Risk Management Third-Party

UMAR (CHRIS L. CARTER)

Huntley, IL **********@*****.*** 773-***-**** LinkedIn Profile: linkedin.com/in/chris-umar-carter GLOBAL OPERATIONS EXECUTIVE F100 RISK ADVISOR CYBER STRATEGIST Cybersecurity Executive with experience leading enterprise-wide risk assessments and implementing scalable security frameworks. Proven expertise in GRC, Zero Trust Architecture, and regulatory compliance, with a record of reducing risk exposure by 30% and improving operational efficiency by 20%. Passionate about mentoring teams and shaping organizational culture to prioritize security.

STRENGTHS AND COMPETENCIES

Core Skills: Cyber Risk Management Governance, Risk, and Compliance (GRC) Crisis Management Zero Trust Architecture Security Awareness Training NIST CSF SO ISO 27001 Incident Response Threat Management Vendor Risk Management Identity Access Management (IAM) Cloud Security KEY CAREER ACCOMPLISHMENTS

Risk Management Leadership: Led enterprise wide risk assessments and implemented comprehensive cybersecurity roadmaps, achieving measurable reductions in risk exposure.

Operational Excellence: Designed and implemented operational reporting tools, reducing manual processes by 40% and increasing efficiency in decision making.

Executive Communication: Developed security reporting and risk metrics for Board and C Suite stakeholders, enabling data driven decisions and increased organizational transparency.

Strategic Planning: Orchestrated cybersecurity communication strategies, achieving measurable increase in stakeholder satisfaction and enhancing security awareness across business units.

Cost Savings Initiatives: Automated cybersecurity analytics, saving over 200 hours annually and improving the accuracy of risk assessments.

Certifications: QTE, CCISO, CISSP, CRSIC, AWS, ITIL, CISM, CISA, SANS, Yellow Belt, 7 Technology Specific certifications. PROFESSIONAL EXPERIENCE

KKR PORTFOLIO COMPANIES 2022 - 2024

KKR (Kohlberg Kravis Roberts & Co.) is a global investment firm that specializes in private equity, credit, and real assets, leveraging its expertise and capital to drive growth and value creation for its portfolio companies and investors. CAPTIVE RESOURCES LLC

Captive Resources is a KKR portfolio company that provides back office insurance consulting service to member captives. VP & HEAD OF SECURITY (CISO)

Established a dynamic security strategy by integrating BCP, GRC, and advanced threat management that enhanced enterprise wide resilience.

Led and orchestrated a comprehensive third party risk management program that ensured vendor compliance with organizational policies and regulatory requirements

Designed a comprehensive security roadmap to advance security maturity via NIST CSF

Designed and implemented risk frameworks, including third party risk management, incident response, and NIST aligned policies, that addressed vulnerabilities and ensured compliance across complex ecosystems

Enhance Executive Communication by delivering actionable insights and metrics to Board and C Suite stakeholders that facilitated decisions on regulatory compliance, technology investments, and enterprise resilience

Collaborated with IT and Legal to design and implement a robust incident response plan that ensured readiness and alignment with industry best practices

Rolled out a NIST aligned policy catalogue to establish consistent governance across all business units.

Cultivated a high performing culture that embedded GRC principles and fostered cross functional collaboration

Designed and launched a comprehensive data security program, integrating advanced controls to safeguard sensitive information and support compliance mandates UMAR (CHRIS L. CARTER)

Partnered with HR, Legal, and Finance to expand security awareness training and cultivated cross functional teams to embed a security first culture across operations

Hosted and led roundtables and facilitated industry panels, contributing thought leadership that shapes industry trends and promotes collaboration among key stakeholders OPTIV

Optiv is a KKR portfolio company and a cybersecurity integrator that provides E2E solutions to improve security posture, reduce risk, and align with business priorities

CISO/RISK ADVISOR

Managed a portfolio of Fortune 500 clients by delivering tailored cybersecurity, risk management, and mitigation strategies to address complex business challenges

Provided Strategic Leadership to client base and spearheaded enterprise-wide cybersecurity strategies that integrated risk management, GRC, and advanced threat defense to align security programs with organizational objectives

Led executive discussions to identify, prioritize, and resolve security challenges, and architectured business aligned solutions for enhanced cyber resilience

Developed risk assessment frameworks and roadmaps that focused on key areas including data governance, Zero Trust Architecture, compliance, and identity management to minimize operational and technology risks

Advised senior leaders on cybersecurity strategy, operations, cloud transformation, and security architecture to align with organizational goals and ensure robust risk management

Facilitated collaboration between clients and vendors to optimize security investments, mitigate risks, and achieve measurable business outcomes

Spearheaded the development and delivery of Zero Trust enablement collateral by leading a cross-functional team of cybersecurity professionals.

o Designed technical resources

o Implementation guides

o Training materials to educate internal teams and external clients on Zero Trust Architecture principles

Championed the adoption of Zero Trust Architecture and advanced threat detection technologies to enhance organizational security posture.

