SUMMARY:

• 30+ years experience all in Information Security/Cybersecurity/Risk Management, IT Audit and BCP leadership
• Managed 15 direct reports and 60+ staff via cross - company matrixed security team
• Managed 10+ Business information Security Officers (BISO) and 10+ IT Security Engineers
• Industries - Financial Services, Healthcare, Telecommunications and US Government with 10+ years of International experience
• Significant experience managing data breaches and system intrusions
• Direct interaction with executives, corporate boards, customers, and external auditors.
• Managed and defended dozens of IT system audits, including SSAE 16/ISAE 3402/SOC 1/SAS 70
• Strong leadership, consensus building across businesses and relationship building with key senior managers, InfoSec strategy/roadmaps/policy, communication and negotiation skills
• Stable work history that includes product management, project management, systems engineering, system architecture, software development and technical consulting pre-sales experience
• Native English speaker
• CISO, CISSP, CISM, and GIAC certifiable

OBJECTIVE:

Seeking a new challenge in an executive/senior leadership position in Information Security (Governance Risk and Compliance-GRC, IT Risk Management, Cyber Security) that takes advantage of my technical background and leadership skills in an industry leading organization.

TECHNICAL SKILLS:

Security: Strategy & Roadmap, Security Policy, Information Security, Cybersecurity, Network Security, Systems Security, Security Management, Internet Security, Security Program Development, Security/Risk Assessment of networks, hosts & applications (e.g., web servers, web-based applications), Operating System (OS) Security, Application Hardening, Security Awareness, Vulnerability Assessments, Secure Programming, Systems Analysis, System Design, System Architecture, Systems Development Life-cycle (SDLC), Orange Book/Common Criteria, Security Auditing, IT Auditing, Audit Trails, Security Information and Event management (SEIM), IT Risk Management, MAC, DAC, Identity & Access Management (IAM), Single Sign-on Authentication, Role Based Access Control (RBAC), Computer Incident Response Team (CIRT), Firewalls (LMF), Intrusion Detection Systems (IDS), Static code analysis for Secure Programming, UNIX Security, Shell, TCP/IP, H.323, VoIP, Managed Service Provider, ISO17799, COBIT, Secure Network Architecture, Cisco, IPSEC, SMTP, FTP, Information Assurance (IA), Designing and implementing security controls; Technical and operational risk management.

IT Compliance: Sarbanes-Oxley (SOX 404), HIPAA, Gramm Leach-Bliley (GLB), EU Privacy, FDA 21 CFR Part 11, etc.

Enterprise Risk Management Systems: RSA Archer, Hiperos, BITS, etc.

Encryption: DES, 3DES, AES, PKI/X.509, SSL, TLS, SSH VPN, MS Office

PROFESSIONAL EXPERIENCE:

Confidential, New York, NY

Responsibilities:

• Working at top tier global security consulting organization, leading security consulting engagements for Tier 1 customers globally as their acting CSO.
• Example engagement is a world renown banking institution in Mexico directly responsible to leading the economy of the Central America’s region.
• Responsibilities include creating a top security department within an existing enterprise structure to “raise the maturity level” to a market dominant force.
• Establish relationships with executive management & multiple current security teams; lead the creation and implementation of new and modified security policies and procedures; deliver full suite of green field security projects over the next 3 years with other Mandiant consultants.
• Responsible for all Information Security and related compliance for the Confidential application infrastructure, web and office network infrastructure security, privacy, Business Continuity Planning, and internal/external audit for Confidential Corporation
• Manage 10+ Business information Security Officers (BISO) and 10+ IT security engineers matrixed staff across the Americas while direct reporting to COO
• Sitting member of the Governance, Risk Compliance (GRC) committee. Confidential provides an asset management Cloud connected to 200 trading venues globally that processes $20 Trillion of transactions annually
• Major emphasize is on the protection of highly-sensitive customer real-time mission critical production trading infrastructure, networking and specialized applications
• Responsibilities includes: creation & execution of company security strategy & roadmap, creation of security policy security incident response, breach management, staff and program management, budget, supervision of internal/external IT audits, (ISO 27001/2, SSAE 16-SOC 1/SAS 70/ISAE 3402 and customer initiated) legal and regulatory compliance creation of a corporate-wide Business Continuity Plan (BCP), creation of employee security awareness, and maintenance of company security policies
• Supported Sales teams in responding to customer security questionnaires and audits of company IT systems/processes
• Responsible for select audit and security projects globally with briefings to the corporate Board of Directors
• Member of the Senior Management Operations Team reporting to the COO and CEO. Invited speaker at the 2015 Data Breach Summit and SC Magazine Security conferences
• Created the Information Security Strategy & Roadmap with buy-in from senior executives and business managers
• Implemented data breach incident response and data encryption program
• Managed 11 SSAE 16 (SOC 1) audits in two countries without any audit exceptions over 4 straight years
• Establish internal Information Security Compliance program per GRC
• Guided company successfully thru major Business Continuity Incidents (e.g., Hurricane Sandy) through execution of BCP without any serious impact to customers or the business operations, despite loss of main office facility for 3 weeks

CEO - Independent Consultant

Confidential, New Brunswick, NJ

Responsibilities:

• Responsible for managing 100+ application security audits to determine compliance with corporate security and privacy policies.
• Consulted with application development teams to advise on risk mitigation strategy and, if necessary, complete waiver approval process.
• Rewrote risk assessment questionnaire, auditing processes, and created detailed updates to corporate security policies.
• Responsible for the information security strategy, roadmap and application security architecture/features of applications & systems, for network and operating systems including those systems in development (pre-deployment) during the SDLC
• Managed a team of 15 direct reports and 60+ staff via cross-company matrixed security team including InfoSec budget
• Division responsibility for audit compliance program, including responding to corporate IT audit group (e.g., SOX) and numerous customer IT audit questionnaires
• GRC responsibility includes successful resolution of external security audit findings reporting directly to Services VP for presentation to the audit committee of the company Board of Directors.
• Product Security & Directory Strategist, CTO Office, responsible for Security strategy/roadmap/architecture across all Confidential product lines, including: PBX, CRM, Messaging, VPN and Cajun data switches
• Managed a 60+ staff via cross-company matrixed security team across all product development areas encompassing hundreds of separate products and offers.
• Significant team building and consensus generation among senior business leaders.

Senior Consultant, Data Security

Confidential, Warren, NJ

Responsibilities:

• Coordinated management of all aspects of pre-sale and post-sale delivery of data security consulting to the international service provider market. Including: customer interface, proposal response, presentation creation and delivery, negotiation and support of Confidential customer teams