Objectives

• 20 years of diversified IT management experience, combined with deep knowledge of industrial business processes, Cyber-security Privacy, and Enterprise Risk Management Track record of achievement communicating at all levels in highly regulated fortune 500 Corporations
• Held various leadership roles directing end-to-end Information Security Programs, and teaming-up for Audits, Security Risk Assessment, Penetration Testing, Data Loss Prevention, Disaster Recovery, and Financial Regulatory Compliance, FRB, and OCC examinations based on FFIEC compliance practices and ISO2700x standard definitions. Expertise PCI DSS and in Anti-money Laundering and the Bank Secrecy Act.
• Looking for executive level opportunity to match my long-term career objectives, and contribute by minimizing business risk, and maintaining the fine balance between security controls and the necessary and realistic compliance.
• Core Skills Record of achievements and mastery-level skills in the following IT Business processes:

Confidential

Security Officer

• Oversee all activities related to the development, implementation, and adherence to, the Firm's privacy program in compliance with Client audits, federal and state laws and industry standards. Responsible for the Information Security program and operations.
• Perform and directs risk assessments I.e., protected information privacy and security audits, policies and procedures, trends analyses, audits, projects and violation investigations to ensure Firm-wide compliance. Advise and partners with Chief Information Officer on information technology risk and control implementation, such requirements as regulatory, external audit and risk management processing, including conducting periodic information technology risk assessments for financial and health related HIPAA clients.
• Functional CPO responsibilities working in concert with the Chief Information Officer CIO and Privacy Expertise Partners in the establishment of the Firm's Information Security and Risk Management program to maintain information assurance and compliance throughout the global MoFo enterprise organization distributed over in 17 offices in key technology and financial centers in the United States, Europe and Asia, our clients include some of the largest financial institutions, investment banks, and Fortune 100, technology and life science companies.
• Oversee and implement information security safeguards for Firm information systems and components. Ensure confidentiality of the Firm's data, proprietary information and intellectual property. Consistent with the Firm's data privacy policies and procedures, maintain the integrity of the Firm's databases in each of the Firm's geographies.
• Successfully championed and implemented SIEM systems log monitoring and Data Loss Prevention DLP program and technical solutions to stop data leakage and satisfy legal/contractual and regulatory requirements, with critical assets protection and alerts.

Confidential

POSITION: Chief Information Security Officer CISO and Onsite Consulting Programs Manager

• Responsible for overall Technical Vision and Leadership for the company's acquisition of technology infrastructure, IT operations, security incident response investigations, and Security Systems for Control and Compliance.
• Leadership on the selection, architecture, and implementation of leading security solutions including IDS/IPS, SIEM like LogRhythm and CA's Enterprise Log Management, Data Leakage Protection DLP and Threat Vulnerability solutions including Qualys.
• Designed and directed CPO's Data Center facilities and its enterprise cloud security services provided to business in various industries.
• Liaison with the Big Five E Y, Deloitte KPMG, PWC, and Grant Thornton accounting/auditing firms. Leadership addressing ISO 27000/17799, SOX, HIPAA, PCI DSS, and FFIEC regulatory compliance and PII protection laws, plus related IT controls.
• Responsible for the documentation of CPO's IT Governance, Information Risk Management, Information Security Policy, Standards, Guidelines and Procedures including PCI DSS.

Confidential

Interim Vice-President: Information Security Officer

• ISO serving under the Chief Operating Officer's organization and member of the corporate global investment banking Security and Anti-fraud Expertise team specialized on fraud prevention and InfoSec assurance programs for all lines in the America's region.
• Delivered revised set of Information Security Policy, Standards, Guidelines and operating procedures enhancing existing ones.
• Coaching of the Information Security team, leading to a stronger service oriented mindset and driving best operational results.
• Produced Operational Risk Management documentation including risk assessment, vulnerability testing, and prescriptive security controls remediation.
• Responsible for security architecture, design and leading deployment project of the Identity and Access Management IAM and role-based access control, all in line with realistic implementation of FFIEC and ISO27000 standards and best practices.
• Responsible for administration of user access rights, review and certification at Societe Generale America's Region. Design of access lifecycle management including Onboarding, Transfers, Terminations, and Security Incident Response.

