Information Security Incident Response

YOUNES AOUAD, CISSP, CISM

Boca Raton, FL 954-***-**** adywpe@r.postjobfree.com

Leadership, Information Security Strategy, Privacy, Disaster Recovery, GRC, SDLC and SOC programs Enterprise IT/IS Architecture / Risk Appetite Management / Cloud Strategies / Application Security / Compliance / ISO 27001 Best Practice Continuity Planning / SDLC / DevSecOps / Agile / Ci-Cd Pipelines / Vendor Management / SOX / GLBA / GDPR / PCI-DSS / HITRUST / HIPAA

/ CCPA / Database Design / Data Protection / Azure / AWS / Cloud Technologies I have over 18 years of relevant experience in IT security, Governance, Risk and Compliance, applied to Perimeter Security, Infrastructure as Code, Cloud Technologies and Software Development. I bring a holistic approach to information security that helps align Business operations with a sustainable security program, from gap analysis to phased implementation approach to meet security and privacy needs while embracing the Company’s culture and integrating with existing Business processes and environment. I play a key role in protecting information assets through proper implementation of information security policies, procedures, standards, technical safeguards, Security Analysis and Mitigation, Incident Response, Governance, Risk Management, Compliance, and SOC programs.

As an IS/IT executive, I have led international teams that delivered exceptional results, including global and national leaders in software, finance, mortgage banking, manufacturing retail and other industries. I’m a U.S. Citizen, native French/Arabic speaker.

I can make both an immediate impact and long-term strategic contributions to your Organization by:

Aligning systems and technology with corporate, client and user objectives

Continuously reducing systems complexity, increase and maintain compliance

Developing highly effective information security and compliance management across the full project lifecycle

Leveraging application security techniques to achieve robustness and increase software security

Disaster Recovery Strategies and Contingency Planning I am known to colleagues as an astute problem solver, strong Transformational Leader and effective Communicator who consistently contributes far beyond the narrow confines of a job description. YOUNES AOUAD, CISSP, CISM PAGE 2

954-***-**** adywpe@r.postjobfree.com

CAREER HISTORY & RECENT SELECTED ACCOMPLISHMENTS

Accenture /CreativeDrive, FL – Director of Information Security / CISO (2018 - Present) STRATEGIC INITIATIVES:

• Drove information security strategy across CreativeDrive.

• Built resiliency and aligned security risk profiles with CreativeDrive business impact.

• Evangelized secure software development and InfoSec culture.

• Brought first compliance, SOC2 type II certification to CreativeDrive - SaaS proprietary software suite.

• Focused on establishing privacy, transparency, accountability across CreativeDrive dispersed studio locations

• Spearheaded the development and execution of the CreativeDrive's comprehensive cybersecurity program, ensuring protection against cyber threats and attacks.

• Led a team of cybersecurity professionals, fostering a culture of collaboration, continuous improvement, and knowledge sharing.

• Implemented a risk-based approach to identify vulnerabilities and proactively address security gaps, resulting in a significant reduction in security incidents.

• Developed and maintained incident response plans, conducting tabletop exercises and simulations to test the organization's ability to respond effectively to cyber incidents.

• Collaborated with cross-functional teams to integrate security measures into the CreativeDrive's products and services, ensuring a secure-by-design approach.

• Coordinated with Human Resources and other departments to ensure proper physical and personnel security programs are properly implemented across all functional areas.

• Conducted regular security awareness training for employees, raising awareness of cybersecurity best practices and fostering a security-conscious culture.

• Reduced cyber uncertainty, increasing visibility within CreativeDrive multi-cloud environments.

• Continue to develop and evangelize secure software development processes, driving InfoSec culture.

