CARL W. EYLER

Hopewell Junction, NY ***** adwxjm@r.postjobfree.com

845-***-**** www.linkedin.com/in/carleyler

Experienced Information Security professional supporting multination firms with notable success directing a broad range of security initiatives, including security guidance and planning, analysis, and implementation of IT solutions in direct support of the business. Recent roles have focused on governance, compliance, and training in response to cyber regulations. Areas of expertise include:

Access Control / Identity Management (SAML/SSO) Application Penetration Testing

Application Risk Assessments Board Level Reporting

Business Continuity / Disaster Recovery Planning Cloud / Container (Kubernetes) Governance

Data and IT Governance / Data Loss Prevention Incident Response / Vulnerability Management

Policies, Standards, Processes, and Procedures Secure Coding / Application Development – Agile

Security Awareness Third Party Technology Risk Assessments

Regulatory Compliance - (FFIEC, SEC, NY-DFS, SOX, PCI, HIPPA, HI-TRUST, GDPR, CCPA, CPRA)

PROFESSIONAL EXPERIENCE

Chief Information Security Officer (CISO) NOV 2022 – FEB 2023

Moonstone Bank – Farmington, WA (Remote)

Moonstone Bank is a reimagined Washington State bank that caters to Small and Medium Enterprises (SMEs) and consumers with technology-driven consumer and commercial banking solutions. As the bank’s first CISO, responsibilities include developing and managing the bank’s Information Security Program to ensure compliance with key regulations, including SOX, GLBA, and PCI. [Bank downsized and rebranded to Farmington State Bank as a result of involvement with FTX]

Adjunct Assistant Professor

University of Maryland Global Campus JAN 2019 – PRESENT

Teaching undergraduate courses related to Software Development and Security, including:

CMIS 102 Intro to Problem Solving and Algorithm Design SDEV 350 Database Security

CMIS 310 Computer Systems and Architecture SDEV 360 Secure Software Engineering

SDEV 460 Software Security Testing

Vice President, Information Security Officer (CISO) JUN 2019 – NOV 2022

Metropolitan Commercial Bank – New York, NY

Responsible for developing and managing the bank’s Information Security Program to ensure compliance with key regulations, including NYS-DFS 500, SOX, GLBA, and PCI. Key initiatives include:

Create and maintain firm-wide policies and procedures management process and develop/update cyber policies as needed, e.g., Information Security, Incident Response, Computer Usage, Security Awareness, Personally Identifiable Information (PII), etc.

Conduct risk assessments and provide information security and cybersecurity analysis and best practice recommendations for hardware, operating systems, networks, software, databases, staffing, data center, and physical office space security.

Oversee Business Continuity and Disaster Recovery Programs.

Develop a risk-based reporting process to provide critical metrics to senior management.

Adjunct Professor JAN 2019 – JAN 2020

University of New Hampshire

Taught online graduate courses for the Cybersecurity Policy & Risk Management program, including:

CPRM 820 Policy Development and Communication

CPRM 840 Cybersecurity Standards & Laws

Cyber Security GRC Specialist FEB 2019 – JUN 2019

Wilson Elser – New York, NY

Responsibilities include identifying and mitigating technology risks by managing the firm’s cyber-related governance, risk, and compliance program.

Head of Information Security – Americas (Regional CISO) SEP 2015 – DEC 2018

Schroders – New York, NY

Managed technology-related regulatory requirements, Information Technology Risk, and Information Security across Schroder Americas, including the United States, Brazil, Chile, Argentina, and Mexico.

Ensured compliance with regulatory standards, especially SEC / OCIE Cybersecurity Guidance, and maintained the security program’s focus on conforming to NIST standards.

Governed, tracked, and managed technology-related risk issues, including the remediation of those issues.

Provided technology risk consultancy for business application and infrastructure projects, including participation in Agile SCRUM sessions and PI planning.

Monitored and verified technology security controls in the Americas region, including Access Control / Identity Management, Perimeter / Firewall controls, and Vulnerability Remediation / Patch Management.

Crisis / Incident Management - oversaw incident response from malicious external or internal cyber events. Acted as IT coordinator for the Business Continuity Program.

Collaborated with the Chief Compliance Officer and Head of Risk to develop mitigation measures and controls.

Senior Information Risk Analyst APR 2008 – SEP 2015

Deutsche Bank – New York, NY

Responsibilities included:

•Performed risk assessment on applications, including reviewing software development practices, evaluating the risk of interfaces to external data, and validating access controls protecting the application, hosting servers, and associated databases:

•Oversaw the application penetration of all externally facing applications by third-party testing companies. This oversight included tracking all findings and the remediation of those findings.

•Performed risk assessment of network connectivity requests to ensure they met company policies and standards.

Senior Security Engineer JAN 2005 – JAN 2008

Calyon Americas – New York, NY

Responsibilities included:

•Oversaw and responded to information security issues; provided periodic reports on the state of information security to senior management.

•Ensured that technology security standards conformed to Regulatory guidelines and Head Office Norms and Standards.

•Created a strategy and set objectives for the Information Security Program, including systems, applications, database security, e-business issues, and Internet security.

•Developed Information Security Policies and Procedures.

Chief Information Security Officer (CISO) APR 2001 – JAN 2005

Santander Central Hispano – New York, NY

Selected as the branch’s first CISO and tasked to head the new Information Security (InfoSec) department for SCH-NY.

•Developed an InfoSec Program to enable the bank to better identify and respond to InfoSec issues.

•Established Information Security Objectives covering systems, applications, and database security; e-business issues; Internet security; and other computer-based functions for the Information Security Program throughout SCH-NY and monitored compliance with such objectives.

•Developed a formal Info Risk Management Process to identify and prioritize these issues. This process leveraged key components of COBIT, ISO 17799, and NIST standards.

Network Systems Engineer (Consultant) MAY 2000- NOV 2000

Lucent Technologies – New York, NY

Assisted with the design, installation, and configuration of customer networks.

Information System and Security Analyst / IS Security Manager MAY 1997 – MAY 2000

Department of Defense – Arlington, VA

•Investigated and analyzed intrusive events experienced by DOD computer systems and provided vulnerability assessments using a variety of commercial software as well as “hacker” software and scripts.

•Managed information security for the DOD CERT networks and developed security guidelines and procedures for network configurations and connectivity of desktop workstations, application servers, routers, and remote laptops.

EDUCATION

(MS) Master of Science in Cybersecurity – University of Maryland University College MAY 2018

(BS) Bachelor of Science in Computer Information Systems – Excelsior College JAN 1996

(AA) Associate in Arts in Computer Studies – University of Maryland MAY 1991

CERTIFICATIONS

CISA – Certified Information Systems Auditor – Information System Audit and Control Association

CISSP – Certified Information Systems Security Professional – (ISC)2

Contact this candidate