Enterprise Technology Leadership

Chief Compliance Officer Experience

Managed and provided oversight of enterprise-wide compliance function and served as Chief Compliance Officer with organization. Has expert-Level experience delivering on compliance, privacy, and security objectives and working with auditors and compliance assessors on the following:

Sarbanes Oxley – performed internal control design and remediation to ensure enterprise-wide compliance with Sarbanes Oxley.

FedRAMP (Federal Risk and Authorization Management Program) – Designed, implemented, documented, and tested controls. Developed working relationship with Federal FedRAMP team. Hired external assessors achieve FedRAMP Certification.

ISO 27001 – Have performed internal assessments, designed and implemented controls, and have hired external examiners to achieve ISO 27001.

AICPA SOC 1 and SOC 2 – Performed internal control design work, executed AICPA-level attestation, and have hired auditors for all aspects of SOC 1 and SOC 2 attestations, including assessments of the Security, Availability, Processing Integrity, Confidentiality, and Privacy principles.

PCI-DSS (Payment Card Industry – Data Security Standard) – Former Payment Card Industry Qualified Security Assessor) that has assisted several companies with design and implementation of PCI compliant environments. Experienced in working with PCI assessor organizations to validate PCI Compliance.

HIPAA HITECH – Designed and implemented controls to comply with HIPAA privacy standards. Hired external assessors to validate compliance.

Non-Profit Involvement and Leadership

Kansas City River Trails – Served as Treasurer Not for Profit Corporation created to help improve project efficiency, gain funds, establish amenities, run programs, and operate and maintain the Kansas City Riverfront Heritage Trail, ensure continuity of Trail design, fund and place public art on the trail, and promote the Trail in the community.

Red Hot Nights – Served in various capacities over 5 years for the annual for gala fundraiser for Children’s Mercy Hospital in Kansas City. During final year of tenure on board as event chairman, event raised over $1.2mm for the hospital.

Identity Access Management (IAM) Architecture Implementation

Implemented SailPoint Identity Access Management (IAM) and Account Compliance solutions for 10 key internal and SAAS applications and the Active Directory to enable single sign on, automated user account provisioning, and reducing cycle time related to key compliance monitoring and reporting.

Enterprise-wide Wireless Rollout

Replaced aging and support-inefficient Cisco wireless access points with enterprise-wide, centrally managed, and expandable wireless architecture using Xirrus Solutions. Solution is scalable, expandable, capable of up to 12 SSID’s at each location, and customizable to internal or external customer needs.

Implemented wireless access and services controls for both employees (using AD authentication) and Guests (requires agreement with EUA before allowing wireless access)

Information Technology Service Quality Management

Using a Net Promoter Score (NPS) measurement as a basis for service quality assessment and validation, implemented a quarterly process in which 3% of the employee base was polled to rate effectiveness of service delivery to the business on a scale of 1 (lowest) to 10 (highest). NPS scores less than 7 required follow up by myself and the team leader responsible for the service. Overall results were presented to business; detailed results were presented to Executive Committee.

Average NPS score over 2 year period was over 9.

Chief Information Security Officer

Managed and provided oversight of enterprise-wide information security acting as Chief Security Officer. Has expert-Level experience delivering practical and pragmatic information security controls and managing response to information security incidents. Experience includes:

Redesigning and managing the change management project for the information security function for a Fortune 500 pharmaceutical company.

Managing blind and focused penetration testing teams, designing controls resulting from those tests, and recommending changes to executive teams to manage information security risk.

Served as designated Chief Security Officer for ISO, PCI, and FedRAMP compliance initiatives.

Worked with clients on information security matters and initiatives.

Presented several times to media, conferences, executive teams, and BOD’s on information security.

Utilized risk-based approach to define organizational information security risk response and resulting spend.

Worked with operational leaders to refine and ensure execution of information security strategy.

SAAS Application Management and Oversight

Salesforce – Responsible for all aspects of delivery for Salesforce, including managing internal administrators and consultants, consultants, and Salesforce service team in delivering value-based enhancements and projects to the sales, product development, and internal support teams. Negotiated all contracts with Salesforce, including management of user license levels. Developed and implemented a custom Agile-based iterative project management/delivery approach for Salesforce.com project and enhancement deployment. Highlights include conversion of a legacy CRM and customer quoting solution to Salesforce, Implementation of CPQ, and enablement of an API-based ordering and provisioning functionality for online Amazon Web Services.

ServiceNow – Responsible for all aspects of delivery of ServiceNow, including ITSM, CMDB, and Project Portfolio Management. Negotiated service contracts with ServiceNow, including managing license levels. Managed internal administrators/developers and provided oversight and ensured effective delivery on projects by consultants. Redesigned the project and enhancement intake process the emphasis on reducing the amount of custom configuration. Ensured system upgrades were implemented timely and had effective change management for end users.

Privileged Account Management (PAM) Architecture Implementation

Significantly reduced super-user account risk, implemented consulting services monitoring, and reduced administrative cycle time for the server and desktop administration team by implementing CyberArk Privileged Account Management (PAM) solution on the internal corporate servers and desktop systems.

