Scott Perry
Indian Trail
Summary
Dynamic Information Security leader with over 20 years of experience in designing, implementing, and enhancing enterprise cybersecurity programs. Expertise includes driving security strategy, managing risk, and overseeing cloud security, incident response, and compliance initiatives within large, complex organizations. Committed to leveraging innovative solutions to protect organizational assets and ensure regulatory compliance in an ever-evolving threat landscape.
Overview
28
28
years of professional experience
1
1
Certification
Work History
Director, Information Security
Zywave
07.2022 - Current
- Created an in-house cybersecurity program for a 1,000+ employee SaaS organization
- Oversaw end-to-end cloud security operations in Azure and AWS environments.
- Partnered with development teams to mature a secure development lifecycle
- Designed and executed SOC 2 program and successfully attained certification.
- Led third-party annual penetration testing and ensured timely remediation of findings.
- Assisted Sales team by managed customer audit requests and contracts.
- Developed and updated all security policies and standards on an annual cadence.
- Directed developer-focused and user security awareness training annually.
- Developed and operationalized the Incident Response program.
- Presented security risks and program maturity to executive leadership quarterly
- Evaluated and implemented security tools to enhance monitoring and threat prevention.
- Implemented secure measures aligned with NIST, ISO, CCPA, and NY DFS
- Developed and implemented performance metrics to assess team productivity and drive continuous improvement
Director, Cyber Security / CISO
Amwins
03.2016 - 07.2022
- Developed an enterprise security program for a multi-billion-dollar organization with 6,000+ employees.
- Streamlined operational processes, resulting in improved efficiency.
- Directed annual cybersecurity budget exceeding $1M.
- Managed emerging threats through collaboration with IT and business units.
- Oversaw internal and third-party penetration testing activities on an annual basis
- Managed security audits and customer-driven compliance assessments.
- Established policies and processes to ensure compliance with regulations and adhere to the NIST framework.
- Directed annual enterprise-wide security awareness training with 100% completion.
- Led incident response efforts for all major security events that required Legal involvement.
- Delivered executive-level reporting on security posture, risks, and resource requirements which was used in Board presentations
- Mentored and developed team members to support ongoing professional growth.
- Improved the Security Program annually by following frameworks such as NIST, ISO, HITRUST, and NY DFS as guidelines
Director, Vulnerability Management
TIAA CREF
08.2014 - 03.2016
- Led enterprise vulnerability management operations across large-scale environments.
- Oversaw network vulnerability scanning and risk reporting.
- Directed annual penetration testing using internal and external resources.
- Managed multi-million-dollar budgets for vulnerability management initiatives.
- Directed patch governance processes to ensure compliance.
- Collaborated with business owners to drive risk remediation and mitigation strategies.
- Managed application vulnerability scanning and source code analysis programs.
- Developed annual security awareness training materials.
- Mentored and developed security engineering staff.
Director, Threat & Vulnerability Management
United Healthcare
02.2007 - 08.2014
- Oversaw security operations to identify and respond to threats.
- Managed application vulnerability scanning, source code testing, and remediation efforts.
- Implemented self-scanning capabilities to enhance the SDLC.
- Led internal and external penetration testing initiatives.
- Created enterprise application risk dashboards for leadership.
- Supported Incident Response with malware investigation and breach analysis.
- Directed patch management governance.
- Performed M&A security assessments to identify and resolve inherited risks.
- Managed multi-million-dollar budgets for threat and vulnerability operations.
Senior IT Security Engineer
Cargill
01.1998 - 02.2007
- Designed and deployed global antivirus and vulnerability management program.
- Assessed vulnerability and virus impacts across large-scale environments.
- Developed automation tools using Perl and UNIX scripting.
- Authored enterprise security policies for Windows, UNIX, and AS/400 systems.
- Trained and mentored new security administrators.
- Provided audit support and tracked compliance remediation.
- Evaluated and recommended enterprise security products.
Education
Bachelor of Science - Marketing Management
University of Minnesota at Mankato
01.1993
Associate of Arts - Computer Science
Austin Community College
01.1991
Skills
- Cybersecurity Strategy & Governance
- Cloud Security (Azure, O365, AWS)
- Incident Response & Threat Management
- Risk Management & Compliance (GRC)
- Third-Party Risk & Vendor Management
- Leadership and Coaching
- Strategic planning
- Verbal and written communication
- Decision-making
- Relationship building
- Operations management
Certification
- CISSP - Certified Information Systems Security Professional
- CISM - Certified Information Security Manager
Timeline
Director, Information Security
Zywave
07.2022 - Current
Director, Cyber Security / CISO
Amwins
03.2016 - 07.2022
Director, Vulnerability Management
TIAA CREF
08.2014 - 03.2016
Director, Threat & Vulnerability Management
United Healthcare
02.2007 - 08.2014
Senior IT Security Engineer
Cargill
01.1998 - 02.2007
Associate of Arts - Computer Science
Austin Community College
Bachelor of Science - Marketing Management
University of Minnesota at Mankato