Richard D. Mikelinich, MS, CISSP, CISM, CIPP/US

Linked In Bloomfield, NJ

ad3t90@r.postjobfree.com 551-***-****

C-Suite Information Technology and Privacy/Security Leader IT Generalist Chief Technology and Information Security Officer with Global Management Scope Specialist in ISO 27001 & Security Project Management Requirements Management Change Management Production Assurance Fraud and Data Loss Protection Business Continuity Planning Disaster Recovery Business Process Improvement Risk Management Full Life Cycle Project Management Vulnerability Management IT Control Awareness Software Development Security and Compliance Awareness Training

Privacy Expert with compliance experience in HIPAA, GDPR, PCI & FFIEC. Reputation for reliably delivering security services and systems over 20 years of IS/IT leadership, building a record of minimizing security incidents, maximizing risk awareness, and automating security operations. Services included Compliance, Next Generation Firewalls, Intrusion Protection & Detection, Security Service Provider Contracts, and Governance Systems. OVERVIEW

• Managed and contributed to complex and aggressive IT projects in multiple domains such as: applications, database, cyber security, networking, and cloud.

• Always steps up to emergent IT challenges of any difficulty, earning a reputation for keeping the customer satisfied, motivating staff, and maintaining high morale

• Has developed Infrastructure and security strategies for multiple landmark institutions.

• Performed reputation protection for multiple landmark institutions.

• Managed numerous projects from concept to completion consistently on time, on budget, on target

• Counted on to explain technical concepts of any complexity in everyday language for end-users and translating technology into practical business applications

• Developed and supported actionable audit findings in fraud prevention, data loss prevention, processing efficiency, and business continuity.

• Built, led, managed, and empowered teams of up to 130 technical experts including programmers, architects, and senior analysts

• Captured and categorized risk according to ISO 27001. Security program development according to ISO 27001. As a Leader — the voice of reason in a crisis. Encourage unconventional thinking when standard solutions fail. Maintain utmost respect for all, especially mindful of any special needs of those offshore or present. SKILL SETS

Management

Budget Development & Oversight \ Business Case Development \ Financial Management \ Governance Systems \ Incident & Problem Management \ Infrastructure and Security Programs \ Presentations, Executive/Management Level \ Process Improvement \ Production Assurance \ Quality Assurance & Control \ Regulatory Compliance \ RFI/RFP Processes \ Service Provider Relations \ Team Building, Leadership \ Staff Training & Development \ Strategic Planning

& Implementation \ Vendor Management & Relations

ad3t90@r.postjobfree.com Richard Mikelinich P. 2 of 6 Security Technologies

Fireeye Anti-Malware \ Firewalls \ Intrusion Detection & Protection \ Palo Alto Next Generation Firewall \ RSA Archer EGRC \ HB Gary \ Imation Iron Key \ Proof Point Core Protection & TAP \ Encase \ Bitlocker \ Nessus

\ CloudFlare Anti DOS \ Forcepoint DLP \ Arbor Anti DOS \ Qualys \ Nexpose \ StealthBits \ Carbon Black Application Protect \Carbon Black Response\ CrowdStrike \Tenable CAREER HISTORY

Mindray Medical Devices, Mahwah, NJ

Information Security and Compliance Principal, February 2023 - present

• Develops, implements, updates, and enforces data and security-related privacy policies, standards and procedures, and corrective actions as needed.

• Maintains current knowledge of applicable data protection laws, security standards, information technology trends, and accreditation standards.

• Evaluates and improves processes for investigating, documenting, and reporting unauthorized access or disclosure of personal information.

• Maintains and updates the information management system in collaboration with legal and governance teams.

• Provides risk assessments and security briefings to management and advises them of critical issues that may affect customer or corporate security objectives.

• Creates and delivers privacy and security-related training programs for all employees, contractors, and any appropriate third parties.

• Leads risk assessments, audits, policy, governance, and/or reporting. Englewood Health, Englewood, NJ

Director of Information Security and Identity and Access Management July 2022- February 2023

• Sourcing SIEM and TVM technology

• Establishing SIEM and TVM processes

• Utilizing HITRUST to review controls against multiple compliance frameworks.

• Managing IOT risk throughout 160 locations

• Delivering Security & Privacy Awareness through the KnowBe4 platform. MUFG - Mitsubishi Trust Bank, New York, NY

Vice President of Network Security and Network Operations September 2021- July 2022

• Implemented Network Operations Service Delivery Model to manage assets, maintenance, and network elaboration. Manage a staff of 5 in security and 3 network engineers..

• Service Owner and manager for Vulnerability Management, Next Generation Firewalls, Anti-Virus, EDR, Application Whitelisting and SIEM.

