Multi-certified expert in Enterprise Security Strategy Dedicated, skilled security executive whose qualifications include a Masters in Administration &

Management; the CISSP, CISM, CGEIT, CISA, MBCI, ISO/IEC 27001 designations; detailed knowledge of multiple countries regulatory environments. Creation and management of enterprise-wide vulnerability management programmes. Eleven solid years of experience in risk management and information security, including a high-level position in Big 4, in the creation and deployment of solutions to protect information assets, networks, and systems for F100 and F500 companies. SKILLS SUMMARY Languages: English (native), Japanese (fluent; reading/writing/verbal), French International business: Have worked with truly global organizations across dozens of countries, cultures and languages, traveled in Asia, EMEA, and the Americas. Regulatory Compliance: Legislative Compliance including as SarbanesOxley (SOX), FFIEC Compliance, Payment Card Industry Data Security Standard (PCI-DSS), ISO 27001 Sectors: Entertainment, automotive, financial services, life services, pharmaceutical, manufacturing, public sector Security technologies: Data and information protection and privacy, automated and manual. IT security assessment, vulnerability management systems and appliances, security information and event monitoring (SIEM), major security products such as Symantec ESM, Trend Micro LeakProof, Sourcefire, Foundstone scanning appliances, QualysGuard VM, McAfee Secure (ScanAlert) Systems: Unix-based systems (Linux, Unix), Windows (all) Networking: LANs, WANs, VPNs, routers, firewalls Specialties Regulatory compliance, Network, System & Application Security, Risk Management, Incident Response, Information Systems Audit, Business Continuity Planning, Network & Application Vulnerability Assessments, System monitoring Experience Senior Manager, Advisory (Information Security) Ernst & Young Partnership; 10,001+ employees; Accounting industry January 2011 Present (1 year 4 months) Working in Infrastructure Risk service delivery in the Asia-Pacific Area for a US$24B professional services firm. This client-serving role includes engagement responsibility for risk assessment, web and network vulnerability testing, and advanced technical instruction, as well as assisting in the maintenance of IT risk management programs for toptier financial institutions. Recommend Richard S.s work at Ernst & Young Senior Manager, Advisory Services, Japan Information Security Lead Ernst & Young ShinNihon Partnership; 5001-10,000 employees; Accounting industry May 2008 January 2011 (2 years 9 months)

Oversee all information security service delivery in Japan for a US$24B professional services firm. This client-serving role includes responsibility for the EY Japan Advanced Security Center for information security research, web and network vulnerability testing, PCI-DSS services, and advanced technical instruction. Supervise security testing, auditing and IT compliance for SarbanesOxley (SOX) and other regulatory reporting matters, as well as establishing or revising IT risk management programs for Fortune 500 companies. Achievements Based on past track record of building viable risk management and security programs, was scouted for country leadership position for a Big 4 firms security advisory services. This was when the aftershocks of the global financial crisis hit the country and when all companies survival of security services was several challenged. Assembled, strengthened, motivated and trained a team of security professionals to gain go-to-market ability and improve IT service delivery to clients. Teamed with a 200 person talent pool in Singapore, India, the Americas, and EMEA to provide consistent and predicable service delivery. Worked with other country IT infrastructure leaders to create a global security strategy to revitalize the company prior to the various countries economic recovery. Saved US$1 million in offshoring costs by establishing and staffing Japan Advanced Security Center and related Center for Excellence (Quality through efficiency). Saved $200,000 by designing and implementing a resource planning and project scheduling system. Most recently, re-branded the national security practice as a viable, solution based organization with improved market awareness of companys service capability by field seminars mapping the results of a global information security survey to the challenges in clients IT risk management programs. Richard S. has 2 recommendations (1 co-worker, 1 partner) including:

2ndJeffrey Rozek, Sr. Manager, Ernst & Young LLP 2ndBrent Reichow, Principal, Blueshift Consulting

Recommend Richard S.s work at Ernst & Young ShinNihon Chief Technology Officer Ascendant Business Solutions, K.K. Privately Held; 51-200 employees; Information Technology and Services industry April 2007 April 2008 (1 year 1 month) Joined what was established as a business process outsourcing corporation that happened to outsource all security and technology duties to a third-party and had no internal technical leadership. Identified personally identifiable information entrusted by clients in the healthcare, financial services and automotive sectors. Applied appropriate and cost-effective controls (entity-level and IT general controls) to mitigate the risk from information leakage in both a security-challenged mail system and a sales pipeline system that had ineffective controls. Hired or trained staff to provide internal security solutions to five business units (profit centers) based on skills learned in the security lab or during two major infrastructure upgrades. Implemented a data recovery plan where no had existed, strengthening the companys ability to deliver services. Saved US$500,000 off the cost of an enterprise resource planning system by deploying, certifying and validating a suitable web-based system. This streamlined and standardized the line managers reports to top management and allowed for more informed decisions. Protected company information assets by overseeing information security policy creation and distribution, complete with sign-off from business unit heads. As a result, company stock valuation more than doubled and the client base increased.

