privacy & security principal

Richard D. Mikelinich, MS, CISSP, CISM, CIPP/US

Linked In Bloomfield, NJ

***********@*****.*** 551-***-****

C-Suite Information Technology and Privacy/Security Leader IT Generalist Chief Technology and Information Security Officer with Global Management Scope

Specialist in ISO 27001 & Security Project Management Requirements Management Change Management Production Assurance Fraud and Data Loss Protection Business Continuity Planning Disaster Recovery Business Process Improvement Risk Management Full Life Cycle Project Management Vulnerability Management IT Control Awareness Software Development Security and Compliance Awareness Training

Privacy Expert with compliance experience in HIPAA, GDPR, PCI & FFIEC.

Reputation for reliably delivering security services and systems over 20 years of IS/IT leadership, building a record of minimizing security incidents, maximizing risk awareness, and automating security operations. Services included Compliance, Next Generation Firewalls, Intrusion Protection & Detection, Security Service Provider Contracts, and Governance Systems.

OVERVIEW

Managed and contributed to complex and aggressive IT projects in multiple domains such as: applications, database, cyber security, networking, and cloud.

Always steps up to emergent IT challenges of any difficulty, earning a reputation for keeping the customer satisfied, motivating staff, and maintaining high morale

Has developed Infrastructure and security strategies for multiple landmark institutions.

Performed reputation protection for multiple landmark institutions.

Managed numerous projects from concept to completion consistently on time, on budget, on target

Counted on to explain technical concepts of any complexity in everyday language for end-users and translating technology into practical business applications

Developed and supported actionable audit findings in fraud prevention, data loss prevention, processing efficiency, and business continuity.

Built, led, managed, and empowered teams of up to 130 technical experts including programmers, architects, and senior analysts

Captured and categorized risk according to ISO 27001. Security program development according to ISO 27001.

As a Leader — the voice of reason in a crisis. Encourage unconventional thinking when standard solutions fail. Maintain utmost respect for all, especially mindful of any special needs of those offshore or present.

SKILL SETS

Management

Budget Development & Oversight \ Business Case Development \ Financial Management \ Governance Systems \ Incident & Problem Management \ Infrastructure and Security Programs \ Presentations, Executive/Management Level \ Process Improvement \ Production Assurance \ Quality Assurance & Control \ Regulatory Compliance \ RFI/RFP Processes \ Service Provider Relations \ Team Building, Leadership \ Staff Training & Development \ Strategic Planning & Implementation \ Vendor Management & Relations

Security Technologies

Fireeye Anti-Malware \ Firewalls \ Intrusion Detection & Protection \ Palo Alto Next Generation Firewall \ RSA Archer EGRC \ HB Gary \ Imation Iron Key \ Proof Point Core Protection & TAP \ Encase \ Bitlocker \ Nessus \ CloudFlare Anti DOS \ Forcepoint DLP \ Arbor Anti DOS \ Qualys \ Nexpose \ StealthBits \ Carbon Black Application Protect \Carbon Black Response\ CrowdStrike \Tenable

CAREER HISTORY

Mindray Medical Devices, Mahwah, NJ

Information Security and Compliance Principal, February 2023 – present

Maintains ISO27001 :2022 Certification

Assures HIPAA Compliance for 160 US contracts (BAA)

Tests Cybersecurity Controls

Monitors DLP alerts and manages incidents

Develops, implements, updates, and enforces data and security-related privacy policies, standards and procedures, and corrective actions as needed.

Maintains current knowledge of applicable data protection laws, security standards, information technology trends, and accreditation standards.

Evaluates and improves processes for investigating, documenting, and reporting unauthorized access or disclosure of personal information.

Maintains and updates the information management system in collaboration with legal and governance teams.

Provides risk assessments and security briefings to management and advises them of critical issues that may affect customer or corporate security objectives.

Creates and delivers privacy and security-related training programs for all employees, contractors, and any appropriate third parties.

Leads risk assessments, audits, policy, governance, and/or reporting.

Englewood Health, Englewood, NJ

Director of Information Security and Identity and Access Management July 2022- February 2023

Sourcing SIEM and TVM technology

Establishing SIEM and TVM processes

Utilizing HITRUST to review controls against multiple compliance frameworks.

Managing IOT risk throughout 160 locations

Delivering Security & Privacy Awareness through the KnowBe4 platform.

