Cyber Security Information
Resume:
Ray R. Malak
Colts Neck, NJ *****
E-mail ********@*****.***
SUMMARY OF QUALIFICATIONS
Executive with 25+ years of experience in retail and financial services, specializing in Information Technology (IT), Cybersecurity, and Enterprise Architecture. Proven success in managing mission-critical infrastructure and security operations, with comprehensive oversight of personnel, budgets, vendors, and third-party engagements.
Technical, hands-on leader with a proactive approach to building and leading Information Security programs from the ground up. Skilled in multi-project management, anticipating organizational technology needs, and implementing security solutions aligned with business objectives.
Project Manager and Infrastructure Security Architect, known for team building, collaboration, and managing high-performing, diverse teams to achieve corporate goals.
Proven track record in cybersecurity, risk management, and designing enterprise-scale environments, including cybersecurity policies, standards, process documentation, workflows, and gap analysis. Expertise in regulatory compliance frameworks such as NIST CSF, NIST SP800-53, ISO, COBIT 5, and addressing remediation of regulatory issues.
Speaker and recognized leader in the industry, nominated as a top-five finalist for the East Coast Identity Access Management Project in 2019. Regular participant and host at Information Security conferences in New York.
Security Architecture and Infrastructure expert, highly focused on aligning security controls with business objectives through the strategic use of technologies and policies.
Signature Bank / Flagstar Bank
Vice President, Information Security 7/2017 – Present
Lead Information Security Architecture, IS Operations, Identity Access Governance, IT Security Risk, and Auditing Governance. Oversee vendor management, security risk assessments, and alignment of security strategies with business goals.
Information Security Architecture:
oEvaluate and implement new tools and technologies to strengthen security posture, including SIEM (LogRhythm, later replaced with Qradar), DLP solutions, Bit9, Varonis, Rapid7, and BeyondTrust for Privilege Access Management (PAM).
oImplement ADManager Plus for Identity Access Management (IAM) and Active Directory. Introduced Proofpoint for security awareness training, replacing PhishMe.
oImplemented Single Sign-On (SSO) for 120+ applications and conducted proof-of-concept initiatives for orchestration and behavioral analysis technologies.
Identity Access Governance:
oLed deployment of Courion (Core System) to automate user access review and recertification for 245+ applications. Developed workflows for provisioning and de-provisioning processes (e.g., new hires, terminations, access requests).
oIntegrated Workday with IAM for automated onboarding/offboarding and implemented quarterly recertification of privilege and service accounts. Designed a new Active Directory structure for IAM and built a roadmap for privilege access management across environments.
oAudited Active Directory monthly, ensuring compliance with SOX, KPMG, and financial regulatory requirements. Built alert systems to notify the SOC of unauthorized account creation.
IS Operations and Risk Governance:
oManaged global incident response, security monitoring, and third-party vendor risk assessments. Directed external penetration testing and coordinated tabletop incident response exercises biannually.
oOversaw security services, including endpoint protection (McAfee, Trend Micro, Bit9), firewall reviews, network security assessments, and Vulnerability Management using Rapid7. Ensured remediation plans were executed in collaboration with IT teams.
oCollaborated with Human Resources, Legal, Risk Management, and IT teams on security governance initiatives.
oConducted vendor risk assessments and enforced security controls across third-party service providers.
Information Security Education & Awareness:
oLed the Information Security Awareness Program for all users, including quarterly phishing exercises and social engineering training (introduced in 2022).
oDeveloped and published a monthly security newsletter for internal users and external clients. Enhanced organizational security culture by updating policies and procedures regularly.
Worked closely with regulators, including SOX, FDIC, KPMG, PWC, and internal audit teams. Evaluated the bank's security framework based on NIST standards and presented metrics to board members.
New York & Company, NY
Director - Head of Cyber Security Department (CISO)
March 2016 – June 2017
Led the Cyber Security Department at New York & Company, managing all aspects of cyber information security with a hands-on, technical approach. Successfully built and directed the Cyber Security Architecture Program, including incident response and security operations, from the ground up. Focused on driving secure business growth through comprehensive risk assessments, vulnerability assessments, penetration testing (including semiannual Red Hat tests), and remediation strategies based on NIST frameworks.
Key Accomplishments:
Spearheaded the implementation of robust Identity Access Management (IAM) solutions, including Two-Factor Authentication and integration of external vendors, significantly enhancing the company's security posture.
Developed and implemented security policies and procedures to mitigate risks, ensuring compliance with PCI DSS and SOX standards. Led the tokenization of all retail store transactions.
