Senior Manager Information Security
Current• Provided strategic vision and led a team of analysts responsible for managing IT risk across the company• Developed and implemented an enterprise security strategy and framework based on industry standards like NIST CSF, CIS Critical Controls and ISO 2700x to manage cybersecurity-related risk• Executed assessments against the framework across the IT footprint to set a baseline and develop a maturity roadmap. Presented the results to executive leadership in a non-technical language while correlating technical risks to business risks• Established operating policies, procedures and technical security controls which are adequate and appropriate to support the needs of the business while ensuring regulatory compliance• Used business cases to enlist, educate, engage, and align executive stakeholders to security initiatives and highlight their business value.• Assisted the Business Development team with meetings, information security questionnaires and RFIs during due diligence process by investors and partners to get new business/investments• Implemented key processes and technologies for continuous risk reduction across the enterprise:- Vulnerability and Patch Management- Identity & Access Management- Application Security- Logging & Monitoring- Endpoint Security- Incident Management- Awareness & Training