EXECUTIVE PROFILE:

Respected technology executive with extensive leadership and consultancy experience in transforming IT and business operations to thrive in a hazardous digital world. With a passion for building business focused teams that protect the organization and its workers, driving process improvements that mitigated enterprise risk, and developing strategies that benefit the bottom line. International experience in several European, Far Eastern, and Middle Eastern countries has provided an inclusive understanding of diverse cultures.

AREAS OF EXPERTISE:

Team Development and Leadership

Budget Management / Cost Controls

Program & Project Management

Breach and Forensics Investigations

Infrastructure & Security Architecture

Regulatory Compliance (SOX, HIPAA, GDPR)

Industry Compliance (PCI, NERC, FISMA)

Security Framework (COBIT, NIST, FFIEC)

Information Systems Management

Business Continuity / Disaster Recovery

PROFESSIONAL EXPERIENCE:

Confidential

Founder/President

Responsibilities:

• Work with Confidential, small healthcare operations, and non - profit organizations to provide operational, security, and forensic consulting services to resolve recent unauthorized access/corruption and unsatisfactory compliance evaluations (SOX, PCI-DSS, PII, JCAHO, etc.).
• Deliver forensic and incident response services in reaction to potential cyber breach activity, potential data privacy violations, and facilitate mitigation services to prevent future network penetration, software corruption, and data theft/mishandling.
• Conduct penetration tests and perform risk assessments to locate weaknesses in business processes, critical cloud applications, and system configurations. When requested, assist in the remediation and mitigation activities to eliminate any known issues.
• Provide evaluation of potential regulatory impact for international privacy law and assist in the implementation of required data control processes.
• Provide development and implementation consulting services for Identity and Access Management (IAM) strategy and architecture through automated provisioning and reconciliation, RBAC authentication to entitled applications and resources, and Single Sign-on (SSO) integration.

Confidential

SVP Global Information Security, Enterprise Surveillance & Data Protection

Responsibilities:

• Responsible for the implementation of data governance controls to address data privacy, regulatory compliance, and security risks associated with mishandling of corporate data, improper data classifications, and external data transfers through the implementation and adoption of controls based on established control frameworks (NIST, FFIEC) and international regulatory requirements (EU-GDPR, BR-LGPD, IN-PDPA, etc.). These controls support the prevention and detection of inappropriate use or handling of sensitive data.
• Supported the identification and mitigation of insider threat risks using an intelligence led approach through identity and behavior analytics. New detection and analysis capabilities resulted in 470% increase in SIRT actions.
• Coordinated with business groups (revenue generating) and service groups (IT, HR, Audit, etc.) to establish risk tolerance and mitigation controls to satisfy international regulatory requirements and current business objectives. Extended DLP detection rules (Symantec, Palo Alto) to cover encrypted and cloud based data movement.
• Supported the Information Security Risk Operating Committee (ISROC) with metrics reporting and governance controls. Established close working relationship with external regulators and internal auditors to ensure protection of clients, workers and corporate data.

Confidential

Privacy and Risk Management Architect

Responsibilities:

• Tasked with providing risk management, data privacy, vulnerability management, and information security governance in support of IT transformation and compliance efforts. Using established control frameworks as model Introduced improved processes in combination with new technologies to increase business flexibility, satisfy compliance, and improve protection of business operations on a global scale.
• As the leader of the Vulnerability Management team, translated understanding of current attack methods and malware to ensure senior leadership is aware of potential threats and help establish resources to mitigate and respond to incidents.
• Through collaboration with Enterprise Architecture, created global information security requirements for Static and Dynamic Multifactor Authentication (MFA) for all access from an untrusted network segment. This implementation significantly reduces access potential by malicious users and enhances the protection of data such as intellectual property, financial transactions, and PII/PHI related information. Protection against attempted data theft paid for the effort several times over.
• Lead the upgrade and enhancement of the Symantec Data Loss Protection (DLP) program. Through collaboration with Corporate Security, Enterprise Architecture, Corporate IT, Legal, Audit, and other business groups, upgraded all DLP servers to improve capabilities and lead the overhaul of detection/response workflow process. The results of the activity included a lower data storage load, reduced time for processing events, and improved investigative capabilities. The ability to locate and mitigate IP loss has prevented significant financial loss.
• Selected as data security architect for transformation of supply chain management and point of sale financial management systems. This activity included implementation of core security configurations through comprehensive assessment of PCI-DSS controls.
• Lead the third-party risk assessment activity and developed risk scoring system to prioritize and mitigate unaccepted risks.
• Secure design of multiple cloud services (AWS, Azure, Google), safe implementation of collaboration software, security awareness training, and support of secure SDLC processes were also implemented.

