PROFESSIONAL SUMMARY:

Proven leader with 22 years of diverse experience in Information Security, Technology Risk Management and IT Audit seeking an executive information security role. Effective in defining and implementing security standards, controls and technology based on risk, regulatory requirements, the threat landscape, industry standards, and the strategic goals of an organization.

TECHNICAL TOOLS & SKILLS:

Security Management Devices / Tools: SecureWorks iSensor (IPS / IDS), Cisco Web Security Appliance, Cisco ASA Firewall, Barracuda Spam and Virus Firewall, Websense Web Filter, Symantec Anti - Virus, Symantec Client Firewall, Windows Configuration Manager, Inspector Event Aggregation Server, Citrix Access Gateway, GFI LANguard, GFI Events Manager, Nessus, Nmap, Nexpose, SekChek, Trend Micro Office Scan & Intrusion Defense Firewall, Poofpoint Email Protection, Bluelance LT Auditor, Wombat Security

Operating Systems, Servers, Database Platforms: Windows 2008, Windows 2012, Solaris, i5 / AS400, MS Exchange Server, VMware ESX Server, Oracle, Lotus Notes

Applications: Bankway (Core Banking); Fiserv Signature (Core Banking) Jack Henry (Core Banking); Bankware (Item Processing); Intuit (e-Banking), Fiserv COASP / BOB (e-Banking), Digital Insight (e-Banking / Mobile Banking), First Data (Debit Services Transaction Processing System), FedLine Advantage, EPIC (Insurance Agency Management), ResourceOne (CRM), UltiPro (HRMS)

PROFESSIONAL EXPERIENCE:

VP, Information Security Officer

Confidential, Bryn Mawr, PA

Responsibilities:

• Developed, implemented, maintained and monitored the enterprise information security program and budget.
• Developed the information security vision, strategy and roadmap and aligned it with BMT goals and objectives.
• Delivered information security risk assessments to determine the likelihood of internal / external threats exploiting vulnerabilities, and the impact in the event those exploits led to data being compromised (i.e. Inherent Risk).
• Evaluated the design and effectiveness of associated mitigating controls and developed mitigation strategies where residual risk exceeded risk appetite.
• Assessed cybersecurity preparedness evaluating the organization’s ability to identify and protect critical assets, and detect, respond, and recover from cybersecurity incidents. Facilitated the implementation of both technical and process improvements to align organizational cybersecurity maturity with inherent risk.
• Managed and monitored network security including 24x7 network and host IPS / IDS, firewall protection, SIEM, malware protection, content filtering, email security and vulnerability management.
• Led and coordinated the incident response function facilitating timely response, recovery and reporting of security incidents.
• Developed and managed the 3 rd party risk management program establishing standards for assessing, selecting and monitoring outsourcing relationships, and ensuring regulatory compliance.
• Developed and maintained the information security awareness program delivering education through formal and electronic methods, and measured effectiveness via social engineering exercises.
• Established and maintained security metrics, KRIs / KPIs, and reporting to measure the progress, success and maturity of the information security program and identified opportunities for improvement.
• Provided regular reporting on the status of the information security program to senior management and the board of directors.

VP, Director of Information Security

Confidential, Philadelphia, PA

Responsibilities:

• Developed, implemented, and managed the bank’s information security strategy, budget, program, policies and procedures.
• Managed the bank’s cybersecurity program to identify and protect critical assets, and to detect, respond, and recover from security incidents in alignment with industry standards / regulatory requirements
• Oversight and management of security operations including 24x7 network monitoring, firewall protection, SIEM, malware protection, website content filtering, email security and vulnerability management.
• Established security standards and worked collaboratively with IT and LOB owners to implement supporting technology and controls within multiple organizations based on Confidential, Confidential, & ISO frameworks.
• Collaborated with business units, IT, and service providers to facilitate secure implementation and delivery of new products, services / technology, ensuring compliance with security / risk management objectives, guidelines and acceptable risk.
• POC for regulatory & audit engagements including management of exams, inquiry response, and delivery of evidence.
• Management of BCP including performance of Business Impact Analysis, establishing RTO and RPO for business applications, defining potential threats / impact scenarios, and identification of business and technical recovery requirements.

