René Lomonaco
**** ***** **** ***, ********, NC *8105 704-***-**** ad1433@r.postjobfree.com
13+ years of experience maturing cyber security programs and delivering strategic initiatives
Adapts to changing business needs with ability to balance multiple priorities and interdependent activities in an extremely dynamic environment to deliver desired outcome
o Exhibits high energy level, takes initiative, and drives results while demonstrating creativity, flexibility, and the ability to adapt to changing environment
Effective interpersonal skills to liaise with multiple layers and a wide variety of internal stakeholders, as well as external financial sector and government partners o Strong written and verbal communication skills; proven ability to articulate progress, raise concerns, and document actions required in a clear and concise manner
Demonstrates robust written communication skills, both written and verbal, with the ability to convey complex information in a clear, concise manner o Demonstrated experience developing presentations and storytelling, for all levels of the organization. Experience includes board of directors, financial, cyber, and government agencies
Advances analytical and conceptual thinking supported by solid research skills, learned knowledge, impact recognition and the ability to “connect dots” across an organization o Structured and logical thinker. Ability to quickly break down roadmap complexities, prioritize analyses, and effectively discern what is most important to draw out insights and implications
o Able to see the “big picture” and prioritize the most valuable insights and build a compelling narrative
Ability to think outside the box and a willingness to stretch and take ownership of complex activities
o Possesses excellent analytical, critical thinking and problem-solving skills
Solid conceptual and data analytical skills. Able to distill key points with high attention to detail and accuracy
o Understanding of data analytics techniques, dashboard creation, and experience with statistical analysis; proficiency with reporting tools such as MicroStrategy and Tableau
Proficient with Microsoft Office tools (Excel, PowerPoint, Word, Access, and Publisher) as well as JIRA, Confluence and LucidCharts
MASS MUTUAL ENTERPRISE CYBER SECURITY CYBER DATA & ANALYTICS (DNA) PROGRAM - CONSULTANT 2022 - CURRENT
Established baseline cyber security risk metric inventory for ECS program. Through Cyber DnA efforts remain responsible for monthly ECS OKR/KRI data collection and strategic reporting requirements. Currently working with Program Owners to onboard metrics from excel to system of record (ETX (SKMT) Portal)
Executing Cyber DnA program responsibilities and key activities as defined in operating model
o Designed request intake form, prioritization framework and standardized process conditions and best practices
o Developed Cyber DnA Best Practices and Cyber DnA Data Literacy Confluence content enhancing program’s literacy and awareness agenda. Content also established centralize ECS Business & Security Risk Glossary and Cyber Data Literacy Dictionary
GLOBAL INFORMATION SECURITY (GIS) BANK OF AMERICA 2010 – 2022 FACILITATED CYBER READINESS CHANGE DELIVERY AND COMMUNICATIONS, VICE PRESIDENT
Influenced organizational adoption and positioning of NIST Cybersecurity Framework, NICE Cybersecurity Workforce Framework incorporating standards, requirements taxonomy and best practices across multiple organizational, functional, operational, and strategic activities
Shaped GIS cybersecurity operating model and industry benchmarking framework to translate strategic intent into functional capabilities and activities, categorize service offerings and to further view of organization in terms of resources, spend, maturity and risk
Enabled data-driven analysis of resources to external cybersecurity frameworks to assess skills, categorize work roles and update job codes that better reflect functional outcomes
Supported delivery of bank’s Operational Excellence Program obligations to optimize productivity and improve operational efficiencies
Facilitated Cyber Readiness and Resiliency Program management and reporting routines to ensure execution of regulatory assessments, business continuity/disaster recovery, crisis management, threat exercises, global policy and privacy objectives
Designed cyber crisis resource bench training strategy to ensure that human capital is available during a crisis, to alleviate fatigue, replenish resources and enhance resiliency
Constructed “All-Hazards” guide, as part of government and financial sector joint initiative, to establish response and recovery coordination from significant national level cyber threats
Associated with legislation energies to ensure the law the Cybersecurity Information Sharing Act of 2015 (“CISA”) was passed and standardized procedural exchange of the banks cyber threat and cyber incident information with FBI
Collaborated with National Cyber Security Alliance (NCSA) to re-brand STOP. THINK. CONNECT. ™ website and expand awareness campaigns
Shaped program requirements and originated a consolidated inventory of services, controls and change initiatives to improve organization’s ability to prioritize, schedule, socialize and implement information security policy and technology deliberately and efficiently
Standardized executive program reporting and stakeholder communications to reinforce Protection Program’s capacity to develop and implement identity and access, privacy, social engineering, and malware strategies plus innovative cyber technology solutions THIRD PARTY IDENTITY AND ACCESS MANAGEMENT (TPIAM) EXECUTION LEAD 2020 – 2022
Supported protection of Bank of America systems, data and customer information through the development, maintenance, and communication of risk-based information security alignment expectations for externally hosted third-party applications
Validated and enhance reporting accurately reflects control alignment so that treatment of externally hosted (third-party) applications is the same as internally hosted applications
Defined Third Party IAM best practices to reinforce third party responsibilities and offer application owners a means to address third party non-adherence. Best practices guidelines will increase third party transparency, traceability, and oversight
Created third-party access revocation content posted on IAM Wikis
Delivered aged revocation reporting that differentiates externally hosted applications from general reporting that includes revocations for all applications. This is significant in that this is readily available, automated reporting that enables direct focus on the contribution of third-party applications to aged revocation metrics. MARKETING AND COMMUNICATIONS FIRST UNION (WACHOVIA SECURITIES) 1997 - 2010
Key marketing and communications liaison with bank/brokerage group, supporting executive leadership and million-dollar brokers. Developed and implemented performance reporting, sales incentives platforms and promotional campaigns to increase client retention, revenue, and assets under management DIRECTOR OF LOCAL ORIGINATION PROGRAMMING VISION CABLE (TIME WARNER CABLE)
1987 - 1997
Managed local origination television facility and delivered community-oriented programming to ensure fulfillment of legal obligations and program content regulations Education
BACHELOR OF SCIENCE/COMMUNICATIONS 1987 UNIVERSITY OF WYOMING
Major: Comprehensive Journalism and Communications
Minor: Radio & Television
Intern: Wyoming Public Radio Marketing and Fundraising