SUMMARY:

• Accomplished GRC (Governance, Risk Management and Compliance) and Information Security Executive with 16 years of proven industry track record, specializing in technology risk management expertise, business and operations acumen and client/stakeholder relationship management.
• Developed, implemented and monitored various IT Risk Management activities while reliably achieving organization’s objectives while addressing uncertainties and acting with integrity. Operated with “no surprises” mantra, led teams and reports with integrity and resourcefulness and routinely presented to the Senior Management
• Technology Staff and Business Stakeholders.
• Successfully led Security and Audit Functions for organizations, providing line management, leadership and strategic direction and liaising closely with the affected stakeholders. Knowledge and proficiency working for many financial companies (including a notable start - up), recognized for reputable contributions for a major Confidential Exchange and also have the highly desirable “Big 4 Consulting” experience.
• Improved operational and technical controls which reduced risks, saved money, and also demonstrated the value of the Internal Audit Function for the Confidential .
• Prevented Distributed Denial of Service attacks as an Information Security Engineer for Confidential and successfully delivered Information Security and IT Audit assignments for numerous clients as a “Big 4” consultant.
• Built and manage the GRC Practice, employing RSA Archer for Confidential Information Services.

PROFESSIONAL EXPERIENCE:

Confidential

GRC and Security Operations Officer

Responsibilities:

• Responsible for Risk Management, Audit & Compliance and Operational activities and perform associated duties and responsibilities including achievement of business objectives and accountability for the Group’s KPI’s, Metrics and Reporting Ensure adequate protection of information across the enterprise and responsible for identifying, assessing and reporting on information risks in a manner that meets compliance and regulatory requirements
• Advise CISO, serve as Chief of Staff and organize and control the team-affecting strategic, operational and administrative matters including budgeting, forecasting, hiring decisions and vendor management

Confidential

Information Security and IT Security Consultant

Responsibilities:

• Contributed as an authoritative source of domain expert for all IT Security and Information Risk Management matters for Confidential Recovery Operations
• Successfully completed two short-term risk management projects for ISO27001 compliance and audit Attended and contributed to the success of the Confidential Chapter Leader as the event moderator and facilitator

Confidential

VP - IT Security Group

Responsibilities:

• Managed a Group of 15 Information Security professionals across 3 InfoSec Functions: Policy & Training, InfoSec HelpDesk and Audit and Regulatory Response Coordination Group Improved operational efficiencies and implemented innovative controls to better service Firm employees and clients
• Successfully delivered complex and specialized InfoSec Projects including Fed Matter Requiring Attention (MRA) Reviews, GLBA-related and other Firm-affecting initiatives and communication and other important activities that reduced the overall risk posture of the Firm
• Responsible for IT Security’s Security Architecture Group (for North America) which serves as a preventive function and aims to mitigate risk for Firm’s Applications, Infrastructure and other IT systems and platforms
• Monitored and evaluated Key Metrics Indicators affecting key security issues and programs and recommended corrective action follow-ups as necessary
• Liaised with and offered positive strategic direction to related Governance and Administrative Functions (i.e. Physical Security Team, Risk Management, IT, HR, Legal and Compliance and etc.) and affected stakeholders throughout the Firm as necessary, on InfoSec/IT Sec-related matters Commission activities relating to contingency planning, business continuity management and IT disaster recovery in conjunction with relevant functions and third parties
• Evaluated Governance Risk Management and Compliance (GRC) vendors and their respective offerings and rendered optimal selections for the Firm

Confidential

Information Security and IT Audit Consultant

Responsibilities:

• Provided short-term information security consulting and IT auditing advisory services for Huron and Confidential, respectively
• Successfully completed computer security and forensics project for a world-renowned hotel chain Trained a team of IT Auditors for a pharmaceutical company on IT security best-practices

Confidential

IT Audit Director

Responsibilities:

• Planned, conducted and led Confidential IT audit engagements (i.e. Disaster Recovery Planning Review, Email Systems Review, Data Center Review, O/S Review, Database Review, Change Management Review, Crisis Management Review, Physical Security Review, Incident Response and other infrastructure and application audits)
• Worked closely with the CISO in formulating and implementing information security controls
• Participated in Audit Committee Meetings for C-level executives and Independent Board of Directors
• Prepared and coordinated with the SEC Division of Market Regulations auditors for external reviews including conducting gap analysis, and recommendations for the Confidential Stakeholders
• Managed a team of IT auditors in executing technology audit projects in conformance with professional and department standards, budgets and deadlines
• Supported SVP of Internal Audit and Business & Operations Audit Director in planning, executing and following-up on Business and Process (Integrated) audits (i.e. Payroll, Billing and etc.)
• Formulated and reviewed all IT audit programs for all audit engagements based on industry best practices and standards
• Recruited all IT audit staff and managed daily operational and administrative activities

Confidential

Engagement Manager

Responsibilities:

• Performed numerous computer security engagements and audits of general IT controls in support of a financial statement audit (or independent of) including program change controls, computer operations, application security, forensics, and disaster recovery planning for enterprise systems environment
• Successfully delivered IT and Integrated/Process Control Audit engagements
• Conducted Penetration testing (hacker simulations), security diagnostics of applications, operating systems (Windows, Linux and etc.), databases, firewalls, and web servers for distributed environments
• Provided Advisory Services for Chief Information Security Officers (CISO) - strategic and directional guidance for CISO’s with respect to initiative priorities and project details
• Executed leadership, advice and counsel to line management on security policies and practices and identified exposures as well as recommending/developing corrective actions

Confidential

Enterprise Risk Services (ERS) Senior Consultant

Responsibilities:

• Managed and performed consulting services for Computer Security Engagements such as vulnerability assessments and development of enterprise security architectures
• Conducted pre - Implementation reviews and risk control assessments identified security risks to ensure adequate controls prior to deployment for various applications, infrastructure and system environments
• Provided Sarbanes-Oxley, GLBA and other regulatory compliance engagements - mapped thousands of internal controls documented by the client to significant business processes and material general ledger accounts and tested IT controls

Confidential

Information Security Engineer

Responsibilities:

• Previously served as Senior Internet Systems Engineer and Network Analyst during Datek Online years Responsible for various aspects of information security including Intrusion
• Detection System (IDS) and Identity Management Systems (IDM) management, vulnerability assessments, policies, standards, procedures and guideline development
• Maintained knowledge base of complex and specialized industry trends, current security issues and security technology and updated Management on risk and threat that could impact the company business
• Provided hands-on management of information security infrastructure consisting of servers, network devices, firewall, and other production and lab-related systems
• Performed application security reviews and testing, and/or relevant audits in coordination with the Internal Audit Group’s efforts