Supported and contributed to development of Mergers & Acquisitions playbook for large F100 clients ZURICH INSURANCE COMPANY, LTD. 2014 – 2022

Zurich is a global insurance company organized into three business segments: General Insurance, Global Life, and Farmers VP & GLOBAL HEAD OF CYBER ANALYTICS

Led risk assessments and audits to successfully remediate enterprise level security vulnerabilities for existing entities and mergers and acquisitions

Collaborated with Legal and IT teams to assess third-party vendors and partners during acquisitions

Developed cybersecurity roadmaps to streamline security operations across multi-entity mergers to ensure business continuity and risk reduction

Directed security governance initiatives to align with global enterprise strategies and compliance standards

Mentored and developed management teams that fostered professional growth and team cohesion

Spearheaded security projects to safeguard intellectual property and ensured service continuity post incident

Managed security budgets, negotiated contracts, and drove platform standardization through committee leadership

HEAD OF GLOBAL INFORMATION SECURITY COMPLIANCE

Directed enterprise-wide governance & compliance frameworks embedding cybersecurity controls into business processes to mitigate operational and regulatory risks across global operations

Collaborated with IT, Legal, and executive stakeholders to design and implement third-party risk management program that aligned with compliance objectives with cybersecurity strategies to protect critical assets

Supported the development of security awareness programs and technical policies that drove a culture of security-first accountability

UMAR (CHRIS L. CARTER)

VASCO DATA SECURITY 2006 – 2014

Vasco Data Security, now OneSpan, is a publicly traded cybersecurity technology company based in Chicago, IL that offers a cloud based and open architected antifraud platform and is known for its MFA and electronic signature software. CFO & STRATEGIC BUSINESS PARTNER

Supported ERP implementation, streamlining reporting and reducing system cycle time by 40% and reporting cycle time by 25%

Key support for global consolidation processes, achieving 35% time savings and enhanced data accuracy, while optimizing UAT by eliminating bottlenecks to cut processing time by 30%

Managed multi million dollar budget, conducted COBIT and SOX controls testing across global entities, and ensured compliance through coordination with local authorities

Supported effort to acquire and integrate DigiNotar in Vasco’s ecosystem MANAGEMENT RESOURCES 2004 – 2006

A division of Robert Half that focuses on bringing great companies and specialized talent together to build successful businesses and rewarding careers.

SENIOR CONSULTANT

BAXTER INTERNATIONAL HEALTHCARE 2000 – 2003

Baxter creates products and therapies that can be found throughout hospitals and clinics globally. INTERNATIONAL IT PROJECT CONTROLLER

EDUCATION & CERTIFICATIONS

Cybersecurity: The Intersection of Policy and Information Security, Harvard Kennedy School, Cambridge, MA Master of Science in Business Information Systems (with honors), DePaul University, Chicago, IL Bachelor of Science in Finance, Northeastern Illinois University, Chicago, IL Certified Information Systems Security Professional Certified Information Security Manager Certified Information Systems Auditor Certified Data Privacy Solutions Engineer Qualified Technology Expert Certified Chief Information Security Officer AWS Certified Security – Specialty ITIL Foundation Certification MEMBERSHIPS AND ACKNOWLEDGEMENTS

InnerCity Muslim Action Network (IMAN), Board Chair, (2009 – Present) IMAN is a $20M community organization that fosters health, wellness, and healing in the innercity by organizing for social change. Built relationships with prominent federal associations to increase awareness in the community. Information Systems Audit and Control Association (ISACA), Member, (2014 – Present) This chapter aims to sponsor local educational seminars and workshops, conduct chapter meetings, and help promote and elevate the visibility of the IS audit, control, and security profession throughout the Chicago area

(ISC), Member, (2015 – Present)

(ISC) is an international, nonprofit membership association for information security leaders that is committed to helping members learn, grow and thrive

Security Conference, Presenter, (2015 – Present)

Demonstrates leadership through hosting, presenting, and facilitating at security and technology conferences; participates in executive and thought leadership conversations at various CISO and executive Roundtables THOUGHT LEADERSHIP

Regular Speaker: Security & Technology Conferences (Black Hat, Mindfluence, FutureCon, et al) Panel Moderator: CISO & CTO Roundtables

Mentor: Facilitate workshops and conduct 1:1 coaching Advisory Board Member: Industry Organizations

Contact this candidate