Quantcast

Privacy Project Management Information S...
Resumes | Register

Candidate Information
Name Available: Register for Free
Title Privacy, Project Management, Information Security, Compliance
Target Location US-NJ-Newark
Email Available with paid plan
Phone Available with paid plan
20,000+ Fresh Resumes Monthly
    View Phone Numbers
    Receive Resume E-mail Alerts
    Post Jobs Free
    Link your Free Jobs Page
    ... and much more

Register on Jobvertise Free

Search 2 million Resumes
Keywords:
City or Zip:
Related Resumes
Click here or scroll down to respond to this candidate
Candidate's Name , MS, CISSP, CISM, CIPP/USLinked In Bloomfield, NJEMAIL AVAILABLE PHONE NUMBER AVAILABLEC-Suite Information Technology and Privacy/Security Leader IT Generalist Chief Technology and Information Security Officer with Global Management Scope Specialist in ISO Street Address  & Security Project Management Requirements Management Change Management Production Assurance Fraud and Data Loss Protection Business Continuity Planning Disaster Recovery Business Process Improvement Risk Management Full Life Cycle Project Management Vulnerability Management IT Control Awareness Software Development Security and Compliance Awareness TrainingPrivacy Expert with compliance experience in HIPAA, GDPR, PCI & FFIEC. Reputation for reliably delivering security services and systems over 20 years of IS/IT leadership, building a record of minimizing security incidents, maximizing risk awareness, and automating security operations. Services included Compliance, Next Generation Firewalls, Intrusion Protection & Detection, Security Service Provider Contracts, and Governance Systems. OVERVIEW Managed and contributed to complex and aggressive IT projects in multiple domains such as: applications, database, cyber security, networking, and cloud. Always steps up to emergent IT challenges of any difficulty, earning a reputation for keeping the customer satisfied, motivating staff, and maintaining high morale Has developed Infrastructure and security strategies for multiple landmark institutions. Performed reputation protection for multiple landmark institutions. Managed numerous projects from concept to completion consistently on time, on budget, on target Counted on to explain technical concepts of any complexity in everyday language for end-users and translating technology into practical business applications Developed and supported actionable audit findings in fraud prevention, data loss prevention, processing efficiency, and business continuity. Built, led, managed, and empowered teams of up to 130 technical experts including programmers, architects, and senior analysts Captured and categorized risk according to ISO 27001. Security program development according to ISO 27001. As a Leader  the voice of reason in a crisis. Encourage unconventional thinking when standard solutions fail. Maintain utmost respect for all, especially mindful of any special needs of those offshore or present. SKILL SETSManagementBudget Development & Oversight \ Business Case Development \ Financial Management \ Governance Systems \ Incident & Problem Management \ Infrastructure and Security Programs \ Presentations, Executive/Management Level \ Process Improvement \ Production Assurance \ Quality Assurance & Control \ Regulatory Compliance \ RFI/RFP Processes \ Service Provider Relations \ Team Building, Leadership \ Staff Training & Development \ Strategic Planning& Implementation \ Vendor Management & RelationsEMAIL AVAILABLE Candidate's Name  P. 2 of 6 Security TechnologiesFireeye Anti-Malware \ Firewalls \ Intrusion Detection & Protection \ Palo Alto Next Generation Firewall \ RSA Archer EGRC \ HB Gary \ Imation Iron Key \ Proof Point Core Protection & TAP \ Encase \ Bitlocker \ Nessus\ CloudFlare Anti DOS \ Forcepoint DLP \ Arbor Anti DOS \ Qualys \ Nexpose \ StealthBits \ Carbon Black Application Protect \Carbon Black Response\ CrowdStrike \Tenable CAREER HISTORYMindray Medical Devices, Mahwah, NJInformation Security and Compliance Principal, February 2023 - present Develops, implements, updates, and enforces data and security-related privacy policies, standards and procedures, and corrective actions as needed. Maintains current knowledge of applicable data protection laws, security standards, information technology trends, and accreditation standards. Evaluates and improves processes for investigating, documenting, and reporting unauthorized access or disclosure of personal information. Maintains and updates the information management system in collaboration with legal and governance teams. Provides risk assessments and security briefings to management and advises them of critical issues that may affect customer or corporate security objectives. Creates and delivers privacy and security-related training programs for all employees, contractors, and any appropriate third parties. Leads risk assessments, audits, policy, governance, and/or reporting. Englewood Health, Englewood, NJDirector of Information Security and Identity and Access Management July 2022- February 2023 Sourcing SIEM and TVM technology Establishing SIEM and TVM processes Utilizing HITRUST to review controls against multiple compliance frameworks. Managing IOT risk throughout 160 locations Delivering Security & Privacy Awareness through the KnowBe4 platform. MUFG - Mitsubishi Trust Bank, New York, NYVice President