SUMMARY:

• Highly respectedInformation Security and Risk Strategistprofessional deliveringCyber Securityexpertise as a Trusted Advisor.
• Talent areas include:Security Strategy, Security Thought Leadership, C Suite and Board Communication, Complex Security Topic Translation to Business Audiencesand more.

PROFESSIONAL EXPERIENCE:

Confidential, San Mateo, CA

Principal Advisor

Responsibilities:

• Provided self - assessment aligned with CMMI Maturity, Threat and Vulnerability assessment, Gap/Fit analysis, Impact analysis, Data Protection, Data Loss Provention (DLP) and ISMS Transformation roadmap. Currently working to deliver ISO/IEC 27001 which will bring information security under explicit management control, enhance process qualifications and reduce risks.
• Driving the establishment of a formalized Risk Acceptance / Treatment Process; the development of Monthly Risk Reports for each business unit; the creation of a Risk Assessment Process based on data privacy or network access; and the adoption of Annual Third-Party Penetration Testing program.
• Working with EVP in building and establishing IT risks framework and ISMS organization. Responsible for creating policies, procedures, processes, guidelines and standards for the ISO/IEC 27001, HIPAA, PCI and GDPR Compliance roadmap for the Marketing Operations Group at Webdam in support of Webdam Digital Cloud Platform.

Confidential, Copenhagen, Denmark

Principal Advisor, Enterprise Risk Management (Contract)

Responsibilities:

• Transformed the Internal Audit program to better align senior leadership and Audit Committee expectations, reliance and confidence.
• Develop and execute re-alignment of organizational enterprise risk management framework and annual risk strategy by participating in the business planning process for the broad strategic plan for the organization and delivering grater predictive Enterprise Risk analysis.
• Maintaining effective communication to provide the Board of Directors, executive management, rating agencies and regulators greater assurance of the effectiveness and sustainability of embedding operational risk management, oversight, governance and control processes within the business.
• Performed step changes in managing cyber security risks by improving an organizations governance, strategy, operational models and technologies for new acquisition/disposal, investment practices, product/business development, operational processes, reputation risk, business continuity plans and management, etc.
• Authored security standards and created a standard methodology for vendors and third-party security assessments and KRI / KPI dashboards.
• Enhancement of Technology Risk, Security Governance, and improvement of the Information Security Functions in introducing Bio-Metrics Security, & Compliance Management (EU GPDR, Basel III, PCI, SOX, Privacy, FFIEC,Data Security / Governance, Network Security).
• Performed comprehensive ISO 3 001 GlobalRisk / NIST R4 / SANS / OWASP /Security Assessmentand addressed identified issues, reducing vulnerabilities more than 80% for the annual internal audit. Led compliance with Personally Identifiable Information (PII), Data Loss Prevention (DLP), Sarbanes-Oxley (SOX), Payment Card Industry Data Security Standard(PCI), European Banking Authority (EBA), EU Data Privacy Directive (GDPR), Federal Information Security Management Act (FISMA), ISO/IEC 20000 / 2 002 / 2 004 / 2 006 / 2 008 / 000 NIST r4, FFIEC, SWIFT, Know Your Customer (KYC), HITRUST, SSAE 16/18, ITIL / ITSM, CoBIT, and Basel III audit plans for the Core Banking applications and services, e-Banking, Mobile Pay, Home Pages, etc.
• Established regulatory and compliance programs with Operational Control and Support Team (OCS), Network Operations Center (NOC), Security Operations Center (SOC 1/2/3), Distributed Technologies Operations Center (DTOC), Applications Operations Center (APOC), Basel, SOX, PCI, SWIFT and ECC/EBA guidelines for the Data Center migration from IBM to Confidential .
• Led Advisory services and helped create a dedicated Security Events Center group to monitor IS controls and provide an incident response capability that resulted in a less-than 15-minute disruption to operations during the 2016DDoSattack campaign. Built the Digital Forensics capability roadmap that will eliminate costly outsourcing of incident investigations.
• Implementing reporting systems to ensure that risks are adequately monitored and communicated; that control breakdowns are reported and key constituents (boards, audit committees, etc.) understand such risks in an effective and timely manner.
• Created new initiatives, such as risk self-assessments and operational reviews, to assist management in improving operations, identify control weaknesses and increase the value add contribution of internal audit. Supervised risk reviews, gap and vulnerability assessments and penetration testing against web application, server and networks.
• Consistently addressed US and EU concerns overData Privacy. Member and Advisor to Information Security Management Committee and Security Incident Response Teams.
• Defined processes, procedures, and strategies to implement Data-at-Rest / Data-in-Transit Encryption, Data Loss Prevention (DLP), Data Masking, and Data Identification solutions.
• Led implementation and integration of AppDynamics Alert Logic Threat Management system, and respond to client questionnaires demanding security posture and compliance status.
• Led integration of IDM with enterprise SAPM / LDAP to manage provisioning and de-provisioning of HPA account and integrated CyberArk to manage HPA user password fault.
• Co-created an add-in tool to automatically format reports generated as a result of performing network vulnerability scans resulting in the ability to quickly scan and assess the whole network population versus sample scanning.
• Fostered relationships with third party CISO's. Recommended CISO on creation of Information Security Architecture, Software Security, Cyber Security, Cyber Security Governance, and Forensics teams to expand on the Operations, Third-Party Assessment, and Incident Management teams.
• Provided roadmap for integration of Operational Risk into ITIL / ITSM framework. Directed the oversight of risk probability and impact, inherent and residual risks, KRIs, KPIs, triggers and risk mapping, gaps, and testing. Supervised tested key controls over operations and IT infrastructure.
• Worked with cross-functional team in leading mapping of business-critical services down to the lowest IT components. Provided CMMI Maturity, Gap/Fit analysis, Impact analysis, and Single Point of Failures (SPOF) in ITSM, CMDB, Asset Management and ServiceNow Transformation roadmap.

