Andrew Stravitz

Andrew Stravitz Email and Phone Number

vCISO, CISSP, CISM & ITIL | Security Transformation | Regulatory Compliance & GRC | Critical Infrastructure | OT ICS SCADA | President of Park Toastmasters Club @ Touchpoint Cyber
Andrew Stravitz's Location
Allendale, New Jersey, United States, United States
Andrew Stravitz's Contact Details
About Andrew Stravitz

Professional Profile:Seasoned information security professional protecting national critical infrastructure, holding CISSP, CISM and ITIL certifications with over 20 years of management and technical experience as innovative leader. Managed and mentored staff at all levels of the organization on a variety of information security initiatives, building strong teams to protect corporate assets. Provided input to industry leading vendors for numerous product enhancements, and commentary on regulatory legislation. Extensive experience in implementing web application security, rapid incident response programs and operating in a highly regulated environment. Developed impactful and measurable security awareness training.• Security Transformation • IS Strategy & Execution • Executive reporting (metrics) • Program development • Information risk management • Security architecture • Security roadmap • Regulatory compliance • Business continuity planning • Strong cryptology design knowledge• Business Resilience • Security in the cloud • Critical Infrastructure (Financial & OT ICS SCADA) Accomplishments:Developed new information security and computer risk management programs from inception based on the NIST, ISO27001 and PCI DSS standards. Authored numerous security articles, white papers, information security policies and performed security risk assessments. Presented on a variety of security topics, including web application security, data-centric approach, security awareness and information risk management. Speaking engagements as a SME at Evanta, IANS conferences, SC Magazine, CISO Executive Summit, Security 500, Tech Managers Forum and Polytechnic University. Executive Skills:• Executive & Board level reporting (metrics) • Program development • Information risk management • Security architecture • Security roadmap • Regulatory compliance • Business continuity planning • Strong cryptology design knowledge • Expert level knowledge of the PCI Standard • BudgetingContact me at astravitz@yahoo.com

