David C. Email & Phone Number

Windsor, CT, US

• Assist the Head of Global Application Security and CISO in developing an application security organization capable of scaling to the dimensions of the global 25K+ people company and handling applications involving high.
• Emphasis on shifting security left, automation of security testing, security-as-code, laying down safety guardrails, and making threat modeling an integral part of the SSDLC. This includes implementing robust.
• Ensure the SSDLC follows the global information security and privacy policies and strategies, initiates necessary compliance programs and changes in the global SSDLC realm.
• Research threats and attack vectors that may impact SS&C’s web, enterprise, and mobile applications and infrastructure. Stay up-to-date with current offensive and defensive tactics, techniques, and procedures.
• Advice engineering teams with the configuration, tuning, and operation of SAST and DAST tools, and their integration into the development process.
• Validate and interpret SAST, DAST, bug bounty program, and penetration test findings, demonstrate identified vulnerabilities, assess risks, evaluate possible fixes, and verify successful remediation.

Dublin, California, US

• Development and design of security architecture in SavvyMoney
• Develop an understanding of the architecture of systems with current security issues and risks
• Leads security analysis in SavvyMoney utilizing trends, threat analysis, and current business understanding. From this analysis diagnose or make recommendations for security improvements and risk mitigation
• Provide cost-effective architecture recommendations to support the security system’s growth, maintain stability, and provide a good user performance experience
• Build and own SavvyMoney’s application security program:
• include 1) application threat modeling, 2) a risk acceptance process, 3) a process to approve and manage open source libraries, and 4) secure coding standards that are based on industry-accepted best practices to.

Sacramento, California, US

• Acted as a lead resource to users and department managers seeking more information security information.
• Collaborated with stakeholders to operate security controls that comprise the GRC program.
• Coached 3 junior members.
• Conducted over 350 risk assessments (50% involving SOC2 Type II and Cloud) and provided mitigation recommendations.
• Conducted over 100 architectural risk analyses, threat modelings, and vulnerabilities management in the SDLC cycle according to OWASP. Vetted the SAST, DAST, IAST, and pen-testing tools used in the SDLC/DevOps/CI/CD.
• Prepareed and periodically updated information security policies, architectures, and standards per ISO27002/NIST/PCI/HIPAA

Hong Kong, HK

• Risk and IT Operation
• Successfully maintained security compliance within the regulator’s guidelines and achieved 100% compliance across all internal security audits for 3 years
• Respond to over 300 regulator's referrals and inquiries on IT-related complaint cases over 4 years, conducted root-clause analysis, submitted investigation reports, send replies to customers
• Participated in the incident response team, identified and promptly reported to the regulatory body for 16 reportable incidents like data leakage
• Conducted in-depth investigations, submitted investigation reports to the regulator including remedies and improvement schedule and avoided further actions from regulators for four consecutive years of service
• Performed over 500 risk assessments for banking products and services, measured the impact and likelihood of the technology-related risks, managed and controlled the risks via preventive and mitigation measures.

HK

• Enforcement and AML division
• Analyzed and accessed to IT Governance of banks following the HKMA Supervisory Policy and the ISO27000 standard.
• Performed and managed 20+ on-site examinations, desktop reviews, and other off-site supervisory activities on e-banking, technology risk management (TRM), Fintech, cybersecurity and business continuity planning (BCP).
• Drafted updates on HKMA’s guidelines on e-banking, TRM, Fintech, cybersecurity and BCP in the light of local and overseas regulatory, industry and technology developments in 2010 and 2012
• Oversaw customer complaints against 10+ banks in Hong Kong in connection to information technology
• Assessed Banks’ compliance via reviewing over 200 investigation reports by following the guidance from HKMA in managing technology-related risks

Master'S Degree, Computer And Information Systems Security/Information Assurance

Master Of Science - Ms, Finance

Postgraduate Diploma, Economics