Chief Information Security Officer Resume
1.50/5 (Submit Your Rating)
New York, NY
SUMMARY:
- Security programs have entered a new world.
- Constant attacks against all types and sizes of companies are underway.
- I’ve managed international teams of as many as 40, controlled budgets up to $30M and managed four international information security offices.
- Working in information security management for a major financial services firm and a growing health and wellness ecommerce web company, I’ve had the opportunity to work on a variety of projects all enhancing my skills as a security practitioner.
- Recently, I have been working as the Chief Information Security Officer of a city owned health insurance company that needs to adhere to the new Confidential Cybersecurity Act.
- Below are just a few of the major accomplishments of late:
- Chief Information Security Officer for a city owned health insurance company
- Protecting several law firms as their Chief Information Security Officer amid the growing requirements from clients like banking customers and other regulated entities
- Executive Director of information security for a health and wellness ecommerce company that went public in 2015
- Confidential ’s Global Incident Response Center creator and the division’s first VP
- Designed advanced threat prevention and threat handling processes
- Universal Security Procedures, Standards and Policies across Confidential
- Hands on CISSP certified Chief Information Security Officer
- Built a complete security program that will satisfy PCI and HIPAA compliance
- Created a virtual CISO (vCISO) program to provide high level security services to the underserved SMB space
- Use of Department of Energy’s C2M2 to test organization’s cybersecurity preparedness
- Virtual CISO for small and midsized enterprise clients
- Security programs built around ISO 27001 / 27002 standards
- Use of ISO27799 as the CISO of a hospital system
- Implementation of the Cloud Control Matrix before selecting a cloud vendor (Amazon AWS, Microsoft Azure, et. al.)
- Implementing NY State’s new Cybersecurity Act for Financial Services (23 NYCRR 500)
- Use of COBIT 5 and ISO 27001 and 27002 standards as a foundation for compliance
- Implemented advanced persistent threat (APT) management procedures
- Architect of the Confidential Incident Response Center using ISO 27035 and NIST 800 - 61 standards
- Extensive vendor management program (healthcare vendors as well and POS reviews)
- Planned Business Continuity exercises and plans in the event of business interruption at client offices
- Initiated GRC (global risk and compliance) processes.
- Lead Confidential ’s Incident Response and Strike Team
- Designed, created and activated BCP and DRP to have 7 major clients 100% operational within 36 hours of the 9/11 World Trade Center Attacks.
- Coordinated security assessments of our internal systems with our banking customers to review our security policies, procedures and controls
- Budgeting and fiduciary responsibility for the department
- Designed business recovery plans
- CTO of 500-person international startup during Web 1.0
WORK EXPERIENCE:
Chief Information Security Officer
Confidential, New York, NY
Responsibilities:
- Designed incident response processes for several clients and maintains a SOC for smaller clients to use for their operations.
- Creation of several security programs covering PCI and HIPAA compliance
- Built a robust APT (advanced persistent threat) strategy and have deployed it for multiple clients
- Executive Director of Information Security for a health and wellness ecommerce company
- Vendor management and risk assessments
- Member of CHIME
- Built policies, procedures and standards in line with ISO 27001/2 & 27799 frameworks
- Researched, planned, and authorized several security tools for monitoring environment
- Training staff on incident handling procedures
- Led creating and management of application security testing and monitoring processes
- Research, architect and implementation of new technologies like SIEM (LogRhythm, AlienVault, LogLogic and SPLUNK) and DLP (Symantec and Intel/McAfee)
- Compiled a list of preferred vendors for security products and services
- Quarterly report to executives on the state of security
- Initiate internal security vulnerability scans then schedule remediation
- Introduced Unified Security and Threat Management to small and midsized clients.
- Created policy to require all physical infrastructure (servers, storage, perimeter security, etc.) go through a security risk review
Confidential, Jersey City, NJ
VP, Information Security
Responsibilities:
- Director and creator of Confidential ’s Incident Response and Strike Team (F.I.R.S.T.)
- F.I.R.S.T. began leading global incident response initiatives for all of Confidential in January 2012
- Designed a 24/7 Confidential Incident Response Center (FIRC) using the ISO27035 framework
- Created and maintaining Confidential ’s incident response policies and threat scoring matrix
- Managed four global incident response centers (main center outside of Atlanta, GA, second in Portland, Or, one in India and one outside of London)
- Held monthly Threat and Response conference call for all Confidential divisions to allow them to see the threats we’ve averted or addressed.
- Managed forensic investigations as required through the FIRC
- Worked with Director of ITIL compliance to ensure that security operations adhered to the ITIL frameworks set before us.
- Lead the Investment Services Incidents Response team for security related matters (logical and physical security related)
- Handled day to day security operations for the Investment Services division
- Was the lead on the Confidential team (in conjunction with external vendor, Verizon Business Services) to align Confidential ’s environment with ISO 27000 / 27001 / 27002 standards.
- Point person for all bank and financial institution audits of the Investment Services Division
- Built security initiatives around an aging (25 years+) legacy UNIX application driving the Investment Services division’s revenues.
- Worked with the Confidential Security Strategy team to insure PCI compliance across all of Confidential ’s Business Units
Confidential, New York, NY
Chief Security Consultant
Responsibilities:
- Outsourced CISO to smaller clients needing experienced security management.
- Reviewed security procedures currently in place and make recommended changes
- Perform day to day systems management for contracted clients
- Created CISO-On-Demand for small to medium sized businesses ( Confidential )
- Project manager for large scale roll-out for the Confidential Security Implementation
- Architect of several Business Continuity (BCP) and Disaster Recovery Plans (DRP)
- Used ISO 17799 as the baseline for all security implementation
- Perform system audits and secure network environments
- Create Disaster Recovery and Business Continuity drills to verify backup data as well as viability of staff to react in an emergency
- Quarterly review of corporate IT security measures
Confidential, New York, NY
Advanced Technical Trainer
Responsibilities:
- Trained clients in how to administer Lotus Notes networks and users.
- Supervised end user trainers and mentored their progress
- Designed a complex Lotus Notes infrastructure for the Confidential
- Technical Trainer and advisor to several of Confidential ’s largest Lotus Notes/Domino customers
- Instructed Catapult instructors in new and advanced courses, such as Lotus Notes