René Lomonaco

**** ***** **** ***, ********, NC *8105 704-***-**** ad1433@r.postjobfree.com

13+ years of experience maturing cyber security programs and delivering strategic initiatives

Adapts to changing business needs with ability to balance multiple priorities and interdependent activities in an extremely dynamic environment to deliver desired outcome

o Exhibits high energy level, takes initiative, and drives results while demonstrating creativity, flexibility, and the ability to adapt to changing environment

Effective interpersonal skills to liaise with multiple layers and a wide variety of internal stakeholders, as well as external financial sector and government partners o Strong written and verbal communication skills; proven ability to articulate progress, raise concerns, and document actions required in a clear and concise manner

Demonstrates robust written communication skills, both written and verbal, with the ability to convey complex information in a clear, concise manner o Demonstrated experience developing presentations and storytelling, for all levels of the organization. Experience includes board of directors, financial, cyber, and government agencies

Advances analytical and conceptual thinking supported by solid research skills, learned knowledge, impact recognition and the ability to “connect dots” across an organization o Structured and logical thinker. Ability to quickly break down roadmap complexities, prioritize analyses, and effectively discern what is most important to draw out insights and implications

o Able to see the “big picture” and prioritize the most valuable insights and build a compelling narrative

Ability to think outside the box and a willingness to stretch and take ownership of complex activities

o Possesses excellent analytical, critical thinking and problem-solving skills

Solid conceptual and data analytical skills. Able to distill key points with high attention to detail and accuracy

o Understanding of data analytics techniques, dashboard creation, and experience with statistical analysis; proficiency with reporting tools such as MicroStrategy and Tableau

Proficient with Microsoft Office tools (Excel, PowerPoint, Word, Access, and Publisher) as well as JIRA, Confluence and LucidCharts

MASS MUTUAL ENTERPRISE CYBER SECURITY CYBER DATA & ANALYTICS (DNA) PROGRAM - CONSULTANT 2022 - CURRENT

Established baseline cyber security risk metric inventory for ECS program. Through Cyber DnA efforts remain responsible for monthly ECS OKR/KRI data collection and strategic reporting requirements. Currently working with Program Owners to onboard metrics from excel to system of record (ETX (SKMT) Portal)

Executing Cyber DnA program responsibilities and key activities as defined in operating model

o Designed request intake form, prioritization framework and standardized process conditions and best practices

o Developed Cyber DnA Best Practices and Cyber DnA Data Literacy Confluence content enhancing program’s literacy and awareness agenda. Content also established centralize ECS Business & Security Risk Glossary and Cyber Data Literacy Dictionary

GLOBAL INFORMATION SECURITY (GIS) BANK OF AMERICA 2010 – 2022 FACILITATED CYBER READINESS CHANGE DELIVERY AND COMMUNICATIONS, VICE PRESIDENT

Influenced organizational adoption and positioning of NIST Cybersecurity Framework, NICE Cybersecurity Workforce Framework incorporating standards, requirements taxonomy and best practices across multiple organizational, functional, operational, and strategic activities

Shaped GIS cybersecurity operating model and industry benchmarking framework to translate strategic intent into functional capabilities and activities, categorize service offerings and to further view of organization in terms of resources, spend, maturity and risk

Enabled data-driven analysis of resources to external cybersecurity frameworks to assess skills, categorize work roles and update job codes that better reflect functional outcomes

Supported delivery of bank’s Operational Excellence Program obligations to optimize productivity and improve operational efficiencies

Facilitated Cyber Readiness and Resiliency Program management and reporting routines to ensure execution of regulatory assessments, business continuity/disaster recovery, crisis management, threat exercises, global policy and privacy objectives

Designed cyber crisis resource bench training strategy to ensure that human capital is available during a crisis, to alleviate fatigue, replenish resources and enhance resiliency

Constructed “All-Hazards” guide, as part of government and financial sector joint initiative, to establish response and recovery coordination from significant national level cyber threats

Associated with legislation energies to ensure the law the Cybersecurity Information Sharing Act of 2015 (“CISA”) was passed and standardized procedural exchange of the banks cyber threat and cyber incident information with FBI

Collaborated with National Cyber Security Alliance (NCSA) to re-brand STOP. THINK. CONNECT. ™ website and expand awareness campaigns

Shaped program requirements and originated a consolidated inventory of services, controls and change initiatives to improve organization’s ability to prioritize, schedule, socialize and implement information security policy and technology deliberately and efficiently

Standardized executive program reporting and stakeholder communications to reinforce Protection Program’s capacity to develop and implement identity and access, privacy, social engineering, and malware strategies plus innovative cyber technology solutions THIRD PARTY IDENTITY AND ACCESS MANAGEMENT (TPIAM) EXECUTION LEAD 2020 – 2022

Supported protection of Bank of America systems, data and customer information through the development, maintenance, and communication of risk-based information security alignment expectations for externally hosted third-party applications

Validated and enhance reporting accurately reflects control alignment so that treatment of externally hosted (third-party) applications is the same as internally hosted applications

Defined Third Party IAM best practices to reinforce third party responsibilities and offer application owners a means to address third party non-adherence. Best practices guidelines will increase third party transparency, traceability, and oversight

Created third-party access revocation content posted on IAM Wikis

Delivered aged revocation reporting that differentiates externally hosted applications from general reporting that includes revocations for all applications. This is significant in that this is readily available, automated reporting that enables direct focus on the contribution of third-party applications to aged revocation metrics. MARKETING AND COMMUNICATIONS FIRST UNION (WACHOVIA SECURITIES) 1997 - 2010

Key marketing and communications liaison with bank/brokerage group, supporting executive leadership and million-dollar brokers. Developed and implemented performance reporting, sales incentives platforms and promotional campaigns to increase client retention, revenue, and assets under management DIRECTOR OF LOCAL ORIGINATION PROGRAMMING VISION CABLE (TIME WARNER CABLE)

1987 - 1997

Managed local origination television facility and delivered community-oriented programming to ensure fulfillment of legal obligations and program content regulations Education

BACHELOR OF SCIENCE/COMMUNICATIONS 1987 UNIVERSITY OF WYOMING

Major: Comprehensive Journalism and Communications

Minor: Radio & Television

Intern: Wyoming Public Radio Marketing and Fundraising

Contact this candidate