Sean D. Lewis CISM, CRISC, PMP
Education:
BA, Communications
Communications, Graphic Design, Information Technology
Marymount Manhattan College
1991 : 1995
MBA
MBA Coursework
University of North Carolina at Charlotte - Belk College of Business
Experience:
As Business Information Security Officer (BISO) for the Agency Solutions team, I am responsible for embedding security into the business objectives and actively adding value through the development of business roadmaps, new product development, and business planning as well as incident management and general cybersecurity queries.
2022 : Present
Allstate
Business Information Security Officer
Operations lead for the Information Security Council for Executive Oversight
Responsible to the Chief Information Officer (CISO) and his officers for the executive and leadership governance framework within Allstate Information Security, including :
* Approval of remediation plans or exceptions for high and critical cyber risks
* Information security program evaluation and prioritization
* Enterprise Security Policies and Standards
* Cross-org operational status and issue review
Achieved 100% audit response (internal and external) for the governance framework, both at the executive and leadership levels.
Through the governance framework, successfully integrated several key improvements to make the information security program more secure and more streamlined, including :
* Asset Risk Profile to rank and order required security control tiers
* 3 Lines of Defense risk management model for effective governance
* Cyber Risk Control Lifecycle to standardize operations for the identification and collection of artifacts necessary for leadership oversight and audit response
Identified and addressed gaps in the security control framework. Established simple, direct operations for approving and communicating asset risk value changes and, security control exceptions.
Agile GRC Program to define the value streams, implement incremental change improvements, and evaluate work based on key performance and risk indicators (KPIs and KRIs).
Develop the institutional presence of and the operational skills of the GRC team.
2018 : 2022
Allstate
Information Security Governance Operations Lead
Strategic project to update the governance, operations, infrastructure, and policies to address risks related to Data Loss Protection (DLP) identified by a Board of Directors' audit.
• Established and facilitated a governance committee to address DLP issues.
• Expanded the capability to monitor data at rest and in transit consistently across technologies.
• Refined corporate data sensitivity classifications, policies, and standards for enterprise use.
• Implement AIP tenants and entitlements configured to the needs of the business.
• Led testing, end-user training, and enterprise deployment of the AIP tool with DLP validation rules.
• Establish the least privilege for users with the business need for elevated privileges and the ability to detect, log, analyze, and respond to actions taken by users with those elevated privileges.
• Implemented processes and training for requesting exceptional rights access.
• Implemented a scalable infrastructure to support the Symantec installation under a single DLP team.
• Expanded enterprise forensics and e-discovery capabilities to better conduct the investigative and auditing capabilities in support of Legal and HR matters and cases.
• Documented processes to produce artifacts and attestations for the annual Payment Card Industry (PCI) audit of Data Security Standards (DSS) compliance.
2015 : 2018
StoneLaurel
Information Security Project Manager
Conducted internal review of the efficiency and effectiveness for the Vice President of Administrative Services.
• Established peer benchmarks for key performance indicators (KPIs), for ongoing health checks for Enterprise Protective Services, Real Estate Services, Support Services, and Aviation.
2014 : 2015
StoneLaurel
Executive Consultant
• Conduct analysis of emergent technology and security trends relevant to large corporations.
• Develop technology strategy models to support executive goals.
• Create and lead online webinars on the topics of Executive Infographics and Data Security.
2014 : 2014
Independent Contractor
Independent Consultant
Company: Allstate
Years of Experience: 24