Profiles search
Toby Lillibridge, CISSP
Lead Information Security Analyst at Thomson Reuters
Saint Paul, MN, United States
Details
Education:
Bachelor of Science (B.S.)
Information Technology
Saint Mary's University of Minnesota
2012 : 2013
Associate in Applied Science
Information Technology & Telecommunication
Century College
2011 : 2012
Information Technology
Saint Mary's University of Minnesota
2012 : 2013
Associate in Applied Science
Information Technology & Telecommunication
Century College
2011 : 2012
Experience:
2019 : Present
Thomson Reuters
Lead Information Security Analyst
2018 : 2019
Refinitiv
Senior Analyst
Data Leakage Protection
• Manage the relationship of the managed service provider to include access control and corporate security and awareness training.
• Provide training and awareness education in relation to data leakage protection for the organization.
• Administer the data leakage protection tools which includes configuring policies and metrics/reporting.
• Communicate and collaborate with key stakeholders across the various business units to further define DLP policies.
• Deploy and monitor DLP agent installations across the organization.
• Monitor and respond to alerts generated from the DLP systems and other technologies following an incident response process.
Customer Assurance
• Serve as a subject matter expert in information technology operations, information security and risk management practices across business units as it relates to client inquiries.
• Compose detailed and technically accurate descriptions of security controls for the purpose of assuring customers.
• Serve as the technical subject matter expert to the Customer Assurance team.
• Communicate with key stakeholders across the various business units in order to clarify client requests.
Vendor Risk Management
• Key contributor for the design and implementation of a formal enterprise VRM program.
• Performed vendor risk assessments on potential and existing third party vendor relationships; taking into consideration strategic, reputation, compliance, and other potential risks.
• Conducted thorough due diligence activities including review of IT General Controls, Physical Security controls, business continuity/disaster recovery plans/testing results, and reports over internal controls (SSAE 16's and other compliance reports).
• Identified, measured, and assessed risk associated with third party vendor relationships, and as needed.
• Lead and/or participated in communicating identified risks with key stakeholders to initiate and subsequently drive remediation efforts related to assessments.
2014 : 2018
Thomson Reuters
Information Security Analyst
• Perform vendor risk assessments on potential and existing third party vendor relationships; taking into consideration strategic, reputation, compliance, and other potential risks.
• Conduct thorough due diligence activities including review of IT General Controls, Physical Security controls, business continuity/disaster recovery plans/testing results, and reports over internal controls (SSAE 16's and other compliance reports), and on-site vendor reviews, when warranted.
• Identify, measure, and assess risk associated with third party vendor relationships, and as needed, coordinate with the business owners to identify/establish mitigation approach.
• Maintain a vendor database to capture, categorize, and maintain risk ratings of vendors.
• Lead and/or participate in communicating identified risks with key stakeholders to initiate and subsequently drive remediation efforts related to assessments.
2013 : 2014
Target
Information Protection Analyst
Information Security (January 2013 – Present)
• Ensured compliance with SOX regulations and PCI DSS Standards.
• Responsible for secure decommission and asset management for the SOC group.
o Incident response, IDS/IPS, and Forensics
• Experience with usage of EnCase Forensic software.
o Carve RAM, E01 images, analyze data
• Created TriageIR guidelines document.
• Created documentation for hard drive duplication devices (Image Masster).
Windows Server Platform Team (May 2012 – December 2012)
• Assisted project lead with training of our offshore engineers.
• Worked with project lead to schedule and upgrade Windows 2008 R2 servers to the latest SP1 patch.
• Identified and corrected incorrect DNS entries for all internal servers.
• Completed IBM/HP server Firmware/BIOS updates when applicable.
• Verified proper installation of Trend Anti-Virus on newly deployed servers.
• Installed BigFix on newly deployed servers.
• Coordinated with business units for change request deployments.
• Researched and corrected unreachable IP addresses.
• Worked on Solution Design calls to create build sheets for future builds.
