SUMMARY

• Confidential is an Information Security, Risk, and Compliance Executive Leader with deep experience in execution and delivery of transformative Security programs across multiple industry verticals. He has expert - level capabilities in the practice of managing Cyber Risk, Strategy, and Architecture, and has led a wide range of initiatives in the areas of Security, Data Protection,
• Third Party Risk Management, Compliance, and Control. He also has significant experience implementing, managing, and optimizing Information Security tools, processes, and programs, and he is a seasoned and effective leader of teams and projects. Confidential has over fifteen years of experience working with large organizations, including the Financial Services, Public Accounting, Retail, Public Sector, Manufacturing, Consumer Products, Professional Services, Energy, Telco, Healthcare, and IT/Business Process Outsourcing industries.

TECHNICAL SKILLS

• Security Architecture
• IT Audit & Risk Management
• Information Security Management
• PCI DSS Compliance
• Threat & Vulnerability Management
• Data Protection
• Methodology & Thought Leadership
• Third Party Risk Management
• Cloud Security
• Information Security Polices/Procedures
• Incident Response/Forensics SOX
• Database Security
• Identity & Access Management
• Disaster Recovery
• COBIT, ISO 27000, NIST
• Archer, BWise, LockPath, MetricStream
• Management and Oversight
• Governance, Risk, & Compliance (GRC)
• HIPAA Security & Privacy
• Project Management
• Team Leadership
• Penetration Testing
• Security Strategy & Organizational focus
• Risk Assessment

PROFESSIONAL EXPERIENCE:

Confidential

Security Services

Responsibilities:

• Security Principal within HPE Confidential, managing and delivering impactful Consulting and Managed Security Services for Global clients across various industry sectors, including Financial Services, Public Sector, Energy, Telco, Healthcare, Life Sciences, Retail, and Manufacturing.
• Areas of focus include Security Organizational Leadership, Strategy, Transformation, Cloud Security, Data Protection, Security Architecture, Third Party Risk Management, Identity and Access Management, and Governance, Risk, and Compliance (GRC).
• Oversee and manage Enterprise Security initiatives, programs, and engagements for Global clients.
• Develop, propose, and deliver transformative client security solutions, aligned with the most relevant Risk, Security, and Compliance needs of the client.
• Manage relationships at the executive level within Fortune 500 client organizations, including CISOs and CIOs.
• Drive the development of Security strategy, methodology, guidance, thought-leadership, and point-of-view for the Confidential practice.
• Conduct speaking engagements, workshops, and lead other industry eminence initiatives at Security conferences, working groups, and events.

Senior Manager, Cyber Risk Services

Confidential

Responsibilities:

• Security Advisory Services Leader within the Cyber Risk Services practice, focusing on Information Security consulting and managed services for Security, GRC, IT Audit, and Compliance engagements for clients in the Financial Services and other industry sectors.
• Manage and deliver transformative Information Security advisory programs and initiatives for global enterprise clients.
• Areas of focus include Information Security Program Development, Data Protection, Strategy, Cyber Resilience, Risk Assessment, Third-Party Risk Management, Information Security Audit, GRC Transformation (BWise, Archer, MetricStream), and Control Enhancement.
• Develop and implement solutions to manage and mitigate various Information Security Risks across large organizations.
• Assist clients in developing and driving their strategy for Information Security, Risk Management, and Compliance across various industry sectors.
• Heavy focus on Risk and Compliance projects in the Financial Services sector.
• Manage and ensure quality in Information Security services, programs, and projects.

Security Consultant

Confidential

Responsibilities:

• Develop, recommend, and deliver Information Security consulting services to global Fortune 500 clients across various industry sectors.
• Provide practice leadership by facilitating a community of practitioners to share and exchange ideas for practice growth and improvement.
• Contribute content and advice to the offering development process.
• Help shape the emerging model of the security practice.
• Lead and execute Governance, Risk, and Compliance projects, including technology-enabled GRC using Archer and other GRC tools.
• Lead and manage engagement teams, ensuring quality and successful project execution and delivery.
• Lead the assessment of enterprise and technology risks, and advise clients of security standards, controls, best practices, and solutions to address risk.
• Develop, manage, and mentor staff within the practice.
• Functioned as a professional independent senior consultant and subject matter expert in Information Systems Security, Risk, and Compliance for several large organizations.
• Areas of engagement concentration included Threat and Vulnerability Management, GRC, PCI Compliance, Security Standards & Policy implementation, Risk Assessment, SOX, Team Management, and Security Architecture.
• Implemented and leveraged tools such as Rapid7 Nexpose, Qualys, Archer, Tivoli Endpoint Manager, Symantec Endpoint Protection, and the National Vulnerability Database/CVSS.
• Client Industries Included: Financial Services, Retail, IT Outsourcing, and Professional Services.

Director of IT Risk Assurance

Confidential, Stamford, CT

Responsibilities:

• Client Services Leader for International Professional Services and Audit firm, focusing on Technology Audit, Risk, Security, GRC, and Controls projects across a wide range of operating environments.
• Developed and managed client relationships,
• Lead and executed IT Risk and Security consulting projects across Financial Services, Retail, Manufacturing, and other industries.
• Developed methodologies, contributed to thought leadership, and conducted training related to practice initiatives.
• Client engagements included GRC (Archer, BWise), DLP, DR/BCP, Endpoint Protection, Data Security, and overall Security Strategy and Architecture.
• Managed and ensured quality of deliverables for all engagements.
• Planned, managed, and executed various IT audits and assessments against industry and regulatory requirements, including PCI, SOX, FDA, COBIT, and other frameworks.

Technical Project Manager

Confidential, Norwalk, CT

Responsibilities:

• Technical Manager in the IT Architecture & Engineering Department of a large, multi-site Internet commerce company.
• Managed credit card security compliance and audit program (PCI DSS). Managed internal and external IT security and controls audits.
• Managed compliance action plans with internal IT management and engineering.
• Managed IT projects, including the build out of diverse website colocation facilities, and multiple product websites.
• Supervised and managed multiple levels of IT personnel.
• Executed, managed, strategized, and administered nationwide Information Technology initiatives for a large media organization
• Supervisor for all Desktop Support Operations nationwide.