SUMMARY:

• A Leader with expertise in IT Security, Governance & Compliance, and Continuous Improvement
• Conducted Cyber Attack against Payment Systems exercise across all bank units & developed Cyber Incident Response Workflow to co - ordinate Bank wide response for Cyber Incident
• Developed Incident Response Procedures and Forensic Evidence Collection Procedures, Enhanced Cyber Incident Response Plan and investigated cyber incidents
• Developed automation workflow for Incident Response that will utilize SIEM, Malware Detection Tools, Asset Management Tools, eMail Gateway, Firewalls, Web Proxy
• Developed automated workflow for Vulnerability Scanning, Data Loss Prevention (DLP), Firewall Compliance
• Implemented compliance with ISO/IEC 22301 Business Continuity / Disaster Recovery Standard and ISO/IEC 27001 Information Security Standard across America's
• Implemented Data Loss Preventions & Data Access Programs for 60,000 users and 60 million policies at Confidential
• Designed Biometrics Authentication Product that complied with Payment Application Data Security Standard
• Developed Information Security Risk Management Plan for year 2016 to address 32 audit and risk findings, successfully closed 8 audit and risk findings at Confidential
• Implemented SOX (Sarbanes Oxley) compliance at Confidential
• Represented Information Security to BLUSA Operational Risk Committee and prepared BLUSA Board Presentations
• Implemented Payment Card Industry/Data Security Standard (PCI-DSS), FFIEC standards, Statement on Standards for Attestation Engagements (SSAE-16), HIPAA and various state, federal and other international compliance standards
• Supported external regulatory agencies requests (e.g. Iowa Insurance Division, FINRA, NJ Department of Banking and Insurance, etc.)
• Ensured that internal and external audits passed successfully
• Provided management, consultation on ITIL and tactical responses, for governance processes within IT Risk and Security
• Reviewed Operational Risks and Controls as part of Enterprise Risk Management with Business Information Security Officer (BISO) of Confidential
• Delivered annual savings of $10 M USD as part of Operational Excellence, Confidential for a portfolio of $75 million
• Technology Planning and Implementation of dashboard for service delivery model by identifying KPIs (600 applications and portfolio of approx. $300 millions)
• Improved process incident response maturity utilizing Lean Six Sigma techniques
• Assist Business Information Security Office (BISO) to perform Industry Benchmarking Reviews
• Conducted gate reviews and created metric dashboard on project delivery with analysis

TECHNICAL SKILLS:

IT Governance, SDLC, Systems and Process Auditing (COBIT), MS Project, Excel, Word, PowerPoint, Visio, Analytical and influencing skills, Risk Assessment, Business Impact Assessments, Vulnerability and Control Testing, Risk treatment strategies, Analytical skills, IT Process Frameworks, COBIT, ITIL, ISO 27001, ISO 20000, Project Management, Budget Allocations, Resource Allocations, CounterACT, Algosec, Nessus, Cynet, Invincea, IronPort, Algosec, Digital Guardian, NetIQ

PROFESSIONAL EXPERIENCE:

Confidential, NY

Vice president, information security

Responsibilities:

• Responsible for Cyber Incident Response, Audit and Compliance Response, Process Automation, Information Security Project Management, Maintenance of Information Security Toolset, SEIM Improvement
• Participate in Penetration Testing and Risk Assessment
• Identify and own resolution of related compliance issues and non-compliant conditions
• Interface with Auditors throughout the audit cycle
• Manage Information Security Projects
• Develop insight for Information and Cyber Security Program
• Disseminate insight and information among other personnel in the Information Security Team
• Complete periodic risk assessments using FFIEC CAT Tool
• Interface with Auditors throughout the audit cycle
• Manage projects for successful resolution of audit and risk findings
• Improve process maturity for Cyber Incident Response, Data Loss Prevention and Email Security
• Assist Information Security Officer for board presentations
• Enhance current security control appliances and services: network access controls tools SIEM-NetIQ, Anti-Phishing security filters in IronPort
• Investigate Cyber Incidents
• Maintain current understanding and skills related to cyber security and defense
• Develop Secure Software Development Life Cycle Standards

Confidential, NC & NJ

Program manager

Responsibilities:

• Manage Infrastructure Cost Reduction and Information Security Management teams (15 team members)
• Develop framework for monitoring of IT Security
• Manage two teams for Disaster Recovery Programs and Infrastructure Reduction Programs
• Set up framework for first line incident response, problem investigation and root cause analysis (RCA) process
• Manage relationship with Enterprise Risk Management, Operations Head and Business Information Security Officer of Confidential
• Manage relationships with internal Confidential vendors, external vendors including Cognizant and iGATE
• Assist Business Information Security Office to perform Industry Benchmarking Review

Confidential

Project Manager

Responsibilities:

• Provide Production Support for Compliance and Regulatory Applications
• Respond to requests from Government Regulatory Agencies
• Respond to requests from Internal and External IT Auditors
• Assist fraud investigations process
• Improve customer satisfaction
• Support production environments for critical Compensation application Enterprise Producer Identifier (EPI) and Legal Application Compliance Online (COMS)
• Deliver Traveler’s Integration with EPI and COMS

Confidential, Stamford, CT

Chief Development Officer

Responsibilities:

• Develop product specifications by benchmarking against existing competitors and technologies
• Deliver turnkey product solution utilizing appropriate external vendors
• Develop product integration strategies for customer implementations
• Deliver turnkey solutions by utilizing internal and external vendors
• Support funding efforts for product development

Confidential, NY, NY

System Architect and Administrator

Responsibilities:

• Restore operations in emergency data center after 9/11
• Implement Firewall, Identity and Access Management Solution
• Delivered multiple projects and resolved multiple production issues