Information Security Sr Manager

Irina Shor NJ 732-***-**** adjeky@r.postjobfree.com

An experienced executive in Vulnerability, Threat and Risk Management, Threat Intel, Red/Purple/Blue Team, Penetration Testing, Endpoint Protection, Application Security, cross-platform Engineering, IT & Cyber Security Risk and Compliance, Cyber Security Auditing and Product Management, Business development

Professional Achievements

Lead vulnerability, threat and risk program, pen testing, red team, application security, endpoint protection covering GRC, Security Engineering and Operational components globally

Oversee for gathering, analyzing and disseminating actionable intelligence for informed decision making across corporate strategy, cyber security risk management and product planning as well as cyber defenses

Conduct strategic and tactical threat intel and threat modeling

Lead business development that covers vCISO, security risk assessment, penetration testing, application security and fusion concepts while addressing NYDFS regulatory requirements across the financial sector

Lead information security risk, vulnerability and patching programs

Accountable for application security across homegrown and third party applications

Introduce and implement CASB shadow IT to ensure internal threat protection

Promote and lead technology and business modernization in private and public cloud and legacy environments as part of Global innovation program

Successfully port 15 home-grown applications into single framework for file integrity and compliance

Implement preventive, detective and compensating controls across multiple LOBs to comply with PCI and SOX

Conduct and close internal Security Audit for unauthorized access, that helped to avoid reputational damage

Establish and mature Red / Purple Team

Professional Experience

TD Ameritrade July 2018 - present

Sr Manager Vulnerability, Threat and Risk, Red/Purple/Blue Teaming, Penetration Testing

Global GRC Role leading 3 teams focusing on Vulnerability, Treat and Risk, Pen Testing, Red/Purple Teaming, Firewall security approvals, while partnering with Threat Intel, Security Engineering, Patching and other Technology teams

Maintain Policy, Standards and Procedures in the respective areas of responsibility

Conduct periodic and ad-hoc NIST based maturity self-assessments

Manage C-level reporting on Internal, External, Third-party and Application Security Risk

Vertical and horizontal platform and application vulnerability coverage including containers across current and tech debt for the on-prem and in Public Cloud

Manage Secure configuration /compliance scans and assessments

Conduct strategic threat intel and threat modeling

Spin up and manage Red/Purple Team Program while closely partnering with Blue team

Wolters Kluwer October 2017- July 2018

Director of Vulnerability Management, EndPoint Protection and Application Security

Global Role reporting to CISO for Governance, Engineering and Operational functions across 4 regions and covering 64 countries

Accountable for Global Vulnerability Program, Penetration Testing, EndPoint Protection and Application Security

Conduct current technology stack functional analysis and share proposals for consolidation, automation and modernization

Present Business cases to cover control gaps based on organization’s Risk appetite

Architect and design new controls on-prem and in Public Cloud

Conduct technology and resource evaluations

Lead strategy and roadmaps in the areas of direct responsibility

Lead new controls global deployment oversight

Ongoing effort to improve Maturity (CMMI and NIST based)

Present C-Level Dashboards to demonstrate current trends and improvements

TD Securities January 2016 – October 2017

Director of Security Engineering - Vulnerability and Risk Management Program

Contribute to Global Policy updates while keeping up-to-date with local and

Regional Regulations relevant to the Business

Translate the Business and Information Security requirements into technical requirements

Partner with Governance, Threat Intel and SOC while responding to Incidents and Audit findings

Partner with DevOps during packaging and automated deployments across Private Cloud and Legacy environments

Identify Information Security risks and the appropriate controls for development, day-to-day operation, and remediation of non-compliance

Design, manage and oversee the information security program for the CIOs and the respective businesses with four services: Vulnerability and Risk Management, Logging and Monitoring, Security Consulting, and Assurance & Execution

Report to Global Head of Security Engineering to drive innovative and quantifiable initiatives across COTS and home-grown application design, implementation, securing infrastructure and leading L3 support to create resilient environment and satisfy regulatory requirements

Operate Risk and Vulnerability Management team under Security Engineering to architect and deliver certified solutions for Database, Network, Application, Containers vulnerability, Network malware, application Pen Testing, logging and monitoring across Legacy, Private and Public Cloud

Act as application BISO while running Business Application Risk Assessments across existing and new applications

Establish and maintain Security Strategy and Roadmaps vertically and horizontally across the whole Security stack in Legacy, Private and Public Cloud environments