Confidential

Interim Vice-President of Information Risk Governance

• On-site outsourced Information Security Officer in charge of Management of the Information Risk Governance department IRG, and delivered end-to-end Information Security Program for global information assurance, incident response, security architecture and Role Based Access Control implementation. Hired and appointed new full-time CISO.
• Project Manager of legacy applications migration to Enterprise Resource Planning thus enhancing centralized control and monitoring of Identity entitlements and provisioning to global users, thus preventing fraud and information leakage using IDS and IPS firewalls.

Confidential

POSITION: Director of Information Risk Security Management

• Functional Chief Information Security Officer's responsibilities, member of the Canon Corporate Compliance division for the Americas.
• Advised the Lines of Business executive leadership and IT Management on the Development Roadmap, Vision, Policy revisions and key technical decisions for technology improvements and enhanced information security controls.
• Championed the initiation of Business Process re-engineering to facilitate alignment in developing a new set of applications ensuring that Titles, Roles, Rules, Functions and Responsibilities, are mapped out to the new systems thus facilitating business/IT alignment for a new Identity Management and Entitlements Management/Review process.
• Responsible for Global Information Security Policy Compliance PMO, and Enterprise Risk Management initiatives including team recruitment, development and performance review. Lead brainstorm discussions with Corporate Strategic Planning of eCommerce solution B2B and B2C resulting on an extraordinary supply chain demand and warehousing solution for the electronics giant.

Confidential

POSITION: Business Information Security Officer

• After successfully working as consultant to the Sr. Compliance Officer was promoted to head of Information Security for the Global Markets, Traveler's Insurance, and Wealth Management business divisions. Articulated IT risk management and Internal Auditing methodologies to achieve compliance with regulatory issues related to GLBA Act, HIPAA and SOX 404 General IT Controls, and other regulatory compliance audit issues pending remediation.
• Worked in partnership with Citigroup's Internal Audit Group in the capacity of Sr. Advisor for IT related audit standards and testing while interfacing with PWC, KPMG, and other entities. Strong understanding of Citigroup's RCSA process.
• Oversight of Application and Infrastructure Vulnerability Testing and presented statements of accountability report to the corporate CEO. In short period of time and under constraints delivered outstanding control systems and methodologies.
• Managed the Software Development Lifecycle and Development Standards, Application Risk Analysis and recommend Best Practices in IT Security policies, procedures, and systems architecture.
• Represented Citibank, Visa and Master Card on the Payment Card Industry Data Security Standards PCI DSS .
• Responsible for Application Development Risk Assessment and orientation to developers on secure coding practices.
• Responsible for ATM fraud related investigations and computer forensics including advisory to the Legal department.
• Responsible for Computer Labs and Data Center Design with Business Continuity Planning and Operational Risk Management in mind.

Confidential

POSITION: Vice-President of Systems Development

• Director of the Enterprise Application Development Group in Web Technology Services Team, a group of about 29 including AVP's and Sr. Application Developers, and about 17 Temporary Consultants.
• Key advisor to Merrill Lynch's CTO /CIO and to he President on IT Risk Management, Business Process Improvement and IT strategic alignment. Contribution resulting on newly developed trading applications using Service Oriented Architecture.
• Project Manager overseeing all applications high scalability development projects related to the assigned Business Unit in Merrill Lynch. Key role in the planning and implementation of ML Online and its E-Trading solutions.
• Represented the Application Development Management team in the Internal and External Audit discussions related to Audit Testing of IT controls and gap analysis applying CobIT framework principles.
• Completed application vulnerability testing and code scans of hundreds of mission critical applications minimizing their risk levels.

Confidential

POSITION: Investment Banking MIS Director

• Delivered first-time integration of Web-based Stock Market and M A's research distribution to their financial research subscribers. Great enhancement over plain text distribution that was previously possible exclusively through Bloomberg terminals.
• Increased daily transactions handling volume adding up to 11M in revenues by providing the High Yield, Credit and Research divisions by managing the design, implementation and support of a Business Process Optimization, and managing the development of an automated system that facilitated enhanced financial processing, replacing a cumbersome manual batch posting process now capable of uploading daily financial product portfolio updates directly into the NASDAQ's mainframe system.
• Responsible for Executive Committee liaison for the development and implementation of new systems and technologies to address the new changing World Wide Web application requirements for the firm worldwide.
• Oversight of vendor relations for outsourced technology services and solutions to drive Bear Stearns into the 21th Century on their systems architecture and design. Delivered advanced solutions replacing legacy systems ranging from mainframe to Unix mini mainframe systems for massive data management of the global corporate technologies.