Profiles search
Mike Muha, Ph.D., CISSP, CISM, CRISC, CIPP-E, CIPM
Chief Information Security & Privacy Officer at WorkForce Software
Livonia, MI, United States
Details
Education:
Ph.D.
Sociology
University of Michigan
1979 : 1984
AB
Sociology and Government double major
Oberlin College
1975 : 1979
Sociology
University of Michigan
1979 : 1984
AB
Sociology and Government double major
Oberlin College
1975 : 1979
Experience:
Dual role : CISO and Chief Privacy Officer. Direct global information security and privacy efforts to protect customer and corporate sensitive data. Drive compliance with SOC 1, ISAE 3402, SOC 2, ISO 27001, EU-US Privacy Shield, and GDPR standards and audits. Recently implemented a fully revamped vendor management program. Implement NIST and Critical Security Controls standards.
Work closely with sales and professional services to assure prospects and customers about our proactive security and privacy program through an answer database, collateral, presentations, and contract negotiations.
Established and maintain WorkForce Software's security and privacy governance framework. Develop security and privacy programs to align with business strategy to ensure security and privacy are seen as business enablers. Manage security and privacy risk, and determine appropriate controls. Plan, establish and manage our capability to detect, investigate, respond to, and recover from security or privacy incidents.
Direct global IT internal audit activities over both corporate and customer-facing products, systems, and processes.
2017 : Present
WorkForce Software
Chief Information Security & Privacy Officer
Direct global information security and privacy efforts to protect customer and corporate sensitive data. Drive compliance with SSAE 16, ISAE 3402, SOC 2, ISO 27001, EU-US Privacy Shield, and GDPR standards and audits. Implement NIST and Critical Security Controls standards.
Established and maintain WorkForce Software's security and privacy governance framework. Develop security and privacy programs to align with business strategy to ensure security and privacy are seen as business enablers. Manage security and privacy risk, and determine appropriate controls. Plan, establish and manage our capability to detect, investigate, respond to, and recover from security or privacy incidents.
Direct global IT internal audit activities over both corporate and customer-facing products, systems, and processes.
Drive security into software development, partner management, and vendor management programs.
2016 : 2017
WorkForce Software
Director of Security & Privacy
Direct all aspects of systems engineering, operations, security, privacy, IT risk, audit, compliance, and change management for our global cloud-based EmpCenter and EmpLive workforce management solutions. Responsible for systems and applications that service over 1.5 million customer employees. Help prospective customers understand how our cloud-based solution protects the availability, integrity, and confidentiality of their data.
• Selected and opened SaaS computing facilities in Europe, Australia, and Canada to address market privacy and localization needs. Moved our disaster recovery site within the United States to provided a more robust and secure environment for our cloud-based customers. Selected Uptime Institute Tier IV data center (Design, Construction & Operations) for US expansion, and Tier IIi data centers (Design & Construction) in Canada to address our customers' needs for high uptime and security.
• Successfully led the company through 4 consecutive SAS 70 Type II audits, followed by five SSAE 16 Type II and ISAE 3402 Type II audits, as well four SOC 2 Type II audits. Self-certified the company for U.S.-EU Safe Harbor compliance. Currently directing ISO 27001 certification effort.
• Maintained an average 99.93% customer uptime in the hosting/SaaS environment since inception, during a time of explosive growth.
2006 : 2016
WorkForce Software
Director, Cloud Services
• As part of the Merger & Acquisitions Integration Team, performed due diligence on acquisition targets, resolved any system capacity / availability / performance issues, drove IT integration efforts, managed acquired technical staff during the transition phase to ensure business goals were met, mediated between acquired and Ann Arbor technical staff, and drove integration process improvements.
• Directed the procurement, deployment, and support of personal computing devices (PCs, laptops, cell phones, Blackberry’s, desk phones) and services (audio conferencing, web conferencing, video conferencing, and voice mail) for 1,200 employees across 13 offices in 10 US cities.
• Directed up to 7 managers with 37 staff across multiple locations and budgets over $5.2M.
2003 : 2006
ProQuest Information and Learning
Director, Enterprise Services
• Directed four departments (Customer Technical Support, Networking, Systems Engineering, and Data Center Operations), four managers and 30 staff.
• Delivered 1st level support for all revenue-producing and manufacturing-related systems (Linux, Sun, Windows, EMC, Network Appliance, Oracle, Cisco); owned the resolution of all system and product outages or issues. Directed problem and change management processes.
• Supervised reengineering of network for redundancy, expanded Internet bandwidth from multiple T1s to T3s over OC3 SONET, and optimized international customer internet access to our online products.
• Completed first Internet security assessments and installed first perimeter security systems and processes.
1999 : 2003
ProQuest Information and Learning
Director, Technical Services
Work closely with sales and professional services to assure prospects and customers about our proactive security and privacy program through an answer database, collateral, presentations, and contract negotiations.
