Senior Corporate Security Manager - Threat Managment
Current• Developed and managed an information security program ranked by Forbes in 2023 as the 25th out of 200 most cybersecure company in the United States.• Reduced the overall threat target of the organization by more than 50% by developing an enterprise- wide configuration management standard and program for all computer, database, and network assets. • Created hardened secure operating systems, published corporate baselines and standards for creation, monitoring, and remediation of configuration drift.• Reduced costs in repetitive security findings and initiated a 30% reduction in cycle times. Automated application security testing into development platforms allowing for live code testing prior to software build commits that trigger pipeline policy scans.• Created and implemented a vulnerability management program that provides faster, exact risk reduction to the organization. Collaborating with vendors, internal teams and stakeholders, developed an enterprise-wide risk engine to customize rating risk vulnerabilities affecting the organization. The outcomes of this project include the capability to use multiple factors to risk calculate vulnerabilities custom to the environment. This allows teams to focus on high impact risks and threats. • Currently leading a project to deploy hyper automation throughout the various security teams to reduce incident response time and attack dwell time. • Incident response manager for all cyber, fraud and internal incidents, keeping incident response teams on track and executive management, legal, lines of business and any regulatory or reporting agencies apprised as the investigation continues.• Manage and develop a team of seven information security professionals with a focus on incident response, forensics, threat intelligence, vulnerability management, configuration management, application security, hyper automation, and red team disciplines.