CRAIG L. RICKS, MBA, CISM, CPM

advmh7@r.postjobfree.com / 972-***-**** / www.linkedin.com/IN/CraigRicks

SUMMARY AND PROFILE

Information Security Executive experienced in strengthening an organizations security posture through People, Processes, and Technology.

Summary of Qualifications:

Develop and implement an enterprise-wide security framework with adequate controls and governance

Ability to build strong collaborative relationships within Business, Technology, Audit, and C-Level executives to improve security awareness across the organization.

Drive process and control automation along with planing and analysis of data segmentation and centralized data solutions.

Performing thorough Risk-Issue Assessments and Management of Issues throughout lifecycle.

Performs development and analysis of Issue Management, Business Continuity Planning, Disaster Recovery, Change Management, Identity Access Management, Vulnerability Management, and Third Party Risk Management.

Drive project initiatives with sound judgment by setting clear expectations while managing workflow, balancing priorities, maintaining ownership, and accountability.

Strong verbal and written communications, complex problem solving, efficient time management, and strategic planning skills with clear attention to detail.

Ability to build and lead a strong team as well as work in a matrixed environment to influence change.

PROFESSIONAL EXPERIENCE

Cathay Bank, Plano, TX

FVP IT Risk Management

March 2022 – November 2022

Perform independent oversight of controls via review and challenge to ensure control design and effectiveness.

Build and lead team of security professionals and influenced in a matrixed environment to oversee all aspects of Issues/Risks.

Enhanced and matured the Governance, Risk and Compliance (GRC) program by owning, modifying, and developing Information Security Policies, Standards, Processes, KPI’s, and KRI’s.

Manage and prioritize Risk-Issue tracking and drive remediation efforts enterprise-wide.

Ensure security controls are applied appropriately for new projects in the Datacenter and Cloud environments.

Facilitate all Internal and External Audits related to Information Security (IS) and Technology.

Ensures maturation of the organizations security posture by aligning with industry best practices, legal, contractual, and regulatory requirements including but not limited to GLBA, GDPR, PCI, SOX, etc.

Implement security framework across the organization aligning to NIST, ISO 27001, and CIS benchmarks.

Performed FFIEC Cybersecurity Assessment Tool (CAT) assessment across the organization to determine the Maturity Rating and Inherent risk rating.

Performs Third Party Risk Management (TPRM) Security assessments for new and existing products and services to ensure adherence to security guidelines, regulatory requirements, SOC1, and SOC2 reporting.

Performs IT Cloud governance and strategy for IaaS, SaaS, PaaS, and DevOps. Providing Information Security oversight of change and configuration management, overall enterprise information technology governance, risk, and compliance (GRC) management, and regular reporting to the bank's governance committees.

Caliber Home Loans, Coppell, TX

Business Information Security Officer (BISO)

October 2021 - March 2022

Provide strategic consultation to business, technology, and risk leadership regarding long and short range information security risk/requirements and Issue Management.

Serving as Trusted Advisor to the business unit(s) providing oversight and input on product implementation, regulatory compliance, control testing, and Risk-Issue management/mitigation.

Facilitate all internal and external Information Security Audit and regulatory examiner engagements, including but not limited to State (NYDFS), Federal, SOX, Vendor, and CFPB questionnaires.

Manage the monitoring, tracking, identifying, and reviewing of operational risk related to Information Security across all business, technology, and Third Party Management entities.

Drive a collaborative environment that ensures timely communication and strong cooperation between Information Security and the lines of business including but not limited to Legal, Risk, and Compliance Teams.

Drive, develop, and maintain Information Security Risk culture within the business including reporting and analysis such as KRI’s/KPI’s, manage scorecards, and deliver executive presentations.

Lead Identification, detection, protection, response, and recovery as it pertains to Information Security across all business and technology groups including 1st and 2nd lines of defense.

Escalate concerns and issues to senior leadership and the Board as appropriate.

Evaluate the appropriateness of policy exceptions to drive Risk-Issue resolution.

