Kerry Anderson

Mobile 774-249-8177/ www.linkedin.com/pub/kerry-ann-anderson/10/233/559/ Kerry.Ann.Anderson@Verizon.Net

SUMMARY
 20 years of documented success managing and working in IT and information security positions
 Strong technical background including application architecture, networks, cloud computing, and virtualization
 Possesses strong strategic planning and influencing skills
 Established track record managing with other risk professionals
 Experience working with customers and business partners to develop strategic and tactical solutions to support business
objectives
 Demonstrated ability to identify opportunities for process, people, and technology improvements
 Recognized for problem solving, team building, and negotiating skills
 Strong interpersonal communication and presentation skills
 Recognized for providing technical leadership on development initiatives
 Demonstrated ability to bring projects to successful closures using my ingenuity, facilitation skills, ability to work the corporate
structure, and commitment to my work
 Ability to understand and formulate a strategy while undertaking tactical projects
 Ability to follow up on problems and see through to resolution
 Well-rounded risk professional providing leadership in managing all aspects of IT security, including internal controls, IT risk
assessments, business processes, control testing and operational auditing
 Strong consensus-builder forming cooperative relationships with stakeholders
 Flexible and proficient in a number of regulatory and compliance environments, such as PCI-DSS and HIPAA
 Possesses strong strategic planning and influencing skills
 Published author on risk management topics and frequent speaker at information assurance events
 Developed robust information security awareness programs
BUSINESS AND TECHNOLOGY SKILLS
Platforms & Servers Business Strategies Risk Management Certifications
 Microsoft  IT Governance  InfoSec Program  CRISC (Certified in Risk and Info. Systems
 Cloud  Vendor management Management Control)
 BYOD/ Mobile/ WiFi  Business alignment  Security Administration  CCSK: Certification of Cloud Security
 Virtualization  Budgeting/ Negotiation  Business Continuity Knowledge (CSA)
 App, Development:  Mentoring/Coaching  Security Awareness  CRISC: Certified in Risk and Information
 DB: Oracle, SQL  Program & Project  3rd Party Security Systems Control
Server Mgt.  Cloud Security  CISSP: Certified Information Systems Security
 Windows, UNIX/  Policies & Standards  Network Security Professional
Linux  Database Security  CISSP-ISSAP: Architecture Professional (ISC2)
 MVS/TSO/ISPF/JCL  Secure Development  CISSP-ISSMP: Management Professional
 MS IIS  Vulnerability Testing (ISC2)
 Cryptography  CSSLP: Certified Secure Software Lifecycle
 Security Architecture Professional (ISC2)
Business Strategies Security Technology Compliance  CISM: Certified Information Systems Manager
(ISACA)
 Vendor management  Penetration Testing  IT Regulatory Mgt.
 CISA: Certified Information Systems Auditor
 Business alignment  Incident Response (SOX, HIPAA, ML93H)
(ISACA)
 Budgeting/  Forensics  ISO 27001 /NIST
 CGEIT: Certified in the Governance of
Negotiation  Firewall/ IDS/ IPS  IT Auditing
Enterprise IT (ISACA)
 Mentoring/Coaching  Anti-Malware  eDiscovery/ Electronic
 CFE: Certified Fraud Examiner (ACFE)
 Program & Project  Vulnerability Scanning Records Management
Management  SEIM  PCI-DSS
 Policies & Standards  Data Loss Prevention  GLB

Experience Summary:
When Position Employer Location
2016 - Present Senior Information Security Office/ VP State Street Global Advisor Boston, MA
2011 - 2016 Lead Cyber Security Engineer Plymouth Rock Assurance Boston, MA
2013 Adjunct Professor (Cyber Security) Clark University (Graduate Division) Worcester, MA
2009 - 2011 Independent Consultant Independent Contractor Marlboro, MA
1996 - 2008 Information Security Officer/ VP Fidelity Investments Boston, MA
1994 - 1996 Senior Technical Consultant Legent / Computer Associates Westboro/ Marlboro, MA
1993 - 1995 Adjunct Professor Mt. Wachusett Community College Gardner, MA

Page 1
 Kerry Anderson
Mobile 774-249-8177/ www.linkedin.com/pub/kerry-ann-anderson/10/233/559/ Kerry.Ann.Anderson@Verizon.Net
EDUCATION
Stanford University Bentley University Anna Maria College Norwich University University of Phoenix Framingham State
Adv. Computer McCallum Executive MBA University
MS in Info. Assurance MA in Adult Education
Security Graduate School of
(Highest Honors) and Training Bachelors of Science
Certificate Business
Post Grad: Incident Social Learning/ eLearning (Magna Cum Laude)
MS in Computer
Response
Info. Systems