Confidential, San Ramon, CA

Principal Advisor, Security Governance (Contract)

Responsibilities:

• Transformed the Internal Audit program to better align senior leadership and Audit Committee expectations, reliance and confidence.
• Risk assessed data centers production and DR processing with respect to probability and impact of risk in Integrity, Authorizations and Availability. Identified areas of exposure and worked across IT to mitigate the risks. Implemented governance, risk and compliance processes including: corporate IT policy and technical configuration standards and functional procedures.
• Led Implementation of Global Strategic Security and Enterprise-wide Risk Management: Strategy, Governance, Policy, Standards, Processes, Controls and Documentations (Process Narratives Procedures and Effective Security Operations).
• Led an initiative with the General Counsel to develop a data privacy Policy and implement a data protection strategy, bringing the organization into compliance with global privacy regulations. Conducted a comprehensive PII inventory using it to identify the applications which required database encryption controls.
• Created and implemented an internal privacy program to comply with changes in applicable data privacy laws. Developed and rolled out a communication campaign driving the new privacy concepts into operations and resulting in mitigation of immediate potential risks as well as creating a competitive edge in new business.
• Mapped internal security controls for Critical Business Information (CBI), PII, SOX, PCI, HIPAA/HITECH/HITRUST, FDA, EC (Data Export), SSAE 16/18, OWASP, FFIEC, FISMA, FDIC, Data Loss Prevention (DLP), CoBIT and ITIL / ITSM using ISO 2 001 / 2 003 / 2 005 /2 007 / 2 017 / 2 000, NIST, SANS, FedRamp CCM and established enterprise architecture, security governance, compliance and IT risk management for ITIL/ITSM.
• Implemented vulnerability assessment and penetration testing processes to identify risk and ranked them for resolution. Defined process to help ensure authorization to privileged accounts.
• Reduced downtime fromDDoSattacks thru standard monitoring and operating procedures.
• Defined processes, procedures, and strategies to implement Data-at-Rest / Data-in-Transit Encryption, Data Loss Prevention (DLP), Data Masking, and Data Identification solutions.
• Co-created an add-in tool to automatically format reports generated as a result of performing network vulnerability scans resulting in the ability to quickly scan and assess the whole network population versus sample scanning.
• Led implementations and integrations of SIEM monitoring tools HPA Splunk logs and analytics with Securonix Apps for centralized data loss prevention monitoring.
• Led implementations and integrations of enterprise CyberArk to manage HPA user password vault. Led integration of IDM with enterprise SAPM / LDAP to manage provisioning and de-provisioning of HPA account.
• Evaluated vendors and tools selection for the BCP/DR solutions.
• Enhancement of Technology Risk and Security Governance
• Improvement of the Information Security Function
• Establishment of Key of Regulatory and Compliance Programs
• Resilience, Business Continuity Management and Disaster Recovery