Confidential

Director, Information and Infrastructure Security (CISO)

Responsibilities:

• With collaboration of multiple departments, implemented security standards and policies enterprise wide. Standards applied to every OS used within the enterprise and each class of device connected to the network.
• Redesigned the Security Incident and Event Management (SIEM) process and analysis. Previous tool collected limited events with minimal analysis. New process collected events from all critical devices (1200% increase) and daily analysis performed to find and filter “normal” activity. Cross-departmental review of events to determine threat/risk and operational impact. Revenue impacting outages prevented due to changes application design and misconfigurations, and malicious activity detection increased.
• Realigned the operational management of protection technologies.
• Network devices, Intrusion Prevention Systems, and host protection suites were not included in periodic review for configuration or currency. Implemented process for regular review of existing configuration of all related equipment and review of any changes to operations. Reduced scope of PCI related devices by 3600%.
• Created a new Identity and Access Management (IAM) architecture that eliminated 57% of current products used for authentication, access, and role management.
• Collaborated with legal and corporate security departments to create an American Society of Crime Laboratory Directors/Laboratory Accreditation Board (ascld-lab.org) certified forensics lab.
• Achieved automated enterprise vulnerability scanning by employing new methods and tools at a cost that was significantly below the previous single network segment scanning activity. The new vulnerability discovery activity resulted in an improved patch management process used by operations and an enhanced compliance verification process used by internal audit and legal.
• Directed the improvement of the security related Incident and Change ticket process which reduced daily backlog of requests from (9000% improvement) in 6 months.

Confidential

Chief Information Security Officer

Responsibilities:

• Executed a complete overhaul of security operations across the enterprise to include replacement of tools such as the Symantec Anti-Virus suite (AV, AS, IPS, FW, etc.) and Data Loss Prevention suite that covers data at rest and in transit, Security Event/Incident Management system that covers all regulated and internet facing systems, and implementation of whole disk encryption for all laptops and selected desktops in high crime areas. Through effective vendor negotiations and overhaul of service level agreements, overall products costs were reduced by 11%.
• Drove the Payment Card Industry Data Security Standard implementation and assessment from a marginal/remediated rating to a sustained full compliance with no additional spend by improving corporate system standards and processes.
• With collaboration from the human resources and legal departments, a new online security education, training & awareness program was created that could track employee understanding of the corporate information security policy and grant a one year certification upon successful completion.
• Computer Incident Response Team (CIRT) Manager and responsible for incident detection, recovery, and investigation. All networks remained 100% operational during security events.

Confidential

Chief Security Officer

Responsibilities:

• Provided management and strategic direction related to information security and network operations practices for the organization. The improved data exchange and operations resulted in reduced work duplication and improved expense reduction efforts.
• Educated senior management and employees for security practices and policies and create an atmosphere of security awareness throughout the organization. “Security 101” is offered in person and online to all Colleagues and has resulted in fewer security policy violations.
• Manage the development, implementation, and compliance of security policies, standards, and operational procedures. Using common control frameworks (NIST, COBIT, PCI-DSS, FFIEC, etc.), established a sustainable governance process for data management and protection.

Confidential

Vice President, Information Systems

Responsibilities:

• Accountable for the effective oversight, coordination, and management of the organization's information technology efforts.
• Identified, examined, and analyzed trends and projected future developments in the nature and use of information technology, including hardware, software, telecommunications, systems development, data storage, and access technology.
• Developed benchmarks for investment/cost rationalization, forecasting, and customer data analysis.
• Introduced new contact management system to reach new customers and increase communication with existing customers. The overall impact drove an increase of annualized revenues by 12%.
• Acted as chief consultant on technology to the CEO and executive team.
• Contributed to the definition of strategic corporate objectives through innovative implementation.
• Championed implementation of information security policies and procedures while educating staff members at all levels about likely security risks, probability of exploitation, and mitigation measures.