Post Job Free
Sign in

Cyber Risk Management

Location:
Atlanta, GA
Posted:
May 05, 2024

Contact this candidate

Resume:

Antonio Davis CMU-CISO, EMBA, CISSP, CISM, CRISC, CCSP

404-***-**** ***************@*****.*** Buford, GA LinkedIn: / antonio-davis-executive-mba-cism-crisc Trusted and driven cybersecurity CISO-level leader and with 25+ years of experience in optimizing enterprise cybersecurity for Fortune 500 companies both as an executive consulting leader and corporate functional leader. A thought leader in cybersecurity with the ability to translate an evolving threat landscape into effective and multi- dimensional cybersecurity strategies, risk mitigation measures, and robust cybersecurity programs. Led efforts to assess and improve the maturity of more than 50 cybersecurity programs and alignment with multiple industry frameworks to include NIST CSF, ISO 27001, and PCI-DSS. Managed diverse teams and programs of 100 resources with direct functional leadership of 50+ resources. Managed budgets of $20M+. Core Skills and Competencies

Strategic Leadership: Conducted multiple CISO academy sessions; guided CISOs in the development of cybersecurity strategies aligned with organizational business, operational, threat and risk context. Developed cybersecurity roadmaps of risk-prioritized initiatives, designed cybersecurity programs and governance frameworks with defined policies, standards, processes and cyber risk metrics.

Regulatory Compliance: Led efforts to adopt, map, and align multiple security and privacy control frameworks to meet regularity mandates and cyber risk mitigation objectives. Control frameworks included NIST CSF, NIST SP 800-53, PCI- DSS and ISO 27001 and CIS Critical Security Controls. Led enterprise efforts to successfully achieve PCI-DSS Compliance for large payments organization— partnered with QSA to produce 81 compliance reports.

Risk Management: Executed 25+ cybersecurity risk assessments for Fortune 500 companies based on security testing and cybersecurity control evaluation activities; utilized quantitative and qualitative methods and cybersecurity risk assessment and management frameworks including NIST RMF, OCTAVE and FAIR. Identified and prioritized risk mitigation actions according to potential risk impact, cost, and alignment with risk priorities and risk appetite. Team Collaboration: Built and managed cross-functional program and functional teams consisting of 100+ resources from cybersecurity, IT, risk management, and business units to deliver cybersecurity solutions. Created team structures and enabled easier cross-functional communication, collaboration, and delivery. Technical Proficiency: Applied broad technical knowledge of security tools from leading cybersecurity technology vendors Cisco, Immersive Labs, ForcePoint, Tenable, Palo Alto Networks, and IBM, combined with deep expertise in security use cases and security control requirements to deliver cybersecurity offensive and defensive solutions in both cloud-based, non-cloud and hybrid environments.

Professional Experience

Associate Partner, Security Services IBM—Atlanta, GA Jul 2021 - Present Executive cybersecurity account and solutions lead for multiple IBM Fortune 500 financial services clients. Led joint cybersecurity and cyber risk solution ideation with senior client cybersecurity stakeholders and delivery of those solutions in alignment with client cybersecurity strategy. Ensured security regulations and standards adherence and harmonized residual cyber risk with client risk tolerance.

Designed comprehensive threat-centric and risk-based cyber resiliency solution for IBMs financial services market clients including threat modeling, vulnerability analysis. Potential enhancements included improved threat detection and response mechanisms, zero trust controls, and incident response/crisis management plans.

Led delivery of 5 NIST-based cybersecurity assessments, performed risk assessment of findings, identified current and target maturity, and partnered with CISOs and senior cybersecurity stakeholders to develop actionable plans and roadmaps for maturity improvement and regulatory compliance.

Directed large team in assessment of 300+ NIST 800-53-based security controls required to support fraud management solution for financial services client and real-time payments platform.

Facilitated 2 cyber range events; evaluated cybersecurity incident response and crisis management plans and capabilities of 3 organizations. Identified gaps in resiliency practices and oversaw remediation tasks including recommended adjustments to 15 incident response, recovery, and crisis management plans.

Led delivery of large identity and access management (IAM) effort and directed team of 40 security resources in the execution of IAM remediation activities across 200 applications. Effort was in support of a merger and acquisition between two major U.S. banks.

Security Services Executive Accenture—Atlanta, GA Nov 2018 - Jul 2021 Executive security leader and solutions lead for multiple clients. Strategically devised, conceptualized, and executed various facets of each client's cybersecurity strategy. Consulted with client senior security stakeholders on strategies to ensure compliance with security regulations and standards and orchestrated cyber risk with client risk tolerance.