Confidential, Pleasanton, CA

Chief Information Security Officer (Full-Time)

Responsibilities:

• Defined new information security organizational structure, built and aligned teams as partners to technology and business units, and grew the team from 9 to 65 across Security Architecture, Security Operations, Security Event Center, Security Consulting, Cybersecurity, Data Protection, Third-Party Assessment and Remediation framework aligned with Corporate Information Security Standards.
• Developed and implemented Risk Governance and reporting framework including Board and Management Committees, GRC Committee, Vulnerability Risk Committee and other programs.
• Establishment of Legal and Regulatory Compliance, Business Continuity Management and Disaster Recovery Program.
• Mentoring staff at all levels and across business units while fostering a culture of embracing new ideas.
• Provided risk guidance for 15+ strategic IT projects and new business line product offerings, including the evaluation and recommendation of technical controls for enhancement of Enterprise Risk, Cyber Security Risk, Cyber Security Governance, Privacy, Data Loss Prevention (DLP) and improvements of the Information Security Function.
• Implemented GRC solution Metric Stream covering IT Risk and Controls testing, risk assessments and reporting.
• Provided strategic and tactical advice on the development of various risk programs such as RCSA, KRI, Dashboards and Loss Data deployed globally.
• Fostered relationships with third party CISO's. Recommended CISO on creation of Information Security Architecture, Software Security, Cyber Security, Cyber Security Governance, and Forensics teams to expand on the Operations, Third-Party Assessment, and Incident Management teams.
• Developed Risk Management methodology, including process for formal acceptance of risk. Ensured compliance with regulations, client commitments, and essential security practices to strengthen data protection controls and awareness. Authored data classification and protection policies and drove the establishment of a data privacy.
• Led the business in developing and introducing newPolicies and Procedures, such as new acquisition/disposal, investment practices, product/business development, operational processes, reputation risk, business continuity plans, etc.
• Provided third party risk management advisory services to business partners on a variety of business issues including new business and product ventures, fully integrating risk management into marketing and new business initiatives, participating in strategy and risk workshops.
• Presented the information security strategy to external examiners that elevated confidence / support by regulators.
• Built the Security Consulting team to integrate information security within the business units.
• Created a dedicated Security Events Center group to monitor IS controls and provide an incident response capability that resulted in a less-than 15-minute disruption to operations during the 2013 DDOS attack campaign. Built the Digital Forensics capability that eliminated costly outsourcing of incident investigations.
• Drove the establishment of a formalized Risk Acceptance Process; the development of Monthly Risk Reports for each business unit; the creation of a Risk Assessment Process based on data privacy or network access; and the adoption of Annual Third-Party Penetration Testing program.
• Identified and mitigated offshore deployment risks, particularly those related to data privacy, security and awareness. Created a program to identify these risks and implement appropriate controls to mitigate them, resulting in the maximization of the number of functions deployed and a realized savings of 20% on operational costs.
• Built and guided the Information Security Architecture team in authoring the Security Architecture Framework that defined the criteria and entrance process for projects to request security architecture reviews.
• In the absence of comprehensive record retention policies & procedures, established a records management program using holding periods based on regulations applicable to all lines of business. Eliminated a significant volume of documents held in off-site storage and established more effective management of retained documents, resulting in a 40% savings on storage vendor costs and the mitigation of data privacy risks.
• Assessed impact of platform transitions and mergers and acquisitions on customer’s risk profile and recommend remediation.
• Achieved Sarbanes-Oxley (SOX), HIPAA, PCI, Compliance Business Integrity (CBI) Auditing and Monitoring Standards, Personally Identifiable Information (PII), Data Loss Prevention (DLP), FDA, FDIC, FISMA, 21 CFR 820, HITRUST, SAS 70, SSAE 16/18, and other security compliances by developing and implementing enterprise-wide IT controls using the COBIT, ISO 2700x, NIST R4, SANS, OWASP, FFIEC, FedRamp CCM, and ITIL/ITSM.
• Served as the enterprise focal point for computer security incident response planning, execution and awareness. Created and provided ongoing specific business-widesecurity awareness plans and .
• Improved IT infrastructure operations of UltraDNS product line (including DNS shield, DNS adv, Anti-DDoSstrategies). Developed go-to market strategy for DNS product lines, managed annual budgets for product support & operations.
• Led team in re-architecting network infrastructure, implementing Intrusion Detection and Multi-Factor Authentication, and deploying Web Application Firewalls (WAF) and Splunk log evaluation platform.
• Defined Business Continuity / Disaster Recovery Plan, deployed vulnerability scanning, and automated the patch management / change control function.
• Established an Operational Change Control Review Process and Approval Committee; created a Software Security Function; and authored a comprehensive suite of security policies.

