Bradley Schaufenbuel

Vice President and Chief Information Security Officer at Paychex

Rochester, NY

5

Office Hours

How does this work?
About

Bradley J. Schaufenbuel is currently Vice President and Chief Information Security Officer at Paychex. Prior to his current role, he held security leadership positions at Paylocity, Midland States Bank, Midwest Bank, Zurich Financial Services, Experian, and Arthur Andersen LLP. Bradley is the author of multiple books (including two "For Dummies" titles) and has had numerous articles published in professional journals on a wide variety of topics related to information security and governance. He is licensed to practice law in Illinois and is a member of the United States Supreme Court Bar. Bradley holds twenty-five professional designations in the areas of information security management, IT compliance, information privacy, fraud examination, IT audit, computer forensics, ethical hacking, business continuity planning, project management, cloud security, and process improvement, including the C|CISO, CISSP, CISM, CISA, CCSP, CIPP/US, CIPP/E, CIPM, CSSLP, PMP, CRISC, CGEIT, ISSMP, ISSAP, CFE, C|EH, CBCP, CCSK, CDPSE, DFCP, CIFI, CSOXM, CSOE, ITIL v3 Foundation, and Six Sigma Black Belt. He holds an MBA from DePaul University's Kellstadt Graduate School of Business and a JD and an LLM in information technology and privacy law from the University of Illinois at Chicago's John Marshall Law School. Bradley has served as a director on several corporate and non-profit boards, is a regular speaker at industry conferences, and has served numerous clients in the legal, financial services, and healthcare industries as a freelance consultant. He is an advisor to YL Ventures GP, Ltd., Glilot Capital, Eclipz, Inc., Great North Labs, EventCombo, CloudVector, and ThirdPartyTrust. Bradley was recognized as the Chicago CISO of the Year in 2018 and as one of the Top 100 CISOs for 2020 by Cyber Defense Magazine.

Ask me about
Cybersecurity
Artic Wolf
Expel
Snyk
Panther
Panther Labs
Customer
Annual
Wiz
Orca
Lacework
Sonrai
Aqua
Palo Alto Networks
Stairwell
RiskIQ
Work experience
logo

Sep 2019 - Present

Paychex

Vice President and Chief Information Security Officer

Lead an exceptionally talented group of information security professionals that includes teams focused on crisis management, security training and awareness, risk and compliance, identity management, managed file transfer, security engineering, security investigations, cyber intelligence, vulnerability management, security architecture, and application security.

logo

May 2015 - Sep 2019

Paylocity

Vice President and Chief Information Security Officer

Assembled and led an extraordinary team of information security professionals that is responsible for ethical hacking, application security, penetration testing, security architecture, incident response, security strategy, forensic investigations, business continuity planning, disaster recovery, policy management, IT governance, IT compliance, third party service provider oversight, risk assessment, IT control design and implementation, vulnerability management, threat intelligence, audit coordination, security operations, security awareness training, information risk management, and privacy.

logo

Aug 2011 - May 2015

Midland States Bank

Director of Information Security

Managed the information security program, coordinated IT audits and examinations, managed the business continuity planning and disaster recovery program, provided risk consulting services, performed vendor and acquisition due diligence, managed the service provider oversight / vendor management program, ensured compliance with legal and regulatory requirements, reported key risk indicators to the board, conducted risk assessments, oversaw security awareness training, developed and maintained policies and procedures, etc.

Sep 2008 - Jul 2011

Midwest Banc Holdings, Inc.

Senior Vice President and Chief Information Security & Privacy Officer

Managed the information security program, reported key IT risks to the board quarterly, developed and implemented policies and standards, ensured compliance with legal and regulatory requirements, managed the BCP / DRP program, managed the vendor and service provider oversight program, performed IT risk assessments, coordinated audits and examinations, performed control reviews and Sarbanes-Oxley Section 404 testing, administered the consumer privacy program, etc.

Oct 2005 - Sep 2008

Zurich Financial Services

Senior Manager of I.T. Risk & Security

Performed IT control reviews and risk assessments, managed the IT portion of the internal controls framework for SOX, led the SAS 70 audit assurance program, coordinated audits and examinations, assisted with the PCI DSS compliance program, performed legal and regulatory impact assessments, developed IT compliance guidelines, etc.

logo

May 2004 - Sep 2005

Experian

Business Information Security Officer

Performed control reviews and risk assessments, coordinated audits and examinations, performed contract negotiations and reviews, conducted security awareness training, managed key customer and regulator relationships, directed the security incident response team, ensured compliance with legal and regulatory requirements, managed systems and network security, spearheaded security related projects, performed ‘due diligence’ on acquisition targets, etc.

Jun 1996 - May 2004

Arthur Andersen

Information Security Manager

Managed the information security program, maintained the company’s security infrastructure, drove security technology implementation projects, delivered information security related advisory services, directed the computer security incident response team, performed IT risk assessments, designed the architecture for high volume web sites, conducted web application security reviews, developed technical security requirements, conducted secure code reviews, performed network vulnerability assessments, created security hardening scripts, developed security standards, provided security advisory services, etc.

Education

2007 - 2011

The John Marshall Law School

Master of Laws - LLM, Information Technology and Privacy Law

2007 - 2011

The John Marshall Law School

Doctor of Law - JD, Law

1997 - 2000

DePaul University - Charles H. Kellstadt Graduate School of Business

Master of Business Administration - MBA, Management Information Systems

1994 - 1996

University of Northern Iowa

Bachelor of Arts - BA, Management Information Systems

Talk to Bradley

@ Copyright 2020 OfficeHours Technologies Co.