Information System Security Officer (ISSO) reporting to the Chief Technology Officer. Provide leadership and responsibility for ensuring the appropriate cyber security protection controls and procedures for CPSG information systems. Assist in the development and maintenance of system security plans and ensuring user access to data has an authorized access and on a need-to-know basis. Advise system owners regarding security considerations in application systems development, implementation… Show more Information System Security Officer (ISSO) reporting to the Chief Technology Officer. Provide leadership and responsibility for ensuring the appropriate cyber security protection controls and procedures for CPSG information systems. Assist in the development and maintenance of system security plans and ensuring user access to data has an authorized access and on a need-to-know basis. Advise system owners regarding security considerations in application systems development, implementation, operation, maintenance and disposal activities (i.e. life cycle management). Evaluate and remediate system security alerts (i.e., Splunk, Websense, IronPort and other security alerting systems). Chair of the Change Control Board. Show less

Client Advisor with a primary role to assist clients in how to effectively establish their GRC programs using eGRC solutions provided by MetricStream while leveraging that with industry expertise and best practices.

Our mission is to provide Information Security services that will enable your company to achieve business goals and to protect information resources in a manner that reduces the risk of loss, modification or disclosure, to a level that is acceptable to management.Specialties: Developing compliance strategies for PCI and other regulatory control frameworks, creating a custom Information Security Strategy and Roadmap for your business, policy development and review, and performing risk… Show more Our mission is to provide Information Security services that will enable your company to achieve business goals and to protect information resources in a manner that reduces the risk of loss, modification or disclosure, to a level that is acceptable to management.Specialties: Developing compliance strategies for PCI and other regulatory control frameworks, creating a custom Information Security Strategy and Roadmap for your business, policy development and review, and performing risk assessments. Show less

Leader of the Risk Assessment & Compliance team reporting to the SVP, Information Security & Fraud, as a single point of accountability for identifying control objectives and risk assessment tests for various information systems, platforms, lines of business and high risk facilities. Primary Internal Security Assessor (ISA) for annual PCI DSS self-assessment (SAQ-D) and validation efforts for the HSBC NA cardholder environment. Provide Subject Matter Expertise (SME) on COBIT, ISO 27001 and… Show more Leader of the Risk Assessment & Compliance team reporting to the SVP, Information Security & Fraud, as a single point of accountability for identifying control objectives and risk assessment tests for various information systems, platforms, lines of business and high risk facilities. Primary Internal Security Assessor (ISA) for annual PCI DSS self-assessment (SAQ-D) and validation efforts for the HSBC NA cardholder environment. Provide Subject Matter Expertise (SME) on COBIT, ISO 27001 and PCI DSS control frameworks in support of IT and business initiatives. Establish and maintain a PCI Compliance framework that leverages RSA Archer to provide a repeatable process for workflow maturity. Perform risk assessments and defines remediation strategies to address any identified risks. Establish and maintain a risk management and compliance framework to ensure that information security policies, technologies and processes are aligned with the regulatory and industry requirements as well as information security best practice. Show less

Report to the Senior Vice President, Chief Technology Officer as a single point of accountability for protecting CTA information and transit processing systems. Responsible for developing and implementing security policies, technology controls and operational procedures based upon COBIT, ISO 27001, PCI Requirements and ITIL. Ensure that all transit information systems, technology infrastructure, and data stores comply with security and regulatory standards. Responsible for defining… Show more Report to the Senior Vice President, Chief Technology Officer as a single point of accountability for protecting CTA information and transit processing systems. Responsible for developing and implementing security policies, technology controls and operational procedures based upon COBIT, ISO 27001, PCI Requirements and ITIL. Ensure that all transit information systems, technology infrastructure, and data stores comply with security and regulatory standards. Responsible for defining, documenting and assisting with the administration of the Authority's programming, networking, security and application architecture standards and procedures. Projects include PCI Compliance, defining a continuous PCI Compliance Strategy, Information Security Risk Assessment based upon COBIT (and aligned to ISO 27001), vulnerability management, centralized log management, intrusion detection and defining the Information Security Strategic Roadmap and Architecture. Show less

Acting Manager, Governance, Risk and Compliance (GRC) Manager reporting to the CISO, Corporate Information Security with responsibility for building and maintaining a global GRC program. Provide leadership for the Information Security Council and coordinate the Council membership in the review and approval of corporate information security policies. Responsibilities include coordination of the ISO 27001 Certification efforts for new mega global data center, creation of ISO 27001 policies… Show more Acting Manager, Governance, Risk and Compliance (GRC) Manager reporting to the CISO, Corporate Information Security with responsibility for building and maintaining a global GRC program. Provide leadership for the Information Security Council and coordinate the Council membership in the review and approval of corporate information security policies. Responsibilities include coordination of the ISO 27001 Certification efforts for new mega global data center, creation of ISO 27001 policies, intellectual property risk assessment for data leakage prevention project, creation of global incident reporting and escalation process and implementation of an enterprise security communication program. Show less

Report to the Director, Internal Audit and the Executive Audit Committee as a single point of accountability for evaluating the effectiveness of IT and SOX control objectives. Responsible for ensuring IT audit compliance (based upon COBIT and aligned to ISO 27001) for operational, security and Sarbanes-Oxley controls across four global business regions and Corporate Headquarters.

Report to CFO as the single point of accountability for protecting computer systems and information within the global enterprise. Responsibilities included the development of the information security strategy, architectural (security technology) blueprint, information security roadmap and management of the global information security budget including analysis and preparation of capital plans.

Directed staff of four security professionals with accountability to ensure that IT computer systems and information were managed in compliance to Company policies, ISO 27001 and ITIL practices. Responsibilities included security consulting for project initiatives such as E-Commerce, defining the selection criteria for vendors and products; assist in network and functional design of major IT and business projects as well as documenting security risks.

Leader of the information security strategic planning efforts for Information Security and IT functions. Responsibilities include development of enterprise information security policies, guidelines and procedures; defining security requirements for new business initiatives; creation of information security assessment checklists; providing technical expertise and guidance to identify potential security risks and compensating security controls and leading projects to improve existing information… Show more Leader of the information security strategic planning efforts for Information Security and IT functions. Responsibilities include development of enterprise information security policies, guidelines and procedures; defining security requirements for new business initiatives; creation of information security assessment checklists; providing technical expertise and guidance to identify potential security risks and compensating security controls and leading projects to improve existing information security processes. Show less

Directed the IT Security department and information protection efforts for Glaxo Wellcome. Responsibilities include creation of the information security strategy and architecture, development and approval process for international security policies; implementation of access control and BS7799 auditing mechanisms; provide technical expertise in resolving security incidents; and raise information security awareness. Lead one of the very first implementation efforts to install a commercially… Show more Directed the IT Security department and information protection efforts for Glaxo Wellcome. Responsibilities include creation of the information security strategy and architecture, development and approval process for international security policies; implementation of access control and BS7799 auditing mechanisms; provide technical expertise in resolving security incidents; and raise information security awareness. Lead one of the very first implementation efforts to install a commercially available firewall system (DEC SEAL). Show less