Established and maintain WorkForce Software's security and privacy governance framework. Develop security and privacy programs to align with business strategy to ensure security and privacy are seen as business enablers. Manage security and privacy risk, and determine appropriate controls. Plan, establish and manage our capability to detect, investigate, respond to, and recover from security or privacy incidents.
Direct global IT internal audit activities over both corporate and customer-facing products, systems, and processes.
2017 : Present
WorkForce Software
Chief Information Security & Privacy Officer
Direct global information security and privacy efforts to protect customer and corporate sensitive data. Drive compliance with SSAE 16, ISAE 3402, SOC 2, ISO 27001, EU-US Privacy Shield, and GDPR standards and audits. Implement NIST and Critical Security Controls standards.
Established and maintain WorkForce Software's security and privacy governance framework. Develop security and privacy programs to align with business strategy to ensure security and privacy are seen as business enablers. Manage security and privacy risk, and determine appropriate controls. Plan, establish and manage our capability to detect, investigate, respond to, and recover from security or privacy incidents.
Direct global IT internal audit activities over both corporate and customer-facing products, systems, and processes.
Drive security into software development, partner management, and vendor management programs.
2016 : 2017
WorkForce Software
Director of Security & Privacy
Direct all aspects of systems engineering, operations, security, privacy, IT risk, audit, compliance, and change management for our global cloud-based EmpCenter and EmpLive workforce management solutions. Responsible for systems and applications that service over 1.5 million customer employees. Help prospective customers understand how our cloud-based solution protects the availability, integrity, and confidentiality of their data.
• Selected and opened SaaS computing facilities in Europe, Australia, and Canada to address market privacy and localization needs. Moved our disaster recovery site within the United States to provided a more robust and secure environment for our cloud-based customers. Selected Uptime Institute Tier IV data center (Design, Construction & Operations) for US expansion, and Tier IIi data centers (Design & Construction) in Canada to address our customers' needs for high uptime and security.
• Successfully led the company through 4 consecutive SAS 70 Type II audits, followed by five SSAE 16 Type II and ISAE 3402 Type II audits, as well four SOC 2 Type II audits. Self-certified the company for U.S.-EU Safe Harbor compliance. Currently directing ISO 27001 certification effort.
• Maintained an average 99.93% customer uptime in the hosting/SaaS environment since inception, during a time of explosive growth.
2006 : 2016
WorkForce Software
Director, Cloud Services
• As part of the Merger & Acquisitions Integration Team, performed due diligence on acquisition targets, resolved any system capacity / availability / performance issues, drove IT integration efforts, managed acquired technical staff during the transition phase to ensure business goals were met, mediated between acquired and Ann Arbor technical staff, and drove integration process improvements.
• Directed the procurement, deployment, and support of personal computing devices (PCs, laptops, cell phones, Blackberry’s, desk phones) and services (audio conferencing, web conferencing, video conferencing, and voice mail) for 1,200 employees across 13 offices in 10 US cities.
• Directed up to 7 managers with 37 staff across multiple locations and budgets over $5.2M.
2003 : 2006
ProQuest Information and Learning
Director, Enterprise Services
• Directed four departments (Customer Technical Support, Networking, Systems Engineering, and Data Center Operations), four managers and 30 staff.
• Delivered 1st level support for all revenue-producing and manufacturing-related systems (Linux, Sun, Windows, EMC, Network Appliance, Oracle, Cisco); owned the resolution of all system and product outages or issues. Directed problem and change management processes.
• Supervised reengineering of network for redundancy, expanded Internet bandwidth from multiple T1s to T3s over OC3 SONET, and optimized international customer internet access to our online products.
• Completed first Internet security assessments and installed first perimeter security systems and processes.
1999 : 2003
ProQuest Information and Learning
Director, Technical Services
Company:
WorkForce Software
Years of Experience:
36
Skills
24x7, 24x7 data center operations, application hosting, business process improvement, change management, cisco systems products, cisco technologies, cloud computing, Data Center, data privacy, disaster recovery, GDPR, gdpr eu general data protection regulation, Information Security, Information Technology, infrastructure, ISAE 3402, iso 27001, Linux, linux/unix and windows systems administration, Management, networking, network security, office 365, personal data protection, privacy shield, Process Improvement, saas, sas 70, sas70, Security, servers, soc 2, software as a service (saas), software documentation, ssae 16, system administration, system deployment, technical management, technical support, technology management, u.s.-eu safe harbor, vendor management, vmware, 24x7 Data Center, Linux/Unix and Windows
About
Experienced Chief Information Security Officer and Chief Privacy Officer with a demonstrated history building information security and privacy programs that comply with domestic and global regulations and standards such as SOC 1 and SOC 2 plus ISO 27001, ISO 27017, ISO 27018, and ISO 27701 Certification. Reduces the time to book B2B revenue by shortening the cycle needed to demonstrate the soundness of the organization's security and privacy programs to sales prospects.
Profile Photo