EMPLOYMENT EXPERIENCE
State Street Global Advisors Boston, MA 2016 – Present
Senior Information Security Officer – Vice President
Plymouth Rock Assurance, Boston, MA 2011 – 2016
Lead Cyber Security Engineer
 Responsible for managing corporate compliance with PCI-DSS, other regulatory requirements, and internal policies
 Provided research and guidance in the areas of technical policies and standards, incident management, and threat and vulnerability
management, security awareness training, risk management and assessment and monitoring and metrics
 Managed the penetration testing program and remediation of any issues encountered
 Led projects to implement new threat and vulnerability management technologies
 Participated in security risk and vulnerability assessments and addressed risks that would pose a significant threat to the company
Clark University, Worcester, MA (Adjunct Professor of Cyber Security) 2013
IT Risk and Security Consultant, Marlborough, MA 2009 – 2011
 Managed information security and compliance projects on a contract basis
 Performed customized risk assessments and vendor security reviews
Fidelity Investments, Boston, MA 1996 – 2008
VP of Technology Risk (2003-2008)
Information Security Office/ VP (2000-2002)
Director/ Senior Application Manager/ Information Security Officer (1997-2000)
Project Manager (1996-1997)
 Participated in an enterprise-wide initiative to develop a central repository of all access rights and privileges
 Managed a comprehensive Information Security awareness program
 Provided guidance for information security of outsourced projects (domestic and international)
 Directed vendor security risk assessment program for business partners
 Managed security assessments for major business acquisitions
 Implemented access management strategy adopted at the enterprise level
 Identified and assessed IT controls over digital records in 450 application systems
 Achieved compliance with secure application development requirements for 2000 software engineers

HONORS
2014 Winner of International Information Systems Security Certification Consortium (ISC 2) Foundation’s scholarship program
 Kerry Anderson
Mobile 774-249-8177/ www.linkedin.com/pub/kerry-ann-anderson/10/233/559/ /Kerry.Ann.Anderson@Verizon.Net
PUBLICATIONS
 The Frugal CISO: Using Innovation & Smart Approaches to Maximize Your Security Posture (Book) May 2014
 A Case for a Partnership Between Information Security & Records Information Management (RIM)
ISACA Journal, Volume 2 (2012) - February 2012
 Can We Make Information Security Awareness Training Stickier?
ISSA Journal January 2013 - January 2013
 Secure Development: Continuing to Gain Traction or Treading Water?
ISSA Journal October 2012
 Are There More Security Breaches? Or Are We Just Reporting Them
ISSA Journal July 2012
 Teaching Moment: Using Fairy Tales for Security Awareness
InfoSecurity Professional Magazine (ISC2) - Volume 20 Dec 2012
 Information Security Professional 2.0: Building the Next Generation Cyber Security Professional
ISSA Journal - April 1, 2013
 Building a Better IA Degree and Promoting Cyber Security
ISSA Journal - May 2013
 Navigating the Path From Information Security Practitioner to Professional
ISACA Journal, Volume 4 (2013) - July 2013
 Overcoming Barriers Between InfoSec and IT Audit Practitioners
ISSA Journal - September 2013
 Ways to Survive an Audit –Tips to Making Audits Easier for You and the Auditor
ISSA Journal – November 2013
 The Importance of Understanding Generational Issues in Security Awareness Programs
ISSA Journal – January 2014
 The Vulnerability Management Starter Kit ~ Part 1
ISSA Journal – February 2014
 A ‘House’ Full of Inspiration : Using a Diagnostic Approach to Managing Information Security Issues
InfoSecurity Professional Magazine (ISC2) - Feb 2014
 The Vulnerability Management Starter Kit ~ Part 2
ISSA Journal – April 2014
 From Here to Maturity: Managing the Information Security Life Cycle
ISACA Journal, Volume 6 (2014) – November 2014
 Where are the Women in Information Security? Lessons From My Mother on Sitting at the “Boys’ Table” (ISC2 Insights 2014)
 Information Security Solutions: Swapping the Cost of Failure for Success
ISACA Journal, Volume 3 (2015) – March 2014
 Smart Practices in Managing an Identity Auditing Project
ISSA Journal – June 2016
 Security in an Age of Distraction
ISACA Journal, Volume 3 (2016) - June 2016 (Digital)
 Resolving the Cybersecurity Workforce Shortage
ISSA Journal - October 2016
 Who Or Maybe It Is. Expand Your Professional Potential By Building A Personal Learning Network
InfoSecurity Professional Magazine (ISC2) - Nov 2016
 You Say You Want An Evolution (Of Your Risk Management Program)
Journal of Business Continuity & Emergency Planning Volume 10 Number 2
 Using Agility To Combat Cyber Attacks
Journal of Business Continuity & Emergency Planning Vol. 10 Number 4

Page 3