• Implemented The MITRE Attack Framework in the SIEM alerting catalogue to enhance awareness of MITRE Attack Tactics and Techniques being observed.

• Managing technology refresh for over 300 network assets. The Juilliard School, Lincoln Center, NY

Director of Information Security and Privacy September 2019 - September 2021

• Develop and socialize security roadmap highlighting risk remediation options for management

• Assess all known risks and capture same in an Enterprise Cyber Risk Register

• Developed The Juilliard Security Program

• Delivering Data Governance and Data Security Awareness Training

• Implemented DLP to highlight the pervasive loss of regulated data occurring in the environment

• Contribute security & privacy advisory services to IT projects to reduce risks, including vendor management

• Organize and deliver enterprise security awareness ad3t90@r.postjobfree.com Richard Mikelinich P. 3 of 6

• Manage all compliance obligations for PCI, FERPA, HIPAA, PII and GDPR

• Implemented and operating CrowdStrike Endpoint Protection and Remediation. Served as administrator.

• Implemented and operating Proofpoint Email Security Gateway for New York and Tianjin, China campuses. Served as administrator.

• Implemented and operating Tenable Security Center for Vulnerability management, subsequently shifted to Qualys

• Implemented and operating Acunetix Web Application Vulnerability Scanner for New York and Tianjin, China campuses

• Created policies and procedures for data classification, data storage, data movement, workstation security, appropriate use.

• Provide security and compliance updates and plans for management and the board.

• Daily Monitor of Proofpoint SEG, Palo Alto Firewalls, Stellar XDR and CrowdStrike Console.

• Operate Tenable, Acunetix and Qualys vulnerability scanners. New York University, New York, NY

Senior Director June 2017 to August 2019

• Manage operations and network tech refresh for 3 data centers, 200 NYC buildings, and 14 global sites.

• Responsible for approving all requests for production changes and implementation for networking, cloud, compute, and critical infrastructure

• Oversee the Global Infrastructure and Security Program for a hybrid HIPAA-covered entity with 65,000 users, including 9,000 High Performance Computing (HPC) nodes.

• Manage $40M annual OTPS, $9M capital, and $12M staffing budgets, 2,000 Linux and Windows servers including 400 HPC servers, 200 AWS servers and 130 employees with 6 direct reports.

• All servers patched up to date in one year.

• To mitigate rampant network outages at a major NYC university, I reviewed long-ignored root cause analysis reports citing dangerous conditions & practices and launched a network improvement project to implement all Cisco recommended configuration and design changes to control future risk

• Achieved significant savings with reductions to budgets of both Infrastructure-Security OTPS, by 1% or

$3.2M, and personnel, by 8% or $1.2M

Yale University, New Haven, CT

Chief Information Security Officer & Chief HIPAA Security Officer 2011 to 2017

• Recruited as first ever CISO for an Academic Medical Center, created a security and privacy program that returned stability to systems.

• Managed 14-member Information Security, Forensic and Compliance staff, developed a security program to deliver security operations, compliance, forensics, policy and procedure.

• As CISO of Yale I hired Verizon Cyber Trust to conduct an Enterprise Risk Assessment based on ISO27001. I adopted the practice of maintaining an ISO based risk register to serve as a gap analysis mechanism and a way to provide justification for years of remediation projects.

• Sought a SEG solution to deal with high volume phishing attack trend. Trialed multiple tools. Select Proofpoint based on feature set and ease of administration. Implemented and operated Proofpoint Email Security Gateway.

• Threats not handled by Palo Alto led to identification of FireEye as remediation for zero-day threats. Implemented and operated Fireeye Network Security

• Implemented and operated 12 Palo Alto Networks Next Generation Firewalls with Decommission of Websense Web Proxy.

• Provisioned Duo MFA for 33,000 users in response to an incident where 800 email accounts had been compromised.

• Provisioned Encrypted USB for 4000 physicians

• Maintained Encrypted laptops for 9,000 member HIPAA entity with MBAM and File Vault.

• Performed serious flow analytics with Lancope Stealth watch to build a case for the eventual 25M network segmentation project.

ad3t90@r.postjobfree.com Richard Mikelinich P. 4 of 6

• Implemented and operated Stealth bits and Force point DLP to enhance data security and support data governance. Decommissioned Identity Finder.

