Randy Oppenborn

Experience

• 

  USG

  Jan 1999 - Jan 2005

  • Managed business continuity planning and created business cases and procured over $300K in extra funding to enhance business continuity initiatives• Authored and prepared SOWs, business impact analyses, risk assessments, business continuity plan evaluations, disaster recovery plans and programs for corporate business units• Implemented the first internal disaster recovery managed-service offerings • Directed all IT audit functions, including recruiting and staff development, audit plan development and execution, workpaper review, client relationships, IT assurance and advisory activities, board reporting packages and executive presentations• Gained acceptance and trust of audit clients, becoming a trusted advisor through effective collaboration and partnerships

  • Project Manager – Business Continuity

    Jan 2004 - Jan 2005

  • Senior IT Auditor

    Jan 1999 - Jan 2004
• 

  Career Education Corporation

  Jan 2005 - Jan 2012

  • Completed Operational Excellence initiative, remediating 27 control deficiencies within 12 months; authored processes, standards, and dashboard reporting related to access and change control, resulting in improved efficiency and IT risk profile• Implemented Service-Now IT change control platform, resulting in fewer outages and improved system availability• Established IT risk management department and designed IT controls for a global education company with more than 90 campuses and 116,000 students• Facilitated $75MM annual IT budget planning process as well as oversaw 9 projects with a $2MM budget including IT change management, IT security policy management, business continuity, security awareness, and training • Developed, documented and implemented an IT assurance framework within 5 months and re-authored IT security policies and developed a process for effective policy governance• Implemented sustainable processes to manage the compliance lifecycle, including sub-certifications and incident management using SharePoint and Archer Technologies GRC Show less • Established and managed all IT audit functions, including recruiting and staff development, audit planning and execution, work paper review, client relationships, IT assurance and advisory activities, board reporting packages and executive presentations• Analyzed and documented processes evaluated system workflows and tested controls to deliver reports to senior management for full-scope audits and advisory services, averaging 15 communications annually• Established technical initiatives, including implementation of PeopleSoft and CampusVue, access and change controls, network security, incident and problem management, third-party services, business continuity, and disaster recovery• Developed and executed all Sarbanes-Oxley testing for IT processes and controls and achieved reliance on internal testing, resulting in a 10% reduction in external audit fees within one year• Deployed automated work paper platform and standards in 6 months, resulting in improved visibility within historical data and reduced time for follow-up reviews Show less

  • IT Director - Security Governance

    Jan 2009 - Jan 2012

  • Senior Manager – IT Audit

    Jan 2005 - Jan 2009
• 

  Adtalem Global Education

  Jan 2012 - May 2014

  Director of Information Security

  • Implemented Qualys vulnerability management process: compiled data, centralized reporting functions, improved visibility and accountability to assess risk exposure, reduced vulnerability correction times, therefore reduced overall risk • Oversaw global information security operations while managing a $2MM budget and a team of 15 full-time staff, consultants and interns • Developed and documented both short and long-term strategies to establish roadmaps that connected future technology plans with business objectives; led turnaround of IT Security Department from re-engineering inefficient processes to building productive team • Provided comprehensive visibility across C-suite employees regarding technical initiatives, capital expenses optimization, risk evaluation, and project alignment with overall business strategy; interfaced regularly with C-level and senior executives • Strengthened collaboration, relationships, and integrity across IT sub-domains and business units, including Legal, Human Resources, Home Office Compliance, and Supply Management• Deployed and operationalized IDS/IPS Palo Alto solution in less than six months, boosting threat and malware protection and leading to more efficient bandwidth utilization Show less

• 

  Foley & Lardner LLP

  Jun 2014 - Aug 2020

  Director/Chief Information Security Officer

  • Achieved ISO 27001 certification• Transform IT Security Department, through various projects; re-engineering inefficient processes, building motivated and productive team, implementing new technologies• Lead information security, governance and records management operations at a Global 100 law firm, managing a $10MM budget and a team of 56 full-time staff, outsourced professionals, consultants, and interns• Provided consistent updates and presentations to Management Committee/Board on security prevention, IT risk maturity and document retention topics• Establish IT audit procedures: Ensuring compliance to ISO standards, spearheaded efforts to establish controls Show less

• 

  Various Companies

  Sept 2020 - Mar 2021

  Information Security Consulting | vCISO

  * Strategy and Leadership* Governance, Risk and Compliance* Team Collaboration* Projects* Security Policy Development

• 

  Critical Insight

  Apr 2021 - now

  vCISO and Principal Consultant of CI.Security's Professional Services team, focusing on providing strategic direction, risk assessments, risk treatment and response, information security and governance, standards and compliance (NIST CSF, CMMC, HIPAA/HITRUST, ISO 27001), board meetings and communications and overall security management. vCISO services help executives, security and technology teams safeguard information assets while supporting business operations with augmented cyber expertise to reduce business risk and enhance the security posture. CI Security vCISO services are supported by a world-class information security professional team providing Managed Detection and Response, Vulnerability Management, Penetration Testing, Digital Forensics, Incident Response and Log Management. Show less

  • Consulting Practice Director

    Jun 2022 - now

  • vCISO, Principal Consultant

    Apr 2021 - Aug 2022