Craig C. Shrader Global Ciso Cissp, Qte Email & Phone Number

Morristown, NJ, US

London, GB

Responsible for driving the execution of Group Information and Cybersecurity strategy within Canada and helping to deliver in-country cyber objectives aligned with the Group Cyber organization.

Teach 2nd year students in required Information Security Management course. Teach in a program designated by the NSA entitled A Center of Academic Excellence in Cyber Defense (CAE-D). Courses taught include Network Security and Information Security Management.

Orchestrator of pragmatic compliance driven security policies & cloud controls in accordance NIST, CIS, ISO and pertinent regulations. Published author on Machine learning and artificial intelligence in cybersecurity monitoring and SOC. Security advisory and technical consultation helping business leaders solve strategic and deployment problems for.

Oversee / responsible for all security operations and technology function critical for the protection of information and assets. Published Information Security Systems Architecture for AWS Cloud instance. Led analysis of security policies, controls and administrative personnel for a Cybersecurity Framework 2.0 assessment of environment. Developed several.

Harrisburg, Pennsylvania, US

Lead information security for a large non-profit serving people with disabilities in 4 Mid-Atlantic states and two international countries. Manage 14 corporate locations, 3 international offices and 380 homes for people with a disability with over 3000 employees.

Responsible for determining the project security posture and compliance with banking security and operational controls in this unique AWS designed application. Guide architects, design engineers and delivery engineers for the best practices for Cloud security.

Rutherford, New Jersey, US

• Head of Information Security and Compliance for a Community Bank responsible for People | Process | Technology and Tools in Security Policies, Cyber operations including monitoring, Security Awareness and Training, and.
• Transition Bank operations with GRC centric change and toward compliance with FDIC regulations. Kept Bank in compliance with signed FDIC findings.
• Responsible to CEO and Board for quarterly Cyber Security metrics and incidents and achieved distinction and respect of Vice President peers.
• Recommended MSSP services to compliment internal staff to cover 24X7 monitoring operations. Established firewall, end-point and SIEM MSSP services.
• As IT Team Lead for infrastructure and security, completed 2020 Internal Audit and FDIC audit. Audit was successful and gained accolades from Chief Audit Officer for first time audit accomplishments.

• Develop roadmap and execution of strategy & culture for cyber security policies for 13 Lines of Services and 3000 people. Responsible for vision, strategy and special projects for forensics, data classification policy.
• Responsible for transforming cyber programs for information classification / encryption, awareness strategy, and tools like Darktrace and ForcePoint working directly with agency Line of Service and IT development.
• SME for Information Classification & Management Policy and training for PII, PHI, City of New York Financial data. Conducted PCI-DSS audit of all agency credit card use and presented to Department of Finance auditors.
• Thought Leader for Agency cyber strategy for GRC, legal, security personnel, executive awareness and developing security policy and procedures moving Agency’s security implementation. Advisory and mentoring to.
• Wrote and implemented the Agency Incident Response Plan and tested with LOB and IT systems engineering.

Makati, Metro Manila, PH

• Consulting v-CISO assigned to attain compliance with GDPR, GLBA and New York DFS 23 NYRR part 500. High Value Information Classification Program
• Consulting v-CISO assigned to attain compliance with NY DFS 23 NYRR part 500, GLBA and GDPR regulations.
• Developed plans and policies for GRC and AML, GDPR Privacy Policy Plan and procedures, divisional vulnerability assessments, systematic safeguards/controls, in accordance with GDPR, CCPA, FFIEC, and GLBA regulations..
• Analyzed eight Bank division’s business procedures for high value asset and risk identification creating a comprehensive inventory of classified information and operating assets to produce enhanced risk management and.
• With identification High Assets, aligned to priority of processing environments then with asset management and vulnerability scanning and patching to ensure critical environments are constantly protected.
• Worked directly with Divisional Teams on Bank IS policies and implementing GRC and industry best practices for process and associated security controls within the Bank and with bank 3rd party vendors and accountants.

Eagan, Minnesota, US

• Managed personnel and infrastructure systems for operations and enterprise security for a $350M PE portfolio. Established security roadmap for corporate and managed services networks. Managed corporate and managed.
• Transformed in 3 months corporate IT and datacenter operations affected by systems instability to stable and dependable operations. Was promoted for responsibility of all IT, managed services accounts and security to VP.
• Led transformation projects for strategic initiatives for productivity and efficiency of IT support processes. Became lead committee participant driving standards and operational best practices.
• Established strategy and roadmap for Information Security for combined corporate and managed services operations worldwide after promotion to create a security group for combine operations.
• Conducted security architecture overhaul after email malware breach and incident response for intrusions to network. Actions and remedies protected the security envelope. Directed threat modeling plan part of the.
• Responsible for SOC operations and incident response in corporate and shared services network. Maintained services for Tier 2 and Tier 3 engineering services.

Morristown, New Jersey, US

• Executive responsible for systems and for hybrid and AWS datacenter operations and information security roadmap, strategic technology planning, operations, information security and governance for SAAS implementation of.
• Developed the comprehensive security program protecting PHI and executed with evidentiary documentation for compliance, which passed an HITRUST / HIPAA healthcare audit and operational certification in 2013, 2014 and.
• Responsible for federally audited SaaS operations for HIPAA, PHI, and PII within NIST & COBIT frameworks.
• Developed Risk Management plan complete with specific vulnerability and threat models for each risk identified.
• Implemented application security procedures using code review, threat management within development and QA testing.
• Guided clients through GRC security practices for SAAS products. Was the lens to clients for security policy and client / regulatory questionnaires and certification audits.

Bangalore, IN

• IT Transformation and Innovation Leader | Outsourcing | ConsultingEngagement lead for program delivery and IT transformation in a global delivery model for professional services. Managed infrastructure and development.
• Responsible to C-level stakeholders as both Program Director and technology solutions advisor.
• Directed compliance integration program creating bank for GMAC based on EU privacy and German privacy laws.
• Recognized leader of outsourced GDM programs. Improved productivity by 18- 21% and reduced operating costs by 23%.
• Created OS and Application security overhaul patching 175 apps code for MS vulnerabilities for 22 global business units. Managed 250-person teams on-site and offshore.

Master’S Degree, City/Urban, Community And Regional Planning

Bachelor’S Degree, Biology & Chemistry

Certification Studies, Entrepreneurship/Entrepreneurial Studies

Bachelor'S Degree, Biology / Chemistry

Certification As Qualified Technical Expert, Corporate Governance