MUFG - Mitsubishi Trust Bank, New York, NY

Vice President of Network Security and Network Operations September 2021- July 2022

Implemented Network Operations Service Delivery Model to manage assets, maintenance, and network elaboration. Manage a staff of 5 in security and 3 network engineers..

Service Owner and manager for Vulnerability Management, Next Generation Firewalls, Anti-Virus, EDR, Application Whitelisting and SIEM.

Implemented The MITRE Attack Framework in the SIEM alerting catalogue to enhance awareness of MITRE Attack Tactics and Techniques being observed.

Managing technology refresh for over 300 network assets.

The Juilliard School, Lincoln Center, NY

Director of Information Security and Privacy September 2019 - September 2021

Develop and socialize security roadmap highlighting risk remediation options for management

Assess all known risks and capture same in an Enterprise Cyber Risk Register

Developed The Juilliard Security Program

Delivering Data Governance and Data Security Awareness Training

Implemented DLP to highlight the pervasive loss of regulated data occurring in the environment

Contribute security & privacy advisory services to IT projects to reduce risks, including vendor management

Organize and deliver enterprise security awareness

Manage all compliance obligations for PCI, FERPA, HIPAA, PII and GDPR

Implemented and operating CrowdStrike Endpoint Protection and Remediation. Served as administrator.

Implemented and operating Proofpoint Email Security Gateway for New York and Tianjin, China campuses. Served as administrator.

Implemented and operating Tenable Security Center for Vulnerability management, subsequently shifted to Qualys

Implemented and operating Acunetix Web Application Vulnerability Scanner for New York and Tianjin, China campuses

Created policies and procedures for data classification, data storage, data movement, workstation security, appropriate use.

Provide security and compliance updates and plans for management and the board.

Daily Monitor of Proofpoint SEG, Palo Alto Firewalls, Stellar XDR and CrowdStrike Console.

Operate Tenable, Acunetix and Qualys vulnerability scanners.

New York University, New York, NY

Senior Director June 2017 to August 2019

Manage operations and network tech refresh for 3 data centers, 200 NYC buildings, and 14 global sites.

Responsible for approving all requests for production changes and implementation for networking, cloud, compute, and critical infrastructure

Oversee the Global Infrastructure and Security Program for a hybrid HIPAA-covered entity with 65,000 users, including 9,000 High Performance Computing (HPC) nodes.

Manage $40M annual OTPS, $9M capital, and $12M staffing budgets, 2,000 Linux and Windows servers including 400 HPC servers, 200 AWS servers and 130 employees with 6 direct reports.

All servers patched up to date in one year.

To mitigate rampant network outages at a major NYC university, I reviewed long-ignored root cause analysis reports citing dangerous conditions & practices and launched a network improvement project to implement all Cisco recommended configuration and design changes to control future risk

Achieved significant savings with reductions to budgets of both Infrastructure-Security OTPS, by 1% or $3.2M, and personnel, by 8% or $1.2M

Yale University, New Haven, CT

Chief Information Security Officer & Chief HIPAA Security Officer 2011 to 2017

Recruited as first ever CISO for an Academic Medical Center, created a security and privacy program that returned stability to systems.

Managed 14-member Information Security, Forensic and Compliance staff, developed a security program to deliver security operations, compliance, forensics, policy and procedure.

As CISO of Yale I hired Verizon Cyber Trust to conduct an Enterprise Risk Assessment based on ISO27001. I adopted the practice of maintaining an ISO based risk register to serve as a gap analysis mechanism and a way to provide justification for years of remediation projects.

Sought a SEG solution to deal with high volume phishing attack trend. Trialed multiple tools. Select Proofpoint based on feature set and ease of administration. Implemented and operated Proofpoint Email Security Gateway.

Threats not handled by Palo Alto led to identification of FireEye as remediation for zero-day threats. Implemented and operated Fireeye Network Security

Implemented and operated 12 Palo Alto Networks Next Generation Firewalls with Decommission of Websense Web Proxy.

Provisioned Duo MFA for 33,000 users in response to an incident where 800 email accounts had been compromised.

Provisioned Encrypted USB for 4000 physicians

Maintained Encrypted laptops for 9,000 member HIPAA entity with MBAM and File Vault.

Performed serious flow analytics with Lancope Stealth watch to build a case for the eventual 25M network segmentation project.

