THOMAS T. MCDONALD , CISA, MBAwww.linkedin.com/in/ThomasTMcDonald

Tom.T.McDonald@gmail.com 716-474-8869

P R O F E S S I O N A L SU M M A R Y

Director, Information Systems Security with 17 years of experience creating strategic alliances with organization leaders to effectively align with and support key business initiatives. Establish, plan, and administer policies, procedures and programs for the information security function and evaluate cyber security risk.

Industry ExperienceHealth Care, Manufacturing, Banking Functional ExperienceCyber Security, Risk Management, Project/Program Management

Information Security Expertise:• Vulnerability Assessments • Single Sign On • Identity Management Systems• Mobile Device Management • HIPAA Standards • PCI/Data Security Standard (PCI DSS)• EPCS Security • Incident Response • Vendor Risk Management • Contract & Vendor Negotiation • Security Architecture • Disaster Recovery Enterprise

PR O F E S S I O N A L EX P E R I E N C E

FIRST NIAGARA BANK, Buffalo, New York 6/15 - presentTop 25 US bank with 37 billion in retail and commercial assets.Vice President, Technology Risk ManagementCreated strategic alliances with organization leaders to effectively align with and support key business initiatives. Independent validated and tested information security controls to ensure compliance

with Sarbanes-Oxley and Gramm-Leach-Bliley regulations. Independent validated, tested and implemented information security controls. Participated in development and analysis of information technology risk control self-

assessment, and reviewed and developed information technology policies, standards, and guidance documents.

Identified and mitigated information technology risk. Independent validated, tested and implemented information security controls. Identified and mitigated information technology risk.

KALEIDA HEALTH , Buffalo, New York 1998 - 2015Healthcare provider serving eight counties with state-of-the-art technology and comprehensive healthcare services.Director, Information System & Technology Security – HIPAA Security OfficerEstablished, managed, and maintained a corporate wide information security program to protect information assets. Identified, evaluated and reported on information security risks to meet compliance and regulatory requirements. Proactively worked with business units to implement practices; documented policies, procedures and standards for information security.

Implemented Information Systems & Technology Security Program for the organization.

Hired a successful support staff to implement IT controls and safeguards.

Identified security risks, threats and vulnerabilities on the networks, operating systems, applications and new technology initiatives.

Provided technical analysis in the development, testing and operation of firewalls, intrusion detection systems IPS/IDS, enterprise anti-virus, data lost prevention, vulnerability management and EPCS Security.

Thomas T. McDonald Page 2

P R O F E S S I O N A L EX P E R I E N C E (C O N T I N U E D )

Implemented Single Sign On solution using proximity badges (HealthCast/Imprivata).

Implemented Identity Management System (Courion) for provisioning role based access, password synch, password resets and terminations. Implemented internet filtering software (Websense and Forefront).

Reviewed/audited operational configurations and security controls for applications and operating systems.

Designed and executed vulnerability assessments, penetration tests, security audits and implemented PCI Data Security Standards.

Developed a Mobile Device Management policy and implemented MDM software solution.

Implemented two factor authentication (2FA) access solution (Anakam).

Implemented workstation encryption software solution and SFTP.

Chaired HealtheLink Health Information Exchange’s Security Committee since 2006.

Led in the governance process to influence projects to adhere to HIPAA Security Rule, HITRUST Common Security Framework, PCI DSS requirements, Sarbanes-Oxley Act (SOX), state and federal regulations.

Supported Legal and Compliance & Audit Departments eDiscovery requirements.

GOODYEAR DUNLOP TIRE CORPORATION, Buffalo, New York 1993 - 1998Part of Goodyear Tire & Rubber Company that makes tires bearing the Dunlop brand name. Information Systems AuditorDeveloped, documented and maintained information system audits plans for corporate Information Technology Department. Identified information security weaknesses and developed gap analysis and remediation plans to resolve issues. Worked with external auditors on analyzing information system controls and safeguards.

Developed, designed and implemented UNIX based networks, NSF security, ftp controls, trusted hosts, r-tools, and file permissions.

Audited mainframe and distributed platforms as well as Windows, UNIX, RACF and Relational Database Management Systems.

Effectively managed information security projects; assessed financial/operational impact and systems risk.

HSBC (MARINE MIDLAND BANK), Buffalo, New York 1991 - 1993British multinational banking and financial services company headquartered in London,EDP Audit Officer Oversaw a team of staff auditors performing EDP audits on: MVS, CICS, DB2, IDMS, IMS, ACF2, Data Center, High End Processor, and LANs, IBM Mainframe, Tandem’s Wire, Unisys ACH Electric Data Interchange (EDI). Worked with line management to minimize risk and institute proper controls.

Developed system flow charts, performed risk analysis, and defined audit controls criteria and objectives.

NATIONAL CITY CORP , Cleveland, Ohio 1990 - 1991Regional bank holding company based in Cleveland, Ohio EDP Auditor

ED U C A T I O N

CANISIUS COLLEGE ST. BONAVENTURE UNIVERSITY Master Business Administration, MBA Bachelor Business Administration, BBA

Thomas T. McDonald Page 3

CE R T I F I C A T I O N Certified Information System Auditor, CISA

TR A I N I N G /DE V E L O P M E N T Cyber Security Evaluation Tool CSET, Intrusion Detection Systems IPS/IDS, HIPAA, Identity Management Systems, Privacy Auditing

AF F I L I A T I O N S

Information Systems Audit and Control Association ISACA WNY, FBI Citizen Academy Buffalo,InfraGard Buffalo, Sandy Beach Park Club, Sandy Beach Yacht Club