Confidential, Beaverton, OR

Senior Program Director, Enterprise IT Strategy & Enterprise Risk Management (Contract)

Responsibilities:

• Brought in as a change agent to lead the IT Organization through a Business Transformation.
• Provided strategic leadership and direction to enable robust information technology planning and comprehensive governance around IT spend policies, and projects.
• Worked globally to develop and implement governance risk and compliance processes including: Operational Risk and Self-Assessment Frameworks, Gap Assessments, Top 10 Corporate Policies, Standards and Processes with focus on Information Security product and process, change management, continuity of business; and 37 detailed technology checklists for self-assessments.
• Transformed the Internal Audit program to better align senior leadership and Audit Committee expectations, reliance and confidence.
• Expanded the role of the Information Security Committee to approve policies and endorse information security goals for large Data Protection, Third-Party Assessment, Threat Intelligence, and Business Continuity Planning programs.
• Grew the Information Security and Operation Engineering teams to support Network Access Control, Application Whitelisting, Identity and Access Management (IdM), Privileged Accessed Control, Log Standardization, Arcsight SIEM Expansion, Web Application Firewall (WAF) Expansion, Cloud Security, and Dynamic Application Testing projects.
• Provided strategic and tactical advice on the development of various risk programs such as RCSA, KRI, Dashboards and Loss Data deployed globally. Other recommendation included creation of Information Security Architecture, Software Security, Cyber Security, Cyber Security Governance, and Forensics teams to expand on the Security Operations, Security Event Center, Security Consulting, Data Protection, Third-Party Assessment and Remediation framework aligned with Corporate Information Security Standards.
• Implemented GRC solution Metric Stream covering IT Risk and Controls testing, risk assessments and reporting. Drove the adoption of OracleIAMfor Identity and Access Control;
• Performed oversight of 2 third-party assessments and championed all efforts to strengthen data protection controls and awareness. Authored data classification and protection policies and drove the establishment of a Data Privacy Attorney and the appointment of a Chief Privacy Officer.
• Led risk assessments, security reviews, gap and vulnerability assessments to ensure IT and outsourced vendors complied with corporate processes.
• Increased Audit Satisfactory rating by performing pre-audit risk and vulnerability assessment testing and project.
• Spear-headed the development and implementation of Risk and Control Self Assessments for corporate processes and technologies.
• Implemented a comprehensive risk-based information security program defined in a written set of policies and standards which were aligned with ISO 27001 and FISMA.
• Authored security standards and created a standard methodology for vendor and third-party security assessments.
• Directed the implementation of industry first distributed security model including IPS, Firewall, Botnet andDDoSthreat protection services across all regions, protecting all partner Cloud centers with 100% uptime guarantee.
• Established Data Loss Prevention (DLP) Audit System and Risk Management framework to be SOX compliant utilizing Sarbanes Oxley best practices, and system integrity.
• Built an enterprise Malware and End-Point Program, implemented a Patch / Vulnerability Management Program, instituted annual penetrating testing, and deployed Encryption-at-Rest strategy for all sensitive data.
• Led implementations and integrations of SIEM monitoring tools HPA Splunk logs and analytics with Securonix Apps for centralized data loss prevention monitoring.
• Led implementations and integrations of enterprise CyberArk to manage HPA user password vault. Led integration of IDM with enterprise SAPM / LDAP to manage provisioning and de-provisioning of HPA account.
• Conducted comprehensive Business Impact Analysis which identified key business functions and systems in need of Disaster Recovery and Business Continuity Plans and alignment of security program with business objectives.
• Evaluated effectiveness of Organizational Change Management activities and change program including communication to enable implementation of strategic, operational and tactical governance, risk, security and compliance frameworks;
• Created and implemented an internal privacy program to comply with changes in applicable data privacy laws. Developed and rolled out a communication campaign driving the new privacy concepts into operations and resulting in mitigation of immediate potential risks as well as creating a competitive edge in new business.
• Developed Information Security Management frameworks and client services.