Crafted comprehensive security strategy tailored for midsize U.S. bank in process of transitioning to digital banking model utilizing core banking solution. Collaborated with Chief Information Security Officer (CISO) and established well-defined security operational framework that formulated cloud security controls, outlined functional and resource prerequisites, and devised roadmap for seamless transition to new digital banking platform within 24 months.

Facilitated 3 CISO Academy sessions, provided guidance to new Chief Information Security Officers (CISOs) on formulation of initial CISO agenda, prioritized tasks and initiatives to be completed within 1st 90 days of their tenure.

Devised robust 3 Lines of Defense framework tailored to oversee cybersecurity risk management within worldwide insurance corporation. Established comprehensive reporting and metrics structure to effectively gauge and monitor organizational cyber risk posture.

Directed program team of 10 cybersecurity and risk professionals in development, planning, and execution of Zero Trust strategy that encompassed augmentation of identity and access management and governance controls, with implementation of both macro and micro-segmentation utilizing CISCO technologies.

Directed program team of 30 cybersecurity and resiliency resources in creation of cyber resiliency strategy for large global bank; documented cyber resiliency processes and playbooks and the definition of cyber threat scenarios. Director, Global Cybersecurity First Data—Atlanta, GA Aug 2016 – Nov 2018 Global Lead for vulnerability management, penetration testing, and secure configuration management. Conceptualized and implemented all-encompassing framework for standardizing execution of vulnerability scans, compliance scans, and penetration tests for applications and systems including data centers and the cloud. Harmonized vulnerability insights with threat intelligence, facilitated identification of vulnerabilities, and prioritized remediation activities.

Provided functional leadership for vulnerability management and penetration testing including 25 dedicated testing professionals. Conducted comprehensive vulnerability scans, managed complete lifecycle of vulnerabilities, and executed penetration testing activities across 4 global regions.

Pioneered creation of first red teaming program and facilitated targeted adversarial evaluations of security controls with defined objectives.

Overhauled vulnerability management program and integrated threat intelligence to prioritize vulnerabilities for remediation resulting in a percentage increase of systems aligned with security baselines from 40% to 75%.

Implemented security baseline monitoring tool to detect instances when technologies were drifting away from secure configurations.

Synchronized vulnerability management and patch management resources and activities to ensure prioritized application of patches and minimize cyber risk.

Achieved substantial reduction of 80%+ in number of vulnerabilities within initial 6 months through elimination of false positives and redundant vulnerabilities, coupled with concentrated effort to remediate vulnerabilities associated with relevant threats.

Directed penetration portfolio testing of 200+ applications within application development lifecycle and as part of annual application security certification process.

Achieved PCI DSS compliance and effectively produced and delivered 81 annual compliance reports resulting from remediation of 5k+ critical and high vulnerabilities. Specialist Master, Technology Consulting Deloitte Consulting—Atlanta, GA Mar 2012 - Jul 2016 Provided expertise in IT service management, IT assurance, and regulatory compliance domains to multiple Deloitte clients. Formulated solutions and providing guidance to teams engaged with implementing strategies that harmonized IT with IT service management including IT security management processes.

Led consulting team of 6 IT service management professionals in creation of comprehensive plan for remediating findings from audit of identity and access management (IAM), secure configuration management, and patch management practices by Office of the Comptroller of the Currency (OCC).

Conceived and executed development of Configuration Management Database (CMDB) that seamlessly combined, rationalized, and normalized data across 6 distinct data sources resulting in 70% enhancement in data accuracy utilized for IT and Security operations.

Senior Manager, Technology Consulting Accenture, Atlanta, GA May 2008 - Mar 2012 Provided expertise in IT Infrastructure Library (ITIL)-based IT Service Management solutions, including IT Security Management, for numerous Accenture clients. Engaged in technology implementation, process design, and formulation of operating models based on business and regulatory mandates and service level agreements. Education

Certificate, Chief Information Security Officer (CISO) Carnegie Mellon University 2023 Executive MBA Georgia State University—Atlanta GA 2022 B.S. Civil Engineering United States Military Academy, West Point, NY Certifications

Certified Information Security Manager (CISM), ISACA Certified Cloud Security Professional (CSSP), ISC2 Certified in Risk and Information Systems Control (CRISC), ISACA Certified Information Systems Security Professional (CISSP), ISC2 Microsoft Certified Security, Compliance and Identity Fundamentals, Microsoft Community Leadership

Board Member, GSU EMBA Alumni Board 2023

National Black MBA (NBMBAA) Mentor 2022



Contact this candidate