Bachelor of Science, Network and Communications Management @
Results oriented IT Executive with over 10 years of experience in a wide variety of IT security, assurance, compliance, and consulting engagements. Demonstrated experience in capitalizing on emerging technologies and building long-term relationships with all levels of organizations. Currently responsible for protecting Citigroup's information assets by ensuring security solutions are appropriately used in the environment, identifying areas
Results oriented IT Executive with over 10 years of experience in a wide variety of IT security, assurance, compliance, and consulting engagements. Demonstrated experience in capitalizing on emerging technologies and building long-term relationships with all levels of organizations. Currently responsible for protecting Citigroup's information assets by ensuring security solutions are appropriately used in the environment, identifying areas of risk and creating solutions or controls to mitigate risk. My experience includes Enterprise Risk Management (ERM), Third Party Vendor Security Assessments, IT Audits, Relationship Management and Management of Internal Controls over Financial Reporting.
Previously, I have successfully led multiple IT risk, security and compliance projects on clients that include American Express, IAC Search and Media, HSN, Citysearch, Ticketmaster, Match.com and Lending Tree. My past colleagues know me to be very personable and describe me as a team player that is focused on project completion and is always willing to help solve complex business problems.
• Achieved 100% PCI security compliance by developing and implementing enterprise-wide IT controls using COBIT, ISO 2700x and ITIL, 2014
• Preformed PCI Third Party Vendor Risk Assessment that uncovered critical gaps and expired security exceptions ensuring compliance with IS Standards, 2014
• Performed review various agreed upon procedures (AUP), officially quantifying 46 process improvements and returning estimated savings of $220k per year, 2013
• Achieved 20% growth in 1st year with previously undeveloped territory focusing on compliance, security assessments and consulting, 2005
Specialties: Regulatory OCC, SOX, GLBA, HIPAA, PCI DSS, and Dodd-Frank: Frameworks Include: ISO27001 – ISO27005, COSO, ITIL, CobIT 4.1-5, NIST 800-37 800-30, and 800-53
Vice President - Third Party Risk Management @ My role is to assess security and support regulatory oversight of Citigroup’s Third Party Vendors and Suppliers. This includes the identification, assessment, management, and monitoring of vendor risks across the company. From September 2014 to Present (1 year 4 months) Tampa/St. Petersburg, Florida AreaIT Risk & Information Security Manager | PCI Internal Security Assessor (PCI-ISA) @ Certified PCI-ISA responsible for protecting Amex information assets, identifying areas of risk and creating solutions or controls to mitigate risk.
● Conduct detailed review of all 12 PCI DSS control elements covering Wired/Wireless Networks, Security policies/procedures, Firewall, Access Controls, Security Awareness Programs, Vulnerability and Penetration Testing.
● Perform 3rd Party on-site & remote security assessments using established IT risk frameworks to ensure compliance with the American Express Information Security Standards.
● Manage network vulnerabilities through the use of Nessus scans, tailored reports, and improved ticketing system
● Initiated security code reviews for OWASP top 10 vulnerabilities such as SQL Injection, Cross Site Scripting, etc
● Experience working with FireMon for PCI firewall audits & reporting for Cisco & Checkpoint policy.
● Conduct internal security assessment on any system which stores, processes or transmits cardholder data.
● Perform security control/architecture reviews via Process Risk Self-Assessment (PRSA) that includes Network, Batch, ACH transaction, Agile SDLC testing, change management and general security.
● Understand of trending & monitoring tools (System Center, Solarwinds Orion, Red Hat Satellite).
● Coordinate evidence, test procedures and clarify control intent to ensure a successful PCI ROC.
● Track changes made to cardholder data environment (CDE) to maintain certification validity.
● Responsible for managing the PCI DSS assessments in conjunction with the external assessor (QSA)
● Created Risk Control Matrix (DP RCM) of structured and unstructured data to meet GLBA and PCI requirements.
● Identify & analyze potential vendors and/or software that will improve internal development and security.
● Partner with Business Owners, Technical Owners, and Senior Management globally to prepare remediation plans to limit impact and secure a compliant environment From June 2012 to September 2014 (2 years 4 months) Tampa/St. Petersburg, Florida AreaIT Risk & Compliance Manager | PCI Internal Security Assessor @ Identified and evaluated complex business and technology risks, internal controls to mitigate risks, and the discovered opportunities for internal control improvement
● Interfaced with all business partners to understand how systems are used in order to assess whether systems should be included within the scope of the various compliance standards (SOX 404, HIPAA, PCI DSS, etc.)
● Identified & analyzed potential vendors and/or software that will improve internal development and security
● Completed annual PCI Self-Assessment Questionnaire (SAQ) for HSNI level two tiered brands to ensure compliance.