Confidential, Pleasanton, CA

Principal Program Manager - Global Information Security / Cyber Security (Contract)

Responsibilities:

• Led application portfolio rationalization to better align business & IT, forge accountability, enhance IT governance, upgrade architecture / IT operations, optimize business-IT performance, & reduce IT Spend (reduce 18% | $20M).
• Established the information security strategy and program focused on risk management, governance, controls, and continuous improvement.
• Transformed the Internal Audit program to better align senior leadership and Audit Committee expectations, reliance and confidence.
• Assessed technology-centric proposal developed by consultants and advocated a holistic risk management-based information security approach to CSO, CEO, and Executive Management Committee.
• Wrote a 4-pillar strategy (22-point plan and 3-year execution roadmap) to transition organization from a reactive approach focused on security controls to a proactive risk-based decision-making model.
• Worked with internal and external auditors, security team and senior management in reviewing and drafting securityProcesses, Procedures and Policies for HIPAA, PII, SOX, PCI, FDA, FISMA, FFIEC, HITRUST, COSO, CoBIT, ITIL/ITSM and SAS 70 (SSAE 16/18).
• Led Operational Risk, IT Risk and ERM including BCP, Information Security, SOX, PII, PCI, FDA, HIPAA, HITRUST, SAS 70, FISMA, RCSA, ITIL/ITSM, COBIT, COSO, Data Loss Prevention (DLP), KRIs, Privacy, and Governance. Led Qualification, Stress Testing, Recovery and Resolution.
• Mapped security control for FDA, PII, HIPAA, PCI, SOX, FDA, FISMA, ITIL/ITSM, COSO/COBIT, using ISO 27001, 27002, 27017, 27018, NIST, SANS, OWASP, FedRamp CCM, FFIEC and established security governance, enterprise architecture and compliance management for the IT risk.
• Led an initiative with the General Counsel to develop a data privacy Policy and implement a data protection strategy, bringing the organization into compliance with global privacy regulations. Conducted a comprehensive PII inventory using it to identify the applications which required database encryption controls.
• Built an enterprise Malware and End-Point Program, implemented a Patch / Vulnerability Management Program, instituted annual penetrating testing, deployed Encryption-at-Rest, and Data Loss Prevention (DLP) strategy for all sensitive data.
• Built and deployed file integrity monitoring, log monitoring, encrypted remote access, encrypted data store, and a system of virtual machines that guaranteed data deletion.
• Drove the build out of firewalls, intrusion detection, load balancing, and secure web / application / database servers.
• Successfully resolved extendedDDoSattack against company and led re-architecture of network/security for future attacks.
• Established a fully automated metrics program along with key performance indicators (KPIs) to drive performance and track compliance.
• Drove the establishment of a formalized Risk Acceptance Process; the development of Monthly Risk Reports for each business unit; the creation of a Risk Assessment Process based on data privacy or network access; and the adoption of Annual Third-Party Penetration Testing program.
• Increased Audit Satisfactory rating by performing pre-audit risk and vulnerability assessment testing.
• Led team in re-architecting network infrastructure, implementing Intrusion Detection and Two-Factor / Multi-Factor Authentication, and deploying Web Application Firewalls (WAF) and Cisco MARS log evaluation platform.
• Instituted server hardening standards, security policies and guidelines, and secure coding for developers.
• Defined Business Continuity / Disaster Recovery Plan, deployed vulnerability scanning, and automated the patch management / change control function.
• Led implementations and integrations of SIEM monitoring tools HPA Splunk logs and analytics with Securonix Apps for centralized data loss prevention monitoring.
• Led implementations and integrations of enterprise CyberArk to manage HPA user password vault. Led integration of IDM with enterprise SAPM / LDAP to manage provisioning and de-provisioning of HPA account.
• Established an Operational Change Control Review Process and Approval Committee; created a Software Security Function; and authored a comprehensive suite of security policies.

