(Reason for leaving: firm has made a strategic decision to relocate department to Boston, which presents a challenge for me due to my responsibilities caring for an elderly parent on weekends and other family obligations locally, relocating is not feasible for me currently.)

• Develop and maintain enterprise information security program, incident response process, and identity access policies to ensure compliance.
• Manage information security staff, delivered security training, monitored threats, and communicated risks to executive team.
• Lead security testing including penetration testing, phishing campaigns, and tabletop exercises; reported findings to implement recommendations.
• Review and approve information security policies, procedures, controls, and staff/vendor compliance measures.
• Perform risk assessments to develop bank's cybersecurity risk appetite and established key risk indicators (KRIs) for reporting.
• Brief ERM Committee quarterly on security program status.

• Manage cybersecurity risk, information security program, and regulatory compliance with FINRA and SEC.
• Oversee XDR cyber intelligence platforms, SOC operations, and network security enhancements.
• Report on monthly Key Risk Indicators (KRI) metrics for patch management and cybersecurity matters.
• Conduct penetration testing, vulnerability assessments, and identity access management (IAM).
• Implement vendor management controls and upgrade security policies.

• Managed cybersecurity risk, information security program, GLBA compliance, and regulatory matters with FDIC and NYSDFS.
• Oversaw EDR, XDR, and MDR cyber intelligence platforms, SOC operations, and network security enhancements.
• Reported on monthly KRI metrics for patch management, cybersecurity, and information security to Enterprise Risk Committee and Board.
• Conducted penetration testing, vulnerability assessments, phishing campaigns, and security awareness training (KnowBe4).

• Provided oversight to IT from an information security and cybersecurity perspective.
• Mitigated audit findings, implemented security controls, policies, and procedures.
• Established information security strategy aligned with bank's goals and objectives.
• Reported monthly KRI metrics for NYDFS Cybersecurity Regulation (23 NYCRR 500) to Risk Committee.
• Managed information security program, ensuring confidentiality, integrity, and availability of information assets.
• Conducted application entitlement reviews, patch management, firewall reviews, and change control.
• Implemented security awareness program, penetration testing, phishing campaigns, and risk control self-assessments (RCSA).
• Performed access control reviews, PCI/PII data scans, and SSAE18 (SOC) vendor compliance reviews.
• Oversaw new system initiatives, vendor selection, proof-of-concept (POC), and implementations.

• Managed cybersecurity/information security program, IT infrastructure, information risk, and data confidentiality, integrity, and availability.
• Maintained security and confidentiality of customer information per legal and regulatory requirements.
• Managed NYSDFS, GLBA, and IT audits, including penetration testing, vulnerability assessments, and IT general controls.
• Worked closely with NYSDFS and FDIC audit regulators, mitigating findings and recommendations.
• Established information security strategy aligned with bank's goals and objectives.
• Streamlined processes with Bank Secrecy Act Department for fraud detection and case management.
• Managed information security program, ensuring confidentiality, integrity, and availability of information assets.
• Implemented security awareness program, including newsletters, phishing exercises, and end-user education.
• Designed and managed enterprise LAN/WAN refresh, firewall implementation, patch management.

• Managed information risk, information security program, and data confidentiality, integrity, and availability.
• Maintained security and confidentiality of customer information per legal and regulatory requirements.
• Managed SOX, GLBA, FFIEC, and internal IT security audits.
• Managed information security program, ensuring confidentiality, integrity, and availability of information assets.
• Deployed data loss prevention program with Marble Security and Trusteer Rapport.
• Implemented security awareness program, including newsletters, phishing exercises, and end-user education.
• Performed non-public information network scans for GLBA compliance.
• Identified and evaluated risks, assessed critical functions, and evaluated control costs.
• Conducted event monitoring, rogue detection, and encryption email system monitoring.

• Directed activities of 6 technical staff, including data backups and virus protection for 1500+ endpoints and 75 file servers.
• Made decisions on equipment, vendor selections, proposals, and negotiations.
• Managed network security testing and disaster recovery.
• Liaised with Fidelity regarding system changes, upgrades, troubleshooting, and implementations.
• Managed SOX, GLBA, FFIEC, and internal IT audits.
• Oversaw new branch site builds, computer equipment rollouts, communication connections, and ATMs.
• Spearheaded acquisitions, technology initiatives, and legacy system conversions.
• Authored computer policies and procedures for internal and external network systems.
• Implemented Technology Steering Committee for new system initiatives and business unit guidelines.
• Collaborated on branch expansion and acquisition integration.
• Created Business Banking, Internet Banking, and Commercial Bank initiatives.
• Project managed ERP system implementation