Designed and executed the Cyber Security Architecture Program, overseeing 10 key systems including AD Manager Plus, Carbon Black (Response and Protection), CyberArk, PhishMe, and Symantec E-mail Gateway, improving overall threat detection and response.
Oversaw major upgrades of existing systems to ensure compliance with the latest security standards, including Active Directory, IAM, SIEM (Loglogic), DLP, and Websense.
Led PCI compliance initiatives, ensuring secure network segmentation, encryption of passwords, and secure SSL tunnel protection for all credit card transactions.
Developed and implemented processes for secure credit card data handling, including encryption and secure file transfers using MS MBAM Bitlocker and whole disk encryption, aligning with best practices in data security and risk management.
Delivered high-impact Incident Response leadership, conducting risk assessments and compliance audits, while managing third-party vendor risk assessments and non-disclosure agreement (NDA) processes.
Contributed to Security Operations Center (SOC) management, performing network risk assessments, application risk assessments, and regular system audits to ensure the highest level of security and compliance.
Collaborated closely with executive leadership, HR, legal, and IT teams to continuously improve the company's cyber security strategy and provide tailored solutions aligned with business goals.
L’Oreal USA, Clark, NJ
Information Security Officer Manager (2010 – Feb 2016)
Led Information Security for North America region, driving the successful implementation of four global cybersecurity projects aligned with L'Oréal’s worldwide security initiatives.
Designed and deployed operational processes for Identity and Access Management (IAM), including implementing Microsoft IAM and Cloud IAM solutions and EmpowerID for Identity Lifecycle and Access Management.
Directed HR data security for PeopleSoft, ensuring compliance with internal and external security standards.
Oversaw the global rollout of MDM solution Airwatch for mobile security across L'Oréal’s operations.
Led the implementation of CyberArk Password Vault for centralized password management and enhanced cybersecurity measures.
Championed the adoption of e-Discovery tools (Encase) and implemented ArcSight SIEM for North America, while contributing to global L'Oréal cybersecurity efforts.
Deployed a range of security solutions, including MS MBAM Bitlocker, PGP, CyberArk, Airwatch, Bit9, Patch Management, Symantec Endpoints, McAfee, and other advanced tools to secure the enterprise IT infrastructure.
Managed IT security operations, incident response, disaster recovery (DR), budget management, and vendor relationships, driving continual improvements to security risk assessments and governance.
Implemented SAP Single Sign-On (SSO) solution, enhancing SAP security through robust audits and administrative practices.
Led the successful implementation of an internal and external file transfer solution at L'Oréal USA, facilitating secure transfer for over 500 internal and external users across various functions, including HR, payroll, purchase orders, sales forecasting, and secure bank transmissions using Globalscape EFT Enterprise and DMZ Gateway.
Directed RSA SSO solution implementation for L’Oréal USA’s Cloud and internal applications, including the deployment of RSA Federated Identity Manager (FIM), RSA Access Manager (AxM), and RSA Authentication Manager, among other integrated security solutions.
Technical Manager, IT Infrastructure Operations (July 2001 – 2010)
Managed L'Oréal USA’s North American Active Directory domain, supporting organizational IT infrastructure needs.
Led the IT operations and data center teams, overseeing VMware environments with 30 ESX servers and 154 VMs, while architecting and installing a comprehensive SAN solution (MSA1000) with a fiber switch and backup solutions (Commvault 5.0).
Designed and managed an Exchange 2003 architecture and implemented live communication solutions for North America, integrated with L'Oréal's global infrastructure.
Led systems administration for 545 Windows servers (2003/2008) and managed database environments, including SQL 2000 and SQL 7.0 on seven servers.
Oversaw storage management for EMC DMX and CX 500/700 systems, ensuring optimal performance and security.
Administered and monitored secure e-mail and communication systems, including the integration of Blue Coat proxy servers, Trend InterScan VirusWall, and anti-spam systems.
EDUCATION:
Bachelor SC of Computer Engineering, Faculty of Engineering, Ain Shams University, Cairo, Egypt.
ADDITIONALTRAINING COURSES:
SEC566: Implementing and Auditing the Critical Security Controls - In-Depth – GCCC certification. ITIL Service Management Foundation.
CISSP Boot Camp training – CISSP certification.
Core (Courion) administrator certification. Arcsight express manager.
Cyberark Password Vault. Project management professional certificate.
Airwatch Professional security certificate.
SAP ADM940 SAP ADM950
Contact this candidate