Confidential, Houston, TX

Principal Architect (Contract)

Responsibilities:

• Defined new information security organizational structure, built and aligned teams as partners to technology and business units, and grew the team from 9 to 65 across Security Architecture, Security Operations, Security Event Center, Security Consulting, Cybersecurity, Data Protection, and Third-Party Assessment.
• Created a dedicated Security Events Center group to monitor IS controls and provide an incident response capability. Built the Digital Forensics capability that eliminated costly outsourcing of incident investigations.
• Built and guided the Information Security Architecture team in authoring the Security Architecture Framework that defined the criteria and entrance process for projects to request security architecture reviews.
• Built the Third-Party Security Assessment Team and a formal information security assessment / remediation framework aligned with corporate information security standards.
• Built and guided the Information Security Architecture team in authoring the Security Architecture Framework that defined the criteria and entrance process for projects to request security architecture reviews.
• Achieved ISO 27001, NIST, SANS, OWASP, PII, FFIEC, FISMA, SOX, PCI, ISO 27001, FERC, FASB, Data Privacy, Data Loss Prevention (DLP) Compliance and SAS 70 s by developing and implementing enterprise-wide IT and security controls.
• Headed FERC, FASB, PCI, SOX 404 annual for control frameworks COSO/COBIT and ITIL / ITSM, and produced companywide interface / integration governance framework.
• Worked globally to enhance and implement Corporate Policies, Standards and Processes with focus on Information Security.
• Defined and implemented the information governance strategy, vision, structure, operating procedures and metrics to standardize and report globally on their operations.
• Defined and executed the roadmap to align controls, environments, and policies with regulatory requirements.
• Authored security standards and created a standard methodology for vendor and third-party security assessments.
• Authored IT Security Plan with PKI architecture for Encryption, Authentication and Digital Signatures.
• Established Monitoring & Control, Risk and Opportunity Management functions.
• Reviewed risk management programs and practices for appropriate coordination and consistency of data, analytic, and reporting.
• Demonstrated DOS/DDoSprotection capabilities at DHS HSARPA for specific National Critical Infrastructure Protection (NCIP) scenarios.
• Partnered with data stewards to classify sensitive data, operationalize data profiling, and establish data quality dashboard monitoring and management initiatives to continually increase quality, consistency, security and business value.
• Managed strategic corporate technology roadmap delivery and maintenance for portfolio of 100+ technology solutions.
• Integrated credit risk, market risk, and Operational risk analytics, decision management, legal, customer service, and business optimization resulting in savings of $135 million over 2 years’ period.
• Created and published architectures for enterprise data life cycles management and governance.
• Partnered across the organization to deliver full customer lifecycle technology capabilities for all areas of the business. Focused on delivering innovative solutions resulting in continuous improvements in process and service.

