Cybersecurity & IT Governance Consultant | Fractional Security Executive Focused on Risk, Privacy & Resilience

  • Anywhere

Request Expert / Similar Expert

Click “request expert” for a free initial screening call with this expert or a similar expert regarding your expert consulting needs

Summary

This Cybersecurity & IT Governance Consultant is an Information Technology Executive with experience in development, security, and privacy. Ten years’ experience at the VP/CISOLevel and over 30 years’ experience deploying and maintaining information solutions. Master’s in Computer & Electrical Engineering, Master’s in Administration (MBA), Graduate Certificate in Computer Security, Bachelor’s degree in Computer Science. Cybersecurity certifications include CISSP, CISM, CISA, CIPP/US, and others. This Cybersecurity & IT Governance Consultant is certified in frameworks including ISO42001(AI), ITIL (IT Governance), ISO27001 (Security), and others. Board Qualified Technology Expert (QTE) skilled ineffective communications of complex technical information to both technical, non-technical audiences, and reports to the board quarterly

Highlights

Relevant Accomplishments

  • Accountable for development, delivery and management protecting confidential information. Reporting to the Board Risk Committee and advise Executive leadership to drive security measures leveraging ISO 27001 Security, applying an ISO 31000 Risk based approach. Established data leakage protection(DLP)and secured communications protecting non-public information while meeting regulatory requirements, resulting in exceeding regulatory requirements for privacy controls.
  • Developed and implemented the company’s firstThird-Party Risk Management program ensuring vendors protect company and customer information. Partnered with Legal and Procurement to ensure unity of direction providing reduced information processing risk. Result: Exceeded regulatory requirements and met executive leadership risk appetite expectations.
  • Developed security catalog of services, metrics and measures that meet Board expectations. Result: The security program exceeds multi-state regulatory requirements. Independent verification demonstrates the security program meets a capability maturity model level 4 of 5.
  • Improved information privacy by enhancing security awareness and encryption. Leveraged automation to prevent leakage of customer information. Result: Increased user support to protect sensitive data while gaining over 98%compliance in meeting customer protection key performance indicators. Internet security surpasses industry peers by 11%.
  • Responsible for Information Security Policy development, awareness, and training. Security governance including SAP Security, Access Management, Data Protection, Threat Mitigation, Vulnerability Management and Change Management. Led global staff of 21 security professionals in UK, Argentina, Singapore, India, and Wisconsin. Provide governance and direction for more than 20 contractors, strategic suppliers and vendors supporting Security function.
  • Formed initial 7×24 Global IT Security Operations team leveraging internal contractors and service providers. Developed Security Incident Response Program. Result: Improved security event detection and incident response needed to protect company brand and mission critical business systems supporting the global enterprise.
  • Exceeded industry best practices in Identity and Access Management Program by reducing onboarding time from multiple days consistently to next business day service delivery. Result: 99.9% of new employees and contractors receive onboarding foundation services within one business day. Greatly improved business leader service satisfaction while enabling new members of the company to be functional on their first day in the office.
  • Deployed 7×24 Vulnerability Assessment & Threat Response program. Result: Improved brand protection by identifying security and quality shortcomings in externally hosted business systems. Drove security remediation and threat reduction in over 100 brand promoting web sites. Result: Reduced time to detect information security events by 80%. Integrated incident response with intelligence services to trace events to threat actors. Improved overall security posture by 83%. Identified risk and drove remediation of SAP security by reducing risk profile by 20%.
  • Responsibilities included policy development, security assurance testing, ensuring governance of internal information controls and customer-facing business systems. Led staff of 21 security professionals located in China, Slovakia, and Wisconsin.
  • Directed company’s first ISO27001 governance program that met customer requirements, developed policies, governance practices and assurance testing by IT Security analysts. Result: Passed 100% of customer security audits on first inspection.
  • Formulated Advanced Persistent Threat (APT) defense program to prevent data loss via next generation information theft techniques. Result: Identified and neutralized unauthorized attempts to extract data from company business systems.
  • Conform with internal and external auditors and regulatory requirements, including Sarbanes Oxley (SOX), Privacy, Payment Card Industry (PCI), and Health Insurance Portability Accountability Act (HIPAA) through development of a risk management program. Result: Improved investor confidence in quarterly and annual fiscal reports.
  • Established an enterprise-wide Vulnerability Management program which verified system control effectiveness in configuration and patch management of key business systems. Result: Improved system stability in over 200 mission critical UNIX computers.
  • Information protection process owner interfacing with Federal, State, and customer auditors to demonstrate compliance with applicable regulations. Directed staff of 10 policy and information assurance professionals.
  • Led enterprise risk identification and resolution process to align IT practice with enterprise business risk tolerance. Result: Achieved 80% reduction in risk portfolio backlog that freed capital and allowed additional funding for business program investments.
  • Co-Chaired IT/Business partnership to identify workplace operational efficiencies. Result: Reduced office footprint and generated savings of $10,000,000.
  • Established Network Risk Control program to protect against data leakage and secure customer data in threat-rich environment. Result: Realized no losses due to external threats.
  • Coordinated company’s first Emergency Communication program. Result: Enabled CIO to communicate with IT staff during emergencies and improved response time.
  • IT infrastructure design and operations of global data centers, networks, VoIP, servers, and ERP support. Led staff of over 140.
  • Established global Information Technology Infrastructure Library (ITIL) support model providing IT Operations services. Result: Achieved 99.99% up-time of business systems.
  • Developed Centers of Excellence in Poland and China to support EMEA and Asia regions. Result: Maintained service support, improved response times, and reduced labor costs by 25%.
  • Developed mobile business office for medium and small sites and implemented connectivity solution. Result: Improved support and allowed sales to close customer contracts during conference settings.
  • Produced program to establish portable, prefabricated Internet commerce systems deployed in Korea and Hong Kong. Result: Reduced time to deliver business Internet services by 8 weeks and improved customer performance by 20%.
  • Directed a team of 4 security engineers to provide data protection and business solutions allowing secure connectivity to vendors and customers.
  • Directed remote office network solution for construction engineering sites utilizing secured satellite communications. Result: Reduced information transaction time from days to seconds.
  • Authored process for conducting forensic review of computers that supported Legal department’s Litigation Hold program. Result: Reduced forensic data collection and discovery time by 50% and minimized litigation.
  • Designed secure email practice protecting business messages between company and vendors. Result: Maintained secure communication for supplier contract negotiations including Merger and Acquisition planning and other sensitive business communications.
  • Designed and deployed the company’s first ecommerce environment. Team leader of 4 networking engineers.
  • Envisioned and deployed the company’s first commercial Internet presence. Result: Opened new channel to market for customers, vendors, and distributors to shop, exchange, and purchase products.
  • Directed company security awareness briefings for employees and Deere community. Result: Served as company spokesperson on Internet security speech to State of Iowa Senate Subcommittee on e-commerce.
  • Responsible for testing and ensuring interoperability with competitive products.
  • Held multiple command level positions in Iowa National Guard, Overseas Active Duty, and Reserves including Protocol Officer, Company Commander, and Base Senior Communications Officer while serving in Iraq. Twice awarded the Meritorious Service Medal (MSM).

Roles

  • Team Leader
  • Manager
  • Director
  • Vice President
  • Security Officer

Request Expert / Similar Expert

Click “request expert” for a free initial screening call with this expert or a similar expert regarding your expert consulting needs

To apply for this job email your details to haleymmagnani@gmail.com