Recommend Richard S.s work at Ascendant Business Solutions, K.K. CIO and General Manager, Technical Division Secured Infrastructure Design Corporation (SIDC) (www.sidc.net) April 2003 March 2007 (4 years) Managed a large technical team whose members where located in Canada, the US and Japan. Lead the R&D team designing and programming automated security compliance software. Developed and implemented corporate IT strategy, reporting directly to the board of directors. Achievements Joined a young and eager Canadian/American company that wanted to grow their business in Asia and unite risk management professionals in three countries. Used multiple languages to coach technical people and get them working together with those whose faces they almost never saw. Developed new and sustainable solutions that led to growth of 50% per year. Added new and sustainable security services such as program source code review service, and improved web and network penetration testing services. Certified the company to the Payment Card Industry Data Security Standard (PCI-DSS) increasing market value. Created and managed a vulnerability management programme for an international online gaming (computer games) company based in Korea. Managed security alliance with IPLocks (database security) and nCircle (vulnerability management) around the IP360 alliance Prepared the company for a public stock offering by preparing for compliance in SOX. At the same time, managed security consultants to deliver large scale consulting engagements (hundreds per year). Oversaw software development and eventual launch of a highly successful automated vulnerability testing portal. Richard S. has 3 recommendations (2 reports, 1 partner) including:

2ndSean Bradly, Security Engineer, Secured Infrastructure Design Corp 2ndJason Hobbs, Senior Security Engineer, Secured Infrastructure Design Corporation

Recommend Richard S.s work at Secured Infrastructure Design Corporation (SIDC) (www.sidc.net) Senior Manager Infosec Corporation (www.infosec.co.jp) March 2002 April 2003 (1 year 2 months) Security officer and director of security consulting divisions during a one-year secondment to spin-off company from previous job. Achievements Transferred to a newly created company at its time of greatest need: Unifying staff from acquiring and acquired companies to work together in a common fashion while still being transparent to the companys largest client Took the lead to create and deliver IT risk and security frameworks based on NIST-800 series for the Bank of TokyoMitsubishi and other national financial institutions. This cemented our market share and revenue through innovative technology and a secured infrastructure. Led the sales agency for Foundstone vulnerability scanning appliance, including serving as the subject matter expert.

 Personally advised the president on security matters such as the current and future state of IT risk and how best to make investments in technology that would lead to revenue growth. Continued delivery of the three-year Get Well security program begun at previous employer. As a result, the transition year ended without a hitch, the biggest client stayed with the firm, revenues increased and led the ISMS task force to certify the company to the ISO 27001 standard. Richard S. has 1 recommendation (1 report) including:

2ndPatrick Billings, Senior Project Manager / Principle Security Consultant, Infosec / Mitsubishi Corporation

Recommend Richard S.s work at Infosec Corporation (www.infosec.co.jp) Japan Operations Manager Predictive Systems/Global Integrity Corporation Public Company; 501-1000 employees; PRDS; Information Technology and Services industry September 1999 March 2002 (2 years 7 months) Ultimate security service delivery responsibility in Asia territory of an American company. Charged with liaising to the firms top national sales partner and providing American know-how in information security. Also, responsibility for corporate security and compliance for the Japan subsidiary. Achievements Joined the subsidiary of a 40,000 person American corporation that was having language challenges with the Japan sales agent. Bridged language and cultural sensitivities between foreign and domestic business partners to streamline the business. Participated in an enterprise-wide, three-year Get Well security program for large bank having 350 branches around the world. Services included incident response, security assessment, establishment of a security testing lab, disaster recovery and business continuity planning, and security policy development. As a result, the company provided more than US$4M in advisory services to the Bank of Tokyo-Mitsubishi, Shinsei Bank, Sanwa Bank, and JapanNet Bank. Also invented new techniques for project management in complex environments and tools to control consulting scope and engagement economics.