MICHAEL D. MOLINARO

MS, MBA, CGEIT, ITIL, CISSP, C CISO, CISM, CRISC

Primary Residence - 1276 Saint Georges Avenue, Rahway, NJ 07065 Secondary Residence - 8627 Fancy Finch Drive, Unit 201, Tampa, FL 33614 973-***-**** ac850r@r.postjobfree.com ac850r@r.postjobfree.com CHIEF INFORMATION OFFICER / CHIEF INFORMATION SECURITY OFFICER / CHIEF TECHNOLOGY OFFICER Transformative and visionary Information Technology executive with 34+ years of leadership success combined with in- depth and diverse technical expertise. Sought-after speaker at regional and national events, presenting innovative insights in IT, security, risk, compliance, cyber-defense, leadership, service delivery, business process integration and fraud.

Distinction of successfully defending a public national event(s), the Republican National Convention (RNC) in Tampa, deploying a suite of Cybersecurity tools and coordinating with 140+ federal, state, and local law enforcement, military, Homeland Security, FBI and Secret Service.

Talent for building and transforming IT Departments, Enterprise Security and GRC programs from the ground up. Specialize in integrating security, risk, compliance, and governance controls into IT operational and business processes. Proven leader who effectively works with Board of Directors and senior management, presenting IT, Security, Compliance needs and strategic plans. Have gained approval and delivered on many multi-million dollar projects and budgets over $75+ million. Experience managing over 250+ projects, up to 450+ staff and global teams. QUALIFICATIONS

Executive IT Leadership

Security and Risk Management

Cyber Defense Strategy, Engineering & Operations

IT Strategy, Planning & Governance Integration

IT Service Management & Vendor Management

IT Program/Project Management

IT and Security Budgets and CapEx Planning

Regulatory Compliance (PCI, SOX, HIPAA, GDPR, ABA, China CS, OFAC, FinCEN, FISMA, FDA 21 CFR 11, USA Patriot Act – BSA & SIP)

Business Process Management (BPM) & Dev/Ops

Technology Investment Optimization (Retail)

Enterprise Architecture Planning, ERP, CPOE/Med-OE

Telecommunications and Network Infrastructure

PROFESSIONAL EXPERIENCE

CLEAR CONSULTING GROUP, LLC OCT 2017 TO PRESENT

(C-Level Executive Advisors on Risk)

Chief Technology & Security Officer, Executive Consultant and Subject Matter Expert on IT, Cloud, Risk, Security and Compliance. Our consulting company currently provides the following services:

Interim or On-call CIO & CISO Services

Build or Transform IT Operations and Service Centers of Excellence

Build or Transform IT Operational Security / Cybersecurity, Risk & Compliance Programs

IT Risk Assessments for Security, HIPAA, PCI, GDPR, FDA, FinCEN, OFAC, China CS, GDPR, FISMA and SOX requirements

PCI Readiness Assessments and Consulting Services e.g. Vendor Mgmt, Vulnerability Mgmt, Scope Reduction, Policies, Procedures, and Build Standards, Security Awareness Training, etc.

IT & Business Process Analysis and Management Automation

ITIL v3 Services from Single to Full IT Service Lifecycle implementations and OSS/BSS integration

M & A Operational Risk Assessments and Intelligence Services

Project focused or Interim SME Support in IT Security, Risk, and Compliance

IT Security, Risk, Compliance and Fraud Lectures and Training

Build or Transform PMO, Project and Program Management Previous and Current CLEAR Consulting engagements: 1.) Global Insurance Company, NJ

a. Developed management risk ratings, risk automation and selection criteria for a global Human Capital Management Cloud SaaS vendor selection and migration

b. Developed an extensible standardized risk score for Vendor Governance that can be automated in software such as Archer or a BPM with status and Big Data analysis dashboards c. GDPR alignment and GAP findings for existing security and compliance standards and regulations at the organization d. Detailed and thorough Cloud/Managed Service Provider Technical and Operational Risk and Security Requirements and Standards

2.) Large Diagnostic Laboratory, NJ

a. HIPAA Security and Privacy Risk Assessment

b. HIPAA Data Breach Notification Responsibility Assessment c. Policies and Procedures Development

d. GDPR expectations regarding their clients, systems and services to include a GDPR GAP review. e. Access and develop plans for a full service PMO deployment. 3.) Healthcare Performing Provider System, NY

a. HIPAA Security Risk Assessment

b. Project Manager for risk assessment of the Data Warehouse, remediation and report of MAP to NYDOH c. vCIO & CISO