• Led project to introduce the RSA (Archer) Electronic Risk Governance and Compliance (eGRC) System to focus on security and risk reduction of the most critical assets

• Performed annual BCDR tests

• Rationalized assets vulnerable to data breaches by transferring all computing assets with sensitive data to private IP’s, well-hidden from outside threats

• Won an ISC2 Information Security Leadership Award, as a finalist in the Senior Information Security Professional Category, Chicago 2013

• Expanded IT risk knowledge by delivering executive and management-level presentations and successfully promoting intradepartmental cooperation across the university

• Introduced systems compliance and assurance initiatives in HIPAA/HITECH, PCI and data security Columbia University, New York, NY 2007 to 2011

Director of Information Security, Medical Center

• Responsible for 9 direct reports

• Performed HITRUST assessments for 300 clinical applications

• Delivered HIPAA awareness training for all employees and medical students

• Introduced a Vulnerability Management program for all institutional servers with IBM ISS scanner

• Devised and implemented a HIPAA Security Assessment program analyzing 300 clinical and research applications with 9 assessors in one year requiring massive capital deployment to meet HIPAA compliance and data security standards

• Developed company-wide staff training in IT Controls/Security, Database Technology, SQL, Crystal Reports, Business Objects, and Data Warehousing, including writing, SDLC, testing, and data access

• Improved IT risk awareness by launching a training program presented at an auditor conference in 2009, comprised of nine business units and completing four

• As a Director of Security and Compliance I led a recertification effort for Technology used by the Positronic Emission Topography (PET) Center with CFR 21 Part 11 compliance.

• Mitigated a serious data breach that rattled an OHCA partner hospital to the point of considering cutting off access and might have stalled major revenue streams from 800 medical practices, by initiating risk assessment of 300 clinical applications to restore confidence in hospital management. Received 8 additional IT auditor resources for the task and exceeded all expectations in remediating the worst conditions, avoiding any negative outcomes — Major Academic Medical Center

Director of IT Audit

• Evaluated IT governance plans, best practices, and model options

• Administered key IT projects and represented audit at trustee meetings

• Oversaw IT audit staff plus matrixed project personnel, conducting and communicating internal IT audit results to senior leadership

• Collaborated with government and regulatory agencies including FBI and SEC

• Implemented risk avoidance measures by designing and leading an enterprise-wide Security Awareness Campaign involving all clinical teams

• Trained and guided non-IT auditors in passing the tech section of the CIA certification exam

• Instilled maximum levels of IT risk awareness with “breakthrough” audits, security scanning technologies, and risk management projects

• As Director of IT Audit, I assisted Ernst and Young with an Enterprise Risk Assessment based on ISO27001. Gaps were catalogued in a risk register for re-verification in future audit planning. ad3t90@r.postjobfree.com Richard Mikelinich P. 5 of 6 Memorial Sloan Kettering Center, New York, NY 2006 to 2007 IT Audit Manager

• Identified key risks requiring management’s immediate attention by conducting HIPAA, wireless, PeopleSoft, and clinical equipment audits, as well as IT asset accounting review Technical Project Manager 2001 to 2006

• Directed 12 programmers, analysts, infrastructure experts, others in hospital financial system operations

• Primary liaison to Information Security, furnishing high level strategies and executive assistance

• Strengthened competitive advantage by configuring 12 Web-based extensions to the legacy ERP system

• Oversaw staff training in DB Artisan, SQL, SDLC, and testing, and taught users in all applications

• Developed an online inventory of radio chemicals and a nuclear license management system

• Created and won management approval for Application Development Operations (ADOPS) EDUCATION

Columbia University, New York, NY

Executive Master of Science In Technology Management St. John’s University, New York, NY

Bachelor of Arts In English (Cum Laude)

Professional Development & Certifications

• Certificate in Applications Programming, NYU Information Technologies Institute; Account Executive Training (Series 7) and Technical Analysis, New York Institute of Finance

• Six Sigma Green Belt Training, Villanova University, Philadelphia, PA

• Leadership training with MOR Associates.

• Total Quality Management (TQM) at NYNEX Corp.

Technical Certifications

• Certified Information Systems Security Professional (CISSP) / certification number: 332390

• Certified Information Security Manager (CISM) / certification number: 232167380

• Certified Information Privacy Professional (CIPP/US) certification number:

• ITIL® Foundation Certification, Loyalist Certification Services

• COBIT Foundation Certificate

• Cloud Computing Security Knowledge (CCSK)

• (Formerly PMP, CISA)

ad3t90@r.postjobfree.com Richard Mikelinich P. 6 of 6 PROFESSIONAL SPEAKING ENGAGEMENTS

• New Jersey Institute of Technology, “Higher Education and Critical Infrastructure Preparedness” May 2018

• AWS Initiate for the Public Sector, NY “Higher Education Progress with Cloud Adoption” July 2018

• Palo Alto User Conference, MA — “Visibility Afforded by Next Gen Firewalls” 2014 PROFESSIONAL AFFILIATIONS

• Cloud Security Alliance (CSA)

• The International Information Systems Security Certification Consortium (isc2)

• ISACA

• IAPP

Contact this candidate