• Working knowledge of HP Service Manager for Change Management.
2012 : 2013
Thomson Reuters
UNITE Intern
Thomson Reuters
Lead Information Security Analyst
2018 : 2019
Refinitiv
Senior Analyst
Data Leakage Protection
• Manage the relationship of the managed service provider to include access control and corporate security and awareness training.
• Provide training and awareness education in relation to data leakage protection for the organization.
• Administer the data leakage protection tools which includes configuring policies and metrics/reporting.
• Communicate and collaborate with key stakeholders across the various business units to further define DLP policies.
• Deploy and monitor DLP agent installations across the organization.
• Monitor and respond to alerts generated from the DLP systems and other technologies following an incident response process.
Customer Assurance
• Serve as a subject matter expert in information technology operations, information security and risk management practices across business units as it relates to client inquiries.
• Compose detailed and technically accurate descriptions of security controls for the purpose of assuring customers.
• Serve as the technical subject matter expert to the Customer Assurance team.
• Communicate with key stakeholders across the various business units in order to clarify client requests.
Vendor Risk Management
• Key contributor for the design and implementation of a formal enterprise VRM program.
• Performed vendor risk assessments on potential and existing third party vendor relationships; taking into consideration strategic, reputation, compliance, and other potential risks.
• Conducted thorough due diligence activities including review of IT General Controls, Physical Security controls, business continuity/disaster recovery plans/testing results, and reports over internal controls (SSAE 16's and other compliance reports).
• Identified, measured, and assessed risk associated with third party vendor relationships, and as needed.
• Lead and/or participated in communicating identified risks with key stakeholders to initiate and subsequently drive remediation efforts related to assessments.
2014 : 2018
Thomson Reuters
Information Security Analyst
• Perform vendor risk assessments on potential and existing third party vendor relationships; taking into consideration strategic, reputation, compliance, and other potential risks.
• Conduct thorough due diligence activities including review of IT General Controls, Physical Security controls, business continuity/disaster recovery plans/testing results, and reports over internal controls (SSAE 16's and other compliance reports), and on-site vendor reviews, when warranted.
• Identify, measure, and assess risk associated with third party vendor relationships, and as needed, coordinate with the business owners to identify/establish mitigation approach.
• Maintain a vendor database to capture, categorize, and maintain risk ratings of vendors.
• Lead and/or participate in communicating identified risks with key stakeholders to initiate and subsequently drive remediation efforts related to assessments.
2013 : 2014
Target
Information Protection Analyst
Information Security (January 2013 – Present)
• Ensured compliance with SOX regulations and PCI DSS Standards.
• Responsible for secure decommission and asset management for the SOC group.
o Incident response, IDS/IPS, and Forensics
• Experience with usage of EnCase Forensic software.
o Carve RAM, E01 images, analyze data
• Created TriageIR guidelines document.
• Created documentation for hard drive duplication devices (Image Masster).
Windows Server Platform Team (May 2012 – December 2012)
• Assisted project lead with training of our offshore engineers.
• Worked with project lead to schedule and upgrade Windows 2008 R2 servers to the latest SP1 patch.
• Identified and corrected incorrect DNS entries for all internal servers.
• Completed IBM/HP server Firmware/BIOS updates when applicable.
• Verified proper installation of Trend Anti-Virus on newly deployed servers.
• Installed BigFix on newly deployed servers.
• Coordinated with business units for change request deployments.
• Researched and corrected unreachable IP addresses.
• Worked on Solution Design calls to create build sheets for future builds.
• Working knowledge of HP Service Manager for Change Management.
2012 : 2013
Thomson Reuters
UNITE Intern
Company:
Thomson Reuters
Years of Experience:
22
Skills
Budgets, Computer Hardware, Computer Security, Customer Service, Information Security, Leadership, Management, Microsoft Office, Networking, Program Management, Project Management, Recruiting, Sales, Security, Servers, Software Installation, Training, Troubleshooting, Windows Server
Profile Photo
