| 20,000+ Fresh Resumes Monthly | |
|
|
| | Click here or scroll down to respond to this candidateCandidate's Name , CISM,ISO 27001LAIrving, TX PHONE NUMBER AVAILABLE EMAIL AVAILABLE LINKEDIN LINK AVAILABLE Seasoned security SNDI. cybersecurity, Seeking awareness. cybersecurity role compliance as Led Director expert technology and of enterprise with Information risk 12 years advisory risk plus Security management. at of Goldman experience, and compliance Sachs; specializing developed to leverage in GRC, information extensive IT risk assessments, security background strategies and in at EXPERIENCEIntralinks USA Mar 2023 - PresentGRC ConsultantInformation Security & Compliance Consultant, specialized in IT Governance, Risk, Control and IT Security. Part of the IT GRC team supporting the client across the world:Ensure development of IT GRC and System Security Plan and adherence in procedural documents & Operations.Participate in all security compliance audits performed by internal and external teams.Develop & Plan internal audit calendar aligned to clients internal as well as external audit schedule.Facilitate in-time evidence provisioning to client audit, risk & compliance teams at time of external audits.Hands-on experience in IT Security implementation & audit (such as ISO 27001)Knowledgeable about NIST, CIS guidelines, various other IT Security regulations & baseline controlsExperience in architecture consulting, control establishment & optimization along with auditing security domains such as IAM, Data Encryption, application security, Vulnerability Management & Reporting, Asset Management.Supported the Global Security projects for ISO 27001, SOC 2, SOX, Data Privacy and PCI DSS compliance.Experienced in implementing GRC tools such as TrustArc, Archer, ISoExpress, ServiceNow.Provided input to data governance enterprise assessments as needed including Legal, Regulatory Compliance, and Procurement in partnership with relevant stakeholders. Goldman Sachs USA Sept 2021- January 2023Vice President Technology Risk Advisory Lead AMD Engineering Technology Risk Advisory delivers best in class advisory support and technology solutions across the Information Security risk domains, including scalable uplifts of common core security solutions for use across Goldman Sachs. As a member of Asset and Weath Management TechRisk Team, I was responsible for setting the strategy for identifying, analyzing, monitoring, reporting, and minimizing information technology risks within their assigned portfolio Responsible for defining, documenting and communicating standardized and proactive processes for technology risk identification, treatment, monitoring and reporting. Supported the assigned line of business in gathering information and preparing for all tech risk related reporting and meetings. Collaborated with the assigned Application managers to ensure tracking and timely remediation of risks is occurring Supported the Risk and Control Self-Assessment (RCSA) for the assigned portfolio Coordinated the issue and exception/acceptance processes, including self-reported issues Provided consultative guidance on the prioritization of remediation efforts and supports new initiatives by implementing a baked-in automated control measurement and monitoring. As a Risk Advisor, I oversaw a technical team that was responsible for assessing and managing the portfolio of risks for divisionally aligned products. My team was responsible for all assessments, including, Design / Architecture Reviews, Manual Code Reviews, Penetration Testing, and Continuous Monitoring / Scanning. Built coalitions across teams / product owners, educate counterparts on secure development practices and work collaboratively to drive down risk. Experienced in application vulnerability assessment and penetration testing of web, thick-client, or mobile applications. Managed a technical team or project, and liaising with product owners to manage risk portfolios. Socit Nationale de Dveloppement Informatique (SNDI) Cote dIvoire (the Ivory Coast) Nov 2014 Sept 2021 Chief Information Security Officer Manager, Department of Innovation & Cybersecurity Cybersecurity Advisor Member of National Cybersecurity Strategy Committee Lead IT risk management, technology planning, and security project portfolio. Monitor emerging external security threats and advise stakeholders on mitigation. Ensure regulatory/standards compliance. Built organizations cybersecurity program, saving $2M and enabling 28% revenue growth. Led to the win of new domestic and international business, including $600K contract with USAID and $3M deal with Benin government through a European Union Commission Grant. Positioned SNDI as the chief government authority on cybersecurity among international partners. Built information security e-governance program, including steering committee/advisory board. Developed partnerships with prominent institutions.