Summary

• Senior information security and technology executive with a proven track record of enabling business objectives through the development of cost effective technology, security, governance, risk, and compliance programs. Exceptional leadership skills coupled with a creative vision to solve real-world business problems. Selected areas of focus include:
• Cybersecurity Strategy, Operations, and Intelligence.
• Advanced Threats Strategy and Controls network, endpoint, SIEM .
• Insider Threats, including Data Loss Prevention DLP .
• IT / IS Policy ISO 27001 Assessment, Development, and Maintenance.
• Information Security Assessments and Penetration Testing.
• Incident/Crisis Management and Business Continuity.
• Technology, Security, and Privacy Risk Management ISO31000 .
• Audit and Regulatory Compliance: COBIT, SOX, HIPAA, FFIEC, Basel, GLBA, IFRS, NIST.

Professional Experience

Program Director

Confidential

• I returned to Information Security from Internal Audit with a much deeper understanding of the business. This has served me well in my role as the Head of Information Risk Governance, which requires me to interact with the highest level of business and technology leadership to develop, communicate, and monitor IS policy. I am also responsible for managing the global IS strategy and budget in partnership with technology, finance, and business leaders.
• Manage a team of more than 10 professionals responsible for communications, planning, financial, and people management aspects of the Global Information Security program.
• Ensure the appropriate information security governance, policies, methods, standards, processes, and training are developed, applied, and communicated globally.
• Manage the IS program to proactively address new audit, legal, and regulatory requirements.
• Develop and enhance the IS strategy and operating model to maximize efficiency.
• Partner with technology operations teams to select, access, and implement next-generation security tools.

Program Director

Confidential

• As the next stage in my career, I chose a role in financial services internal audit in order to formalize my industry focus and broaden my understanding of the business. This role provided me the opportunity to manage complex and high-risk global integrated audits of the commercial, investment, and retail banking units. This included horizontal corporate and technology units. I was responsible for division/region head level stakeholder relationships and communications including findings, recommendations, and partnering to develop and monitor corrective action plans.
• Performed top-down risk assessments for application and infrastructure technology entities, developed practice-wide technology key controls matrix, identified key risks and controls for technology infrastructure, identified and evaluated key mitigating controls, determined residual risks, and helped develop corrective actions for the identified gaps. Also involved in evaluating entity's control self-assessment and assisting management in strengthening this process.
• Management team member responsible for planning the technology audit program, including global audit resource planning, risk assessment/prioritization, and control mapping for external auditors and regulators, as well as technology's Audit Committee presentations.
• External audit and regulator OCC/FRB interface for all primary and audit lead coverage areas.

Director,

Confidential

• After a decade as an entrepreneur, I decided to take a leadership role in the information security consulting practice of the world's largest professional services firm. While I was there, I led teams of technology professionals that performed management consulting services for large global organizations. I was responsible for managing C-level client relationships including developing proposals and building consensus with stakeholders and senior operations managers.
• Interim Chief Information Security Officer CISO for a fortune 500 hospitality company 6 Months .
• Performed attack and penetration testing, remediation services, and IT risk planning for fortune 500 companies across sectors and regions with a team of up to 8 staff.
• Managed a global team performing risk assessments for a Tier 1 EU-based investment bank's global back office operations including daily P L, Flash P L, and FinCon processes.
• Co-Sourced IT audit lead for a global property casualty insurance client, performed targeted and cycled audits of critical Operational, Compliance, Financial, and IT processes globally.
• Performed disaster recovery/business continuity assessment and design services for a large hedge fund.
• Led a team documenting the front office technology operations processes for a global investment bank including FX, Rates, and swaps processes.
• Managed a team that defined the enterprise security architecture for a global commodities broker including policies, governance, firewalls, networking, servers, and applications.
• Led design team for a 4000 sq. ft., 300Kva, Tier 3 Data Center for a global investment bank.
• Led development team for an EUC based application re-design of the partnership reporting process for a large global private equity client.
• Led a team that analyzed the enterprise security controls and performed remediation including designing organizational structure, policies, procedures, and technical standards for a multinational employment organization.
• Global subject matter expert for End User Computing spread sheets . Developed spreadsheet control and efficiency product offering and provided to key banking, insurance, and alternative investment clients.

President,

Confidential

• Along with two partners from my previous employer, I founded a mid-sized technology consulting firm. Over an 11 year period, we built the company into a publicly-traded multimillion dollar business with up to 80 staff. The firm specialized in the design and implementation of technology solutions for the education, financial services, government, and service providers industries.
• Bid and won the contract to perform the design and implementation of the network upgrade at Prince Sultan Airbase PSAB Saudi Arabia under US Air Force USAF Contract. The contract was a 13 MM US project that included the installation of more than 6000 network drops, 70 outside plant building to building cables 100KM of 12 Strand SM cable , 3 data centers, and 116 data closets and the supporting network hardware infrastructure. Key technologies included VOIP, high end encryption and extensive security, redundancy, and fail over capabilities. Created formal test procedure for network functionality, fault tolerance, and security. Managed a team of up to 200.
• Senior network architect for nine major LAN/WAN programs totaling over fifty million dollars US
• Designed and implemented a regional ISP network throughout the New York metro area for a three ISP coalition. Included three data centers and the network infrastructure.
• Managed a large diverse team that designed and implemented a private label ISP serving more than ten million users a day. Supervised a staff of 5 engineers and 4 programmers in the creation of a web based community system.
• Bid and won a contract to build a network infrastructure for a Long Island university. Design included a three campus WAN, Internet connectivity, Firewall and IDS systems, internal student security systems, switches and routers.

Systems Specialist,

Confidential

• Responsible for implementing and maintaining the IT requirements of various internal and client programs for a mid-sized defense contractor.
• Designed, installed, and supported a Novell network and windows-based desktop publishing system for the Office of the Secretary of Defense. The effort was conducted in the Pentagon to produce the Annual Report to the President and Congress on Soviet Military Power. Developed standard operating procedures, training manuals, security procedures, and test and acceptance procedures. Secret Clearance
• Designed, installed, and maintained a C2 Multi level secure UNIX LAN/WAN system, for local and remote entry to a Sybase SQL Server database used for logistics engineering tasks for the E3 AWACS Program. Secret Clearance