Derek Evans Email & Phone Number

Westfield, NJ, US

Westfield, NJ, US

Kolkata, IN

• 1. Security Audit Service
• Managed client-requested audits of data, cloud, and information security controls, aligning with ISO 27001 framework and internal policies.
• Assessed control effectiveness and sustainability in supporting security commitments, client contractual requirements and regulatory standards.
• Monitored emerging risks, internal trends, and external events for potential data security impacts.
• Provided trusted advisory services, with 22% of work focused on internal guidance related to information security, privacy, and cloud technologies.
• Leveraged AI-driven compliance monitoring for unstructured data, enhancing trending analysis and audit insights. 2. First Line of Defense

Fairfax, VA, US

• Provided strategic and tactical guidance to enhance and mature enterprise application security programs, driving the development of high-quality, secure software with faster delivery timelines.Client Achievements
• Delivered maturity plans and roadmaps to mature application security programs.
• Aligned cyber and application security transformations with business goals, integrating industry best practices and client capabilities.
• Built modern AppSec programs with self-service DevSecOps capabilities, reducing vulnerabilities and accelerating product deployments.
• Transitioned legacy GRC-based Information & Cyber Security programs to ensure compliance and alignment with industry security frameworks in cloud-native environments.Client Services:
• Conducted cloud, app development, and cyber risk assessments, delivering actionable remediation roadmaps.

Sunnyvale, California, US

• Advised clients on maturing 2nd and 3rd lines of defense through the development and implementation of software security initiatives. Integrated security into the SDLC, CI/CD pipelines, and software risk management.
• Security Management Consulting
• BSIMM Assessments
• DevSecOps implementations and program design & management
• Maturity Action Plans for Software Security Programs
• Architecture Risk Analysis

Jersey City, New Jersey, US

Jersey City, New Jersey, US

• Directed and oversaw vendor, product, and architecture risk assessments for Fintech products and platforms generating $2B annual net capital. Managed 17 security engineers providing AppSec services for disparate.
• Automated security testing reporting and analytics, detective and preventive control implementation, dynamic application testing and static code analysis, and late phase ethical hacking testing.
• Integrated security testing into the product development lifecycle, improved applications security posture, and raised security testing and service maturity.
• Instituted GRC controls, auditing, and second line of defense risk management supporting, NYDFS, ISO 27001, and PCI DSS, regulatory compliance.
• Managed third party security projects, including Citigroup pen testing and Verizon CyberTrust certifications.

Brookfield, Wisc., US

• Increased shared service productivity by 11%, adding a risk analytics service and supporting over 30 client audits annually.
• Simplified technical reporting for clients and business executives.
• Provided application penetration testing and security due diligence for an aggressive M&A schedule.
• Implemented self-service security scanning (Qualys WAS), reducing service duration by 40% and improving time-to-market through defect lifecycle integration in JIRA.
• Delivered seamless application security services, ensuring compliance, and supporting over 30 client audits in 2015.
• As Security Architect, delivered threat modeling and architectural risk analysis workshops, identifying vulnerabilities, and promoting secure, reusable architecture.

Brookfield, Wisc., US

Establish an enterprise application security shared service effecting meaningful change from policy to the line of code. All with supporting metrics to drive our risk based services.... in a nutshellIn this initial role of Security Architect, I executed Threat modeling and Architectural risk analysis workshop services to product teams. Deliverables.

Orlando, Florida, US

Established and managed the Application Security shared service. Covered all three lines of business and, shared applications at the corporate level. Services included but were not limited to Secure Design Review, Dynamic Security Scanning and supporting the Cigital Secureassist rollout. Additionally, extensive support was provided to Compliance for PCI.

Orlando, Florida, US

• Responsible for managing the relationship with the Interpublic Group Agency & subsidiaries supporting the DDS hosted Accounting systems
• Managed team of business and product analysts in supporting new business development, and servicing of existing portfolio of applications and services
• Project manager for various system enhancements, directly supporting IPG back office operations in accounting and finance
• Other services included but were not limited to the following: Project Management, Customer Relationship Management, Workflow Analysis and Optimization and Non-application related solutions

Exec Mba, Center For Management Development

Management

Architectural Engineering