Information Security Officer
Resume:
NEAL KIRSCHNER
CISA, CISM, CGEIT, CRISC, CFE, CFSA, CISSP, CCISO, CRMA
CONTACT INFORMATION
Montvale, NJ 07645
adczkp@r.postjobfree.com
SUMMARY
Executive leader in information risk, security, compliance and audit, with an accomplished record in establishing and delivering comprehensive programs to manage these functions for major organizations.
Wide-ranging successful leadership in the roles of Chief Information Security Officer, Chief Information Risk Officer, Head of Technology Governance, Internal and External Audit Director, as well as Professional Assurance Services Practice Head.
Strong background securing brand-name and global businesses, encompassing multiple industry verticals in complex and dynamic environments – including highly regulated industries, e.g., financial services, health care, retail / e-commerce, pharmaceutical and government.
Key accomplishments include: developing comprehensive information protection strategies and operational controls; creating and implementing a wide-range of information security and privacy policies; ensuring compliance for all technology-related regulations and standards; building and validating the internal control frameworks; establishing mature risk management disciplines and culture; identifying and remediating performance gaps and process deficiencies; deploying key security technologies; as well as providing executive oversight to protect information.
In-depth expertise in information security practices, technology, compliance and privacy laws, audit requirements, business processes, project management, and industry standards.
Multiple professional certifications in information security, IT and financial services audit, technology governance, risk and fraud assessment.
PROFESSSIONAL EXPERIENCE
BNY Mellon
09/19 – 3/20
Data Security Strategy Lead (Contractor)
Provided leadership in the development, design and implementation of technology and processes to drive BNY Mellon’s data protection strategy.
Managed key global initiatives and projects to automate information classification, data life cycle management, sensitive data discovery and access entitlements.
Identified systematic risk and compliance gaps in data protection.
• Established and managed a comprehensive project for global remediation.
• Created data protection compliance requirements, controls, policies, and technical standards.
Independent Consultant
06/19 – 09/19
Information Security and Compliance Advisory Services (Contractor)
Provided consulting services to drive the attainment of ISO 27001 certification and remediating cybersecurity audit issues. Services delivered include developing and implementing project plans, assessing controls, and writing policies, standards, and procedures to align technology controls with compliance requirements.
US Security and Exchange Commission
07/17 – 06/19
Cybersecurity SME (Contractor)
Led the SEC’s Office of Credit Rating Agencies cybersecurity regulatory compliance function. Oversaw examinations of the nationally recognized statistical credit rating organizations (NRSROs) – including Moody’s, S&P Ratings, Morningstar, Fitch Ratings and AM Best.
Established the cybersecurity regulatory review examination process and governance metrics.
Created customized risk profiles and examination programs for each NRSRO.
Assessed cybersecurity controls to ensure and optimize credit rating reliability, market stability, and information protection.
Prepared presentations for SEC management; trained examination staff in cybersecurity.
Independent Consultant
09/16 – 07/17
Information Security and Risk Management Advisory Services (Contractor)
Self-employed, providing consulting support for security, risk management, and compliance functions.
Established and delivered virtual CISO services.
Managed and executed IT audits, third-party risk assessments and regulatory compliance examinations – including projects related to HIPAA, PCI-DSS, ISO 27001 and NIST 800-53.
MSG Sports & Entertainment
04/14 – 08/16
Chief Information Security Officer
Head of information security risk, and compliance management for Madison Square Garden’s sports, entertainment, and media holdings.
Established a newly formed function to manage information security and risk.
Defined the strategic roadmap and program framework to secure and protect corporate assets, systems and information.
Developed comprehensive information security policies, standards and metrics.
Assessed and remediated information risk issues, monitored security, provided executive level oversight and managed the firm’s overall information risk profile.
Ran the compliance program – to ensure compliance with the credit card data security standard (PCI-DSS), SOX, HIPAA and privacy laws.
