Profiles search

Richard Clayton

vCISO and Cybersecurity Leader
Marysville, OH, United States

Details

Education: Law & Society

University of California, Santa Barbara

1992 : 1997

Palo Verde High School

1989 : 1992
Experience: 2023 : Present

Gracen

Director of Information Security Practice

Served as managing director of information security operations, a technical enterprise security architect for technology-led acquisitions, and a Subject Matter Expert in information security and PCI Compliance. Managed teams across the company in information security operations, network security, incident response, vulnerability management, active directory services, CIS controls, and PCI compliance.

Directed enterprise-wide onboarding of all new technology strengthening systems and services.

- Oversaw the implementation of several key information security products and systems : Symantec products suites, SIEM and SOAR tools, DLP, vulnerability scanners and managed security services.

- Consulted business units on fortifying information security policies and technologies, as well as contract agreements, architectures, and technical security controls.

- Worked closely with enterprise architecture, risk, compliance, supply chain, treasury, and legal teams for contract redline, negotiations, and approval of vendors, services, and RFPs.

Built the information security program from the ground up, growing the team to 30+ and leading a range of security strategies.

- Instituted Data Loss Prevention, Vulnerability Management, and Incident Response programs.

- Developed governance policies, standards, and procedures based on CIS, NIST Cyber Security Framework (CSF), HIPAA, PCI, and internal requirements.

Brought organization to PCI Compliance. Led major security infrastructure and architecture replacement projects, including devices and processes, implementing a PCI P2PE Program.

- Led compliance initiatives across P2PE and voice, Merchant Services, and Card Processing replacement.

- Conducted vulnerability management and penetration testing to assess risks to internal, critical, and internet-facing assets. Initiated remediation efforts and compensating controls.

2017 : 2023

OhioHealth

Director of Information Security Operations

Engaged in sales and consulting with large Fortune 100, 500, and Global 2000 customers in the United States and Canada. Provided PCI, vulnerability management, and DLP program assessment and consulting as well as PCI-DSS QSA Audits and GAP Analysis and SAQ, ROC, and AOC documentation and review.

Cybersecurity & Information Security : Facilitated successful security assessments and both internal and external vulnerability and onsite penetration testing.

- Led security assessments, incident response planning, and consulting for 3 of the top 10 banks in the world, a large movie and media company, and city, county, state, and federal government agencies.

- Steered internal security assessments, penetration tests, and HIPAA gap analysis for a regional hospital.

- Strengthened security, PCI compliance, and regulatory compliance for a major Gulf Coast casino and Las Vegas-based casino.

Architecture, Governance & Operations : Rolled out Symantec product suites (DLP, Compliance Suite, Antivirus) in federal, retail, healthcare, and corporate environments, driving instruction, implementation, tuning, and support.

Regulatory Compliance & Risk Management : Leveraged engineering experience with security solutions, including SIEMs, endpoint products, virtualization, vulnerability scanners, and penetration testing tools to reduce client risks.

2013 : 2018

Novacoast

Senior Engineer

Took on a senior leadership role to enhance information security, managing infrastructure and application penetration testing, security research, protocol analysis, password cracking, social engineering methods, OS hardening, infrastructure devices, wireless security, implementation of encryption, and authentication methods.

Cybersecurity & Information Security : Ensured the rapid and secure implementation of internal banking applications with minimal risk, conferring with business owners and project leads to improve security posture. Engineered security solutions and managed the internal Identity and Access Management program (IAM).

Architecture, Governance & Operations : Designed and executed network and application vulnerability assessments and infrastructure scanning while providing real-time auditing, monitoring, and incident response. Administered 25+ physical and virtual servers for network security infrastructure.

Regulatory Compliance & Risk Management : Worked with the internal organization around CIS and NIST CSF implementation in response to rolling PCI, GLBA, SOX, and network security audits.

2007 : 2013

Santa Barbara Bank and Trust

Sr. Security Engineer

2007 : 2013

Santa Barbara Bank and Trust

Identity Management Administrator
Company: Gracen
Years of Experience: 27
Spoken Language: English

Skills

CISA, Cybersecurity, Enterprise Architecture, Information Governance, Information Security, information security management, Leadership, Linux, Management, Microsoft 365, Microsoft Azure, Network Security, Operational Risk Management, Payment Card Industry Data Security Standard (PCI DSS), Security Information and Event Management (SIEM), ceh, eDirectory, active directory, SIEM, mysql, Microsoft Operating Systems, SOX, glba, intrusion detection, Systems Engineering, VCP 5, Identity Management, sarbanes-oxley act, Vulnerability Management, computer security, servers, virtualization, vulnerability assessment, system administration, penetration testing, tcp/ip, Encryption, ids, security audits, Vulnerability Scanning, microsoft exchange, itil, high availability, Bash, system deployment, Storage Area Networks, powershell, firewalls, networking, enterprise software, vmware esx, cloud computing, disaster recovery, pci dss, data center, infrastructure, microsoft sql server, windows server, dns, open source, metasploit, cissp, operating systems

About

https://www.richclayton.com



Seasoned information security operations leader with 15+ years of success defining and executing the strategic vision of IT and senior leadership to optimize technology and security related functions organization-wide. A record of managing recruitment, information security programs, and infrastructure components in on-premise and cloud environments.



Cybersecurity & Information Security: Over 30 technical certifications and broad experience in information security, collaborating with executive leaders to protect the confidentiality, integrity, and availability of company information.



Architecture, Governance & Operations: A record of establishing security policies and processes for Fortune 100 organizations based on industry standards and frameworks including NIST CSF, ISO, and CIS as well as overseeing security assessments and audits, response plans, and best security practices.



Regulatory Compliance & Risk Management: Significant experience with information security regulations and mandates including HIPAA, PCI, GDPR to reduce risks in alignment with business goals.