Information Security Executive Director
Resume:
Alan Cochran
Hoover, AL *****
*******.*******@*******.***
www.linkedin.com/in/alandcochran
SUMMARY
Experienced Information Security executive with a global record of success leading programs in Security Strategy, Governance, Risk, Operations, Engineering, Incident Response, and Identity. Deep expertise in aligning security capabilities to business outcomes, building high-performing teams, and guiding transformation across highly regulated industries including banking, healthcare, government, and fintech. US citizen, eligible to work for any employer.
PROFESSIONAL EXPERIENCE
Information Security Practitioner – Security Governance, Risk & Identity, vCISO
G360 IS / Cochran-US
2010 to Present (Concurrent)
Provided contract-based CISO services and risk consulting.
Delivered program buildouts for service management, IAM, and security ops.
Led risk reviews for fintech and electronic payments firms.
Chief Information Security Officer (CISO)
Output Services Group
Feb 2023 to Nov 2024
Established a proactive, intelligence-driven enterprise security program.
Developed and maintained security policies, controls, and procedures for data protection, access control, and compliance.
Led company-wide awareness and training initiatives including simulated phishing and live instruction.
Deployed advanced threat detection and response platforms (SIEM, IDS, EDR).
Oversaw cloud security with encryption, IAM, and native tooling.
Regularly advised Audit Committee and executive leadership on AI/ML, zero-trust, and threat trends.
Chief Information Security Officer (CISO)
State of Alabama (OIT)
Aug 2021 to Feb 2023
Directed statewide IS&C programs with 24x7x365 delivery.
Defined future-state vision, governance, and operating model.
Managed SOC, engineering, tools, and MSSP services.
Designed Security Services Catalog; built TOM roadmap.
Aligned with NIST 800-53/-171/CSF, ISO 27001/27002.
Delivered KPI-based program governance, ROI tracking, and agency engagement.
vCISO, Senior Information Security Consultant
SecurIT360 / Global360
Aug 2018 to Aug 2021
Provided vCISO and GRC consulting for commercial, legal, MSP, and academic clients.
Performed governance, third-party risk, and security posture assessments.
Led penetration testing, phishing simulations, network/app security reviews.
Delivered NIST, PCI DSS, ISO, and GDPR-aligned frameworks.
Built and tested incident response plans and BC/DR playbooks.
Senior Vice President, Cybersecurity & Entity Management, vCISO
BBVA Compass Bank
Aug 2016 to 2018
Led security engineering, operations, IAM, risk, and BCP functions across twelve business entities.
Reported to Risk Committee
Designed and ran Entity Management Security program.
Developed CIM: a continuous assessment, risk, and remediation cycle.
Managed assessments across fraud, risk, and security domains.
Vice President, Information Security (GP Worldwide), vCISO
Global Payments Inc.
2011 to Aug 2016
Led Global Payments’ IS program across fourteen business units in 27 countries.
Built and implemented a three-year worldwide security strategy.
Managed post-acquisition risk integrations and global security operations.
Interfaced with regulators, law enforcement, and legal teams.
Executed security testing, incident response, and compliance (PCI, GLBA, SOX).
Executive Director, Information Security & Data Protection
Kaiser Permanente
2008 to 2011
Oversaw IS services for healthcare system with 6M members and 126K employees.
Restructured security operations and SLAs for outsourced IT.
Led IAM operations, access provisioning, and role-based access control.
Senior Director, Information Security
TSYS Inc.
2005 to 2008
Created first Cybersecurity Operations Center (24x7 threat detection/response).
Built DataStore Security program and encryption key management platform.
Led PCI DSS compliance program with 100% success across multiple audits.
Senior Director, Information Security
AmSouth Bank (Regions Financial)
2002 to 2005
Created Information Security Policy Governance Council.
Designed vendor risk management and third-party assessments.
Implemented SOC with firewall, AV, IPS, and encryption coverage.
Senior Director, Managed Security Services
Guardent, Inc.
2000 to 2002
Designed/implemented MSSP offering (firewall, IDS, IR) for startup.
Built and led 24x7 SOC managing 400+ client environments.
Senior Director, Information Security Division
Bank of America
1998 to 2000
Led IS Division and established global SOC with "follow-the-sun" operations.
Oversaw budgets to $17M across global IT, risk, and security operations.
VP, Director, Global Network Operations
Bank of America
1985 to 1998
Managed branch, ATM, WAN, and trading networks in line with 99.95% uptime.
Consolidated five global NOCs, authored real-time problem management protocols.
EDUCATION
Bachelor of Science in Accounting
Fordham University, New York, NY
BAC Leadership & Management
University of North Carolina
People Leadership
Synovous Leadership Academy, Atlanta GA
CISSP Exam Writer Engagement
2018, 2020
CERTIFICATIONS
CISSP (2006 – present)
CISA (2015 – present)
CDPSE (2015 – present)
ITIL v3 (2007 – Present)
AFFILIATIONS
ISACA (#277462)
InfraGard (#10035650)
ISSA (Member since 2014)
FS-ISAC, MS-ISAC
AWARDS
Eagle Scout, Boy Scouts of America
CEO Teamwork Award Bank of America
President’s Award Global Payments
Technology Award BofA Trust Systems
SKILLS
Security Strategy & Leadership
Governance, Risk & Compliance (GRC)
Security Engineering & Operations
Identity & Access Management
Cloud & Hybrid Security Architecture
SOC/SIEM/IR Program Development
Frameworks NIST, ISO, MITRE
Compliance SOX, GLBA, PCI, NYDFS, HIPAA
Security Awareness & Training
M&A Due Diligence & Integration
Contact this candidate