Video Teleconference and Telecom Architecture Implementation

Implemented enterprise-wide video teleconference (VTC) architecture that integrated audio, video, and presentation capabilities at 8 QTS locations using hybrid on-premise solutions and seamless integration with Cisco WebEx.

Negotiated $150K per annum reduction in enterprise-wide audio teleconference costs by implementing Cisco WebEx and turning down separate, disparate conference call providers.

Informatica Implementation

Led project management and oversight for implementation of IBM Informatica to replace existing unknown and existing “black box” integrations with solution that enabled transparent design of data integrations, SOX compliant monitoring of those integrations, and creation of Operational Data Store (ODS) for business intelligence and analytics as the data moved between on prem systems and SAAS applications.

Kansas City Chamber of Commerce Centurions

Nominated by company and selected to be member of the Kansas City Chamber of Commerce Leadership Program. The Centurions Leadership Program has earned a reputation as an unequaled training ground for future Kansas City leaders. The two-year program has more than 80 active Centurions who join more than 1,200 alumni women and men from diverse socioeconomic and working backgrounds; expanding our personal and professional networks within the group and throughout the community we serve.

End User Device Risk Management Architecture Implementation

Reduced end user cybersecurity risk and decreased desktop support and delivery cycle time by building a system of end user device management processes and technologies. Solution consisted of:

Mirage – lightweight backup of laptops and desktops to enable less than 1 hour recovery of end user laptop and desktops from bare metal. Effective as a last resort against ransomware and deep virus attacks.

ProofPoint – SAAS system that served as front-end mail firewall to scan attachments for viruses, prevent spam, and “sandbox” malicious links.

Microsoft SCCM – enabled regular patch management process

Airwatch – enabled containerized and encrypted company data protection on user phones and iPad

Azure and Duo – Implemented MFA for remote access authentication

Microsoft Exchange Architecture Implementation

Implemented an geographically redundant, “always on” Microsoft Exchange architecture utilizing a combination of automated F5 Load Balancers and services monitoring to perform auto fail-over of mail services in the event of failed networks or server architecture. Resulting solution has higher uptime than Office365.

Souring and Procure-to-Pay Systems Implementation

Led project management and oversight for implementation of Zycus Procurement Software Suite to enable more effective spend management and analytics, supply management, requisition and PO services, receipt, invoice reconciliation, and perform accounts payable.

Information Technology Function Startup Experience

Started an information technology business support function using a combination of legacy human resources claimed from other departments, hired resources, and consultant support. Team included staff for Project Management, Corporate Financial Information Systems/Applications (Great Plains, Service Now, Salesforce, SharePoint), Infrastructure Services (active directory, file services, databases, mail services, telecom, patching), and Desktop Team (front line user support for desktop systems and phones, and endpoint risk management)

Chief Information Officer Experience

Created a highly efficient, geographically diverse enterprise information technology delivery team. Team combined the right team members, right practices, and effective technologies. Key points:

Desktop team of 6 supported employee and contractor base of 1000, a support ratio of 166 to 1. Gartner average was 105 to 1

Delivered a normalized per-employee technology cost of $5000/employee. Gartner average was $9,000 per employee.

Managed a project portfolio of 30+ projects at any time using a staff of 20 team members.

Delivered projects through a hybrid PMO model where project managers focused on higher risk projects and technology team members served as project managers for lower risk projects.

Met all compliance standards on day to day management and project implementation.

Balanced internal employee resources and consulting resources for effective and efficient delivery of projects.

Executed on leadership meetings across the organization to ensure alignment of technology initiatives with business needs and expectations.

Information Technology Budget Management and Spend Reduction

Managed $5mm/annum OpEx and Payroll and $4mm/annum CapEx development budget for Application Support, Infrastructure, and Desktop functions.

Implemented several cost management practices, including:

Negotiated $150K per annum reduction in enterprise-wide audio teleconference costs by implementing Cisco WebEx and turning down separate, disparate conference call providers.

Negotiated Microsoft EA to a 25% reduction in spend by moving to a Hybrid Office365 model and scraping back unnecessary Server and SQL licenses.

Constantly negotiated vendor contracts to ensure rate alignment with like vendors.

Implemented a project intake process to ensure that accepted projects have a targeted 2 year post go-live minimum ROI. Implemented post-project quality assurance assessment process that validated achievement of ROI objectives and project planned value objectives.

Board Advisory Experience

Serves as Advisory Board member for SendThisFile.com, a secure and compliant file delivery provider. Provided strategic advice on compliance, overall strategy, product, organization, and client service.

Acquisition Integration Project Management

Served as lead integration project manager for $325MM technology acquisition. Responsible for all aspects of the integration, including back office systems and operations, product team integrations, operational integrations, and providing board and executive team status reporting.

PMO and Agile Project Management/Delivery

Created a Project Management Office (PMO) and supporting processes for key technology projects, including project intake and ROI validation, project status monitoring and reporting, project change management, project quality assurance, ROI validation.

Implemented an Agile-based iterative project management/project delivery approach for Salesforce. Converted a legacy CRM and customer quoting solution to Salesforce, implemented CPQ, and enabled API-based ordering and provisioning functionality for online Amazon Web Services.

Kurt Manske