
Oct 2005 - Present

Chief Information Security Officer

Organisation for the Prohibition of Chemical Weapons

Responsible for the Information Security and Business Continuity Management for the Organisation for the Prohibition of Chemical Weapons.Supervise a matrixed staff of 11 persons with global responsibility for the organization’s 185 member countries.Responsible for setting security and business continuity priorities for the organization to include writing policies and standards, creating new initiatives in these areas, overseeing the implementation of new technologies, training to new staff and overseeing the budget of security and business continuity.Also, elected by organisation’s staff to chair the appeal’s council which hears appeals of organisation’s administrative actions.


Wrote the first business continuity plan for the organization and tested it in several tabletop exercises that combined scheduled evacuations to help create an air of realism.

Created and implemented the organisation’s first information security policy.This was modeled on international standards for best practices.Wrote all of the standards for adding additional detail to the policies in specific IT areas.

Successfully managed three major IT projects whilst at OPCW.The first was to bring Internet to the desktop of all employees.Prior to this project internet was only accessible via dedicated, stand-alone terminals.

The second major IT project managed was putting in a new security monitoring system called CA eTrust and installing it on the Security Critical Network in the organization.

The third was co-managing putting in a new database management system for querying new member states declarations on chemical weapons.All three above listed projects were completed on time and within budget.

Conducted an ISO 27001 applicability statement and gap analysis.Got Organization compliant with the ISO 27001 and 27002 standards as verified by external auditors.

Mar 2002 - May 2005

Chief Security Officer

Bloomberg LP

Selected as the first ever Bloomberg Global Head of Security reporting to the Chief Administration Officer (CAO). Responsible for the information security, physical security, business continuity planning and intellectual property protection for all business lines at Bloomberg including television, radio, print news, Bloomberg Professional and Trading Systems. Supervise a staff of 15 individuals with global responsibility for 119 Bloomberg offices worldwide. Responsible for all client and regulator interfaces on issues of due diligence and compliance with industry regulations on security and business continuity. This includes regular meetings with the SEC and Financial Services Authority (FSA) in London. Recently created and headed up an IT Audit section, which is the first-ever at Bloomberg. In this position, responsible for auditing each Bloomberg line of business to ensure compliance with industry regulations. Audit third party service providers to ensure due diligence in their execution of data services on behalf of Bloomberg.Accomplishments Recognized as one of the Premier 100 IT Professionals for 2002 by Computer World magazine. This award was given in recognition of outstanding achievement in leading the industry on best practices in security.

Developed first-ever information security policy for Bloomberg. Created an Information Security Committee comprised of representatives of all of the various lines of business at Bloomberg.

Implemented intranet based information security management tool which housed all security policies, took vulnerability feeds and tracked security policy compliance.

Promoted security within the company by developing new hire and recurring employee training on information security.

Implemented and chaired a computer incident response and forensics team designed to react quickly to potential computer security incidents. Led the reaction to the Slammer worm, Netsky worm, Sobig worm, Lovegate virus and recent Microsoft RPC exploits. Successfully reacted to a hacker event.

Created a ticketing system to track progress in investigations and assign key personnel to the investigation.Recovered over $2 million in lost revenue from clients stealing data.

Developed risk metrics to chart progress and demonstrate the risk profile of the company. Briefed the Board management on a quarterly basis on the status of risk issues in the company.

Dec 2000 - Mar 2002

Global Head of Information Security

Responsible for a team of 19 information security professionals located across the globe. Reported to the Global Head of Risk Management with responsibility for global information security in 63 offices worldwide. Managed the information security of the company across all lines of business including Fixed Income, Commodities, Loans and Bonds. Responsible for all interfaces with regulators globally on questions of information security and data privacy including SEC, Federal Reserve and FSA.AccomplishmentsBarclays Capital New York office was under a warning from the Federal Reserve Bank of New York because of lapses in information security. Brought together a steering committee representing the business units of the company and formed an action plan which corrected the cited deficiencies before the next regulator visit. Result: saved the company from being given a Cease and Desist letter from the Federal Reserve which would have resulted in a cessation of company operations.

