*

Anthony D. Ombrellaro, Jr.

**** *. ***** **. **** 3603, Hallandale Beach, FL 33009

Executive Overview

An accomplished, performance-driven security professional with over 15 years’ experience developing and directing security programs. A visionary and leader in growing and maturing security programs centering on adding value to the business while reducing organizational risk.

Professional Experience

Director Cybersecurity

Vital Pharmaceuticals, Inc. Nov-2019 to Present

Developed strategic roadmap to implement an organizational security program based on the NIST cybersecurity framework

Partnered with legal on developing organizational compliance and privacy program addressing CCPA and GDPR

Created security policies and standards

Managed daily activities of security staff

Managed e-Discovery program

Director IT Security & Compliance

Norwegian Cruise Lines Holdings, Inc. Jul-2017 to Jun-2019

Implemented and managed global risk-based management program to document, assess, prioritize, and mitigate IT risks across all brands and subsidiaries.

Managed staff of 21 security professionals, employees, and contractors, responsible for providing; identity and access management, IT Compliance and Governance, Security Architecture, Security Awareness, and Incident Response services throughout the company.

Developed and managed the company’s multi-year security roadmap.

Managed annual security operational and project budgets in excess of $8M annually.

Successfully implementing projects including; a repository (Archer) for tracking risks and exceptions, privileged access management (CyberArk), network access 2

control (Fortinet), enhanced endpoint protection (Cylance), and the discovery and management of unstructured information (Varonis).

Implemented a Managed Security Service Provider (MSSP) to augment existing security staffing, providing continuous monitoring of security events, and perform level 1 triage of events of interest. Managed execution of the MSSP; ensuring services align with the contract and the company’s expectations.

Managed information security operations efforts, including analysis, detection, mitigation, prioritization, and escalation of security risks and threats to the organization including; external penetration testing program, social engineering testing, and local site assessment efforts to validate effectiveness of the company’s security awareness and compliance programs.

Developed, enhanced, and published security policies and standards to remain current with technology and regulatory changes.

Charter member of the Privacy committee responsible for ensuring the company’s compliance with regulation such as GDPR and CCPA. Additionally, manage the company’s annual SOX and PCI compliance programs including remediation efforts to close any audit findings

Published monthly executive reports providing insight into the company’s cybersecurity posture, accomplishments, challenges, and future efforts.

Managed firewall change process to ensure requested changes aligned with security standards.

Developed technical standards for the various platforms, Windows servers, Unix, and desktop systems.

Managed deployment of company MFA and single sign-on systems.

Security representative on all new projects ensuring systems and vendors security practices aligned with our policies.

Information Security Manager, IT Compliance Manager LyondellBasell, Inc. Apr-2013 to Jul-2017

Managed staff of security engineers supporting the company’s monitoring and incident response efforts. Implemented a Managed Security Service Provider

(MSSP) to augment existing security staffing, providing continuous monitoring of security events, and perform level 1 triage of events of interest.

Managed external penetration and social engineering testing efforts designed to test the effectiveness of the company’s security controls. This effort included annual site assessments performed by internal IT security staff of the operational environment.

Collaborated with the business to design and implement digital forensic and data loss prevention (DLP) programs.

Architected and implemented systems leveraging behavioral heuristics and machine learning, augmenting signature-based detection capabilities, reducing the times too; detect, respond to, and remediate abnormal activity within the environment.

Manage efforts to assess and validate all application changes within the environment against company and OWASP top 10 controls. 3

Developed and maintained security policies, procedures, standards, and controls used in the management of the company’s compliance efforts.

Defined and manage data privacy efforts within the enterprise.

Responsible for leading the annual recertification efforts to support the company’s SOX and ISO/IEC 27001:2013 certifications.

Implemented effort to rationalize and consolidate IT security controls. This effort resulted in a 35% decrease in the number of IT controls, and the establishment of yearly assessment program to validate compliance with these controls.

Managed and coordinated all open IT risks and remediation efforts to ensure their timely and successful mitigation using RSA’s Archer eGRC tool.