Andrew Stravitz's Current Company Details
Touchpoint Cyber

Touchpoint Cyber

View
vCISO, CISSP, CISM & ITIL | Security Transformation | Regulatory Compliance & GRC | Critical Infrastructure | OT ICS SCADA | President of Park Toastmasters Club
Andrew Stravitz Work Experience Details
  • Touchpoint Cyber
    Founder (It Risk & Cybersecurity Consultant)
    Touchpoint Cyber Nov 2023 - Present
    Allendale, New Jersey, Us
    I'm excited to announce the launch of "Touchpoint Cyber LLC." I've been fortunate to launch an IT Risk and Cybersecurity consulting practice. My first client is located in Connecticut, and is a prestigious "Asset Management Firm / Hedge Fund." I've been helping with their SOC1 preparation, risk assessments and security program development. I'm available to help with all your cybersecurity needs, with over 20 years of experience building programs in e-commerce, financial services and utility sector. I've been working as a fractional (virtual) CISO. I'm available to assist with complex IT Cybersecurity project(s) which require business alignment, complex integration and ownership, assist with regulatory compliance issues (SOC1 or SOC2, PCI Compliance, etc.), internal and external audits, and review and document your security stack, security strategy, awareness training, metrics, product evaluation and selection, policies, standards, procedures, tabletop exercises, etc. With a masters in accounting and budget responsibilities for over a decade, I have assisted my existing client(s) negotiate hundreds of thousands in savings; resulting in stronger programs for lower costs. You can set up a consultation on my calendar:https://touchpointcyber.com/ and select "Schedule a Consultation"
    View
  • Veolia North America
    Biso, Senior Director Db&T
    Veolia North America Jun 2022 - Oct 2023
    Boston, Ma, Us
    • Veolia fully acquired SUEZ in Q2 2022 forming the largest water utility worldwide• Promoted to Sr. Director to focus supporting on the Municipal Water Business Unit post-merger• Responsible for GRC program development, vendor risk management (VRM), RFP new business generation, critical infrastructure framework (OT, ICS, SCADA) and training development• Architected Nozomi SCADA security solution to provide OT/IoT near real-time inventory, vulnerability management, alerting and risk prioritization based on Perdue Model mapping to ISA/IEC 62443 • Lead the effort to produce both SOC1 and SOC2 reports to support regulated utility BU
    View
  • Suez
    Regional Ciso Of North America, Director Of It Risk & Security
    Suez Jun 2017 - Jun 2022
    Paris, Ile De France, Fr
    • Part of the Global Cybersecurity Strategy team developing roadmap and executing vision• Developed NIST Policy framework and governance risk and compliance program (GRC)• Responsible for overseeing all aspects of regulatory framework, and securing critical SCADA infrastructure, rollout of IPS/IDS, MSSP, incident response procedures, and security architecture• Implementing IT-GRC program based on NIST and ISO27001 security frameworks• Rolled out next generation end-point security (EDR) in both corporate and SCADA networks • Building and mentoring a highly effective cybersecurity team, rolled out centralized SOC, firewall audit tools, and set up comprehensive vulnerability management system (Rapid7 Certified)• Responsible for Tabletop Simulation Exercises and Security Awareness program• Deployed global shared services with local cyber tools to protect information assets via CrowdStrike, Varonis, Zscaler, Cisco Firepower, Fortinet, Imperva, Splunk and Nozomi
    View
  • Deutsche Bank
    Information Security Officer, Vp (Ciso Of Americas Office)
    Deutsche Bank Sep 2016 - Jun 2017
    Frankfurt Am Main, Hessen, De
    • Lead the NYS-DFS 500 interpretation, resource planning, project management • Completed the responses of the FFIEC Cybersecurity Maturity Assessment Tool• Handled audit and regulatory responses
    View
  • Safra National Bank Of New York
    Fvp, Ciso
    Safra National Bank Of New York Oct 2014 - May 2016
    New York, Ny, Us
    • Transformed the information security program by assessing, identifying and creating an information security roadmap and multi-year projected budget. • Coordinated the annual Disaster Recover and Business Contingency Planning test(s). • Mapped the internal control structure against the newly established FFIEC / FSSCC Cybersecurity Assessment Tool (494 mapped controls) to determine the maturity level of the bank. • Created and presented the InfoSec Dashboard to the Board of Directors, providing relevant metrics on the state of the InfoSec program. Co-chair of the IT/IS Steering Committee. • Resolved numerous preexisting audit, compliance and regulatory issues (GLBA) by formulating response plan, tracking documentation, and executing remediation plans. • Improved the resiliency of the network perimeter, implementing APT detection strategy and preventive controls on end-points, designed new NAC strategy with 802.1x Radius integration, VPN redesign, privileged account management and enhanced computer forensic capabilities. • Redesigned the vulnerability management program to prioritize remediation based on risk. • Implemented a new MSSP program to provide centralized 24/7/365 security monitoring. • Responsible for the Bank’s physical security, including upgrade path for cardkey and camera systems
    View
  • Nasdaq Omx
    Principal Of Information Security
    Nasdaq Omx Nov 2011 - Jul 2014
    New York, Ny, Us
    • Created, architected, and engineered the security road map, which aligned the information security initiatives to focus on high-risk areas• Managed Information Security Special Projects, reporting directly to CISO• Realigned the Web Application Firewall (WAF) strategy; RFI, RFP and global implementation • Assumed responsibility for policies, standards, procedures, and guidelines• Lead effort to combat advanced persistent threats (APT’s)• Authored a series of strategy documents including cloud security directive, database security, highly confidential initiatives, legal and regulatory compliance, and MSSP project• Information Security Officer responsible for supporting all information security functions related to the Global Corporate Solutions business unit
    View
  • Barnes & Noble
    Director Of Information Security
    Barnes & Noble Nov 2003 - Oct 2011
    New York, Us
    Dedicated and proven leader who championed a highly effective information security program for 8 years at B&N.com; thwarting numerous attempted external threats.• Oversee all security related audits and regulatory activity, including Sarbanes Oxley, PCI DSS, etc.• Responsible for all aspects of the Information Security Program based on ISO 17799 framework• Incorporated secure development lifecycle working with developers and defect management • Developed the credit card encryption methodology used universally across all business lines• Manage and supervise IT security staff and consultants – including “NOOK” independent review• Evaluate application security based on OWASP and WASC standards via vulnerability scanning• Certified application security tester using HP WebInspect DAST scanning tool• Created an Employee Security Awareness Training Program to educate all employees• Perform due diligence and act as an advocate for all customer privacy & security concerns• Design the application security schemata based on using public encryption algorithms to protect database and password information. Designed P3P site policy• Provide litigation and forensic support for the legal department• Implemented various security gateway devices and email firewalls to improve efficiencies
    View
  • Ing
    Ing Bank Security Consultant
    Ing May 2002 - Oct 2003
    Amsterdam, North Holland, Nl
    • Developed Strategy as part of core team in Global Office of the CISO• International assignment, lead a variety of security audits based on BS7799• Performed Risk Assessments against industry best practices, ISO17799, OCTAVE (CERT)• Assessed information systems for vulnerabilities using third-party tools (GFI, NetIQ, etc.)
    View
  • Bank Hapoalim
    Chief Technology Officer
    Bank Hapoalim Oct 2000 - May 2002
    Tel Aviv, Il
    • Developed a new US based internet startup from seed money from parent company, as part of the CEO’s immediate executive team• Responsible for all aspects of the project development• Authored IT banking policies and procedures for the business plan and approved by the OCC• Designed web front-end to the legacy Alltel Systematics • Fortified the Banks perimeter building out security stack and high availability infrastructure • Managed a 5-million-dollar budget
    View
  • Ing
    Corporate Security
    Ing Jul 1999 - Oct 2000
    Amsterdam, North Holland, Nl
    • Authored and reviewed Policies and Procedures, including: TCP/IP Policy, Antivirus Policy, Firewall Policy, SWIFT procedures, Laptop Policy, Internet Usage Policy, and Security Awareness Program.• Lead project manager of team that secured company laptops world-wide. Implemented the PKI backbone with ODBC replication in New York, London, Hong Kong & Amsterdam offices.• Lectured to new and existing employees as part of a security awareness training initiative.• Assisted in the Y2K implementation of the SWIFT Alliance Application (UNIX Platform) from ST400 (Dec Vax).
    View
  • Julius Baer
    Assistant Vice President
    Julius Baer Nov 1997 - Jul 1999
    Zurich, Zürich, Ch
    • Responded to security related outstanding audit points and implemented solutions.• Implemented the first Internet connection at the NY Branch providing secure web and email access. • Network Administration for the following products: Windows NT, MS Exchange Server, Guardian Firewall, Little Brother (Proxy Filter), McAfee Antivirus, PGP Encryption, DHCP, WINS and MS Proxy Server. • Administrated Open VMS (VAX/VMS V.71) on the VAX; and OS/400 on the AS/400. • Administered various financial systems in the bank including: SWIFT(VMS), Wall Street System (DEC/VAX), Maxdata (UNIX), EBS, Windows NT, Novell, Exchange Server, Firewall, Proxy Server, and Midas (AS/400).• Generated and reviewed daily logs on various Bank systems (e.g. PS Audit logs on AS/400) . • Centralized the administration the AS/400 using PentaSafe products, based on C-2 level security and IBM standards. Completed the core requirements for AS/400 System Administration at an IBM facility.• Developed the first security awareness training program working with human resources.
    View
  • Bear Stearns & Co.
    Vice President
    Bear Stearns & Co. Jul 1995 - Nov 1997
    Montreal, Qc, Ca
    • Performed security reviews with end users & created firm security policy, including Windows NT.• Supervised a staff of six employees that supported the correspondent clearing business.• Implemented system security in a multi-platform environment, including Windows NT, Apple Talk, AS/400, Mainframe & Encryption.• Investigated legal issues using forensic computer techniques, restored Novell and NT servers using Arc serve and other specialized software. • Developed, designed and tested new and existing mainframe applications for strong security controls.• Administered Top Secret Security in a MVS / CICS environment.• Promoted from Manager to VP, employment check: evs.jpmorganchase.com
    View

