SUMMARY
Solutions-oriented IT Risk Professional with notable success directing a broad range of concurrent IT initiatives, leading planning and execution of business analysis, project level execution (Initiation, Definition, Planning, Execution, Monitoring and Reporting); Establishing project requirements, priorities, and deadlines; Coordination of resources (staff, equipment, vendors and consultants) across single and multiple concurrent projects; Coaching and mentoring of less experienced team members; Budget Management for assigned projects, monitoring project progress, and adjustment of resources and priorities accordingly. Understanding, documenting and managing business and functional requirements; Insurance of compliance with relevant regulations as they relate to information systems; Assessment and improvement of processes, tools and techniques used in the project life cycle; Working knowledge of issue/defect tracking tools.

• Track record in Information Risk program development, execution and reporting. Former Corporate Risk Management Committee and Operational Risk Management Committee and Workgroup member, responsible for metrics/reporting and representing IT Risk.
• Demonstrated capacity to implement innovative IT Risk programs that drive awareness, decrease exposure, and strengthen organizational efficiency;
• Hands-on experience leading all stages of IT Risk including framework definition, process design, implementation and reporting; Regulatory/Audit Compliance, gap analysis and remediation pre/post examinations and reviews;
• Outstanding leadership abilities; Capital Planning, Fiscal Management, Staff Development & Management; able to coordinate and direct all phases of project-based efforts while managing, motivating, and leading project teams.
• Excellent communicator at all organizational levels with an equally excellent ability to define business challenges and solutions to them and develop and maintain business relationships.

Professional Experience
Confidential,Glen Cove, NY March 2006-November 2009
PMO-Sr. Project Manager/Sr. Business Analyst

Responsible for the evaluation and identification of appropriate technology risk platforms (including web application framework and deployment stack) for delivering services; establishment of a risk governance framework in adherence to regulatory, technology, and business expectations and requirements; directing the strategic enterprise-wide information security program that protects the confidentiality, integrity and availability of critical business information resources; directing the development and execution of an enterprise-wide business continuity and disaster recovery plan and periodic testing; communicating the company’s technology strategy to investors, management, staff, partners, customers and stakeholders; conduct TCO and project financial analysis and management for tactical security and recovery projects.

Confidential,Stamford, CT / New York, NY April-December, 2005
Vice President/Information Risk Manager

Managed Asset Management’s business and functional requirements, allocated resources to compliance and entitlement management enhancement projects (ie SSO), provided project oversight and reporting score card to global BISO virtual community of 22 members and Sr. Management. Authored and disseminated global Asset Management IT Risk policies, assisted in the identification and documentation of KRI (Key Risk Indicators), contributed to Continuity of Business program for business unit and infrastructure capacity planning for continuous service delivery. Managed vendor risk assessments, SAS70 reviews, new application certifications.

Confidential,New York, NY November 2001-April 2005
Vice President/IT Security Manager

Managed the evolution of the information security program through the design and implementation of proactive, preventive, reactive security controls such as optimizing perimeter architecture and event monitoring, e-mail content filtering, SPAM control, web content vectoring and remote access services, NIDS/HIDS deployment, establishment of an incident response program, development of security operations policies and procedures. Responsible for Change Management, vendor and third party IT Risk assessments, SAS70 reviews, Managed staff of five security specialists responsible for Account Provisioning and entitlements, OS platform security standards, security engineering, security product review and selection, security project management, security vendor management in a complex VAX, Unix, OS/400, Windows, Cisco, Exchange network. Conducted BCP testing and plan development. Performed ethical hacking studies and managed audit issue resolution and reporting. Chaired and collaborated in various committees governing IT Security policy, operational issues and strategic program direction. Managed function through corporate acquisition and merger.
Key Contributions:

• Authored numerous procedures and security policies in support of IT engineering and operations, Project Manager for regulatory / audit remedial projects.
• Managed security architecture of internet-based Trade Execution System, supervising security and architecture, leading planning and execution of business requirements, and project level execution.
• Designed automation of Change Management workflow Application to enable paperless IT Change Control management.
• Oversight of several infrastructure and application security enhancements as Project Manager such as expansion of Checkpoint firewall architecture, SSL VPN, IDS, SPAM control, etc.