4.) Largest Broadway/Theater Retail Ticketing Company, NY/NJ (2018 and 2019 ROC’s) a. PCI DSS v3.2 Readiness Assessment and SME support for ROC b. PCI Risk Assessment and remediation

c. Security Incident Management Plan and Security Training development d. Policies and Procedures development (all IT Policies) e. SDLC, Network and Security Management planning and implementation f. Security & Compliance Training (material and class work) g. vCISO

5.) YMCA organization, Northeast Region

a. Data Warehouse information, Security and Compliance architecture and design b. DWaaS IT, Risk and Security Functional Requirements development c. DWaaS Policies and Procedures development

d. DWaaS and general Cloud Security deployment including GDPR controls e. Master Data Management standards and review

6.) Largest Healthcare Cooperative/Alliance, DC/NJ (Fortune 100 Companies, Global/US) a. Assess Datawarehouse Operations, Security and Controls (full lifecycle) b. Conduct Independent Data/Security Incident Evaluation and Broad/Residual Risk Incident Investigation c. Recommendations to improve Technical and Operations Practices to resolve findings of Cloud Provider for the Alliance d. Conduct HIPAA 4 Factor Post Event Assessment

7.) Virtual CIO and CISO for several medium and small companies BIOREFERENCE LABORATORIES, INC. (ACQUIRED BY OPKO HEALTH), ELMWOOD PARK, NJ NOV 2014 TO OCT 2017 Third largest, $1.5+ Billion, global medical and genetic diagnostic and medical retail company in North America VP, Information Systems & CISO:

Integral member of the executive management team in the development of corporate IT Strategy, Security/Risk Management, and Compliance.

Facilitated the continuance of major growth by aligning and integrating technology and security objectives with business goals.

Implemented Enterprise and IT Risk Management to identify and minimize operational liability.

Development of a GDPR GAP program and deployment of governance metrics and implementation of manual, automated and hybrid controls across business lines systems, software and processes.

Assessed and proposed strategic reports and budgets at the Board and executive level.

Implemented Business Process Management (BPM) automation and applications solutions for various business lines (IT, diagnostics, medical, risk, sales, compliance and Security processes to leverage cloud applications and the speed of services to market/business, including automation of change management, release management, test management, SDLC, Compliance, Cyber-security, reporting, business intelligence and others)

Optimization evaluations and remediation for patient order systems and integration and tracking of ERP, billing and other cloud services systems.

Managed an IT Risk, Governance, Security, PMO, eDiscovery and Service Management Design staff with CAPEX/OPEX budget of $6+ Million.

Establish risk, security, compliance and IT operating standards and assurance for EHR and LIS data and development to include but not limited to Master Data Management, Imaging, Middleware (MQ Series and others), QDIB, Data Migration and diagnostic instrumentation interface.

Assurance operations ensuring risk, security and compliance controls for FDA CFR 21 and HIPAA controls that are fully validated.

Developed corporate policies and procedures for Enterprise IT, Risk and Security.

As a large global medical diagnostic retail company (level 2 merchant moving to Level 1), developed assessments and practice for PCI, HIPAA, GDPR & SOX compliance, followed by multi-year effort for remediation of large compliance and cyber-security gaps

Built the Enterprise Security, Risk, and Governance department and its programs that enabled HIPAA, PCI, GDPR and SOX compliance.

Architected secure and compliant Cloud solutions; Amazon Cloud Services (AWS) and Armor/Rackspace MSP’s.

Advised senior executive management on improving and implementing systems and practices for the deployment and improvement of service management, application development, data management-protection, and compliance by “baking” risk and security into processes and the corporate culture.

Built the Global ISOC, security and fraud incident management practice, liaising with critical infrastructure and law enforcement.

Assisted in the development of automated process, assurance controls and design of various imaging, reporting, middleware, migration/conversion and instrument interface systems.

