Post Job Free
Sign in

Information Security Senior Staff

Location:
Pelham Manor, NY
Salary:
190000
Posted:
May 20, 2025

Contact this candidate

Resume:

Protecting Information, Clients & Customers Through Imaginative Security

A versatile, high-performing leader with 20+ years in optimizing infrastructure & security. A driven problem-solver who translates business requirements into actionable projects. A cyber expert continuously improving the company’s posture while aligning with risk appetite. A respected governance, risk & compliance resource who understands the relationships between risk/compliance/privacy with general IT & cybersecurity.

-Built a major CPG company’s cyber program from scratch.

-Consulted for hedge funds/PE firms on matters of infrastructure & cybersecurity.

-Speaker at industry events on GRC & Cyber Risk.

-Leadership down to hands-on.

KEY SKILLS

Security Strategy & Execution

Process Analysis & Improvement

Infrastructure Planning & Execution

Risk Assessment & Management

GRC Focal (PCI-DSS, GDPR, SOC1, CCPA, SOX, PIPEDA, etc.)

DR/BCP Planning, Testing & Installation

Vulnerability Management/Pentesting

Enterprise Monitoring & Reporting

Cloud Digital Transformation

Incident Response Management

PROFESSIONAL EXPERIENCE

Viiz.com

Tech for Emergency Services

Director - Information Security & Compliance

February 2024 - May 2025

●Was added to the Viiz leadership team in July 2024.

●Lead successful PCI-DSS in early 2025 & SOC2 Q4 2024.

●Assisting in a major consolidation from multiple datacenters into GCP (APR 2025).

●Commenced NIST 800-53 program, a multi-year initiative. Currently 34% completed.

●Implemented multiple security products to increase visibility (Snyk, StackHawk, Qualys VMDR, ClamAV, ELK).

●Closed out 19 different GRC audits including SOC2, FCC, DOJ, UL, WCAG & several vendor/state obligations.

●Assess current state of program maturity & make recommendations to close gaps.

Girl Scouts USA

Non-Profit

Sr. Director Information Security & Compliance

May 2023 - Nov 2023

●Hired to build their infosec/compliance & IT audit functions (95% from scratch).

●Have mapped out a 3-year roadmap with IT leadership on infosec to-do’s.

●Gap analysis conducted via NIST; I am augmenting with FFIEC (more robust).

●Implemented Defender for Endpoint, followed by Mandiant MDR. Also O365 DLP, Qualys VMDR.

TravelNet Solutions

Industry – hospitality/travel

Director Compliance & Information Security

October 2022 – March 2023

●Hired to mature the compliance (PCI-DSS, CCPA, SOC1-2, GDPR, etc) & security programs.

●Implemented multiple tools to ramp up security posture – data-classification, Qualys, Vanta GRC management, NIST/FFIEC risk assessment, FAIR analyses, Risk Register, etc.

●Completed SOC1/Type1 JAN 2023; CCPA, GDPR (new) & PCI-DSS (renewal) are on the schedule.

The Avon Company (now owned by LG)

Industry – beauty/cosmetics

Information Security Principal (head of cybersecurity)

April 2017 – October 2022

●Created the cyber program, implementing metrics-driven process via FFIEC/NIST to drive maturity, along with Risk Register, FAIR analyses & rolling project plan to remediate gaps.

●A 1600-person organization running a hybrid model with a mix of old/new tech.

●Drove Avon to PCI-DSS certification May 2022. Saved $70K/yr on penalties & $120K/yr via reduction of SAQ level (from D to A).

●Risk advisory on current/future projects (i.e. reinforcing “security-first” mindset).

●Authored all security policy docs – standards/frameworks to use, incident response, computer/user/mobile.

●Present at quarterly ERC meeting on strategy, threat landscape & projects in motion.

●Security lead for digital transformation of e-commerce platform (on-prem to AWS). Avoided a $1.5M remediation to on-prem stack.

●IT lead for compliance/privacy governance audits – PCI-DSS, SOC1, CCPA, SOX, PIPEDA, CCPA, CTPAT. Implemented Vanta to simplify GRC management.

●Implementations include DevSecOps, EDR/XDR, DLP, security training & awareness programs, web/malware enforcement, MFA Azure AD, SSO, vulnerability remediation management, data classification.

●Conducted my own network/app vuln scans (Metasploit, Nessus, Qualys); in addition to working with 3rd-party for annual tests.

MPO-Method Consulting

Consultant

Pelham Manor, NY June 2016 – April 2017

●Data center build consulting – build vs. buy, CAPEX/OPEX analysis.

●Cyber strategy – risk/gap analysis of tech/process & recommendations based on best-practices.

●Endpoint protection: vendor selection, deployments & alerting/monitoring.

●DR/BCP consulting: in-house vs. cloud & the pros/cons of both.

●Enterprise Monitoring: Install/configuration, network discovery, assessment & reporting.

●Wrote the foundational cloud architecture doc for a well-known greeting card company.

●Upgraded aged file transfer platform to MoveIt Automation – secured banking transactions from 13 divisions.

Choice Logistics

Industry – shipping/logistics

Senior Director Infrastructure & Networking

New York, NY June 2015-March 2016

●Led network/systems/support staff (4) for a 200-person global company supporting 400 locations/1100 users.

●Consolidate IT services in AWS, saving $300K in annual costs.

●Implemented multiple infrastructure/security controls.

The Children’s Aid Society

Industry – Non-Profit

Director Infrastructure

New York, NY January 2015 - June 2015

●Led network, systems, support & help desk teams (8 staff) for a 45-site, 2000-person agency.

●Overhauled several systems & processes around device/network security.

●Upgraded antivirus to all 1000 devices in a week on my own. Resulted in significant performance boost on SAN/Exchange.

●Member of the Compliance Committee overseeing HIPPA & other compliance regulations.

Cordium (formerly HedgeOp Compliance & IMS Group)

Industry – financial services

IT Director

New York, NY July 2011-January 2015

●Headed technology operations for a global compliance/due-diligence firm.

●Built team from 1 part-time consultant (London) to 6 FTE’s (NY, London, Malta).

●Completed a major consolidation (moving from VMWare HA to Hyper-V 2012) of two company infrastructures into one & tacked on DR/BCP solution. Spun up London’s site in NY within 3 hours.

●Handled IT/Security due diligence for two acquisitions.

●Upgraded core document application (1.2M client docs) to SharePoint.

●Advised on infrastructure/security issues for our 700 PE/Hedge clients.

EDUCATION

MBA -IT Concentration Iona College

BA – Industrial Psychology University @ Buffalo

Minor -Business Administration

References furnished upon request



Contact this candidate