Confidential,New York, NY November 2000-November 2001 Vice President/Worldwide Director of Information Security

Directed global information security program consisting of account provisioning and entitlement management, network security, security architecture for sothebys.com, Sotheby’s Realty, and outsourced third-party SAP infrastructure in a mainframe, Unix, Windows, Cisco environment. Managed and developed staff of three and an operating budget of $2mm. Responsible for BCP documentation and testing.
Key Contributions:

• Outsourced perimeter security management and monitoring, managed third party penetration studies;
• Designed and managed implementation of enterprise-wide remote access
• Created technology risk management process inclusive of guidelines relating to data privacy.

Confidential,New York, NY July 1999-November 2000
Vice President & Manager/Corporate Data Security Officer

Established and managed an enterprise-wide information-security program for the Americas region. Oversaw regional efforts to identify, evaluate, mitigate and manage residual risk across region’s Data Centers, applications and third-party connectivity. Represented IT Risk to Operational Risk Workgroup and Corporate Risk Management Committees. Gathered business requirements, managed project execution, prepared capital proposals for recommended strategies. Principal liaison with auditors and regulators. Developed curricula and facilitated awareness training for regional staff at all organizational levels. Supervised, mentored and developed ten Data Security staff and managed a budget of $5mm.
Key Contributions:

• Established Data Security policies, standards and procedures as well as the creation of a Data Security Committee and business line security officer role;
• Introduced automated account provisioning;
• Designed and managed implementation of perimeter and host security monitoring;
• Managed third party risk assessments;
• Key contributor in Corporate Risk Management, Audit and new product Committees.

Confidential,New York, NY November 1995-July 1999
Assistant Vice President/Information Risk Manager for the Americas

Managed operational oversight of 1,400 seat Business Continuity and Disaster Recovery site Performed Business Impact Analysis, managed unit, OAT, integrated testing. Infrastructure capacity planning for tier 1,2,3 applications and systems. IT Risk representative for Operational Risk workgroup and Committee. Developed and implemented a training and awareness campaign, risk metric scorecard. Reviewed and validated business applications to ensure security and DRP compliance. Tracked and reported BCP/DRP compliance and metrics, maintained tracking application. Served as member of two Deutsche Bank merger integration teams and the Operational Risk Committee.

Confidential,New York, NY
Assistant Treasurer/ Disaster Recovery Manager/LAN Operations Manager/ LAN Support Analyst.

Managed disaster recovery program in the Americas inclusive of new system OAT/UAT testing and reporting, periodic unit and integrated BCP/DRP testing. Maintained bank’s Technology Asset Inventory repository, managed associated documentation and report generation. Gathered and maintained business requirements and metrics and reporting. Performed first- and second-level support of an 800+ LAN server environment directly and through supervision of eleven LAN technicians. Evaluated, tested and implemented server monitoring and automation tools.

Confidential,New York, NY August 1991-November 1995
MIS Manager

Provided comprehensive remote and onsite support for domestic and international staff including Tier 3 support for LAN/WAN services and EDI support for key business accounts (Toys RUs, KB Toys, etc). Managed staff of two, collaborated with Hong Kong Office technology initiatives.

Key Contributions:

• Designed and implemented Help-desk application reducing response time by 40%; customer call-center support procedures and customer network design strategy for sales and marketing teams.
• Enhanced Mac-Novell high-end graphic printing capabilities for product and marketing prototyping.
• Reduced external application support consultants’ expense by 60%.

LAN, System Administration roles (Confidential,NY) February 1984-August 1991
In Real Estate- and Private Wealth Management-related companies.

Education & Credentials

Bachelor of Science with double Major: Marketing and Management & Organizational Behavior
CISSP