Irina Shor NJ 732-***-**** adjeky@r.postjobfree.com
An experienced executive in Vulnerability, Threat and Risk Management, Threat Intel, Red/Purple/Blue Team, Penetration Testing, Endpoint Protection, Application Security, cross-platform Engineering, IT & Cyber Security Risk and Compliance, Cyber Security Auditing and Product Management, Business development
Professional Achievements
Lead vulnerability, threat and risk program, pen testing, red team, application security, endpoint protection covering GRC, Security Engineering and Operational components globally
Oversee for gathering, analyzing and disseminating actionable intelligence for informed decision making across corporate strategy, cyber security risk management and product planning as well as cyber defenses
Conduct strategic and tactical threat intel and threat modeling
Lead business development that covers vCISO, security risk assessment, penetration testing, application security and fusion concepts while addressing NYDFS regulatory requirements across the financial sector
Lead information security risk, vulnerability and patching programs
Accountable for application security across homegrown and third party applications
Introduce and implement CASB shadow IT to ensure internal threat protection
Promote and lead technology and business modernization in private and public cloud and legacy environments as part of Global innovation program
Successfully port 15 home-grown applications into single framework for file integrity and compliance
Implement preventive, detective and compensating controls across multiple LOBs to comply with PCI and SOX
Conduct and close internal Security Audit for unauthorized access, that helped to avoid reputational damage
Establish and mature Red / Purple Team
Professional Experience
TD Ameritrade July 2018 - present
Sr Manager Vulnerability, Threat and Risk, Red/Purple/Blue Teaming, Penetration Testing
Global GRC Role leading 3 teams focusing on Vulnerability, Treat and Risk, Pen Testing, Red/Purple Teaming, Firewall security approvals, while partnering with Threat Intel, Security Engineering, Patching and other Technology teams
Maintain Policy, Standards and Procedures in the respective areas of responsibility
Conduct periodic and ad-hoc NIST based maturity self-assessments
Manage C-level reporting on Internal, External, Third-party and Application Security Risk
Vertical and horizontal platform and application vulnerability coverage including containers across current and tech debt for the on-prem and in Public Cloud
Manage Secure configuration /compliance scans and assessments
Conduct strategic threat intel and threat modeling
Spin up and manage Red/Purple Team Program while closely partnering with Blue team
Wolters Kluwer October 2017- July 2018
Director of Vulnerability Management, EndPoint Protection and Application Security
Global Role reporting to CISO for Governance, Engineering and Operational functions across 4 regions and covering 64 countries
Accountable for Global Vulnerability Program, Penetration Testing, EndPoint Protection and Application Security
Conduct current technology stack functional analysis and share proposals for consolidation, automation and modernization
Present Business cases to cover control gaps based on organization’s Risk appetite
Architect and design new controls on-prem and in Public Cloud
Conduct technology and resource evaluations
Lead strategy and roadmaps in the areas of direct responsibility
Lead new controls global deployment oversight
Ongoing effort to improve Maturity (CMMI and NIST based)
Present C-Level Dashboards to demonstrate current trends and improvements
TD Securities January 2016 – October 2017
Director of Security Engineering - Vulnerability and Risk Management Program
Contribute to Global Policy updates while keeping up-to-date with local and
Regional Regulations relevant to the Business
Translate the Business and Information Security requirements into technical requirements
Partner with Governance, Threat Intel and SOC while responding to Incidents and Audit findings
Partner with DevOps during packaging and automated deployments across Private Cloud and Legacy environments
Identify Information Security risks and the appropriate controls for development, day-to-day operation, and remediation of non-compliance
Design, manage and oversee the information security program for the CIOs and the respective businesses with four services: Vulnerability and Risk Management, Logging and Monitoring, Security Consulting, and Assurance & Execution
Report to Global Head of Security Engineering to drive innovative and quantifiable initiatives across COTS and home-grown application design, implementation, securing infrastructure and leading L3 support to create resilient environment and satisfy regulatory requirements
Operate Risk and Vulnerability Management team under Security Engineering to architect and deliver certified solutions for Database, Network, Application, Containers vulnerability, Network malware, application Pen Testing, logging and monitoring across Legacy, Private and Public Cloud
