| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name , CISSP, CISMBoca Raton, FL PHONE NUMBER AVAILABLE EMAIL AVAILABLEDirector of Information SecurityAn IS/IT executive with experience leading international teams that delivered exceptional results, including global and national leaders in software, finance, mortgage banking, manufacturing retail and other industries. Experience in IT security, governance, risk and compliance, applied to perimeter security, infrastructure as code, cloud technologies and software development. Skilled in bringing a holistic approach to information security that aligns business operations with a sustainable security program, from gap analysis to phased implementation approach to meet security and privacy needs while embracing the companys culture and integrating with existing business processes and environment. Proven track record playing a key role in protecting information assets through proper implementation of information security policies, procedures, standards, technical safeguards, security analysis and mitigation, incident response, governance, risk management, compliance, and SOC programs.Areas of ExpertiseEnterprise Architecture Risk Appetite Management & Mitigation GRC Policies Cloud Strategies and Technologies Application Security GRC SOC Compliance CMMC Gap Analysis Business Continuity Disaster Recovery Vendor Management SLA Efficiency & Cost Control SDLC DevSecOps Agile GDPR PCI-DSS HITRUST HIPAA CCPA Data Protection AWS Docker Containers IEC 62443, NERC CIP, ISO 27001 & NIST 800 Frameworks Best Practice ExperienceAccenture/Creative Drive, FL 2018 - PresentDirector of Information Security/CISOSafeguarding CreativeDrives information assets and driving information security strategy across CreativeDrive Enterprise, steering IT strategy, building resiliency and aligning security risk profiles with Business Impact. Developing and evangelizing secure software development processes, driving InfoSec culture. Brought first compliance, SOC2 certification to CreativeDrive optimized audit process and reduced cost by 35%. Improved privacy, transparency, accountability across CreativeDrive dispersed studio locations Spearheaded the development and execution of the CreativeDrive's comprehensive cybersecurity program, ensuring protection against cyber threats and attacks. Led a team of cybersecurity professionals, fostering a culture of collaboration, continuous improvement, and knowledge sharing. Implemented a risk-based approach to identify vulnerabilities and proactively address security gaps, resulting in a massive 99% reduction in security incidents. Built resilience and considerably improved organization's ability to respond effectively to cyber incidents, with development and maintenance of a holistic and complete incident response plan. Collaborated with cross-functional teams to integrate security measures into products and services, ensuring a secure-by-design approach. Coordinated with Human Resources and other departments to ensure proper physical and personnel security programs were properly implemented across all functional areas. Conducted regular security awareness training for employees, raising awareness of cybersecurity best practices and fostering a security-conscious culture. Reduced cyber uncertainty, increasing visibility within multi-cloud environments. Continue to develop and evangelize secure software development processes, driving InfoSec culture. DevSecOps best practice, enabling DevOps culture change, helping shift security left in early stages of SDLC. Elevate Consult, FL 2017 - 2018CISO Services ConsultantServiced field clients such as AgilePoint.com/CA.; CortexMedia/FL; Affinio/NS; BeneLynk/CT; GreenspoonMarder/FL, Hollander Sleep Products/FL, City National Bank/FL. Candidate's Name EMAIL AVAILABLE Page Two Provided expert cybersecurity consulting services to a diverse Clientele that considerably improved their security posture, brought awareness and alignment with cyber hygiene best practices. Helped clients secure first time SOC compliance title by spearheading readiness security audits and assessments to identify vulnerabilities and weaknesses in clients' security infrastructure. Delivered actionable recommendations and best practices to clients enabling significant enhancement to their cybersecurity defenses, and improvement of their overall security posture. Assisted clients in developing and optimizing incident response plans and conducting readiness assessments that reduced overall costs of compliance audits by 25% Performed Threat landscape analysis, Security Assessment, Gap Analysis and compliance assessment to help clients achieve ISO27001, SAAE16 SOC2 certifications. MIAC - Mortgage Industry Advisory Corp., NY 1997 2017 SVP, Security and Technology Strategies 2007 January 2017 Promoted to improve the state of security, accelerate and develop MIAC systems, infrastructure, and compliance, leveraging up to $2 million IT budget. Spearheaded creation and continuous improvement of a secure web platform for online production delivery of a growing $4 million monthly revenue business subscription model. Supervised 15, including management, supervisors, DBAs, contractors, and IT professionals. Developed information security program