of Network Security and Network Operations September 2021- July 2022 Implemented Network Operations Service Delivery Model to manage assets, maintenance, and network elaboration. Manage a staff of 5 in security and 3 network engineers.. Service Owner and manager for Vulnerability Management, Next Generation Firewalls, Anti-Virus, EDR, Application Whitelisting and SIEM. Implemented The MITRE Attack Framework in the SIEM alerting catalogue to enhance awareness of MITRE Attack Tactics and Techniques being observed. Managing technology refresh for over 300 network assets. The Juilliard School, Lincoln Center, NYDirector of Information Security and Privacy September 2019 - September 2021 Develop and socialize security roadmap highlighting risk remediation options for management Assess all known risks and capture same in an Enterprise Cyber Risk Register Developed The Juilliard Security Program Delivering Data Governance and Data Security Awareness Training Implemented DLP to highlight the pervasive loss of regulated data occurring in the environment Contribute security & privacy advisory services to IT projects to reduce risks, including vendor management Organize and deliver enterprise security awareness EMAIL AVAILABLE Candidate's Name  P. 3 of 6 Manage all compliance obligations for PCI, FERPA, HIPAA, PII and GDPR Implemented and operating CrowdStrike Endpoint Protection and Remediation. Served as administrator. Implemented and operating Proofpoint Email Security Gateway for New York and Tianjin, China campuses. Served as administrator. Implemented and operating Tenable Security Center for Vulnerability management, subsequently shifted to Qualys Implemented and operating Acunetix Web Application Vulnerability Scanner for New York and Tianjin, China campuses Created policies and procedures for data classification, data storage, data movement, workstation security, appropriate use. Provide security and compliance updates and plans for management and the board. Daily Monitor of Proofpoint SEG, Palo Alto Firewalls, Stellar XDR and CrowdStrike Console. Operate Tenable, Acunetix and Qualys vulnerability scanners. New York University, New York, NYSenior Director June 2017 to August 2019 Manage operations and network tech refresh for 3 data centers, 200 NYC buildings, and 14 global sites. Responsible for approving all requests for production changes and implementation for networking, cloud, compute, and critical infrastructure Oversee the Global Infrastructure and Security Program for a hybrid HIPAA-covered entity with 65,000 users, including 9,000 High Performance Computing (HPC) nodes. Manage $40M annual OTPS, $9M capital, and $12M staffing budgets, 2,000 Linux and Windows servers including 400 HPC servers, 200 AWS servers and 130 employees with 6 direct reports. All servers patched up to date in one year. To mitigate rampant network outages at a major NYC university, I reviewed long-ignored root cause analysis reports citing dangerous conditions & practices and launched a network improvement project to implement all Cisco recommended configuration and design changes to control future risk Achieved significant savings with reductions to budgets of both Infrastructure-Security OTPS, by 1% or$3.2M, and personnel, by 8% or $1.2MYale University, New Haven, CTChief Information Security Officer & Chief HIPAA Security Officer 2011 to 2017 Recruited as first ever CISO for an Academic Medical Center, created a security and privacy program that returned stability to systems. Managed 14-member Information Security, Forensic and Compliance staff, developed a security program to deliver security operations, compliance, forensics, policy and procedure. As CISO of Yale I hired Verizon Cyber Trust to conduct an Enterprise Risk Assessment based on ISO27001. I adopted the practice of maintaining an ISO based risk register to serve as a gap analysis mechanism and a way to provide justification for years of remediation projects. Sought a SEG solution to deal with high volume phishing attack trend. Trialed multiple tools. Select Proofpoint based on feature set and ease of administration. Implemented and operated Proofpoint Email Security Gateway. Threats not handled by Palo Alto led to identification of FireEye as remediation for zero-day threats. Implemented and operated Fireeye Network Security Implemented and operated 12 Palo Alto Networks Next Generation Firewalls with Decommission of Websense Web Proxy. Provisioned Duo MFA for 33,000 users in response to an incident where 800 email accounts had been compromised. Provisioned Encrypted USB for 4000 physicians Maintained Encrypted laptops for 9,000 member HIPAA entity with MBAM and File Vault. Performed serious flow analytics with Lancope Stealth watch to build a case for the eventual 25M network segmentation project.EMAIL AVAILABLE Candidate's Name  P. 4 of 6 Implemented and operated Stealth bits and Force point DLP to enhance data security and support data governance. Decommissioned Identity Finder. Led project to introduce the RSA (Archer) Electronic Risk Governance and Compliance (eGRC) System to focus on security and risk reduction of the most critical assets Performed annual BCDR tests Rationalized assets vulnerable to data breaches by transferring all computing assets with sensitive data to private IPs, well-hidden from outside threats Won an ISC2 Information Security Leadership Award, as a