We provide IT Staff Augmentation Services!

Chief Information Security Officer Resume

1.50/5 (Submit Your Rating)

New York, NY

SUMMARY:

  • Security programs have entered a new world.
  • Constant attacks against all types and sizes of companies are underway.
  • I’ve managed international teams of as many as 40, controlled budgets up to $30M and managed four international information security offices.
  • Working in information security management for a major financial services firm and a growing health and wellness ecommerce web company, I’ve had the opportunity to work on a variety of projects all enhancing my skills as a security practitioner.
  • Recently, I have been working as the Chief Information Security Officer of a city owned health insurance company that needs to adhere to the new Confidential Cybersecurity Act.
  • Below are just a few of the major accomplishments of late:
  • Chief Information Security Officer for a city owned health insurance company
  • Protecting several law firms as their Chief Information Security Officer amid the growing requirements from clients like banking customers and other regulated entities
  • Executive Director of information security for a health and wellness ecommerce company that went public in 2015
  • Confidential ’s Global Incident Response Center creator and the division’s first VP
  • Designed advanced threat prevention and threat handling processes
  • Universal Security Procedures, Standards and Policies across Confidential
  • Hands on CISSP certified Chief Information Security Officer
  • Built a complete security program that will satisfy PCI and HIPAA compliance
  • Created a virtual CISO (vCISO) program to provide high level security services to the underserved SMB space
  • Use of Department of Energy’s C2M2 to test organization’s cybersecurity preparedness
  • Virtual CISO for small and midsized enterprise clients
  • Security programs built around ISO 27001 / 27002 standards
  • Use of ISO27799 as the CISO of a hospital system
  • Implementation of the Cloud Control Matrix before selecting a cloud vendor (Amazon AWS, Microsoft Azure, et. al.)
  • Implementing NY State’s new Cybersecurity Act for Financial Services (23 NYCRR 500)
  • Use of COBIT 5 and ISO 27001 and 27002 standards as a foundation for compliance
  • Implemented advanced persistent threat (APT) management procedures
  • Architect of the Confidential Incident Response Center using ISO 27035 and NIST 800 - 61 standards
  • Extensive vendor management program (healthcare vendors as well and POS reviews)
  • Planned Business Continuity exercises and plans in the event of business interruption at client offices
  • Initiated GRC (global risk and compliance) processes.
  • Lead Confidential ’s Incident Response and Strike Team
  • Designed, created and activated BCP and DRP to have 7 major clients 100% operational within 36 hours of the 9/11 World Trade Center Attacks.
  • Coordinated security assessments of our internal systems with our banking customers to review our security policies, procedures and controls
  • Budgeting and fiduciary responsibility for the department
  • Designed business recovery plans
  • CTO of 500-person international startup during Web 1.0

WORK EXPERIENCE:

Chief Information Security Officer

Confidential, New York, NY

Responsibilities:

  • Designed incident response processes for several clients and maintains a SOC for smaller clients to use for their operations.
  • Creation of several security programs covering PCI and HIPAA compliance
  • Built a robust APT (advanced persistent threat) strategy and have deployed it for multiple clients
  • Executive Director of Information Security for a health and wellness ecommerce company
  • Vendor management and risk assessments
  • Member of CHIME
  • Built policies, procedures and standards in line with ISO 27001/2 & 27799 frameworks
  • Researched, planned, and authorized several security tools for monitoring environment
  • Training staff on incident handling procedures
  • Led creating and management of application security testing and monitoring processes
  • Research, architect and implementation of new technologies like SIEM (LogRhythm, AlienVault, LogLogic and SPLUNK) and DLP (Symantec and Intel/McAfee)
  • Compiled a list of preferred vendors for security products and services
  • Quarterly report to executives on the state of security
  • Initiate internal security vulnerability scans then schedule remediation
  • Introduced Unified Security and Threat Management to small and midsized clients.
  • Created policy to require all physical infrastructure (servers, storage, perimeter security, etc.) go through a security risk review

Confidential, Jersey City, NJ

VP, Information Security

Responsibilities:

  • Director and creator of Confidential ’s Incident Response and Strike Team (F.I.R.S.T.)
  • F.I.R.S.T. began leading global incident response initiatives for all of Confidential in January 2012
  • Designed a 24/7 Confidential Incident Response Center (FIRC) using the ISO27035 framework
  • Created and maintaining Confidential ’s incident response policies and threat scoring matrix
  • Managed four global incident response centers (main center outside of Atlanta, GA, second in Portland, Or, one in India and one outside of London)
  • Held monthly Threat and Response conference call for all Confidential divisions to allow them to see the threats we’ve averted or addressed.
  • Managed forensic investigations as required through the FIRC
  • Worked with Director of ITIL compliance to ensure that security operations adhered to the ITIL frameworks set before us.
  • Lead the Investment Services Incidents Response team for security related matters (logical and physical security related)
  • Handled day to day security operations for the Investment Services division
  • Was the lead on the Confidential team (in conjunction with external vendor, Verizon Business Services) to align Confidential ’s environment with ISO 27000 / 27001 / 27002 standards.
  • Point person for all bank and financial institution audits of the Investment Services Division
  • Built security initiatives around an aging (25 years+) legacy UNIX application driving the Investment Services division’s revenues.
  • Worked with the Confidential Security Strategy team to insure PCI compliance across all of Confidential ’s Business Units

Confidential, New York, NY

Chief Security Consultant

Responsibilities:

  • Outsourced CISO to smaller clients needing experienced security management.
  • Reviewed security procedures currently in place and make recommended changes
  • Perform day to day systems management for contracted clients
  • Created CISO-On-Demand for small to medium sized businesses ( Confidential )
  • Project manager for large scale roll-out for the Confidential Security Implementation
  • Architect of several Business Continuity (BCP) and Disaster Recovery Plans (DRP)
  • Used ISO 17799 as the baseline for all security implementation
  • Perform system audits and secure network environments
  • Create Disaster Recovery and Business Continuity drills to verify backup data as well as viability of staff to react in an emergency
  • Quarterly review of corporate IT security measures

Confidential, New York, NY

Advanced Technical Trainer

Responsibilities:

  • Trained clients in how to administer Lotus Notes networks and users.
  • Supervised end user trainers and mentored their progress
  • Designed a complex Lotus Notes infrastructure for the Confidential
  • Technical Trainer and advisor to several of Confidential ’s largest Lotus Notes/Domino customers
  • Instructed Catapult instructors in new and advanced courses, such as Lotus Notes

We'd love your feedback!