Developed standards for data classification and deployment of SDLC controls and tracking for the Master Data Management (MDM), Master Validation Plan (MVP), Installation Qualification (IQ) and Performance Qualification (PQ) practices and systems as well as Variant Classification and Workflow build out and configuration

BRIGHT HOUSE NETWORKS, (ACQUIRED BY CHARTER COMMUNICATIONS), TAMPA, FL 2012 TO 2015 Bright House Networks was a +$4 Bil company that was the 6thlargest cable, telecommunications/ISP in the US (20th globally), serving 5+ Mil residential and business customers domestically and internationally. VP, Enterprise IT (CIO) and CISO:

Integral member of executive leadership team and managed a $75+ million annual IT and global Security budget.

Led an operational staff of 200+ staff with 7 direct reports. (staffing for events scaled regularly to 450+)

As VP, IT/CIO, transformed and led enterprise IT operations, service delivery, and technology support teams.

Redesigned and consolidated IT organization (from 12 separate depts.) with effective reporting structure, roles, people, tools and job descriptions that centered around customer service.

OSS/BSS systems integrations, using tools such as Netcool, CloudWatch, GIT, Serena BPM, etc...

As CISO, built from ground up and led enterprise and IT, Risk, Governance, Security and Compliance Department, IT subordinate divisions and their programs.

Developed Global IT ANOC and Security Fusion Center (ISOC) for external and internal customers to handle approx. 350,000 IT service requests and 1,500 security incidents annually. (Coordinated with ISOC efforts with the DHS, FDLE, FBI and liaison with NASA, DOD, Centcom and Socom)

Developed Data Forensic program to accommodate criminal, civil and government (national defense) subpoenas and FISA/Wire-tap orders which led to the apprehension of persons allegedly involved in terrorism, organized crime, money laundering, child exploitation, human trafficking and credit card/financial fraud.

Implemented automated audit processes to manage GDPR, HIPAA, PCI and SOX based audits.

Pioneered a corporate-wide PCI Compliance Program (Level 1 merchant with 15 Mil transactions annually), which included hiring ISAs, developing and remediating security, policies/procedures/standards, GRC tools, etc.

Successfully defended the 2012 RNC in Tampa, cyber support for the DNC, which BHN was the telecommunications and ISP:

– Implemented full cyber-defense solution and Communication Fusion Center in just 20 weeks.

– Managed a combined total of 450+ management, technical staff and consultants for 7 months.

– Successfully thwarted cyber-attacks, primarily from hacktivists and nascent states, during 6-day convention.

– Liaised with 140+ local, state and federal law enforcement and government agencies including US Secret Service, FBI, DoD, DHS, FDLE, and US Armed Forces.

Pioneered multiple IT/Security MSSP (Managed Security Service Provider) services to BHN business customers that generated $500,000 in revenue in its first year. (Virtualized based Cloud Services and Support).

Provided cybersecurity and IT services expertise to global events such as the World Cup Committee, NATO World Summit, Bollywood convention, and other national public events.

Assessed and deployed new data warehouse systems and software.

Executive team member of committee overseeing deployment of ERP and billing systems (Oracle and Cloud).

Integrated Business Process Management (BPM) platform for high speed low code IT Dev/Ops (IT software development), which slashed application and hardware deployment time by 75%. AEGIS INSURANCE SERVICES, INC., EAST RUTHERFORD, NJ 2007 TO 2011

$2.5+ billion global insurance and financial services company. Information & Security Officer (VP)

Advisor to EVP-CIO, CEO and other senior managers on IT and security strategies and technology innovation.

Established Enterprise Security Office with IT Security, Risk, Compliance, and Governance programs.

Implemented formal IT Service Management (ITSM) with Dev/Ops, Project Management Office (PMO), and Change/Release programs, facilitating organization to achieve close to 100% on-time delivery rates.

Project portfolio included security, risk, compliance and governance, data center facilities, infrastructure, data management, holding expenses to as much as 15% under budget.

Presented IT assessments and strategy plans to the Board, gaining approval on multi-million $ initiatives.

Integrated BPM low code software to deliver key components of ITIL Delivery Management and Enterprise Software deployment (Change/Release/Test/Service/Security Management Automation), greatly reducing IT delivery gaps and increasing customer service and operational capabilities.

Administered a $20 Million+ annual budget, delivering projects that were up to 15% below budget.

