Director Cyber Assessment
Built the Cyber Assessments team from scratch, focusing on securing Amtrak's assets including identities, devices, network/infrastructure, applications, and data. Delivered a multi-million-dollar program that significantly reduced overall enterprise risk. Implemented capabilities such as vulnerability management, application security testing, penetration testing, and social engineering simulations.Responsibilities:• Assist in the Cybersecurity Strategy and Governance to drive a cybersecurity strategy aligned with GRC standards and SEC requirements.• Collaborated with business leaders to align on the cybersecurity framework and engage their support in managing cyber risk while ensuring continuous business operations.• Served as the cybersecurity strategic advisor by providing actionable recommendations to stay ahead of cybersecurity practices.• Communicated cybersecurity program status and updates to business leaders. • Provided insights on emerging cyber threats, vulnerabilities, and the effectiveness of security measures.• Established and managed a risk register, conducting regular risk and vulnerability assessments.• Evaluated and managed third-party vendors for cybersecurity risk, ensuring cybersecurity requirements in vendor contracts.• Partnered with Internal Audit, Legal, and Public Reporting to ensure compliance with SEC rules and timely, accurate cybersecurity-related disclosures.• Guided the cybersecurity team in managing a multi-year cybertechnology roadmap and implementing scalable cybersecurity technology management processes.• Attracted, retained, and developed the Cybersecurity Team, fostering organization-wide confidence and cross-organizational collaboration.