Andrew Stravitz Email & Phone Number

Allendale, New Jersey, US

I'm excited to announce the launch of "Touchpoint Cyber LLC." I've been fortunate to launch an IT Risk and Cybersecurity consulting practice. My first client is located in Connecticut, and is a prestigious "Asset Management Firm / Hedge Fund." I've been helping with their SOC1 preparation, risk assessments and security program development. I'm available to.

Boston, MA, US

• Veolia fully acquired SUEZ in Q2 2022 forming the largest water utility worldwide
• Promoted to Sr. Director to focus supporting on the Municipal Water Business Unit post-merger
• Responsible for GRC program development, vendor risk management (VRM), RFP new business generation, critical infrastructure framework (OT, ICS, SCADA) and training development
• Architected Nozomi SCADA security solution to provide OT/IoT near real-time inventory, vulnerability management, alerting and risk prioritization based on Perdue Model mapping to ISA/IEC 62443
• Lead the effort to produce both SOC1 and SOC2 reports to support regulated utility BU

Paris, Ile De France, FR

• Part of the Global Cybersecurity Strategy team developing roadmap and executing vision
• Developed NIST Policy framework and governance risk and compliance program (GRC)
• Responsible for overseeing all aspects of regulatory framework, and securing critical SCADA infrastructure, rollout of IPS/IDS, MSSP, incident response procedures, and security architecture
• Implementing IT-GRC program based on NIST and ISO27001 security frameworks
• Rolled out next generation end-point security (EDR) in both corporate and SCADA networks
• Building and mentoring a highly effective cybersecurity team, rolled out centralized SOC, firewall audit tools, and set up comprehensive vulnerability management system (Rapid7 Certified)

Frankfurt Am Main, Hessen, DE

• Lead the NYS-DFS 500 interpretation, resource planning, project management
• Completed the responses of the FFIEC Cybersecurity Maturity Assessment Tool
• Handled audit and regulatory responses

New York, NY, US

• Transformed the information security program by assessing, identifying and creating an information security roadmap and multi-year projected budget.
• Coordinated the annual Disaster Recover and Business Contingency Planning test(s).
• Mapped the internal control structure against the newly established FFIEC / FSSCC Cybersecurity Assessment Tool (494 mapped controls) to determine the maturity level of the bank.
• Created and presented the InfoSec Dashboard to the Board of Directors, providing relevant metrics on the state of the InfoSec program. Co-chair of the IT/IS Steering Committee.
• Resolved numerous preexisting audit, compliance and regulatory issues (GLBA) by formulating response plan, tracking documentation, and executing remediation plans.
• Improved the resiliency of the network perimeter, implementing APT detection strategy and preventive controls on end-points, designed new NAC strategy with 802.1x Radius integration, VPN redesign, privileged account.

New York, NY, US

• Created, architected, and engineered the security road map, which aligned the information security initiatives to focus on high-risk areas
• Managed Information Security Special Projects, reporting directly to CISO
• Realigned the Web Application Firewall (WAF) strategy; RFI, RFP and global implementation
• Assumed responsibility for policies, standards, procedures, and guidelines
• Lead effort to combat advanced persistent threats (APT’s)
• Authored a series of strategy documents including cloud security directive, database security, highly confidential initiatives, legal and regulatory compliance, and MSSP project

New York, US

• Dedicated and proven leader who championed a highly effective information security program for 8 years at B&N.com; thwarting numerous attempted external threats.
• Oversee all security related audits and regulatory activity, including Sarbanes Oxley, PCI DSS, etc.
• Responsible for all aspects of the Information Security Program based on ISO 17799 framework
• Incorporated secure development lifecycle working with developers and defect management
• Developed the credit card encryption methodology used universally across all business lines
• Manage and supervise IT security staff and consultants – including “NOOK” independent review

Amsterdam, North Holland, NL

• Developed Strategy as part of core team in Global Office of the CISO
• International assignment, lead a variety of security audits based on BS7799
• Performed Risk Assessments against industry best practices, ISO17799, OCTAVE (CERT)
• Assessed information systems for vulnerabilities using third-party tools (GFI, NetIQ, etc.)

Tel Aviv, IL

• Developed a new US based internet startup from seed money from parent company, as part of the CEO’s immediate executive team
• Responsible for all aspects of the project development
• Authored IT banking policies and procedures for the business plan and approved by the OCC
• Designed web front-end to the legacy Alltel Systematics
• Fortified the Banks perimeter building out security stack and high availability infrastructure
• Managed a 5-million-dollar budget

Amsterdam, North Holland, NL

• Authored and reviewed Policies and Procedures, including: TCP/IP Policy, Antivirus Policy, Firewall Policy, SWIFT procedures, Laptop Policy, Internet Usage Policy, and Security Awareness Program.
• Lead project manager of team that secured company laptops world-wide. Implemented the PKI backbone with ODBC replication in New York, London, Hong Kong & Amsterdam offices.
• Lectured to new and existing employees as part of a security awareness training initiative.
• Assisted in the Y2K implementation of the SWIFT Alliance Application (UNIX Platform) from ST400 (Dec Vax).

Zurich, Zürich, CH

• Responded to security related outstanding audit points and implemented solutions.
• Implemented the first Internet connection at the NY Branch providing secure web and email access.
• Network Administration for the following products: Windows NT, MS Exchange Server, Guardian Firewall, Little Brother (Proxy Filter), McAfee Antivirus, PGP Encryption, DHCP, WINS and MS Proxy Server.
• Administrated Open VMS (VAX/VMS V.71) on the VAX; and OS/400 on the AS/400.
• Administered various financial systems in the bank including: SWIFT(VMS), Wall Street System (DEC/VAX), Maxdata (UNIX), EBS, Windows NT, Novell, Exchange Server, Firewall, Proxy Server, and Midas (AS/400).
• Generated and reviewed daily logs on various Bank systems (e.g. PS Audit logs on AS/400).

Montreal, QC, CA

• Performed security reviews with end users & created firm security policy, including Windows NT.
• Supervised a staff of six employees that supported the correspondent clearing business.
• Implemented system security in a multi-platform environment, including Windows NT, Apple Talk, AS/400, Mainframe & Encryption.
• Investigated legal issues using forensic computer techniques, restored Novell and NT servers using Arc serve and other specialized software.
• Developed, designed and tested new and existing mainframe applications for strong security controls.
• Administered Top Secret Security in a MVS / CICS environment.

Master Of Science - Ms, Accounting

Bachelor Of Science - Bs, Psychology Minor: Computer Science, Economics