Implement a New Technology Introduction program and lead technical certification processes as per business requirements

Lead currency uplift, technical debt reduction initiatives, that enabled the business to be more competitive while making significant cost reductions and risk enhancements

Introduce Docker Containers for Private and Public Cloud; bring IaaS/PaaS/SaaS solutions onboard and address their Vulnerabilities

Explore market and close security gaps while bringing and implementing WAF and API Gateway solutions, host-based and Network IPS/IDS and DLP solutions

Packaging requirements and scripting (PowerShell, VB, *NIX shells, expect, BluePrints and Salt state)

Lead integrations, packaging, testing and full implementation/solutions delivery while collaborating with other stakeholders across the board

Adhere to Security Policy and follow best industry secure practices while ensuring appropriate controls across existing and new applications

Developing and leading end-point, application, Database, Network, infrastructure, mobile security initiatives

Deutsche Bank June 2012 - Jan. 2016

VP, Senior Cyber Security Auditor

Conducted and closed global ARM (access restriction management) Audit to mitigate risks of unauthorized access to PRODUCTION environment

VP, Security Engineering Cyber Security Risk and Compliance June 2012 - Sept. 2015

Delivered the bank-wide product management for near-real time File Integrity Monitoring (FIM) solution globally to satisfy MAS Regulatory requirements

Ran gap analysis, product evaluation, testing and cross-regional deployment

Responsibilities also included architecture/design, risk assessment, networking,

BCP/DRP, monitoring, patch management, integrations, cross-platform policies development/scripting, SQL Clustering/configuration, backup and recovery, certificate management, RBAC design/implementation, whitelist, Pen Testing, L3 production support, vendor engagement, documentation and team cross-training

Engineering Lab management: hardware/software evaluation, patch management and upgrades

BISO (Business Information Security Officer) accountable for cross-application Business Risk assessments within Security Engineering domain

Responsible for risk acceptances, risk log and reporting and regulatory interface globally

Covered logical controls area within Sec Engineering; BCP/DRP

Credit Suisse July 2011 - June 2012

Lead SME, Security Risk and Compliance

Delivered Compliance solution globally to cover 35,000 servers across 4 regions.

The delivered solution covered OS/Database/Web/Network/VMware for compliance monitoring

Responsibilities included gap analysis between CIS and Credit Suisse internal policies for Solaris, Windows and Linux platforms, design and architecture, exceptions/waivers management, HP Asset Manager and Remedy integrations, smart Agent design and implementation, application components load testing, application proxy agents, Windows/Linux/Solaris packaging, RBAC design/implementation, Console/DB configuration/optimization/management, scripting (VB/WMI, Power Shell, Perl),

Collaborated with QA, DBA, Regional Deployment Owners, IT Risk worldwide

Provided training and documentation for internal and external customers, managed vendor relationship

Imagine Software Nov. 2009 - July 2011

Lead Perimeter Security Engineer/SME

Provided oversight of physical, logical and administrative Security

Accountable for perimeter Security, including installation, configuration and maintenance of content Filtering Firewalls, FIM solution (Tripwire), two-factor authentication, User management, RSA installation/support/HA, intrusion Detection System monitoring,

Implemented system jails, secured HTTP/s Servers, managed certificates including in-house generation, routing

Governance: wrote corporate System Hardening baselines and VPN configuration baselines; quarterly audits (SAS70), documentation, Policy and procedures; scripting

Princeton University June 2006 - Nov. 2009

Lead SME / UNIX System Engineer

Led BAU and innovative processes for University IT Department

Responsibilities included OS/software/hardware maintenance, Jumpstart/Kickstart Engineering for Solaris 9/10 and RHEL 4/5 servers, Solaris zones and ZFS implementation, OS/firmware/drivers patching, Veritas and SDS disk volume management, home-grown and public software installs and packaging, software upgrades and release into production, L2 support for Apache, remote console infrastructure deployment/management utilizing Avocent ACS switches

Led servers consolidation/virtualization initiative, Virtual Center and VMWare ESX 3.5 infrastructure management

Associated Press April 2000 - June 2006

UNIX Systems Administrator / Engineer

Motorola August 1991 - March 2000

UNIX System Engineer

Education and Certifications

Master Degree in Computer Science (Kazan National Research Technical University, Russia)

CISSP CEH CRISC CISM AWS and Azure Security Engineering(2020)

Contact this candidate