Profiles search
Joshua Scott, CISM
Director of Cybersecurity ♦ Executive MBA ♦ Certified Information Security Manager (CISM) ♦ ITIL Certified
Arlington, TN, United States
Details
Experience:
Directed three teams of Cybersecurity professionals for a subsidiary of Elevance Health. This included 15+ team members, 2 project manager contractors, and 2 managers.
Performed the CISO Role for the subsidiary by overseeing all security activities from security engineering, incident management, pen tests, and GRC functions.
Worked with the Subsidiary CIO to lead efforts for reaching security standards and goals.
My organization & teams oversaw the HITRUST certification for the subsidiary and handled customer assurance questions about the security for business contracts with Providers.
2023 : Present
Elevance Health
Director of Cybersecurity
Product Security
Directed and led the strategic direction for a team of cyber security analysts and consultants. Built the first Product Security Framework and Business Case at FedEx for a Product Security Organization with Director and multiple Managers. Met with all Senior IT Executives on the Product Security strategy and design (e.g. Bookend InfoSec processes and recruit T-Shaped InfoSec SMEs). Cross-team collaboration on standards and requirements. Aligned standards to NIST Cybersecurity Framework (CSF) & OWASP Top 10 2021. Performed security architecture reviews and guidance on App Security & design, as part of shift left in the product development lifecycle (PDLC). Built out IT risk strategy plan for digital products. Developed forward leaning toolset stack and processes with Tenable, Kenna, ServiceNow & internal Threat Modeling capabilities, aligned to CI/CD pipeline. Penned Incident Response playbooks and Software Bill of materials (SBOM) for Digital Products. Onboarded acquired companies AWS and Azure instances into security tooling and Splunk.
2021 : 2023
FedEx Services
Information Security Manager/Director
IT Risk Management & Data Privacy
Directed and led the strategic direction for two teams of cyber security risk analysts, data privacy specialist, and onsite contractors. Reported on IT Risks and managed Data Privacy requests for Senior IT Leadership, the CIO, and the CISO. Dotted lined to Head of Data Privacy in Legal. Data Privacy team handled Data Subject Access Rights (DSARs), populated the record of processing to meet regulatory requirements (GDPR & CCPA), and responsible for Data Privacy and Data Protection Regulations global compliance. IT Risk Team Built the first IT Risks Management Program by using the Bowtie Risk Management Methodology (Inherent – Controls – Residue), aligned to NIST Risk Management Framework (RMF) standards. Performed Risk Assessments of teams, processes, and data centers. Used Agile/KANBAN/VersionOne for Team requirements and planning.
2019 : 2021
FedEx Services
Information Security Manager/Director
Data Architecture
Managed and led the strategic direction for a team of enterprise and data architects. Owned the enterprise metadata management (MDM) platform (Ab Initio Metadata Hub) and framework (Data Governance). Data evangelist for data governance, data modeling, and data quality. Event Header tagging for data elements and tables in Java messages. Assisted Information Security reduce the risk of regulatory fines of ~$2.62 billion, by creating a source of truth for personal data elements. ER Studio Data Modeling and Cataloging based on DMBOK (DAMA). Data Architecture reviews and best practice based on TOGAF. Transportation Industry Blockchain Forum (BITA Standards Council). Used Agile/KANBAN/VersionOne for Team requirements and planning.
2018 : 2019
FedEx Services
Information Technology Manager/Director
IT Service Management
Directed and led the strategic direction for three teams (ITAM, CMBD/Discovery, and ITSM) of direct reports, including Technical Developers, Business Analysts, and onsite contractors. Tracked all IT assets across the enterprise and managed the core components of FedEx’s IT Service Management platform & ITIL processes. >1 million Assets discovered, tagged, and tracked. ServiceNow SaaS development and strategic enterprise decisions. ServiceNow asset and configuration management. ServiceNow discovery. Tanium discovery. Global asset management alignment and consolidation of IT Service Management service offerings (Problem, Incident, Change, Service Catalog, Asset, and Configuration Management). Used Agile/KANBAN/VersionOne for Team requirements and planning. Held PI Planning events with 50-100 geographically dispersed team members.
2016 : 2018
FedEx Services
Information Technology Manager/Director
Performed the CISO Role for the subsidiary by overseeing all security activities from security engineering, incident management, pen tests, and GRC functions.