that brought transparency, accountability, and compliance to MIAC production platform and processes through the creation of security strategic plan and a central management system, securely linking MIAC India production unit to NY main office and its other US-based and international offices. Reduced exposure by $150k annually. $200k negotiated in additional vendor services, including up-to- date technology solutions. Led SAS70, SSAE-16/SOC1 SOC2 certification programs and initiated preliminary steps to GDPR Compliance for UK office. To strengthen its reputation for meeting demanding compliance requirements, MIAC needed to secure SAS and later SSAE certifications. Led the program to installation, improve and document best practices and internal controls. Passed all compliance audits without any deficiencies. Enabled the firm to and major corporate accounts and government contracts with USAA, Freddie Mac, Fannie Mae and FHLB, among others. Introduced MIAC to new cloud technologies and steered digital transformation efforts to port legacy systems onto Microsoft Azure cloud platform, saving on future cost of hardware ownership and evangelizing a modern journey towards pay-as-you-go operating expenditures advantage of the cloud environments. Worked heavily on SQL Data software processing optimization from old legacy SQL servers towards Google Big Query system to harness the power and speed of cloud computing. Disaster recovery strategy proves its worth in Hurricane Sandy. Seeing the need for upgrading MIAC contingency planning, authored a Business Continuity and Disaster Recovery Plan. Implemented new systems and procedures, including redundant co-location of all mission critical systems in India and the US. The plan was battle-tested during 2012 Super Storm Sandy when MIAC HQ and much of NYC was closed for days but 100% seamless operations resumed within only hours. Strengthening the brand name reputation and saving an estimated $15 million of revenue stream. Slashed hardware costs by 50% with virtualization. Consolidated existing production servers, increasing stability, reliability and uptime. Increased scalability while improving performance and significantly reducing hardware footprint, resulting in a $150k savings on ongoing costs of ownership over 5 year term hardware life cycle. Created a cost-saving data backup strategy by introducing a robust, scalable hard drive-based data de- duplication system from Data Domain, resulting in a $35k yearly net savings while increasing fault tolerance and maintaining data availability. Improved service delivery capabilities with an innovative all secure solution. Looking to enhance MIAC services, developed and incorporated into existing its new web portal an interactive secure platform connecting clients to the firm. Enabled seamless interactive collaboration, including collection, analysis and transmission of data between MIAC and clients. Increased efficiency, productivity and cyber security while cutting response times. The firm leveraged the new tool to boost sales and deliver a growing pipeline of $3.9 million monthly revenue business subscription model. Improved customer support and cut costs with a knowledge base & tracking tool. Growth at MIAC dramatically ratcheted up the volume of support calls. Created an online knowledge base, enabling unattended client support. Introduced a bug-tracking tool to manage/prioritize trouble tickets and responses. Freed staff from answering routine questions to allow them to focus on higher-level client support tasks. Accelerated response/resolution times and increased satisfaction by 50%. Reengineered an existing platform to generate a new SaaS revenue stream of 50k/year. MIAC wanted to maximize the benefits of its acquisition of Academetrics / UK and its valuation tools for rental real estate property. Led a team that migrated the tool to existing MIACs SQL server platform. Generated hundreds of thousands in sales of the tool as a licensed SaaS resource to property surveyors in the UK. Built a web portal that drove new traffic and revenues. Existing first-generation web presence at MIAC lacked marketing/data collection capabilities and needed to be strengthened. Assembled and led a team of web and database developers. Created a MIAC Analytics website with an integrated Asset Forum, providing secure client access to advanced risk management capabilities. Leveraged the new presence to capture increased search engine exposure and generate new B2B leads from major financial institutions that resulted in $550k in new revenues.VP of Technology 2004 2007 Promoted to improve day-to-day internal IT operations and lead software and solutions product development. Systems and Software Engineer 1997 2004 Worked on Loan level Stratification System for MSR & Whole loan Portfolios. Supported/maintained MIAC proprietary Risk-Portfolio management and pricing system. Migrated to a global VoIP system, cutting costs. CertificationsCertified Information System Security Professional (CISSP) Certified Information Security Manager (CISM)EducationMaster of Science (MS) in Computer Science with a concentration in Telecommunications Iona CollegeBachelor of Science (BS) in Computer InformationHigh Technology School in Casablanca, Morocco |