Confidential, Houston, TX

Chief Information Security Officer (Full Time)

Responsibilities:

• Built a Risk-Based Information Security Program that enabled organization to pass a third-party assessment, negotiate a final settlement, and mitigate millions of dollars in losses.
• Grew Information Security Organization from 15 to 55 resources. Created the Information Security Architecture, Software Security, and Forensics teams. Expanded the Operations, Third-Party Assessment, and Incident Management teams.
• Fostered relationships with third party CISO's. Recommended CISO on creation of Information Security Architecture, Software Security, Cyber Security, Cyber Security Governance, and Forensics teams to expand on the Operations, Third-Party Assessment, and Incident Management teams.
• Transitioned to a risk-based model with a standard-based service focus. Trained staff on security best practices, increased communication, elevated risk-based metrics, and improved documentation and consistent standards.
• Held critical role in creating the Information Security Awareness program for all employees and in documenting full suite of information security policies leveraging the ISO 17799 / ISO 27001 / NIST / SANS / and OWASP Framework.
• Defined and executed the roadmap to align controls, environments, and policies with regulatory requirements.
• Consistently addressed US and EU concerns overData Privacy. Member and Advisor to Information Security Management Committee and Security Incident Response Teams.
• Defined processes, procedures, and strategies to implement Data-at-Rest / Data-in-Transit Encryption, Data Loss Prevention (DLP), Data Masking, and Data Identification solutions.
• Expanded utilization of SIEM from fraud prevention to information security; drove the adoption of Oracle IAM for Identity and Access Control; and replaced obsolete McAfee Endpoint Protection technology with Symantec.
• Authored security standards and created a standard methodology for vendor and third-party security assessments.
• Built an enterprise Malware and End-Point Program, implemented a Patch / Vulnerability Management Program, instituted annual penetrating testing, and deployed Encryption-at-Rest strategy for all sensitive data.
• Authored the Third-Party Security Policies, Procedures and Processes in managing the ongoing improvement efforts in the areas of audit methodology, reporting,, associate development and quality assurance.
• Built the Third-Party Security Assessment Team and a formal information security assessment / remediation framework aligned with corporate information security standards.
• Built the Security Consulting team to integrate information security within the business units.
• Led third-party assessments and championed all efforts to strengthen data protection controls and awareness. Defined strategies for BCP/DR to implement Data-at-Rest / Data-in-Transit Encryption, Data Loss Prevention, Data Masking, and Data Identification solutions. Authored data classification and protection policies and drove the establishment of a Data Privacy.
• Identified information security risks across various portfolios, resulting in securing approval to manage the enterprise remediation project and to develop the Vulnerability Management Model.
• Delivered integrated Intruder Detection and Isolation Protocol (IDIP), Cooperative Intruder detection and Traceback Response Architecture (CITRA), a statistical distributed denial of service (DDoS) system (FLOODWATCH), and a legitimacy test-based distributed denial of service (DDoS) system (NETBOUNCER) to McAfee's Intrushield product division for commercialization.
• Transformed banks and other third-party company in attaining Credit, Market and Operational Risk Managementcapabilities by developing and implementing integrated credit / market / and operational risk analytics, portfolio management and performance optimization using Asset Liability Management (ALM) tool for all Programs praised by banking regulators. Complied with AML, KYC, FDIC, SEC, SOX, HIPAA, FDA, PCI, Basel II, PII, PCI, SWIFT, BSA, FCRA, USA Patriot Act, Anti-Money Laundering (AML), BSA, FFIEC, FISMA, Privacy, Data Loss Prevention (DLP), ITIL/ITSM, COSO, CoBIT, and SSAE 16 (formerly SAS 70).
• Established Operational Centers of Excellence (CoE) in Strategic IT Security, DLP, Data Privacy, EU, Cyber Security, Enterprise Risk Management, IT and Security Governance: Strategy, Policy, Standards, Processes, Controls and Documentations.