Principal -Cyber Security Specialist
CurrentCyberSecurity and IT / Third-Party Risk consultant focused on developing, enhancing and implementing CyberSecurity and IT / Third-Party Risk frameworks, programs, policies, processes and procedures, for large and small companies.• Developed and implemented a customized, NIST-based cybersecurity control framework, including an enhanced set of NIST-based policies, control standards and procedures, tailored to the firm’s business requirements and designed to ensure compliance with SEC regulations, while significantly improving enterprise-wide cybersecurity and quantifying and reducing associated cybersecurity risk. • Implemented an enhanced Third-Party Risk Assessment process featuring a risk-based controls assessment based on ISO 27001 and the SIG framework. Performed / managed dozens of Third Parties assessments on offshore and onshore vendors.• Led a GDPR Compliance Initiative following a significant international acquisition.• Implemented an IT Risk framework based on FAIR and AXIOS to quantify and reduce outstanding risk exposure and guide organizational decision-making processes.