Implemented a security architecture designed to check security compliance across the company. Checklists including security awareness, infrastructure testing and application testing. Each business area was then rated on a scorecard to measure compliance with the results regularly briefed to senior management.

Implemented and chaired a global incident response team designed to provide 24x7 global coverage and response to information security incidents. Personally led the response to several worms and a hacking incident.

Implemented liaison program designed to keep abreast of new developments in the business areas and tailor consulting services to meet their security needs.

Mar 1997 - Dec 2000

Vice President, Electronic Security

Federal Reserve Bank of New York

Only Vice President at the Federal Reserve Bank of New York (FRBNY) responsible for leading two different functions. As Vice President for Strategic Analysis & Technology Training, responsible for the strategic planning, budgeting and training for all of the Bank's information technology. As Vice President for Electronic Security, responsible for the information security of the Bank's computing environment and web applications. Served as the Federal Reserve's representative to the Bank of International Settlements on security matters. Supervised 52 individuals and an annual IT budget of $120 million. Reported to the Chief Information Officer (CIO).AccomplishmentsLed Electronic Security to become the first organization to be ISO 9001 certified in the history of the Federal Reserve System

Function awarded the Best Practices Award in Information Security by the Technology Manager's Forum in 2000.

Developed the first Red Team in the history of the Federal Reserve to conduct penetration testing against Federal Reserve networks and applications.This led to the FRBNY winning RFP for assuming responsibility for the Federal Reserve's Incident Response Team.

Authored Bank of International Settlements white paper on best practices in virus management.

Sep 1993 - Mar 1997

Director, Electronic Commerce

U.S. Postal Service

Supervised 60 USPS employees and contractors and an annual budget of $4 million in developing the certificate authority used in support of the electronic postage project. Reported to the Vice President of New Businesses.

AccomplishmentsSuccessfully deployed a certificate authority and electronic postage product.Product is now being used to replace the mechanical postage meters used by commercial businesses. This was the first new USPS product since Express Mail in 1972.

Developed and deployed the electronic postmark, a service to provide timestamping from a trusted source for high-value electronic documents.

Represented t he Postal Service at the 20th anniversary celebration of public key cryptography. Shared speaking platform with Representative Bob Goodlatte (R-VA) and Senator Larry Pressler (R-SD).Represented the Postal Service on ABC Nightline interview on electronic postage.

May 1981 - Aug 1990

Nuclear Missile Commander and Satellite Mission Controllor

U.S. Air Force

Commanded a constellation of 23 communications satellites worth over $2.5 billion. Maintained essential communications system used to support worldwide DoD command and control system. Commanded 150 Minuteman Intercontinental Ballistic Missiles (ICBMs). Served as a Strategic Integrated Operations Plan (SIOP) planner responsible for helping to develop U.S. nuclear war plans. Selected as a SIOP instructor and auditor to ensure U.S. nuclear forces were properly trained and evaluated. Devised test scripts to ensure nuclear force readiness and compliance with SIOP policies.




Sep 1990 - Jan 1993


Jun 1977 - May 1981


U.S. Air Force Academy



Mother tongue:  English

Proficient in French and Dutch


Write an information security column entitled "World View" for CSO Magazine.

Enjoy studying languages, working out in the gym, visiting historical sites, and wine tasting.


Seeking a Cheif Security Officer (CSO) position responsible for both information security and physical security preferably in financial services and at a location in Europe.


Feb 2004 - Present

Certified Information Systems Auditor (CISA)

May 1999 - Present

Certified Information Systems Security Professional (CISSP)

Information Systems Security Consortium
Nov 2008 - Present

Certified Protection Professional (CPP)

ASIS International