Act as application BISO while running Business Application Risk Assessments across existing and new applications
Establish and maintain Security Strategy and Roadmaps vertically and horizontally across the whole Security stack in Legacy, Private and Public Cloud environments
Implement a New Technology Introduction program and lead technical certification processes as per business requirements
Lead currency uplift, technical debt reduction initiatives, that enabled the business to be more competitive while making significant cost reductions and risk enhancements
Introduce Docker Containers for Private and Public Cloud; bring IaaS/PaaS/SaaS solutions onboard and address their Vulnerabilities
Explore market and close security gaps while bringing and implementing WAF and API Gateway solutions, host-based and Network IPS/IDS and DLP solutions
Packaging requirements and scripting (PowerShell, VB, *NIX shells, expect, BluePrints and Salt state)
Lead integrations, packaging, testing and full implementation/solutions delivery while collaborating with other stakeholders across the board
Adhere to Security Policy and follow best industry secure practices while ensuring appropriate controls across existing and new applications
Developing and leading end-point, application, Database, Network, infrastructure, mobile security initiatives
Deutsche Bank June 2012 - Jan. 2016
VP, Senior Cyber Security Auditor
Conducted and closed global ARM (access restriction management) Audit to mitigate risks of unauthorized access to PRODUCTION environment
VP, Security Engineering Cyber Security Risk and Compliance June 2012 - Sept. 2015
Delivered the bank-wide product management for near-real time File Integrity Monitoring (FIM) solution globally to satisfy MAS Regulatory requirements
Ran gap analysis, product evaluation, testing and cross-regional deployment
Responsibilities also included architecture/design, risk assessment, networking,
BCP/DRP, monitoring, patch management, integrations, cross-platform policies development/scripting, SQL Clustering/configuration, backup and recovery, certificate management, RBAC design/implementation, whitelist, Pen Testing, L3 production support, vendor engagement, documentation and team cross-training
Engineering Lab management: hardware/software evaluation, patch management and upgrades
BISO (Business Information Security Officer) accountable for cross-application Business Risk assessments within Security Engineering domain
Responsible for risk acceptances, risk log and reporting and regulatory interface globally
Covered logical controls area within Sec Engineering; BCP/DRP
Credit Suisse July 2011 - June 2012
Lead SME, Security Risk and Compliance
Delivered Compliance solution globally to cover 35,000 servers across 4 regions.
The delivered solution covered OS/Database/Web/Network/VMware for compliance monitoring
Responsibilities included gap analysis between CIS and Credit Suisse internal policies for Solaris, Windows and Linux platforms, design and architecture, exceptions/waivers management, HP Asset Manager and Remedy integrations, smart Agent design and implementation, application components load testing, application proxy agents, Windows/Linux/Solaris packaging, RBAC design/implementation, Console/DB configuration/optimization/management, scripting (VB/WMI, Power Shell, Perl),
Collaborated with QA, DBA, Regional Deployment Owners, IT Risk worldwide
Provided training and documentation for internal and external customers, managed vendor relationship
Imagine Software Nov. 2009 - July 2011
Lead Perimeter Security Engineer/SME
Provided oversight of physical, logical and administrative Security
Accountable for perimeter Security, including installation, configuration and maintenance of content Filtering Firewalls, FIM solution (Tripwire), two-factor authentication, User management, RSA installation/support/HA, intrusion Detection System monitoring,
Implemented system jails, secured HTTP/s Servers, managed certificates including in-house generation, routing
Governance: wrote corporate System Hardening baselines and VPN configuration baselines; quarterly audits (SAS70), documentation, Policy and procedures; scripting
Princeton University June 2006 - Nov. 2009
Lead SME / UNIX System Engineer
Led BAU and innovative processes for University IT Department
Responsibilities included OS/software/hardware maintenance, Jumpstart/Kickstart Engineering for Solaris 9/10 and RHEL 4/5 servers, Solaris zones and ZFS implementation, OS/firmware/drivers patching, Veritas and SDS disk volume management, home-grown and public software installs and packaging, software upgrades and release into production, L2 support for Apache, remote console infrastructure deployment/management utilizing Avocent ACS switches
Led servers consolidation/virtualization initiative, Virtual Center and VMWare ESX 3.5 infrastructure management
Associated Press April 2000 - June 2006
UNIX Systems Administrator / Engineer
Motorola August 1991 - March 2000
UNIX System Engineer
Education and Certifications
Master Degree in Computer Science (Kazan National Research Technical University, Russia)
CISSP CEH CRISC CISM AWS and Azure Security Engineering(2020)