Post Job Free

Resume

Sign in

Information Security Management

Location:
Astoria, NY
Posted:
February 03, 2019

Contact this candidate

Resume:

Sean Kearney

CISM, CISSP, CCSP, MSc InfoSec

ac8dn6@r.postjobfree.com

+1-516-***-****

A dynamic leader with a passion for Information Security and Risk Management. Strong experience developing relationships at all levels, across a range of industries including Investment Banking, Retail Banking, Professional Services and Cards and Payments sectors. Tenacious and adaptable, providing flexible solutions shaped by company and market conditions, demonstrating a resourceful and pragmatic approach to Information Security and Risk Management.

Key Skills

Strategic leadership within Information Security and Risk Management.

Security consulting in a range of disciplines including ISO27001, Information Risk Management, IT Controls management and Secure Information System design.

Building successful multi-skilled teams.

Management of third-party supplier relationships.

Experienced communicator with 'C' level professionals across a wide range of industries utilising excellent communication skills to build and nurture strong working relationships.

Regulations and standards: ISO27001, PCI DSS, NIST, GDPR, HIPPAA, SOC 2.

Employment History

InfoSCK ltd – Oct 2018 – Present

Director

Vanquis Bank – May 2016 – Sept 2018

Head of Security Architecture, Assurance and Consulting (Deputy CISO) Feb 2017 – Sept 2018

Responsibilities:

Definition and delivery of the security strategy for Vanquis Bank.

Management of a team of 8 multi skilled security consultants delivering Security Architecture and Assurance consultancy, and a dedicated security project manager.

Responsible for developing management information regarding security posture and control effectiveness.

Reporting on Information Security to Executive committee and Vanquis Board.

Achievements:

Redesigned Target Operating Model, ensuring early engagement of Security Architecture team at project kick-off, driven by a risk based approach from design through to BAU.

Developed the 3-year security roadmap for the organisation and managed the delivery of the security improvement program.

Led the delivery of the Security Improvement Program which included:

oImplementation of Splunk SIEM solution.

oRedesigned PCI estate to reduce scope and associated costs.

oGDPR alignment, including the delivery of data discovery and classification tools Imperva and Titus supported by Azure Rights Management and Information Protection product suites.

oOutsourcing of Security Operations Centre.

oPurchase and installation of Endpoint Protection suite.

oDelivery of ISO27001 aligned ISMS.

Interim Head of Information Risk, Jun 2017 – Jun 2018

Responsibilities:

Delivery of Information Risk Management activities across the organisation.

Leadership of a small team of Risk and Governance Analysts delivering risk management and 3rd party assurance across a global supply chain.

Own the Information Risk Management process, working closely with key stakeholders.

Identify threats and risks relating to information and IT Assets through formal risk assessments.

Promote a risk conscious culture across the bank through stakeholder engagement, awareness and delivery.

Collaborate with Group Audit team to ensure audit findings are tracked, remediated and treated.

Achievements:

Designed and delivered a Third-Party Risk Management (TPRM) framework supporting compliance with GDPR.

Re-engineered the risk reporting process to enable better senior management visibility of risk level across the various areas of IT and business.

Integrated new processes with key business units such as PMO, Operational Risk and Security Architecture to ensure risk identification and reporting is consistent.

Reviewed and reduced inherited risk log by 50% by conducting rationalisation activities and verifying status of mitigation activities for open risks.

Developed strong relationships with Group Audit, improving group visibility of remediation activity against various open audit actions.

Fed audit findings and open risks into 3 year security strategy, designed and delivered under the Security Architecture, Assurance and Consulting post held concurrently.

Information Security Specialist May 2016 – Feb 2017

Responsibilities:

Information Security Consultancy on all projects including Commercial, Infrastructure, Head office, Operations, Regulatory and Compliance.

Maintain PCI DSS compliance ensuring all tasks associated with compliance are completed on time and management of annual external audit.

Delivery of Project and Business process assurance engagements, including high-level and low-level design reviews, penetration test co-ordination, policy adherence, risk management and third party assurance.

Management and oversight of Information Security Policy development, implementation and review.