• DevSecOps best practice, enabling DevOps culture change, helping shift security left in early stages of SDLC CORE COMPETENCIES:

• Cybersecurity strategy and planning

• Risk management and mitigation

• Compliance and regulatory adherence

• Policy / Standards Development

• ISMS Framework Development

• Security Awareness Programs

• IT Governance / Operations and Strategy Direction

• Continuity Planning / Risk Management

• Incident Response / Resiliency / Disaster Recovery

• Risk Appetite Management, Assessment and Mitigation

• Threat intelligence and analysis

• Insider Threat Research & Assessment

• Gap Analysis

• Vendor Management

• Team leadership and development

• Security operations and incident response

• Security architecture and design

• Penetration testing and vulnerability assessment

• Application Security

• SDLC and Agile Methodologies

• Cloud Strategies

• Cost Control / Best Practices

• SLA negotiation and efficiency

• DevSecOps / SecOps / SIEM Technologies

• ISO27001 & NIST 800 Frameworks

• SSAE-16/SOC2, HITRUST, GLBA, GDPR, PCI-DSS/ HIPAA

• CISSP / CISM

• Amazon AWS, Microsoft Azure, Docker Containers

YOUNES AOUAD, CISSP, CISM PAGE 3

954-***-**** adywpe@r.postjobfree.com

Elevate Consult, FL – CISO Security consultant (2017 – 2018) CISO Security Consultant:

• Provided expert cybersecurity consulting services to a diverse clientele, including risk assessments, penetration testing, and security strategy development.

• Conducted security audits and assessments to identify vulnerabilities and weaknesses in clients' security infrastructure.

• Delivered actionable recommendations and best practices to help clients enhance their cybersecurity defenses.

• Assisted clients in developing incident response plans and conducted incident response readiness assessments.

• Performed Threat landscape analysis, Security Assessment, Gap Analysis and compliance assessment to help clients achieve ISO27001, SAAE16 SOC2 certifications.

• Field Clients: AgilePoint.com/CA.; CortexMedia/FL; Affinio/NS; BeneLynk/CT; GreenspoonMarder/FL, Hollander Sleep Products/FL, City National Bank/FL

MIAC - Mortgage Industry Advisory Corp. NY,

$900M provider of financial management software and solutions, 1997-2017. Roles include: SVP, Security & Technology Strategies, 2007-Jan2017. Promoted to improve the state of security, accelerate and develop MIAC systems, infrastructure and compliance, leveraging up to $2 million IT budget. Spearheaded the creation and continuous improvement of a secure web platform for online production delivery of a growing $4 million monthly revenue business subscription model. Supervised 15 total staff, including management, supervisors, DBAs, contractors and IT professionals.

Developed an Information Security Program that brought transparency, accountability and compliance to MIAC production platform and processes through the creation of security strategic plan and a central management system, securely linking MIAC India production unit to NY main office and its other US-based and international offices. Reduced exposure by $150k annually. $200k negotiated in additional vendor services, including up-to-date technology solutions. Led SAS70, SSAE-16/SOC1 SOC2 certification programs and initiated preliminary steps to GDPR Compliance for UK office. To strengthen its reputation for meeting demanding compliance requirements, MIAC needed to secure SAS and later SSAE certifications. Led the program to installation, improve and document Best Practices and internal controls. Passed all compliance audits without any deficiencies. Enabled the firm to and major corporate accounts and government contracts with USAA, Freddie Mac, Fannie Mae and the FHLB, among others. Cloud Environment. Introduced MIAC to new cloud technologies and steered digital transformation efforts to port legacy systems onto Microsoft Azure cloud platform, saving on future cost of hardware ownership and evangelizing a modern journey towards pay-as-you-go operating expenditures advantage of the cloud environments. Worked heavily on SQL Data software processing optimization from old legacy SQL servers towards Google Big Query system to harness the power and speed of cloud computing. Disaster recovery strategy proves its worth in Hurricane Sandy. Seeing the need for upgrading MIAC contingency planning, authored a Business Continuity & Disaster Recovery Plan. Implemented new systems and procedures, including redundant co-location of all mission critical systems in India and the US. The plan was battle-tested during 2012 Super Storm Sandy when MIAC HQ and much of NYC was closed for days but 100% seamless operations resumed within only hours. Strengthening the brand name reputation and saving an estimated $15 million of revenue stream. Slashed hardware costs by 50% with virtualization. Consolidated existing production servers, increasing stability, reliability and uptime. Increased scalability potential while improving performance and significantly reducing hardware footprint, resulting in a $150k savings on ongoing costs of ownership over 5 year term hardware life cycle. Created a cost-saving data backup strategy. Backup at MIAC was costly, inefficient, increasingly unreliable and required growing space for physical storage of media. Introduced a robust, scalable hard-drive based data de-duplication system from Data Domain with sophisticated compression and offsite self-replication and encryption capabilities, resulting in a $35k yearly net savings while increasing fault tolerance and maintaining data availability. YOUNES AOUAD, CISSP, CISM PAGE 4

