Summary * Senior Director Information Security professional & Cloud Security Transformation Leader with over 13 years of experience maintaining control frameworks in mature organizations as well as establishing a framework for a company new to regulatory compliance. * Develop and execute Cloud Information Security strategy and GRC to proactively identify risk and drive remediation * Develop horizontal view of risk posture across multiple technology domains * Able to communicate complex Information Security concepts to all organizational levels with experience working with companies from several industry verticals including leading financial institutions and U.S. Government agencies. * Summarize the status of Information Security to stakeholders through relevant metrics monthly through an Information Security Steering Committee * Assure compliance with contractual obligations, regulatory requirements, security standards and corporate policies * Remain current with Information Security trends and technologies through a network of information security peers, industry organizations, relevant conferences and product specific alerts and notifications * Perform annual risk assessment to identify and communicate risks to management and assure that applicable risks are mitigated through auditable controls * Advocate, educate and promote Information Security by articulating value to the business and through Information Security Awareness training * Specialist in GDPR, Data Privacy, Data Governance & Compliance * Ensure alignment of product marketing, IT Operations and Development teams to prioritize Information Security projects and initiatives with the business strategy * Establish and validate an internal control framework to meet SOX, GDPR, PCI-DSS and SOC 2 compliance while minimizing disruption to operational efficiencies * Evaluate and provide remediation management for internal and external audits, vulnerability assessments and penetration tests Core Competences Risk Assessment, Vulnerability Assessment, Audits, Controls Evolution, Patch Management, Security Frameworks for Cloud Architectures Application Review, Technical Control Reviews, EU Directive 95/46/EC (GDPR), SAST, DAST, Burp, NIST 800-53 Framework, Sarbanes Oxley, HIPAA, FFIEC-IT, AICPA SOC2, GLBA, Basel II, DFARS PGI, FERC, NERC CIP, DFS, CobIT- FTC, PCI-DSS, TOGAF, Relationship Management, Archer and Tripwire Administration, CISSP, ISO 27001, 27017, 27018, Resource Allocation, Business Continuity Planning, HiTrust - NERC CIP - QSA - PCI DSS SOC 1, 2,3 SOX - FedRamp - FISMA - Qualys- SilverSky - MDM & MAM - Mobile Security - Storage Security - Centrify- Vaultive - CipherCloud - Zscaler - Serverless Infrastructre - MicroServices- WebServisces - Incident Management and BISO - Cryptography (Symmetric and Asymmetric Encryption) - Veracode- QRadar- Nesuss - WireShark - Dockers - Cloud Security IDM - Problem Solving, Vulnerability Scans Regulatory Compliance, Policy Development, Auditing, Information Security Architecture, Leadership
Description
