Responsibility, oversight, and leadership of Retail Banking, Digital Strategy, Information Technology, Information Security, Business Intelligence, and Corporate Services

• Responsible for the development, delivery, and management of the Information Security Program and the Incident Response Plan, including the requirements of all related laws and regulations;• Architects new systems and projects with security policies and information protection strategies;• Oversaw responsible areas (Information Security, Vendor Management, Business Continuity, and Incident Response) and received highest score of one from the Federal Reserve;• Serves as the Bank’s Information Security Officer, as well as the Privacy Officer;• Incident Response team member; responsible for making decisions dealing with business continuity of operations;• Work with business units to identify and put controls around their perceived threats to the integrity, availability, and confidentiality of their information assets;• Created the Cybersecurity program and ensures compliance with state and federal laws;• Manage all Information Security/IT related incidents; identifying root causes, resolutions, and further actions;• Design and deploy corporate Information Security Awareness training program; • Ensures that disaster recovery plans are developed and maintained for all IT system resources and business processes;• Manages the Bank’s Business Continuity Plan (BCP) program and Business Impact Analysis (BIA);• Ensures that all IT systems and business processes are tested and working effectively;• Responsible for the overall strategic development, evaluation, enhancement, and implementation of the Vendor Management Program, its policies, processes, best practices and tools used to direct the vendor lifecycle from selection to contract expiration; • Effectively manage the due diligence for over 200 vendors;• Collaborate with all business units to determine efficiencies and cost-saving opportunities within vendors;• Effectively manage the implementation of two major technology projects using PMI standards and meeting budget.

Assumed responsibility for an audit program of a new business (Life Statistical Agent services for New York State Insurance Department); documented the flow of data, identified control points, and provided gap analysis;Developed pros and cons of various types of certifications that MIB could seek (SSAE No. 16, Sys Trust, HITRUST) and made a recommendation to the Board of Directors for the most appropriate third-party review and certification;Reviewed the process by which MIB approves new members, third-party administrators and software developers and grants them access to MIB proprietary and confidential products, services and systems; documented the flow of data, identified control points, provided gap analysis and made recommendations; andDeveloped audit program for HIPAA compliance in light of HITECH Act.

-Executed IT assurance and related information security risk management solutions to a client base of over 200 financial institutions, investment management firms, health care, government and manufacturing clients based on FFIEC, FDIC, SEC, FDICIA, and HIPAA regulations;-Strengthened relationships with client management, creating and increasing interest in new products and services;-Executed procedures surrounding IT Gap Analysis, including designing and testing of controls for SAS Report No. 70 / Trust Services (System Trust) engagements;-Executed online risk assessment (IT, Vendor, Customer Information) implementations to client management and business line managers via in-person training presentations and webinars;-Reviewed staff work and provided comments related to their testing documentation, while providing performance feedback via the Company Performance System;-Assisted IT Assurance management on a consistent basis with planning, and budgeting for engagements;-Developed and presented recommendations to client executive management based on assessments of control weaknesses in order to strengthen the client’s information technology controls;-Performed and analyzed full technical internal and external network vulnerability assessments using commercial grade products for small to mid-size companies with multiple platforms and operating systems;-Oversaw and assisted in the implementation of ‘best practices’ security configurations for client network operating systems and related network infrastructure devices;-Developed and implemented enterprise-wide Information Security policies and procedures; and-Executed complex security reviews for critical financial services applications as well as reviews of general IT systems controls, including social engineering techniques