● Ensured patch and vulnerability management is appropriately followed and completed in a timely manner.
● Documented and reviewed IT risk acceptance forms and compensating controls as needed.
● Periodically tested change control process and ensure that all IT related changes are authorized, classified, tested, and deployed into production with minimal impact.
● Assisted in the development and implementation of IT-related policy at both the organizational and business levels.
● Applied strong knowledge of IT governance frameworks (COBIT, IS0 27001, ITILv3) to develop and implement governance models and processes for managing IT.
● Performed risk management by analyzing both the business impact and risk of an engagement with third-party vendors by using risk assessment methods (Business Risk, Regulatory Impact, Customer / Confidential Information).
● Regularly interacted with IT management to convey findings identified through walkthroughs and testing, assess the risk and impact of deficiencies, and make recommendations for remediation and process improvements.
● Experience with following security, compliance and security tools - Modulo GRC, Symantec DLP / Endpoint, RSA envision, Tripwire, TUFIN , IPS, Qualys , Imperva WAF, Nessus vulnerability scanner. From July 2008 to June 2012 (4 years) Senior IT Auditor | InfoSec, Risk & Compliance @ Delegated and performed multiple assessment work streams across the IAC family of companies which include Home Shopping Network, Ticketmaster, Ask.com, Match.com, LendingTree, etc
● Managed SOX implementation, testing, and monitoring control activities across multiple business units.
● Performed gap analyses along with technical assessments establish controls for achieving PCI compliance.
● Created and managed remediation plans to address identified deficiencies in a timely manner.
● Performed technical pre-QSA assessment checks including scoping and vulnerability management.
● Executed Sarbanes Oxley Section 404 Controls Assessment, testing and reviews using CoBIT.
● Substantively performed Business Continuity and Disaster Recovery planning with all businesses.
● Conducted several IT general control audits which included:
▪ Platforms: Cisco, Checkpoint, PeopleSoft, Windows, UNIX, Linux, Oracle
▪ Types: Info Security, Change Control and Operations.
● Performed datacenter walkthroughs and assessments.
● Reviewed and designed testing steps to verify controls and policy documents.
● Documented all engagements, produce reports and conduct meetings with senior management.
● Reported creations and uploads using Teammate audit management system and OpenPages FCM. From August 2006 to August 2008 (2 years 1 month) Greater New York City AreaTechnology Risk | IT Security Consultant II @ ● Grow the business by recognizing up-sells, identifying new clients and management of existing client relationships.
● Lead technical, multi-phased IT security assessments for clients to identify system and network level vulnerabilities.
● Responsible for reviewing black and white box penetration testing, including target reconnaissance, vulnerability scanning, exploitation, remediation and reporting.
● Discovered internal business/IT process issues, conducted interviews & analyzed data for clients.
● Responsible for various remediation activities including the development of information security policies and procedures coupled with policy integration into technical security configuration standards for numerous platforms
● Responsible for performing network device configuration audits and overall network architecture reviews, including remediation and implementation efforts.
● Performed risk based assessments on various clients by determining if IT controls were designed to meet objectives and were operating effectively.
● Assisted the senior staff in general computer control audits by analyzing and testing controls relating to change management, security administration and computer operations.
● Delivered recommendations to improve ineffective manual and system based controls and identified control exceptions and weaknesses.
● Verified all processes being tested, gathered supporting documentation from the client, performed the testing and reviewed final deliverable. From March 2005 to July 2006 (1 year 5 months) Greater New York City AreaSales Engineer | Account Executive @ • Established and managed a portfolio of 30 merchants averaging over $750K in annual sales.
• Created and executed regional outbound call campaigns to position complex IT Security solutions.
• Sold complex SSL encryption and Client Authentication (ePKI) solutions into assigned territory.
• Scheduled appointments for onsite and web based meetings with C-Level Executives.
• Achieved 20% growth in 1st year with previously undeveloped territory.
• Effectively used Salesforce.com to manage sales, activities and lead assignment. From April 2004 to March 2005 (1 year) Greater New York City Area
Rutgers, The State University of New Jersey-New Brunswick From 2001 to 2005 Bachelor of Science, Network and Communications Management @ DeVry University From 2000 to 2004 Jeremy CISA is skilled in: Business Development, SOX 404, Entrepreneurship, Sarbanes-Oxley Act, IT Audit, Internal Audit, Security, Risk Management, Business Continuity, Governance, CISA, Disaster Recovery, Risk Assessment, Internal Controls, Information Security
Looking for a different
Get an email address for anyone on LinkedIn with the ContactOut Chrome extension