finalist in the Senior Information Security Professional Category, Chicago 2013 Expanded IT risk knowledge by delivering executive and management-level presentations and successfully promoting intradepartmental cooperation across the university Introduced systems compliance and assurance initiatives in HIPAA/HITECH, PCI and data security Columbia University, New York, NY 2007 to 2011Director of Information Security, Medical Center Responsible for 9 direct reports Performed HITRUST assessments for 300 clinical applications Delivered HIPAA awareness training for all employees and medical students Introduced a Vulnerability Management program for all institutional servers with IBM ISS scanner Devised and implemented a HIPAA Security Assessment program analyzing 300 clinical and research applications with 9 assessors in one year requiring massive capital deployment to meet HIPAA compliance and data security standards Developed company-wide staff training in IT Controls/Security, Database Technology, SQL, Crystal Reports, Business Objects, and Data Warehousing, including writing, SDLC, testing, and data access Improved IT risk awareness by launching a training program presented at an auditor conference in 2009, comprised of nine business units and completing four As a Director of Security and Compliance I led a recertification effort for Technology used by the Positronic Emission Topography (PET) Center with CFR 21 Part 11 compliance. Mitigated a serious data breach that rattled an OHCA partner hospital to the point of considering cutting off access and might have stalled major revenue streams from 800 medical practices, by initiating risk assessment of 300 clinical applications to restore confidence in hospital management. Received 8 additional IT auditor resources for the task and exceeded all expectations in remediating the worst conditions, avoiding any negative outcomes  Major Academic Medical CenterDirector of IT Audit Evaluated IT governance plans, best practices, and model options Administered key IT projects and represented audit at trustee meetings Oversaw IT audit staff plus matrixed project personnel, conducting and communicating internal IT audit results to senior leadership Collaborated with government and regulatory agencies including FBI and SEC Implemented risk avoidance measures by designing and leading an enterprise-wide Security Awareness Campaign involving all clinical teams Trained and guided non-IT auditors in passing the tech section of the CIA certification exam Instilled maximum levels of IT risk awareness with breakthrough audits, security scanning technologies, and risk management projects As Director of IT Audit, I assisted Ernst and Young with an Enterprise Risk Assessment based on ISO27001. Gaps were catalogued in a risk register for re-verification in future audit planning. EMAIL AVAILABLE Candidate's Name  P. 5 of 6 Memorial Sloan Kettering Center, New York, NY 2006 to 2007 IT Audit Manager Identified key risks requiring managements immediate attention by conducting HIPAA, wireless, PeopleSoft, and clinical equipment audits, as well as IT asset accounting review Technical Project Manager 2001 to 2006 Directed 12 programmers, analysts, infrastructure experts, others in hospital financial system operations Primary liaison to Information Security, furnishing high level strategies and executive assistance Strengthened competitive advantage by configuring 12 Web-based extensions to the legacy ERP system Oversaw staff training in DB Artisan, SQL, SDLC, and testing, and taught users in all applications Developed an online inventory of radio chemicals and a nuclear license management system Created and won management approval for Application Development Operations (ADOPS) EDUCATIONColumbia University, New York, NYExecutive Master of Science In Technology Management St. Johns University, New York, NYBachelor of Arts In English (Cum Laude)Professional Development & Certifications Certificate in Applications Programming, NYU Information Technologies Institute; Account Executive Training (Series 7) and Technical Analysis, New York Institute of Finance Six Sigma Green Belt Training, Villanova University, Philadelphia, PA Leadership training with MOR Associates. Total Quality Management (TQM) at NYNEX Corp.Technical Certifications Certified Information Systems Security Professional (CISSP) / certification number: 332390 Certified Information Security Manager (CISM) / certification number: 232167380 Certified Information Privacy Professional (CIPP/US) certification number: ITIL Foundation Certification, Loyalist Certification Services COBIT Foundation Certificate Cloud Computing Security Knowledge (CCSK) (Formerly PMP, CISA)EMAIL AVAILABLE Candidate's Name  P. 6 of 6 PROFESSIONAL SPEAKING ENGAGEMENTS New Jersey Institute of Technology, Higher Education and Critical Infrastructure Preparedness May 2018 AWS Initiate for the Public Sector, NY Higher Education Progress with Cloud Adoption July 2018 Palo Alto User Conference, MA  Visibility Afforded by Next Gen Firewalls 2014 PROFESSIONAL AFFILIATIONS Cloud Security Alliance (CSA) The International Information Systems Security Certification Consortium (isc2) ISACA IAPP

Respond to this candidate
Your Message
Please type the code shown in the image:

Note: Responding to this resume will create an account on our partner site postjobfree.com
Register for Free on Jobvertise