Information Security Officer
Current• Intricately involved in the oversight of all aspects of the information security program, including incident response, data protection, and application security• Implement and facilitate the information security governance program to support compliance with regulations (i.e. CCPA, NY DFS), industry standards and frameworks (i.e. NIST, ISO 27001, SOC2), and contractual requirements• Partner with IT, Legal, Compliance, Finance, Human Resources, and other departments in support of information security initiatives• Selected as one of only 3% of employees with top leadership potential for the 2019 WFG Leadership Training program• Manage high-risk security events, serving as the primary point of contact for the executive team• Assist with the budget and strategic planning of a multi-million dollar information security program• Prepare security program metrics and key risk summaries for the Information Security Committee presentation• Recruit and hire a robust security team• Manage a team of analysts responsible for monitoring, detecting, and responding to 1000 - 1500 monthly security events• Develop, maintain, and publish comprehensive ISO27001-based information security policies and standards• Develop and maintain the incident response plan• Created and led information security training and awareness programs, including incident response training for senior executives• Provide risk guidance and security expertise for IT and software development projects, including architecture review and proposing secure alternatives• Reduced eDiscovery costs by as much as 80% by identifying a need for and spearheading the implementation of an in-house litigation support and eDiscovery solution• Perform annual PCI self-assessments for crucial business applications• Spearheaded the certificate management initiative, driving the adoption of internal communications encryption with minimal overhead to IT resources