Established COSO, CobiT and NIST controls for all audit and operational practices within IT. (Safe Harbor, GLBA, SOX, NERC and PCI)

Drove audit remediation, enabling IT organization to go from consistent Fail to Pass in just 1 year.

Increased IT’s CMMi and ITIL maturity ratings in service and security management from 1.8 to 3.5 in 30 months. GROUND TRAVEL TECHNOLOGY TEAM, INC., (ACQUIRED BY FIDELITY & BOSTON COACH), HACKENSACK, NJ 2005 TO 2007

$25+ million cloud-based SaaS startup company that specialized in automation technology for the ground transportation and travel industry. Was acquired by Fidelity/ Boston Coach. VP of IT, Operations, Security & Compliance

Operationally transformed start-up with failed launches and revenue loss to a successful multi-Mil$ company

An integral member of executive leadership, recovered $1.6 million lost from previous leadership and product issues.

Led all technology and services/product delivery teams (70+ staff) serving customers world-wide.

Fortune 50 clients included Pfizer, GlaxoSmithKline, Lehman Brothers, JPMorgan Chase, and MetLife.

Realigned business-critical software systems and redesigned IT and business processes (SDLC, PMBOK, and ITIL) to increase efficiency and eliminate delivery gaps that used to be up to 60%.

Built and embedded Security and Compliance practice into IT Operations, SDLC, and customer products/services

Key in recovering multi-Mil$ GlaxoSmithKline client with technological and service improvements. (from loss to profit)

Built application security services (Cloud/SaaS) as additional revenue stream in the MSSP market.

Built a world-class SSAE16 certified facility ($4+ million revenue) and call center ($5+ million revenue).

Contributed to design team for wireless GPS in-car product. Led partner negotiations and defined systems criteria with Cingular and other carriers.

Established one of the first credit card and cellular software systems for taxi/cabs and ground car transportation. CHRISTIAN HEALTH CARE CENTER, WYCKOFF, NJ 1996 to 2005

$100 million regional long-term and psychiatric acute care organization Director of Information Technology & Information Security Officer

Built the IT Department from the ground up, enabling organization to quadruple in size/revenue.

Managed all technology, hardware, software, and IT services with $8+ Mil annual budget and staff of twelve.

Established IT, Security, Risk, Compliance, Project Management, and Software Development programs.

Directed multi-year initiative to achieve HIPAA, PCI and SOX based financial compliance, putting the organization in forefront of New Jersey healthcare compliance.

HIPAA compliance subject matter expert ensuring privacy is effectively enforced with security regarding ePHI/PHI, software, systems and processes contribute to full validatable HIPAA compliance by March 2005 deadline.

Liaised with Executive Management, to ensure IT’s ROI and strategic impact to the business

Installed clinical and IT solutions to automate many manual functions in finance and clinical areas of operations.

Oversaw large regional data network with 15,000-station telecommunications system (PBX). This system was leveraged as a revenue generating system as a managed PBX service to other organizations.

Designed and implemented all network systems and integrations with all Application Service Providers. EDUCATION

MBA (focus in IT & Cybersecurity) (4.0 GPA – Phi Kappa Phi) Florida Institute of Technology MS in Information Technology & Cybersecurity (4.0 GPA – Phi Kappa Phi) Florida Institute of Technology BS, Electronic Engineering Technology (focus in software and process automation) Thomas Edison State University ACTIVE CERTIFICATIONS

C CISO (Certified Chief Information Security Officer, EC-Counsel) EC Council CISM (Certified Information Security Manager) ISACA CRISC (Certified in Risk & Information Systems Controls) ISACA CGEIT (Certified in the Governance of Enterprise IT) ISACA CISSP (Certified Information Systems Security Professional) (ISC)2 ITILv3 Foundations (Information Technology Infrastructure Library version 3) OGC MILITARY SERVICE

United States Army - Active (4 years), Honorable Discharge New Jersey Army National Guard (4 years), Honorable Discharge Highest Clearance Achieved: Top Secret, Special Background Intelligence (TS-SBI ended 1990 & Secret ended 1994) ACCOLADES AND AWARDS

