Recruited to resolve 46 high-severity findings in the branch’s FFIEC Cybersecurity Assessment Tool (CAT) compliance audit. Lead IT and IS teams, as well as multiple Managed Services Providers, to close control gaps, and to strengthen the security profile.◆ Resolved all findings within 22 months through effective project management, leveraging third party service providers, technologies and processes to address each finding. ◆ Achieved a “satisfactory” rating for 2022, 2021, and 2020 OCC examinations by demonstrating strong governance and comprehensive project plans to resolve known deficiencies.◆ Identified and effectively replaced Managed Service Providers (MSP) that were underperforming due to vague contracts. Took immediate corrective actions: o Defined and implemented a robust Vulnerability and Patch Management program. o Established reporting requirements from providers and track progress regularly to ensure compliance. o Created seamless working relationship across IT, IS and MSPs by establishing project management practices.◆ Enhanced Third-Party Service Provider Risk Management regulatory compliance practices by: o Introducing a focus on assessing and classifying confidentiality levels of systems and data where third parties have access. o Extending the assessment to Forth-Party Service Providers (Third-Party subcontractors) to identify third-party risk more completely. o Introducing a Secure Software Development assessment to identify sufficiency of protective measures built into critical Software as a Service (SaaS) applications.◆ Increased utilization of currently licensed technologies/tools to expand and enhance internal control environment.

Initially contracted to define, document, and implement policies and procedures to achieve and maintain compliance with NYS DFS Part 500. Transitioned to employee as Senior Information Security Manager to be the point of contact for PwC readiness exam, FRB / NYSDFS examinations, and ultimately to succeed the Chief Information Security Officer / CISO.◆ Charged with resolving significant regulatory issues and bring bank into compliance with New York State Department of Financial Services NYS DFS 23 NYCRR Part 500. ◆ Delivered monthly status reports to NY-based senior management and annual summary report to the Board of Directors in Beijing.

Contracted by IT solution provider to launch a new cybersecurity service for hedge fund clients. Defined compliance activities for new revenue stream by mapping SEC OCIE Cybersecurity Initiative to NIST Cyber Security Framework and ISO 27001 controls.◆ Modeled the role of virtual Chief Information Security Officer (vCISO) in the hedge fund market. ◆ Conducted extensive research to determine how SEC regulations impacted hedge funds. Identified the required regulatory compliance activities, developing project plans and solutions to meet business goals.◆ Defined and documented a comprehensive cyber security program that would be easily adoptable to the hedge funds.

Hired by the Chief Risk Officer to resolve information security compliance issues in FDIC Memorandum of Understanding.◆ Collaborated with COO and CIO, resolving Memorandum of Understanding (MOU) issues within 18 months. ◆ Continued to conduct annual risk assessments, responding to audits and examinations, to deepen and strengthen the control environment resulting in “satisfactory” USRIT rating from 2009 to 2017.◆ Developed strong information security culture rooted in cyber security policies, awareness, and training supported with automated controls including:o Leading monthly Vulnerability and Security Patch Deployment cycle. o Establishing Information Security Committee comprised of senior business leaders and key stakeholders.o Changing mindsets among all levels of the organization and educating staff members to identify risks and cyberattacks.◆ Integrated bank-wide security by partnering with global bank (Israel, UK, Switzerland, Romania) to share best practices.◆ Kept senior leadership informed through quarterly program status reports for review by the Board of Directors as well as the Audit, Risk, and IT Steering sub-committees.

Managed a team of highly skilled Information Security professionals to deliver comprehensive vulnerability testing, risk assessment services, and information security audits to top-tier clients. ◆ Conducted in-depth process and technology assessments to identify vulnerabilities, gaps in security controls, and other deficiencies. Recommended corrective actions to clients’ senior executives.◆ Planned and managed audit, penetration testing, and risk assessment engagements. Played key role in minimizing risk for many multibillion-dollar clients including global corporations and Fortune 500 firms.

Executed security and vulnerability assessments for companies throughout the NY Metropolitan Area. Clients included global financial institutions, major hospitals, and top distributors.◆ Engagements included ISO 17799 security assessment for $30 million nonprofit social policy research firm, security vulnerability assessments for a major university and a global distributor of aerospace parts. Managed Verisign PKI Certificate Services installation and training for Level III trauma hospital (HIPAA Security Rule compliance program).

Established system hardening standards for IT implementation, security vulnerability testing, and IT remediation practices. ◆ Selected and implemented email anti-virus scanning technology as well as IPSEC-based VPN remote access capability.