Bradley J. Schaufenbuel is currently Director of Information Security at Paylocity. Prior to his current role, he held security leadership positions at Midland States Bank, FirstMerit Bank, Midwest Bank, Zurich Financial Services, Experian, and Arthur Andersen LLP. Bradley is the author of "E-Discovery and the Federal Rules of Civil Procedure: A Pocket Guide", published by IT Governance
Bradley J. Schaufenbuel is currently Director of Information Security at Paylocity. Prior to his current role, he held security leadership positions at Midland States Bank, FirstMerit Bank, Midwest Bank, Zurich Financial Services, Experian, and Arthur Andersen LLP. Bradley is the author of "E-Discovery and the Federal Rules of Civil Procedure: A Pocket Guide", published by IT Governance Publishing. He has also co-authored multiple "For Dummies" books and has had articles published in professional journals on a wide variety of topics related to information security and governance. Bradley is licensed to practice law in Illinois and holds twenty professional designations in the areas of information security management, IT compliance, fraud examination, IT audit, computer forensics, ethical hacking, business continuity planning, project management, and process improvement, including the C|CISO, CISSP, CISM, CISA, CIPP, CSSLP, PMP, CRISC, CGEIT, ISSMP, ISSAP, CFE, C|EH, CBCP, DFCP, CIFI, CSOXM, CSOE, ITIL v3 Foundation, and Six Sigma Black Belt. He holds an MBA from DePaul University's Kellstadt Graduate School of Business and a JD and an LLM in information technology and privacy law from the John Marshall Law School in Chicago. Bradley has served as a director on several corporate and non-profit boards, is a regular speaker at industry conferences, and has served numerous clients in the legal, financial services, and health care industries as a freelance consultant.
Specialties: Information security management, IT audit, information privacy, computer forensics, ethical hacking, network penetration testing, IT governance, project management, business continuity planning, electronic discovery, legal and regulatory compliance, fraud examination, and IT process improvement.
Director of Information Security @ Lead a talented team of information security professionals that is responsible for ethical hacking, application security, penetration testing, security architecture, incident response, security strategy, forensic investigations, business continuity planning, disaster recovery, policy management, IT governance, IT compliance, third party service provider oversight, risk assessment, IT control design and implementation, vulnerability management, threat intelligence, audit coordination, security operations, security awareness training, risk management, and privacy. From May 2015 to Present (8 months) Director of Information Security @ Managed the information security program, coordinated IT audits and examinations, managed the business continuity planning and disaster recovery program, provided risk consulting services, performed vendor and acquisition due diligence, managed the service provider oversight / vendor management program, ensured compliance with legal and regulatory requirements, reported key risk indicators to the board, conducted risk assessments, oversaw security awareness training, developed and maintained policies and procedures, etc. From August 2011 to May 2015 (3 years 10 months) Regional Information Security Officer @ Managed the regional implementation of the corporate security program, managed portions of a data center retirement project, spear-headed the security related aspects of a core conversion project, coordinated audits and examinations, facilitated an FDIC data acquisition project, served as the ad interim corporate BCP coordinator, directed local security incident response efforts, etc. From May 2010 to July 2011 (1 year 3 months) Senior Vice President and Chief Information Security & Privacy Officer @ Managed the information security program, reported key IT risks to the board quarterly, developed policies and standards, ensured compliance with legal and regulatory requirements, managed the BCP / DRP program, managed the vendor and service provider oversight program, performed IT risk assessments, coordinated audits and examinations, performed control reviews and Sarbanes-Oxley Section 404 testing, administered the consumer privacy program, etc. From September 2008 to May 2010 (1 year 9 months) Senior Manager, I.T. Risk & Security @ Performed IT control reviews and risk assessments, managed the IT portion of the internal controls framework, managed the SAS 70 audit assurance program, coordinated audits and examinations, assisted with the PCI DSS compliance program, performed regulatory impact assessments, developed IT compliance guidelines, etc. From October 2005 to September 2008 (3 years) Business Information Security Officer @ Performed control reviews and risk assessments, coordinated audits and examinations, performed contract negotiations and reviews, conducted security awareness training, managed key customer and regulator relationships, directed the security incident response team, ensured compliance with legal and regulatory requirements, managed systems and network security, managed security related projects, performed ‘due diligence’ on acquisition targets, etc. From May 2004 to September 2005 (1 year 5 months) Information Security Manager @ Managed the information security program, maintained the company’s security infrastructure, managed security implementation projects, delivered information security related advisory services, directed the computer security incident response team, performed IT risk assessments, etc. From December 2002 to May 2004 (1 year 6 months) Experienced Senior Consultant @ Designed the architecture for high volume web sites, conducted web application security reviews, developed technical security requirements, conducted secure code reviews, performed network vulnerability assessments, created security hardening scripts, developed security standards, provided security advisory services, etc. From June 1996 to November 2002 (6 years 6 months)
JD / LLM, Information Technology and Privacy Law @ The John Marshall Law School From 2007 to 2011 MBA, Telecommunications Management @ DePaul University - Charles H. Kellstadt Graduate School of Business From 1997 to 2000 BA, Management Information Systems @ University of Northern Iowa From 1994 to 1996 Bradley Schaufenbuel is skilled in: Information Security, Information Security Management, IT Audit, CISSP, Risk Management, CISM, Penetration Testing, Disaster Recovery, CISA, Vendor Management, Web Application Security, Network Security, Risk Assessment, Data Privacy, Information Technology