Built from the ground up a cyber and information security program supporting 12 Weichert companies. Established the foundation for policies, standard processes, CIS system hardening, ITIL, and measurable controls based on the NIST Cybersecurity Framework. • Drafted a Business Continuity and Pandemic Plan prior to the COVID-19 outbreak preparing the organization for impact. • Guided the organization through change to obtain a SOC2 Type II certification for the Relocation and Corporate Housing companies. • Provided NY DFS attestation for the Mortgage and Insurance companies. • Supported contract reviews for new client RFPs resulting in 5 new clients with revenue over $7MM. • Consolidated vendors in establishing a managed security operations center, resulting in a $60K savings. • Coordinated and provided certification of compliance for an Attorney General subpoena. • Certified for Privacy Shield to support GDPR. Aligned with Legal for standard contractual clauses for data transfers between EU and non-EU countries. • Established the 3rd Party Risk Management program to assess the risk of critical vendors and partners. • Created strategic alignment with the various Weichert companies establishing the Information Security Steering Committee and the IT Steering Committee. • Established the Vulnerability Management program to proactively target remediation of hosts and applications. • Supported the renewal of Weichert’s cyber insurance policy.

Consult and partner with client organizations to drive strategic information security controls, risk and compliance best practices by understanding client vertical industries, organizational structures, business objectives and evolving security landscape. • Risk Control: Strategic leadership, coordination and advice on the most appropriate security practices and policies, as well as a network-wide review of client’s existing security systems and the strategic plans for future security projects.• Ensure compliance: Expert guidance on the right information security policies and procedures to meet all relevant industry regulations of the client.• Control spending: Focus security budgets on protecting client’s business-critical assets and defending the high-risk areas where a security breach could seriously impact the organization.• Complete visibility: Places the client’s security in the context of the latest industry trends and technologies, as well as the threats and vulnerabilities that could negatively impact the organization.• Information Security Roadmap: Develop and draft a multi-year, information security program roadmap and executive-level presentation with project, technology, and staffing priorities that is suitable for executive-level resource and investment planning.

Responsible for the people, process, budget, and delivery of the following services:Vulnerability Management Services - Operations Qualys Enterprise, AWS EC2 scanning, Azure scanning, assessment of acquisitions before connectivity, TippingPoint IPS integration, Whitelist-Blacklist Management, utilized REST API to integrate network data for input, and output for asset management, integration with CyberArk and Centrify for trusted scanning, secondary scanning using Nessus and Rapid7 NexposeSecurity baselines - Configuration setting policy and reporting for Windows, Unix, Linux, MS SQL, Oracle, Cisco IOS, Mac OSX, AD, and SAPPKI Operations - Software: Entrust, Operations of Trust Center, Certificate Authority, Registration Authority, Certificate Policy Statement, Certificate Revocation List, security of private keys in HSM (hardware security module)Two Factor Authentication - RSA SecurID, Symantec VIP (Validation and ID Protection), SafeNet MobilePASSFirewall Service - Cisco ASA (Adaptive Security Appliance), Checkpoint NGWeb Proxy Service - Bluecoat ProxySG and Cloud Proxy, Configuration of ICAP (Internet Content Adaptation Protocol) for Trend Micro Antivirus, integration for CASB (cloud access security broker), integration for Active Directory. Ran proof-of-concept for Cisco Ironport, Cisco Umbrella, Zscaler, Websense, Menlo SecurityCASB - (Cloud Access Security Broker) - SkyHigh NetworksSecure Messaging - Proofpoint with Exchange Online, Totemomail using EntrustTechnical Consulting for Legal - review patent lawsuits for technology. Provide support for Privacy Office, and Safe Harbor Privacy PrinciplesEndpoint Protection Service - McAfee VirusScan and ePO (ePolicy Orchestrator), assessment of endpoint and threat detection solutions including CyberReason, Crowdstrike, CarbonBlack, FireEye, Dell, Cylance, Webroot, BitDefender, and FortinetServiceNow - SecOps POCStealthAudit - open share reporting on Windows and Unix/Linux, Sharepoint, AD

Responsible for the people, process, budget, and delivery of the following services:Vulnerability Management Services - Regional vulnerability scanning utilizing Nessus and external vulnerability scanning utilizing QualysIDS Service - Cisco IDS (intrusion detection system) integrated with Symantec Managed Security Services for rapid response Quality Assurance - audit and assessment for Novartis Infrastructure Services, Americas. Performed plant reviews for security, GxP qualification of servers and network devices, and architecture review that included SCADA, PLCs, and Wireless. Converted paper qualification documentation to electronic with digital certificates. Technical Consulting for Legal and eDiscovery