Keith May, Cissp, Iso/Iec Security Risk Management Email & Phone Number

New York, New York, US

Drive Risk and Control Agenda including policy dissemination, process reviews, risk/control identification, KRI assignments, and developing, enhancing and documenting processes to improve efficiency and strengthening the control environment.Identify and assign key metrics (KPI/KRI) to support effective monitoring and management of operational risks.

San Francisco, CA, US

Assess, Document, and Improve WSI Cybersecurity Risk Posture

Southlake, Texas, US

• Ensured ISO compliant implementation, integration, and coordination of information security risk management activities. Managed policy and exception management program team consisting of 3 FTEs and 1 indirect FTE..
• Led diverse cross-functional teams in ISO 27001 Certification Readiness project, achieving 93% compliance rating (0 gaps, 8 Opportunities for Improvement) in an independently performed gap analysis.
• Authored and maintained global information security policies and standards covering 100% of the ISO 27001 control requirements.
• Implemented cost-efficient structured content management system (SharePoint + Power Automate), improving user experience, advancing the information security communication strategy, and automating management of all ISMS.
• Established risk acceptance criteria and standard risk assessment and treatment methodology in company GRC system (Archer), achieving consistent repeatable assessment results while eliminating process inefficiencies.
• Developed risk hierarchy and risk register in GRC platform, tying into specific portfolios to better inform key decision makers on types of risk incurred.

New York, NY, US

• Directed Group Information Security for Access Management for Solomon Smith Barney and Private Bank. Managed Level III Entitlement Support consisting of 6 FTEs tasked with initiating role-based access controls (RBAC)..
• Developed role-based access controls (RBAC) for Morgan Stanley Solomon Smith Barney retail business processes and applications, placing 86% of users under role management, eliminating separation of duties issues and.
• Reduced provisioning times from an average of 10 days to 0 days.
• Initiated governance practices for enterprise roles by identifying role owners, creating change request mechanisms, and hosting change advisory board for stakeholders, ensuring only reviewed and approved access was.
• Achieved 100% on time completion rate of semi-annual role certifications and entitlement reviews.
• Implemented Global Wealth Management role certification process to enable delta entitlement reviews (entitlements outside user’s functional role), eliminating 1.7M required semi-annual reviews.

New York, New York, US

Acquired by Morgan Stanley

New York, New York, US

• Business Information Security Officer (BISO) aligned with Citigroup Private Label Credit Card line of business to provide leadership on all aspects of corporate information security initiatives.
• Acted as primary liaison between Executive Business Leadership and Corporate Risk and Security function.
• Led Risk Control Self-Assessments (RCSA) to ensure that information risk was identified, developed mitigating controls, tracked and reported mitigation efforts, and managed risk acceptance process.
• Primary Information Security point of contact for internal and external audits completed 41/41 internal and external reviews with 0 information security findings issued. As a result, LOB qualitative inherent risk.
• Led Business Security Incident Response Team (BSIRT) ensured security events were properly identified, evaluated and responded to.
• Conducted thorough in-depth postmortem activities ensuring lessons learned were incorporated in operating procedures.