Responsible for Global Information Security, Risk, and Regulation Compliance

Responsible for: • Cyber/Information Security• Cybersecurity Strategy• Physical Security• Third Party Due Diligence • Incident Response, Forensics and Investigations• Corporate Executive Board Metrics Reporting (KRIs)• Cybersecurity Quantitative Risk Analysis (FAIR)• Policy Management• Security Assessments• Penetration and Vulnerability Testing• Cloud Strategy• Security Awareness • Annual FFIEC Cybersecurity Assessment Tool (CAT) • SIEM and Managed SOC Monitoring• GLBA, OCC, NYDFS Cyber, GDPR Compliance• NIST Cybersecurity Framework & Assessment• Project Management• DR/BC Oversight Committee Member• Team Building and Mentoring

Responsible for all Corporate Cyber Security, Information Security, Risk Management, Disaster Recovery and Business Continuity Management. Policy and Procedure Life Cycle Management Established Legal Hold, Electronic Discovery and Forensics Investigation Processes Change Management Controls and Compliance Cloud and Hosting Center Security Analysis and Assurance (incl. Cyber threats) Malware/Crimeware and Incident Response Vulnerability Testing and Security Update/Patch Management Penetration and Application Security Testing Responsible for all SOX 404 and GLBA Compliance Testing Privacy Safeguards Compliance Data Center and Environmental Controls Advance Threat Management and Mitigation (Websense Triton/ACE, Trusteer) Centralized Log/SIEM Monitoring (Splunk) Email Encryption and Data Leakage Prevention (DLP - IronPort) Project Security Controls Integration Oversight of Security & Privacy Awareness Training Programs Physical Security Oversight & Review Secure System Development Lifecycle (SSDLC) Management / DevSecOps Web Security Content Filtering and Data Leakage Prevention (DLP - Websense) Cyber Security Perimeter and System Configuration Oversight/Compliance Budget and Strategic Planning and Management Security Project and Emerging Technology Evaluations/Piloting  Access Control / Identity Management User Revalidations and Entitlement Reviews Leadership Succession Planning and Mentoring Third Party Vendor Oversight and Governance Due Diligence Assessments Internal and External Customer/Client Audit Compliance and Coordination Web Application Firewall/Mobile Development Segregation Project (F5 ASM) SSAE16(formerly SAS70) /SOC2 Readiness Planning and Attestation Facilitation

Responsible for developing and implementing a comprehensive Security and Privacy program; ensuring a secure and compliant infrastructure for clients such as JPMC, AMEX, Microsoft and Amazon. Developed Corporate Information Security and Privacy Department Oversight of Disaster Recovery, Availability and Continuity Planning Cyber / Perimeter Security eCommerce Website Security Vulnerability & Penetration Testing SIEM Implementation and Management (Arcsight) Response Team Formation Security Policy & Procedures Development HIPAA, SOX, VISA CISP (PCI) and GLBA Compliance Budget Planning

Implemented and Managed all Corporate Information Security Formalized the Corporate Information Security Program Hosting Center Security Firewall Ruleset Review and Approvals Vulnerability & Penetration Testing and Remediation Program Intrusion Detection System Monitoring, Incident Response and Report Generation Security Policy & Procedures Development Physical Security Oversight