Information Security Senior Advisor
Responsible (under the CISO) for reporting and communications with Enterprise Risk Management, Senior Leadership, and the Board of Directors on matters related to cyber risks, mitigations, and strategy. Responsible for developing and building improved methodologies and practices consistent with enterprise goals.• Developed new Security Exception program, including risk mitigation and remediation, reporting tools and dashboards for CISO monitoring. • Developed and presented training package for all Vice President towers. • Provided project plan for Security Exception development, implementation, testing, QA and production rollout.• Developed CISO Security Exception review meetings, presenting outstanding security exception vulnerabilities to VP’s responsible for owning the risk and remediation. • Evaluation of current process maturity, ownership, and gaps within areas of cybersecurity.• Monitor security exception reports and key audit items to ensure deliverables are met. Work with IT leads and SME’s to develop action and remediation plans. • Work with internal/external auditors during fieldwork discovery phase and report on findings to CISO risk officer and ISCS senior management. Provide leadership during risk mitigation activities and drive closer to audit findings• Conduct status reviews, consolidate metrics and perform follow-up ensuring accurate status reporting. • Monitor adoptions and use of processes, tools and practices to create action plans in collaboration with other user areas to improve usage.• Identify and coordinate independent initiatives within organization. • Server as advocate for enterprise strategies and priorities.• Act as single point of contact to work with the business and IT SME’s on helping areas articulate needs to the organization.