2017 Phi Kappa Phi induction – Florida Institute of Technology - 4.0 GPA – MBA degree 2016 Nominated “CISO of the Year” – EC Council – Runner-Up Awardee 2015 Phi Kappa Phi induction – Florida Institute of Technology - 4.0 GPA – MS degree 2014 Nominated “CIO of the Year” – Tampa Bay Technology Forum – withdrew due to relocation to New Jersey 2014 Nominated “CISO of the Year” – EC Council – Runner-Up Awardee 1987 Distinguished Graduate – US Army Signal Corp. School – Radio, Computers and SecOps Systems – Fort Gordon EXAMPLE OF RECENT SPEAKING ENGAGEMENTS, PANELS AND PUBLICATIONS

• https://cisohealthcaresummit.com/governing_board

• Executive Panelist, A Global Perspective: Managing Risk and Navigating Today’s International Economy, CyberConnect2017, New York City, November 7, 2017

• Subject Matter Expert Speaker/Presenter, CyberConnect2017, New York City, November 6, 2017, “Building a Risk and Security Program in Any Organization,”

https://www.cyberconnect2017.com/agenda?ls=social&utm_campaign=NA_Groups- Mgr_Conferences&utm_content=101117%7Ccyberconnect2017%7Cv2%7CNA_Groups- Mgr_Conferences&utm_medium=cpc&utm_source=linkedin

• Security Current CISO Spotlight, https://securitycurrent.com/michael-molinaro/ - October 2017

• Security Current Webinar, Put a Fence Around Your Linux User Privileges, host and executive presenter, Michael D. Molinaro, Chief Information Security Officer & Vice President-Information Systems BioReference Laboratories Inc., Thursday, May 25, 2017 at 1pm EDT, https://info.beyondtrust.com/052517webinar.html

• Executive Subject Matter Expert Speaker/Presenter, “Building all of IT Operations on Business Process Management” Software and ITIL practices to Reduce the IT Delivery Gap,” CIO Forum, Miami, Fl., May 21-23, 2017

• Security Shark Tank Shark, RSA World Conference, San Francisco, Ca., February 13, 2017, http://www.securitysharktank.com/

• Executive Subject Matter Expert Speaker/Presenter, Life Sciences Tech Summit, “Building a Risk and Security Program in any Size

Organization,” New Orleans, La., January 30, 2017, http://events.q1productions.com/tech-summit/

• Technology and Security Workshop Moderator, Evanta CIO & CISO Solutions, NYC, November 16, 2016

• Executive Subject Matter Expert Speaker/Presenter, Integrating Security and Risk Management into the Corporate IT Architecture, ”The Harvard Club of New York City, November 3, 2016

• Executive Panelist, Argyle Forum CIO/CISO Summit, “Keeping Up with the Evolution of Mobile Attacks” http://www.argyleforum.com/Events/2016-Chief-Information-Security-Officer-(CISO)-Leadership-Forum:-Fall-Event-

-New-York, New York City, NY, October 20, 2016

• Executive Panelist, Enterprise Mobility-Cloud-Security Exchange, Defining Risk, Interactive executive panel to provide insights and thought leadership on organizational culture, design and managing incidents affecting the mobile corporate user, October 12, 2016, Miami, Florida

• Executive Subject Matter Expert Speaker/Presenter, Enterprise Mobility-Cloud-Security Exchange, Defining Risk, the Mobile Maturity

Framework, managing incidents and building services by baking security into the business, October 11, 2016, Miami, Florida

• Executive Subject Matter Expert Speaker/Presenter, CIO Healthcare & Healthcare Payer Summit, Building a Risk and Security Program in any Organization, Healthcare can build well established and action oriented risk, governance and security program that protects all PHI, October 4, 2016, Chicago, IL.

• Executive Subject Matter Expert Speaker/Presenter and Panelist, CISO New Jersey Summit, Building a Risk and Security Program in any

Organization with a focus on using Business Process Management software, Morristown, NJ, September 20, 2016

• http://www.securitycurrent.com/en/ciso_journal/ac_ciso_journal/protecting-the-republication-national- convention-my-reflections - published work

• Executive Panelist, SINET Innovation Summit 2016, Staying on Top of Emerging Threats and Security Technology, The Times Center, NYC, July 14, 2016

• Executive Subject Matter Expert Speaker/Presenter, SANS SOC Summit, Building a Risk and Security Focused IT Department designed to use Red Team Hunting Approach for Internal Threats, Arlington, Virginia, May 25, 2016

Contact this candidate