954-***-**** adywpe@r.postjobfree.com

Improved service delivery capabilities with an innovative all secure solution. Looking to enhance MIAC services, developed and incorporated into existing its new web portal an interactive secure platform connecting clients to the firm. Enabled seamless interactive collaboration, including collection, analysis and transmission of data between MIAC and clients. Increased efficiency, productivity and cyber security while cutting response times. The firm leveraged the new tool to boost sales and deliver a growing pipeline of $3.9 million monthly revenue business subscription model. Improved customer support and cut costs with a knowledge base & tracking tools. Growth at MIAC dramatically ratcheted up the volume of support calls. Created an online knowledge base, enabling unattended client support. Introduced a bug-tracking tool to manage/prioritize trouble tickets and responses. Freed staff from answering routine questions to allow them to focus on higher-level client support tasks. Accelerated response/resolution times and increased satisfaction by 50%.

Reengineered an existing platform to generate a new SaaS revenue stream of £50k/year. MIAC wanted to maximize the benefits of its acquisition of Academetrics/UK and its valuation tools for rental real estate property. Led a team that migrated the tool to existing MIAC’s SQL server platform. Generated hundreds of thousands in sales of the tool as a licensed SaaS resource to property surveyors in the UK.

Built a web portal that drove new traffic and revenues. Existing first-generation web presence at MIAC lacked marketing/data collection capabilities and needed to be strengthened. Assembled and led a team of web and database developers. Created a MIAC Analytics website with an integrated Asset Forum, providing secure client access to advanced risk management capabilities. Leveraged the new presence to capture increased search engine exposure and generate new B2B leads from major financial institutions that resulted in $550k in new revenues. VP of Technology, 2004-2007. Promoted to improve day-to-day internal IT operations and lead software & solutions product development. Previously at MIAC, Systems & Software Engineer, 1997-2004. Worked on Loan level Stratification System for MSR & Whole loan Portfolios on MIAC's proprietary loan level stratification platform. The application allows mortgage professionals to load, access, analyze, scrub, stratify, and report on detailed mortgage information from various servicing systems. Features and capabilities also apply to user-defined sub- portfolios from any institution.

Supported/maintained MIAC proprietary Risk-Portfolio management and pricing system. The application provides interest rate risk management and best execution delivery pricing for a mortgage banker’s production and loan originators. Wrote the initial reporting frontend of the application (using Crystal Reports APIs against SQL Server backend database). Migrated to a global VoIP system, cutting costs. MIAC needed integrate its India-based offshore support facility with US HQ. Directed the selection and implementation of a VoIP solution. Utilizing existing Internet capabilities enabled seamless, low-cost routing of customer support calls between India the US, facilitating 24/7 services. EDUCATION & OTHER CREDENTIALS

Master of Science degree in Computer Science with a concentration in Telecommunications from Iona College. Bachelor of Science degree in Computer Information from the High Technology School in Casablanca, Morocco www.hightech.edu Certified Information System Security Professional (CISSP). Certified Information Security Manager (CISM).

Contact this candidate