SUMMARY:

A senior technology manager with 18+ years of experience in technology security, risk management, compliance and controls along with systems analysis and engineering for high - profile insurance, banking, capital market and government entities. Proven ability in leading and redefining technology, tools and processes, & leading organizations to adapt to disruptive environments with a risk based approach. An influential component in collaborating with C-Suite executives in developing comprehensive technology models and roadmaps aligned with corporate strategy and objectives.

CORE COMPETENCIES INCLUDE:

Technology and Operational Risk Management Application and Infrastructure Security

Technology Audit & Controls Cloud, Cyber & Web 2.0 Security

Business Process Controls & Reengineering Big Data Analytics, Governance & Controls

Standards e.g. COBIT, ISO, NIST, SANS, FFIEC Innovation and Consumerization of IT

Regulations e.g. SOX, PCI, HIPAA, GLBA, FISMA Enterprise & IT Architecture

Policy, Standards, Procedures & Guidelines Strategic Planning & Business Analytics

TECHNOLOGIES:

Operating Systems: Windows, Unix (Linux, Solaris, AIX, HP/3000), iSeries, Mainframe.

Security Tools/Utilities: Checkpoint, NetCool Central Logging System, CA-Unicenter, VE-Audit, RACF, CA-Top Secret, CA-ACF2, Vanguard Security Analyzer, DumpSec, Hyena, NetStumbler, Norton Personal Firewall, Real Secure (IDS), ReAct, R3000, FortiNet, McAfee, ScriptLogic ESR, Acunetix, WebScarab, Netsparker.

Patch Management: SCCM, WSUS, OSD.

Mobile Device Management: Fiberlink MaaS360, AT&T MobileIron, Good.

Cloud Storage/Sync Systems: Box, Accellion, DropBox, SkyDrive, FilesAnywhere, SmartRoom, ShareFiles.

Emergency Notification Systems: MIR3, HoneyWell, Siemens

Databases: SQL Server, Oracle, Sybase.

Remote Access: RSA, Citrix.

Web Development/Security: Web site setup, administration, security, authoring and publishing, OWASP, XML/AJAX security, Web Services security, XML Gateway, SOAP, Enterprise Service Bus, SOA, JAVA/.Net/SQL security.

Web Servers: IIS, Apache.

Languages: BASIC, SQL, HTML.

Financial Applications: Trading/Investment Systems, Wire Transfer Systems, Securities Book Entry Systems, Insurance Claims & UW Systems, Actuarial Applications, Rating & Modelling Applications, GL Systems.

Change Management Tools: Endevor, PVCS, Tripwire.

Scheduling Packages: CA-7, CA-11, Infoman, Control-M, Control-R, ROBOT, Pervasive

PROFESSIONAL EXPERIENCE:

Confidential, NJ

Vice President, Head of IT Security & Risk Management

Responsibilities:

• Manage the global application and infrastructure security functions that include, but not limited to, developing/establishing strategies, policies, procedures and standards, security administration, risk and security assessment, vulnerability assessment, gap analysis, security patch management, incident response and investigations, VPN systems, anti-virus infrastructure, HIPS, web content management, user security entitlements, security awareness, security event monitoring of internal and perimeter devices (IDS/IPS/Firewalls/XML Gateway, etc.).
• Lead and direct cyber security as well as technology and operational risk management initiatives.
• Lead the implementation of SANS 20 critical security control framework as part of the ERM initiative.
• Prepare and present IT security and risk reporting at quarterly Board of Directors’ meetings.
• Coordinate the Enterprise Risk Management efforts, comprised of C-suite executives.
• Conduct companywide technology security and risk awareness sessions.
• Liaise with internal and external audit teams and conduct interim self-audits to ensure compliance with multiple regulatory areas (SOX, PCI, HIPAA, PII, Federal, State, and International regulations).
• Conduct audit/security assessment of business partners’ datacenters and information processing environments.
• Lead the IT Architecture Committee (consisting of 10 VPs and Directors) to establish Governance and Policies; developed and presented IT strategic plan to support corporate goals and objectives.
• Drive research and innovation initiatives relative to new technologies, tools and processes e.g. cloud computing, consumerization of IT, BYOD, web 2.0, big data, etc.
• Provide oversight on helpdesk and mobile computing operations and initiatives.
• Coordinate DR and BCP activities, evaluate test results and ensure failures are addressed appropriately.
• Oversee vendor management process, and liaise with Legal Department in reviewing and approving agreements.
• Revamped global IT security architecture and strategy, operational management and controls with a redefined risk management framework, and developed road maps to ensure sustainability while achieving a 25% cost savings and 30% improvement in security and controls.
• Implemented secure application development practice following SANS and CVE guidelines.
• Redesigned core security programs e.g. application, network and infrastructure security administration, cyber security initiatives, endpoint security, awareness and patch deployment.
• Authored and implemented various IT Policies, Procedures, Standards and Guidelines.
• Centralized IT security controls from all global locations for increased efficiency, productivity and compliance.
• Established the IT Architecture Committee and authored the charter with a full sponsorship from the C-suite.
• Improved user productivity and efficiency with 50% cost savings by new technology initiatives e.g. deploying a cloud-based file storage, sync & file transfer system, virtual data room, and BYOD infrastructure.
• Reengineered computer build-and-deploy process, and successfully achieved 40% increase in accuracy, compliance and efficiency with 20% savings in allocated staff time.
• Established Helpdesk to serve all global locations, complete with self-service and ticketing system to strengthen problem and asset management practices.

Confidential, New York, NY

Vice President, Security Operations and IT Risk Management

Responsibilities:

• Developed comprehensive risk management framework, implemented routine gap analysis and risk assessment procedures; led risk assessments of business operations and data, identified weaknesses, vulnerabilities and implemented mitigating controls and technology solutions.
• Led the quarterly Board of Director risk reporting efforts & security budget presentations for all global locations.
• Introduced and conducted self-audit, in coordination with internal audit, as a preparation for external audit.
• Managed and led companywide/global security activities and initiatives including application security administration, network security provisioning, overseeing and monitoring perimeter security devices (Firewalls, routers, VPN, FTP devices, etc.).
• Implemented various security programs and procedures including IDS/IPS, SIEM, secure Unix environment, provisioning, content management, compliance, and patch management.
• Reviewed and approved all IT-related compliance, audit and security requests; conducted security assessments for all new systems/applications, and provided guidance in implementing resolutions.
• Improved departmental efficiencies through leadership measures such as evaluation and consolidation of staff model, enhanced communications, and increased awareness of security, compliance and regulatory concerns.
• Oversaw vendor management and established a risk based vendor management model.
• Co-managed DR/BCP, implemented automated incident response procedure and coordinated periodic testing.

Confidential, New York, NY

Senior IT Auditor

Responsibilities:

• Conducted consulting engagements on business process reengineering, authoring corporate policies and procedures, and implementing information risk management programs.
• Designed and implemented effective operational and systems risk management framework and strategies for client organizations’ applications, infrastructures and business processes.
• Identified key controls, relative weaknesses, and designed and implemented mitigating measures and sustainable control procedures.
• Developed audit plans and customized for executing fieldwork based on clients’ business and technology environments to ensure proper coverage of risks.
• Conducted application, general and business process control audits, as well as regulatory and attestation reviews.
• Managed projects by adequately staffing with appropriate skills, making decisions on testing methods, reviewing work performed, developing staff skills, preparing budgets and monitoring engagement economics against plans.
• Managed multiple simultaneous projects, and up to 20 audit staff at separate concurrent engagements.
• Supervised clients’ internal audit teams for work performed to complement audits.
• Provided ongoing feedback to clientele and delivered presentations to report metrics and final deliverables.

Confidential, New York, NY

Assistant Project Administrator

Responsibilities:

• Administered, monitored & audited research grants, contracts & project activities in the CUNY colleges.

Confidential, Jamaica, NY

PC Specialist/Assistant Educator

Responsibilities:

• Developed and maintained student database, provided PC support, and maintained IEP compliance.
• Taught a group of IEP students.