Andrew Stravitz Skills

Information Security Security Computer Security Cissp Application Security Penetration Testing Network Security Vulnerability Assessment Firewalls Web Application Security Information Technology Information Security Management Pci Dss Disaster Recovery Vulnerability Scanning Owasp Vpn Security Awareness Business Continuity Ceh Security Policy Agile Methodologies Risk Assessment Security Audits Active Directory Ethical Hacking Cism Itil Certified Certified Information Security Manager

Andrew Stravitz Education Details

  • Pace University - Lubin School Of Business
    Pace University - Lubin School Of Business
    Accounting
  • Stony Brook University
    Stony Brook University
    Economics

Frequently Asked Questions about Andrew Stravitz

What company does Andrew Stravitz work for?

Andrew Stravitz works for Touchpoint Cyber

What is Andrew Stravitz's role at the current company?

Andrew Stravitz's current role is vCISO, CISSP, CISM & ITIL | Security Transformation | Regulatory Compliance & GRC | Critical Infrastructure | OT ICS SCADA | President of Park Toastmasters Club.

What is Andrew Stravitz's email address?

Andrew Stravitz's email address is an****@****uez.com

What is Andrew Stravitz's direct phone number?

Andrew Stravitz's direct phone number is +121242*****

What schools did Andrew Stravitz attend?

Andrew Stravitz attended Pace University - Lubin School Of Business, Stony Brook University.

What skills is Andrew Stravitz known for?

Andrew Stravitz has skills like Information Security, Security, Computer Security, Cissp, Application Security, Penetration Testing, Network Security, Vulnerability Assessment, Firewalls, Web Application Security, Information Technology, Information Security Management.

Free Chrome Extension

Find emails, phones & company data instantly

Find verified emails from LinkedIn profiles
Get direct phone numbers & mobile contacts
Access company data & employee information
Works directly on LinkedIn - no copy/paste needed
Get Chrome Extension - Free

Aero Online

Your AI prospecting assistant

Download 750 million emails and 100 million phone numbers

Access emails and phone numbers of over 750 million business users. Instantly download verified profiles using 20+ filters, including location, job title, company, function, and industry.