Introduced and deployed key security technologies and processes – including solutions for: data access governance, security incident and event management (SIEM), incident response, strong authentication, file integrity management, vulnerability assessment, penetration testing, perimeter management, network segmentation, advanced malware detection, intrusion detection and prevention (IDS/IPS), encryption, third-party risk management, and virtual desktop infrastructure.
Managed capital and operating budgets, operational and engineering teams and vendor relations.
Univision Communications, Inc.
08/11 – 10/13
Chief Information Security Officer / Director – Risk & Security Management
Led the information risk, security, and IT audit functions for Univision’s broadcasting and internet publishing businesses.
Oversaw firm-wide information asset protection, information risk, and compliance management.
Defined information security strategies, architectures, policies, processes, metrics, standard,s and education campaigns.
Spearheaded and delivered on critical and complex projects to implement and enhance security and risk management tools and practices including: IT governance, risk and compliance (GRC) automation; user provisioning and single sign-on; vulnerability assessment and penetration testing; access token elimination using risk-based adaptive authentication; remote access platform consolidation; network perimeter monitoring, change control and automated risk analysis; endpoint encryption for mobile devices; security incident and event management (SIEM); incident response; data classification; mobile device management (MDM); network access control (NAC); intrusion detection and prevention (IDS/IPS); security awareness training; privileged identity management; key risk and performance metric development; benchmark reporting; secure file transfer mechanisms; compliance audits - e.g., PCI-DSS and Sarbanes-Oxley (SOX); management of third party / cloud service providers (SOC 1 and 2 reports); threat monitoring; eDiscovery litigation support and computer forensic investigations.
Provided oversight to budget, staff and vendors.
NYS Office of Mental Health
04/10 – 08/11
Chief Information Security Officer
Interim Chief Information Security Officer (functioning in a consulting capacity) for the third-largest New York state agency (encompassing 27 hospitals, with 17,000 employees).
Created and managed a comprehensive IT risk and compliance program, including the establishment of information security strategic plans, architectures; compliance mapping and companion processes to meet regulatory requirements for privacy and security (particularly HIPAA/HITECH and state statutory requirements), as well as industry standards (including ISO 27001, CobiT, and ITIL).
Completely overhauled all information security policies and standards; implemented security breach handling processes, audited systems in accordance with HIPAA; provided agency-wide guidance, coordinated all information security issues; and introduced an information security training and awareness campaign.
Deployed new information security tools and risk mitigation solutions - including hands-on implementation of IT governance, risk, and compliance (GRC) software (using the RSAM product); security information and event management (SIEM); vulnerability analysis; adaptive authentication; identity management and provisioning; incident reporting and response; data encryption; information classification; incident and patch management; security performance reporting; technical audits, control assessments, and remediation tracking.
ADDITIONAL EXPERIENCE
EisnerAmper LLP
Practice Leader / Director – Technology Assurance and Risk Management Services
Experis, New York, NY
Engagement Manager – Technology Risk Management
Avis Budget Group
Global Information Protection Officer
Lehman Brothers
Chief Information Risk Management Officer / VP Information Security
Verisk Analytics
Systems Assurance Director (CISO) / Computer Services Audit Director
Honeywell International
IT Audit Director (Global Head of IT Audit)
EDUCATION
Bachelor of Arts, New York University
CERTIFICATIONS
Certified CISO (C CISO)
Certified Information Security Manager (CISM)
Certified Information Systems Auditor (CISA)
Certified in the Governance of Enterprise IT (CGEIT)
Certified in Risk and Information Systems Control (CRISC)
Certified Information Systems Security Professional (CISSP)
Information Systems Security Architecture Professional (ISSAP)
Information Systems Security Management Professional (ISSMP)
Certified Financial Services Auditor (CFSA)
Certified Fraud Examiner (CFE)
Certified in Risk Management Assurance (CRMA)
Certified in Information Technology Infrastructure Library (ITIL) Foundations
Certified Lean Six Green Belt
Passed qualifying examinations for:
oCertified Computer Forensics Examiner (CCFE)
oCertified Business Continuity Planner (CBCP)
Contact this candidate