Implemented criteria to report and track monthly security metrics within the company. This effort resulted in the regular publication and presentations of executive reports to senior business leaders providing insight into the state of the company’s security program and initiatives.

Successfully led the development and implementation of IT vendor management program to assess and ensure compliance of all IT vendors against the company’s documented policies and procedures. Collaborated with legal and procurement to develop standard security language to be included in all IT contracts. Director IT Security & Compliance

Hasbro, Inc. May-2012 to Apr-2013

Led day-to-day activities of IT security staff, including analysis, detection, mitigation, and escalation of security risks and threats of information systems and assets.

Developed and maintained Global IT security policies, procedures, and controls used in the management of company compliance efforts.

Implemented global identity and access management system (IAM) to address recurring audit issues associated with user provisioning.

Managed IT’s yearly SOX and PCI efforts.

Managed IT’s DR/BCP program. Conducted BIAs to validate RTO and RPO alignment with business expectations and performed yearly failover testing to verify recovery procedures.

Defined and managed annual security operational and project budgets. Manager IT Customer Service

LyondellBasell, Inc. Jan-2011 to May-2012

Managed global IT support services including, remote site support, service desk, and global provisioning activities, including SAP provisioning.

Managed global team of 65 employees and contractors as well as outsourced global service desk and provisioning staffs providing round the clock IT support services in six languages to over 15,000 users, throughout 79 global locations.

Implemented metrics based reporting program providing transparency into services providing, and insight into areas for improvement. The initiative resulted 4

in; 16% increase in first call resolve time, 8% improvement in speed to answer, 10% reduction in average handle time, 18% improvement in addressing Tier 1 and 2 issues, and 22% improvement in customer satisfaction.

Published Service Catalog for standard IT services and monthly reports providing transparency into the IT services provided to the business

Implement and managed outsourced Telecom expense program to manage and control business wireless costs. The program provided improved visibility into wireless expenses resulting in 25% saving in wireless costs. Senior Director IT Security and IT Operations, Manager Software Engineering Quebecor World, Inc. Sep-1988 to Jan-2011

Provided leadership, and strategic direction to both the business and IT in support of the duties of this role, focusing on IT’s ability to securely deliver services. Implemented monthly metrics program providing transparency in to the services provided. This effort resulted in a 20% improvement in first call resolution, a 40% improvement in customer satisfaction and a 10% improvement in overall resolution time.

Responsible for developing and managing $50 million IT budget. Stabilized and reduced annual operational budget 2-3% per year through cost containment programs, innovation, supplier negotiations, and investments in new technologies.

Managed IT cost containment efforts during bankruptcy along with the M&A activity associated with the eventual sale of the company, including; system integration, vendor management, and staff consolidation efforts.

Published and maintained security policies, procedures, standards, and controls used in the management of the company’s compliance efforts.

Implemented global security awareness program to educate employees and contractors on how to identify and prevent malicious activity from affecting the company.

Managed IT’s DR/BCP program. Conducted BIAs to validate RTO and RPO alignment with business expectations and performed yearly failover testing to verify recovery procedures.

Developed systems to digitize and manipulate images in support of real-time engraving of electronic images. This program replaced the need for using film in the engraving process.

Implemented a WAN to interconnect sites and then developed software used to transfer information between sites.

Developed and implemented a manufacturing system to control and manage printing presses.

ADDITIONAL EXPERIENCE

(Details upon request)

Senior Systems Administrator, BROWN & SHARPE MANUFACTURING

Software Engineer, PROVIDENCE GRAVURE

Senior Systems Analyst, BOEING

5

Certifications

Certified Information Systems

Security Professional (CISSP) - 2010

ITIL v3 Foundation – 2010

ITIL v3 Service Operations - 2011

ISO/IEC 27001 Auditor – 2013

GSEC – 2003

CIPP/IT – 2013

Chemical-terrorism Vulnerability

Information (CVI) – 2013

PMP - 2019

Education

Masters of Science, Cybersecurity – Cyber Operations Utica College, Utica New York

Bachelor of Science, Mathematics

Northeastern University, Boston Massachusetts

Contact this candidate