CIP Cyber Security Compliance Consultant

Confidential, Norristown, PA

Responsibilities:

• Developed strategies, processes, procedures, & controls to mitigate identified security risks & ensure the achievement of Confidential established goals for system compliance with Confidential CIP Cybersecurity standards & requirements.
• Evaluated the design & effectiveness of security controls to determine whether they adequately mitigated identified risks & addressed Confidential CIP standards & requirements. Implemented control enhancements addressing areas of deficiency.
• Ensured that all operations impacting production systems adhere to Confidential & Confidential security / configuration standards.
• Coordinated CIP compliance audit activities including RSAW preparation & submission, gathering & submission of evidence, requirement owner / SME testimony, & general communications with Confidential / RFC.
• Established & implemented an organization wide continuous monitoring program designed to monitor & assess deployed security controls and on - going compliance with Confidential CIP Cybersecurity requirements.

VP, Online Authentication & Access Strategies

Confidential, Mount Laurel, NJ

Responsibilities:

• Defined and owned the North American online / mobile authentication and access management strategy, and developed the strategic roadmap to fulfilling delivery of the enterprise vision.
• Represented the Online Channel on initiatives as authentication owner; aligning teams to the vision, providing online / mobile expertise, and identifying opportunities to deliver enterprise-wide features and services that deepen customer engagement.
• Worked collaboratively with partners within Compliance, Legal, Audit, Fraud, and Technology Risk Management to identify issues related to the delivery of customer authentication and support capabilities and created mitigation plans.
• Owned / managed the customer identity proofing process to detect and prevent high risk applicants from successfully opening new accounts and services online. Leveraged a combination of internal and external tools (Threat Metrix, TransUnion, LexisNexis, RSA) to facilitate ID verification, fraud verification (restricted countries, blacklists), & identification of high risk alerts.

AVP, Director of Information Security

Confidential, Philadelphia, PA

Responsibilities:

• Strategic alignment of information security with the bank’s business strategy & organizational objectives.
• Deployed bank wide information security standards and controls based on Confidential, Confidential, ISO 27001/2, & ISO 27005 frameworks.
• Performed information security risk assessments to determine the likelihood of threats exploiting vulnerabilities, and the impact in the event those exploits led to data being compromised (i.e. Inherent Risk). Evaluated the design / effectiveness of controls, determined residual risk and developed mitigation strategies as necessary.
• Protection of the bank’s network environment through network / host intrusion detection and prevention, firewall security, web content filtering, malicious program detection / prevention, SIEM, threat / vulnerability management, & incident response.
• Management of BCP including performance of Business Impact Analysis, establishing RTO and RPO for business area functions, defining potential threats / impact scenarios, and identification of business and technical recovery requirements.
• Developed and managed the 3 rd party risk management program establishing standards for assessing, selecting and monitoring outsourcing relationships, and ensuring regulatory compliance.
• Worked collaboratively with IT and LOB owners to maintain compliance with information security related regulatory requirements established by the FFIEC, GLBA, SOX, PCI DSS, & HIPAA.

Senior Manager, Technology Risk Management

Confidential, Moorestown, NJ

Responsibilities:

• Successfully managed & delivered client engagements ranging from $50,000 - $1.2 million in annual revenue, including tracking / management of budget vs. actual T&E, development of annual Audit plans / projects & scheduling of resources, oversight of projects & deliverables, issues tracking / resolution, & quarterly senior management & audit committee reporting.
• Developed & presented 1-3 year plans for scheduled audits & special projects based on risk assessments, prior audit ratings, organizational changes, planned system implementations, & regulatory requirements.
• Implemented IT standards & controls within client environments based on Confidential, Confidential, ISO 27001/2, & ISO 27005 frameworks.
• Evaluated clients’ compliance with standards, regulations, & requirements established.
• Created, implemented, & executed SOX testing programs for clients in various industries.
• Set performance expectations, measured results, & rewarded / corrected performance for 8 manager and staff level consultants.