- Garnered invitations to present at U.S. Embassy workshops at Marshall Center in Germany and annual e- Governance Conference in Estonia. Requested to advise Minister of Foreign Affairs in Estonia on MOU between Ivory Coast (SNDI) and e-Governance Academy. Strengthened organizational security posture by proposing and initiating project to build a data center with cutting-edge capabilities in security monitoring, threat detection, and mitigation. Teamed with partner to produce proof of concept for network and distant recovery center and plan build of Security Operations Center (SOC). Developed a pool of cybersecurity experts within the government by building and launching a cybersecurity training program for IT Directors of all ministries.Quadrant Information Security New York, NY 2013 2014 ISO 27001 Consultant at New York based Global Cloud Service Provider IntralinksAssessed the security gap and implementation of ISO 27001 certification requirements.Implemented security and privacy assessments in TrustArc.Assessed vendors against security requirements and execute periodic vendor security reviewsDevelopped policies, procedures, documentation, and training materials related to data governance.Acted as Enterprise Risk liaison to multiple business units; provided advice and guidance to risk owners, business data owners and subject matter experts through the lifecycle of risk assessments.Analyzed results of risk assessments of data management practices, engaged in effective challenges, and recommended/pursued follow-ups.DRS Technologies, Inc. Washington, DC 2012 2013 Now called Leonardo DRS, the company is a leading, mid-tier defense technology provider. IT Security AnalystReporting directly to CISO, led a team of project consultants. Planned security architecture. Assessed and audited systems security. Maximized enterprise security by designing and implementing companys security architecture. Ensured alignment of security control policies and procedures with regulatory requirements and industry standards by applying FISMA, NIST, and federal guidelines.ADDITIONAL EXPERIENCEAdjunct Faculty, Network Security, New Jersey Institute of Technology Newark, NJ 2013 2014 Information Security Officer (Consultant), Star Management, Inc. New York, NY 2009 2010 Manager IT, Network Security, KPMG LLP Montvale, NJ 2007 2009 Senior Security Consultant, Fortune 500 Clients, Symantec Cuppertino, CA. 2003 2007 EDUCATION & CERTIFICATIONSAuthentication and Authorization with AWS IAMCertified Information Security Manager (CISM)Certified in Risk and Information Systems Control (CRISC) Certified Data Privacy Solutions Engineer (CDPSE)Cisco Certified Network Associate (CCNA)QUALYS Certified SpecialistCertified ISO 27001 Lead ImplementerCertified ISO 27001 Lead AuditorAccessData Certified Examiner (ACE)Professional Development: Immersive Hands-on MultiCloud Specialization Program (AWS. Google Cloud, Microsoft Azure,Oracle Cloud Infrastructure, DevSecOps), Nucamps Python,SQL, DevOPS training, E-Council Certified Chief Information Security Officer (CCISO) Senior Leader Communications Symposium (U.S. AFRICA Command, Africa Endeavor) Defense Industrial Base Cyber Security & Information Assurance Workshop (DoD) ACCOMPLISHMENTS1. Business and Engineering Security Guidances Goldman Sachs 2. Ivory Coast National cyber Security Strategy 2015-2020 SNDI 3. ENCORE AWARD for Network Security migration KPMG LLP 4. ISO 27001:2013 Certification Intralinks IncSKILLSEnterprise Planning Leadership Compliance Vulnerability Risk Information Management Vendor Management Management Security Communication EU ISO/Management GDPR IEC Contract 27001 CCCPA Skills Negotiation Frameworks Nist SOC-Security 800 2 PCI-Cloud regulatory Awareness IT DSS Risk Computing Management HIPAA compliance Training Data Cloud Privacy Business Security Security ISO/Controls Technology Incident IEC 27701 Response Team AFFILIATIONSAdvisory Board for Cybersecurity Program, Ithaca College ISACA, Dallas Chapter Marshall Center Alumni (partnership between U.S., Germany, and NATO for cybersecurity and counterterrorism) Doctorate-Level Program Studies, Cyber SecurityCapitol College Laurel, MDProgram on Cyber Security Studies (PCSS)George C. Marshall European Center for Security Studies Master of Science, Telecommunication/ Security,Boston UniversityBachelor of Science, Computer Systems EngineeringUniversity of Massachusetts, AmherstDoctorate-Level Program Studies, Cyber SecurityCapitol College Laurel, MDProgram on Cyber Security Studies (PCSS)George C. Marshall European Center for Security Studies Master of Science, Telecommunication/ SecurityBoston UniversityBachelor of Science, Computer Systems EngineeringUniversity of Massachusetts, Amherst |