Achievements:

Successfully delivered the design of security solutions for a range of business and IT initiatives which included:

oLead Security Consultant on GDPR program

oSecurity Architect for Secure Cloud Connectivity

oSecurity Architect for Balance Transfer infrastructure design and deployment

oSecurity Consultant for Corporate Wireless Secure Architecture

oSecurity Architect for Loans Management System secure solution design

oSecurity Architect for Secure File Hosting and Secure File Transfer design.

Deutsche Bank – Dec 2015 – May 2016

Information Security Officer (ISO)

Responsibilities:

Performing Risk Assessments on applications, vendors, processes and projects.

Identifying Security gaps and evaluating, alongside stakeholders, options for remediation.

Assessing compliance of application portfolio to global regulations including but not limited to FCA, ICO/DPA, FFIEC and MAS.

Providing Information Security consultancy to business units surrounding Segregation of Duties and role definition as part of the Role Based Access Control (RBAC) initiative.

Working closely with various business units to establish strong relationships, enabling the promotion of value add services from the Business Information Security Services team.

Achievements:

Transition and management of a large portfolio of applications into the Business Information Security Services team.

Management and co-ordination of process improvement activities relating to risk assessment, management and reporting.

Improved efficiency and streamlined risk assessment process through bottom up review of delivery and management practices.

Mizuho Bank - Sept 2014 – Dec 2015

Business Security Consultant and Information Security Officer (ISO)

Responsibilities:

Development and implementation of an Information Security Risk Assessment framework.

Providing Information Security consultancy across London and EMEA offices.

Design, implementation and management of information security policies supporting compliance to these policies across EMEA.

Development and delivery of Information Security Awareness training for all UK staff.

Providing management assurance that Information Assets are managed appropriately.

Provide monitoring of Information Assets for identification of intentional or inadvertent misuse.

Co-ordination of Penetration Testing and completion of periodic internal scanning.

Achievements:

Successful transition and certification to ISO27001:2013

oCompletely overhauled the Risk Assessment procedures to better align to ISO27001:2013 standard

oImplemented a variant of PDCA to ensure continual improvement and better management and maintenance of Policies, Procedures and Guidelines.

Developed Information Security and Cyber Security Strategies for 3 year roadmap

Spearheaded the creation and delivery of a 2 day Global Information Security Officers Summit to enable information sharing and to improve communication channels with EMEA and Head Office Security Officers

Delivery of pilot/proof of concept for bank wide implementation of Role Based Access Control to improve efficiency and effectiveness of Identity and Access Management processes.

Delivery of Data Loss Prevention Programme which included:

oDelivery of an automated email filtering and monitoring solution to reduce manual workload and remove human error.

oUpgraded and rolled out the latest version of Internet Access management solution to prevent data leakage via forums, personal email accounts and other similar means.

oCo-ordinated the roll out of endpoint security solution for removable media – including configuring reporting and exceptions for monthly line management signoff.

Implemented the vulnerability scanning software Nessus, enhancing visibility of patch management, secure development and cyber preparedness.

Spencer Rose - Jun 2011- Oct 2013

Information Security Consultant

Technology and Information Risk Management.

Compliance – ISO27001, PCIDSS, NIST.

Security Operations – SOC, Vulnerability Management, IDS/IPS.

Security Architecture – Enterprise, Solution and Assurance.

Professional Qualifications

Certified Cloud Security Professional (CCSP) #554055

Certified Information System Security Professional (CISSP) #554055

ISACA Certified Information Security Manager (CISM) #1839879

Member of Institute of Information Security Professionals #195622

Member of Information Systems Security Association #41662620

Memberships and Training

Dev Ops Foundation – Ranger 4 – December 2017

Advanced PCI-DSS Training – 2016

Microsoft Azure Fundamentals – 2016

Amazon Web Services (AWS) Essentials (QA) – 2016

Tenable Certified Nessus Auditor – TCNA – 2015

Tenable Certified Nessus User – TSNU – 2015

ISO27001 ISMS Consultant Course – 2014

ISO27001 Lead Auditor Course – 2014

Cyber Ark – Privilege Account Security Administrator – 2014

Prince 2 Foundation – APMG - 2014

Education

Royal Holloway University of London

M.Sc. Information Security – 2014

University of Surrey

B.Sc. Human Bio-Sciences and Sports Science - 2011



Contact this candidate