• Create processes for technical SMEs to adhere to security policy’s and regulatory requirements• Development of security control documentation related to cloud, IAM, firewalls/network, data encryption, endpoint security, and compliance/regulatory adherence• Identify vulnerabilities, evaluate associated risks and develop actionable solutions• Monitor and analysis of third-party, application code, regulatory, compliance, and vulnerability security metrics• Lead security risk assessments to ensure regulatory compliance and enterprise security policies• Lead cybersecurity vendor/third-party risk and compliance assessments• Assess new/existing security designs, and emerging security and operational technologies• Lead security audits of applications, infrastructure, and vendor/third-party’s• Execute the Technology Risk Management Strategy for internal and external cloud capabilities• Recommend improvements to current control effectiveness based on evolving threat landscape• Identify opportunities for common solutions across the enterprise, collaborating within the business, architecture and development communities• Provide security recommendations on cross-domain systems, business strategy, goals and processes.• Develop security policies, guidelines, practices, processes, templates, and reporting metrics• Determine technology risk levels, control weaknesses and evaluate the risk of solutions not meeting requirements.• Create and review mitigation, remediation plans and provide advice on mitigation effectiveness• Audits for OCC/FED/FDIC, PCI 27001-29100:2011, SOX, ISO and GLBA• Risk assessments and frameworks – NIST 800, CSA, PCI DSS, SOC 1/2 (TSC) Type I/II• Team Lead of risk assessment team• Review SOC, Nessus, SEIM, and other cybersecurity logs and dashboards• Ensuring all Security, Infrastructure projects are completed on time, within scope, and on budget• Engaging with and managing expectations of all stakeholders involved in projects

• Work closely with senior executives to Create, implement, and monitor security policies, procedures, and standards• Developed and maintained PCI, OFC, SOX, ISO and GLBA compliance strategies and processes• Security incident response• Manage primary and backup datacenter• Server/Network security• Managed information security team, infrastructure team, and Help Desk support, including contractors (Vendor staff augmentation contracting management).• Ensuring all Security, Infrastructure projects are completed on time, within scope, and on budget• Engaging with and managing expectations of all stakeholders involved in projects• Use of project management frameworks based on project needs (MS Project).• Overseeing the product from inception through development, launch, and eventual retirement.• Ensuring all projects and products align with the organization’s strategic goals.• Vendor/Third-party management• Oversee information security budget• Identify, classify and prioritize information security vulnerabilities and risks• Created and maintained security governance program• Passed all compliance audits (SOX, SOC2, PCI, GLBA, OCC)• Prepared and documented standard operating procedures and protocols for IT security• Successfully migrated all network\infrastructure\servers to a new datacenter• Developed and implemented vulnerability management process• Successfully reviewed/audited all vendor and third-party relationships saving the bank $50k per month in redundant and unused systems• Worked directly with FDIC and Federal Reserve during examinations for compliance and the FDIC takeover of the bank• Completed information security audits to measure compliance to standards as well as the level of vulnerability and protection throughout the enterprise • Completed Risk assessments of all third-party vendors and applications.• PowerShell scripting and automation• Development and implementation of the security awareness training program

• Responsible for the design, configuration, implementation and documentation of network and servers as well as Investigate and resolve all issues with network and serversResearch new threats to environment and mitigate if required• HIPPA Audits and assessments• Recommend technology based on business needs and goals• Created and presented yearly IT budget to stakeholders, including CEO• Hired a team of IT professionals and managed activities• Full network refresh with no downtime• Successful migration of servers to new OS• Designed and implemented net new Group Policy with focus on Security• Consistently managed information security activities with no downtime on 0 day viruses• Python, Perl Scripting and automation• Handling high visibility critical production technical issues, communicating with stakeholders in plain language, both verbal and written.

• Achieved 99% uptime of environment• Configured all Routers/Switches• Re-Architected the LAN/WAN• BCP testing• Migration to Win Servers• Designed and Implemented remote access• Build the company wide Intranet• Python, MySQL, PERL scripting

• Responsible for the design, configuration and implementation of network and servers as well as Investigate and resolve all issues with network and servers• Achieved 100% network and server uptime during business hours• Migration to Win ServersTechnical Contracting