Dedicated and accomplished risk management professional in the financial services industry with expertise in information security program development and management, operational risk governance, and regulatory compliance. A strong executive level leader with excellent interpersonal skills. Focused on implementing customer-focused strategic process initiatives, leveraging technology, improving profits and increasing shareholder value. Team builder focused on developing talent and
Dedicated and accomplished risk management professional in the financial services industry with expertise in information security program development and management, operational risk governance, and regulatory compliance. A strong executive level leader with excellent interpersonal skills. Focused on implementing customer-focused strategic process initiatives, leveraging technology, improving profits and increasing shareholder value. Team builder focused on developing talent and establishing effective business partnerships.
CISO @ From March 2012 to Present (3 years 10 months) Director Operational Risk / Information Security @ • Developed Operational Risk Program to include staffing, governance, policies, standards and methodology for Operational Risk. Established corporate Risk Control Self Assessment methodology, Event Management, and Loss Data Management reporting.
• Implemented corporate Risk Management system (GRC) to automate risk measurement, event handling, remediation tracking, physical security and inventory business processes, systems, and controls. Automation improvements utilized 25% fewer personnel and helped to achieve FFIEC and PCI compliance.
• Implemented the enterprise Regulatory Compliance Governance Framework in under three months, and ensured effective security operational controls for SOX and GLBA requirements.
• Responsible for overall sustainable compliance with multiple regulatory requirements and corporate policies. Integrated physical and logical information security requirements into IT Systems Life Cycle process.
• Responsible for PCI DSS risk assessment and compliance. Negotiated resources from all areas of the enterprise, including Internal Audit, Compliance, and IT.
• Reduced online fraud by 95% for retail & commercial online banking through process improvement, regional marketing and awareness campaign, improved security and token based authentication for high risk transactions.
• Established Business Continuity program to include staffing, policy, crisis management, business impact assessments, planning, and awareness. From December 2008 to March 2012 (3 years 4 months) Director Information Security @ • Authored the Enterprise Information Security Policy, sustained multiple regulatory requirements for FFIEC, GLBA, SOX, and PCI. Created and enacted physical and logical information security policies, standards, procedures and guidelines.
• Established GLBA and Information Security Risk Assessment methodology used to determine tactical and strategic security control objectives and investments.
• Established Vendor Due Diligence process to evaluate and monitor third party risk management effectiveness. Managed vendor relationships, ensuring on time and on budget delivery of contracted services.
• Developed and implemented the Access and Identity Management framework establishing role based automated access controls across the enterprise including customers, employees and external business partners.
• Instituted Security Awareness programs to all levels of management and staff.
• Created Security and Incident Response teams and procedures through process redesign, implementing improved detection, tracking and management controls. From September 2002 to December 2008 (6 years 4 months) Director Network Development @ • Conducted planning and due diligence for strategic IT investments. Directed and managed projects related to internal and external customer network design, implementation, and support activities. Provided overall budget management and staff evaluation.
• Designed and implemented Firewall, VPN, Anti-Virus, Remote Access, encryption, Internet proxy and email solutions.
• Management and performance of Network Security Assessments.
• Implemented centralized backup solution for all sites to provide customers with reliable file recovery, and contribute to corporate disaster recovery plan. From 1999 to 2002 (3 years) Columbus, Georgia Area
MBA, Finance @ Auburn University From 1991 to 1993 BS, Finance @ Auburn University From 1987 to 1991 Steven Jones is skilled in: Risk Management, COBIT, Sarbanes-Oxley Act, Risk Assessment, Network Security, Identity Management, Business Continuity Planning, Firewalls, GLBA, Leadership, IT Strategy, IT Audit, FFIEC, GRC, IAM
Looking for a different
Get an email address for anyone on LinkedIn with the ContactOut Chrome extension