Caliber Home Loans, Coppell, TX

VP IT Risk and Controls

March 2020 - October 2021

Manage, build, and mentor team of security professionals to drive efficiencies across Governance, Risk, and Compliance (GRC) as well as IT Risk and Controls for first line of defense (1LoD).

Perform security assessments across new and existing products and services.

Assit in implementation and evaluation of data centralization and intelligence tool (Giggso) for AI/ML Monitoring and Triaging.

Implemented/Deployed Archer GRC SaaS tool and managed administrators to evolve the GRC program across the organization through automated controls.

Manage and prioritized Risk-Issue tracking and drove remediation efforts.

Own development and attestation of all Information Security Policies and Standards, KPI’s, and KRI’s.

Develop and implement RCSA (Risk Control Self-Assessment) for continuous security reviews.

Develop Sarbanes Oxley (SOX) program including the build out of Information Technology General Controls (ITGC’s).

Lead development of comprehensive and sustainable IAM (Identity & Access Management) governance program.

Build and manage Third Party Risk Management Program, reviewing and validating SOC1 and SOC 2 reports.

Facilitate all internal and external Information Security audit engagements and regulatory examinations.

Consult with IT teams across all business units and technology groups to drive security awareness, training, and improve security posture.

Develop, monitor, and analyze budgetary and operational performance of department resources including but not limited to negotiating contracts for GRC tooling & support staff.

Capital One Financial, Plano, TX

Risk and Controls Manager

Feb 2019 - March 2020

Provided first-line of defense independent oversight and guidance regarding business products, services, and processes through NIST and ISO 27001 framework.

Drove cloud vulnerability remediation and performed executive reporting to ensure adherence with SLA’s.

Leveraged AI/ML to assess and automate cloud security measures.

Manage and prioritize Risk-Issue tracking and drive remediation efforts.

Developed and Evaluated Key Risk Indicators (KRI’s) and Key Performance Indicators (KPI’s) to advise senior management and influence process change.

Facilitate and Lead audit engagement, deliverables, and drove remediation activities to closure.

Enhanced Identity and Access Management program to reduce unauthorized user access.

Serves as a trusted adviser for IT and develop Cloud security requirements against new and existing products and services.

Assess and implement controls to ensure accountability and identify process GAP’s.

Capital One Financial, Plano, TX

IT Manager GRC

Jan 2012 - Feb 2019

Trusted Security Advisor to senior leaders, Product owners, & LOB’s (Lines of Businesses) ensuring data Confidentiality, Integrity, and Availability.

Drove security automation via Python scriptiing for auto patching.

Performed threat modeling and vulnerability management identification while establishing appropriate control measures for mitigation and/or remediation.

Manage and prioritize Risk-Issue tracking and drive remediation efforts.

Monitored and performed PCI and SOX compliance testing to ensure adherence to regulatory guidelines.

Support and manage Internal and External Audit and ensures on-time deliverables.

Track and validate IT Resiliency and Recovery.

Additional Experience:

Senior Telecom Engineer, Charter Communications, Fort Worth, TX (2006-2012)

Implementation Engineer and Quality Auditor, Verizon Business, Tulsa, OK (1999-2006)

Lead NOC Technician, Verizon Business, Tulsa, OK (1995-1999)

Central Office Technician, General Communications Inc., Anchorage, AK (1993-1995)

Signal Bridge Supervisor, US Navy, Norfolk, VA (1988-1991)

EDUCATION AND OTHER

Keller Graduate School of Management, Irving, TX

MBA – Master’s Business Administration

DeVry University, Fort Worth, TX

Bachelor of Science, Technical Management

University of Alaska, Anchorage, AK

Applied Associate Electronic Engineering Technology

Professional development & Certifications:

Certified Information Security Manager (CISM), ISACA

Certified in Risk and Information Security (CRISC), Cyber Train IT training

Certified Information Systems Security Professional (CISSP) Cyber Train IT training

Award winning Magellan Leadership Development Program and Mentoring

AWS fundamental Training

ITIL v3 Fundamentals Certification

COBIT 5 (Control Objectives within IT), The Knowledge Academy

Masters Certificate Project Management – PMI certified, Keller Graduate School, 2011

Contact this candidate