Worked with the Subsidiary CIO to lead efforts for reaching security standards and goals.
My organization & teams oversaw the HITRUST certification for the subsidiary and handled customer assurance questions about the security for business contracts with Providers.
2023 : Present
Elevance Health
Director of Cybersecurity
Product Security
Directed and led the strategic direction for a team of cyber security analysts and consultants. Built the first Product Security Framework and Business Case at FedEx for a Product Security Organization with Director and multiple Managers. Met with all Senior IT Executives on the Product Security strategy and design (e.g. Bookend InfoSec processes and recruit T-Shaped InfoSec SMEs). Cross-team collaboration on standards and requirements. Aligned standards to NIST Cybersecurity Framework (CSF) & OWASP Top 10 2021. Performed security architecture reviews and guidance on App Security & design, as part of shift left in the product development lifecycle (PDLC). Built out IT risk strategy plan for digital products. Developed forward leaning toolset stack and processes with Tenable, Kenna, ServiceNow & internal Threat Modeling capabilities, aligned to CI/CD pipeline. Penned Incident Response playbooks and Software Bill of materials (SBOM) for Digital Products. Onboarded acquired companies AWS and Azure instances into security tooling and Splunk.
2021 : 2023
FedEx Services
Information Security Manager/Director
IT Risk Management & Data Privacy
Directed and led the strategic direction for two teams of cyber security risk analysts, data privacy specialist, and onsite contractors. Reported on IT Risks and managed Data Privacy requests for Senior IT Leadership, the CIO, and the CISO. Dotted lined to Head of Data Privacy in Legal. Data Privacy team handled Data Subject Access Rights (DSARs), populated the record of processing to meet regulatory requirements (GDPR & CCPA), and responsible for Data Privacy and Data Protection Regulations global compliance. IT Risk Team Built the first IT Risks Management Program by using the Bowtie Risk Management Methodology (Inherent – Controls – Residue), aligned to NIST Risk Management Framework (RMF) standards. Performed Risk Assessments of teams, processes, and data centers. Used Agile/KANBAN/VersionOne for Team requirements and planning.
2019 : 2021
FedEx Services
Information Security Manager/Director
Data Architecture
Managed and led the strategic direction for a team of enterprise and data architects. Owned the enterprise metadata management (MDM) platform (Ab Initio Metadata Hub) and framework (Data Governance). Data evangelist for data governance, data modeling, and data quality. Event Header tagging for data elements and tables in Java messages. Assisted Information Security reduce the risk of regulatory fines of ~$2.62 billion, by creating a source of truth for personal data elements. ER Studio Data Modeling and Cataloging based on DMBOK (DAMA). Data Architecture reviews and best practice based on TOGAF. Transportation Industry Blockchain Forum (BITA Standards Council). Used Agile/KANBAN/VersionOne for Team requirements and planning.
2018 : 2019
FedEx Services
Information Technology Manager/Director
IT Service Management
Directed and led the strategic direction for three teams (ITAM, CMBD/Discovery, and ITSM) of direct reports, including Technical Developers, Business Analysts, and onsite contractors. Tracked all IT assets across the enterprise and managed the core components of FedEx’s IT Service Management platform & ITIL processes. >1 million Assets discovered, tagged, and tracked. ServiceNow SaaS development and strategic enterprise decisions. ServiceNow asset and configuration management. ServiceNow discovery. Tanium discovery. Global asset management alignment and consolidation of IT Service Management service offerings (Problem, Incident, Change, Service Catalog, Asset, and Configuration Management). Used Agile/KANBAN/VersionOne for Team requirements and planning. Held PI Planning events with 50-100 geographically dispersed team members.
2016 : 2018
FedEx Services
Information Technology Manager/Director
Company:
Elevance Health
About
Over 18 years of IT experience creating and executing strategic information security and operations initiatives, 9 years directing teams with 8-40 FTEs. This includes creating & deploying the first FedEx Enterprise Product Security strategy (aligned with NIST CSF/OWASP Top 10) and Enterprise IT Risk Management strategy (aligned with NIST RMF), along with designing, brainstorming, and planning the consolidation of IT Service Management (ITIL) Internationally. Technical Expert equally comfortable communicating with IT Engineers, Non-Technical Stakeholders, and C-Suite Executives.
Profile Photo