Implemented and operated Stealth bits and Force point DLP to enhance data security and support data governance. Decommissioned Identity Finder.

Led project to introduce the RSA (Archer) Electronic Risk Governance and Compliance (eGRC) System to focus on security and risk reduction of the most critical assets

Performed annual BCDR tests

Rationalized assets vulnerable to data breaches by transferring all computing assets with sensitive data to private IP’s, well-hidden from outside threats

Won an ISC2 Information Security Leadership Award, as a finalist in the Senior Information Security Professional Category, Chicago 2013

Expanded IT risk knowledge by delivering executive and management-level presentations and successfully promoting intradepartmental cooperation across the university

Introduced systems compliance and assurance initiatives in HIPAA/HITECH, PCI and data security

Columbia University, New York, NY 2007 to 2011

Director of Information Security, Medical Center

Responsible for 9 direct reports

Performed HITRUST assessments for 300 clinical applications

Delivered HIPAA awareness training for all employees and medical students

Introduced a Vulnerability Management program for all institutional servers with IBM ISS scanner

Devised and implemented a HIPAA Security Assessment program analyzing 300 clinical and research applications with 9 assessors in one year requiring massive capital deployment to meet HIPAA compliance and data security standards

Developed company-wide staff training in IT Controls/Security, Database Technology, SQL, Crystal Reports, Business Objects, and Data Warehousing, including writing, SDLC, testing, and data access

Improved IT risk awareness by launching a training program presented at an auditor conference in 2009, comprised of nine business units and completing four

As a Director of Security and Compliance I led a recertification effort for Technology used by the Positronic Emission Topography (PET) Center with CFR 21 Part 11 compliance.

Mitigated a serious data breach that rattled an OHCA partner hospital to the point of considering cutting off access and might have stalled major revenue streams from 800 medical practices, by initiating risk assessment of 300 clinical applications to restore confidence in hospital management. Received 8 additional IT auditor resources for the task and exceeded all expectations in remediating the worst conditions, avoiding any negative outcomes — Major Academic Medical Center

Director of IT Audit

Evaluated IT governance plans, best practices, and model options

Administered key IT projects and represented audit at trustee meetings

Oversaw IT audit staff plus matrixed project personnel, conducting and communicating internal IT audit results to senior leadership

Collaborated with government and regulatory agencies including FBI and SEC

Implemented risk avoidance measures by designing and leading an enterprise-wide Security Awareness Campaign involving all clinical teams

Trained and guided non-IT auditors in passing the tech section of the CIA certification exam

Instilled maximum levels of IT risk awareness with “breakthrough” audits, security scanning technologies, and risk management projects

As Director of IT Audit, I assisted Ernst and Young with an Enterprise Risk Assessment based on ISO27001. Gaps were catalogued in a risk register for re-verification in future audit planning.

Memorial Sloan Kettering Center, New York, NY 2006 to 2007

IT Audit Manager

Identified key risks requiring management’s immediate attention by conducting HIPAA, wireless, PeopleSoft, and clinical equipment audits, as well as IT asset accounting review

Technical Project Manager 2001 to 2006

Directed 12 programmers, analysts, infrastructure experts, others in hospital financial system operations

Primary liaison to Information Security, furnishing high level strategies and executive assistance

Strengthened competitive advantage by configuring 12 Web-based extensions to the legacy ERP system

Oversaw staff training in DB Artisan, SQL, SDLC, and testing, and taught users in all applications

Developed an online inventory of radio chemicals and a nuclear license management system

Created and won management approval for Application Development Operations (ADOPS)

EDUCATION

Columbia University, New York, NY

Executive Master of Science In Technology Management

St. John’s University, New York, NY

Bachelor of Arts In English (Cum Laude)

Professional Development & Certifications

Certificate in Applications Programming, NYU Information Technologies Institute; Account Executive Training (Series 7) and Technical Analysis, New York Institute of Finance

Six Sigma Green Belt Training, Villanova University, Philadelphia, PA

Leadership training with MOR Associates.

Total Quality Management (TQM) at NYNEX Corp.

Technical Certifications

Certified Information Systems Security Professional (CISSP) / certification number: 332390

Certified Information Security Manager (CISM) / certification number: 232167380

Certified Information Privacy Professional (CIPP/US) certification number: 000379016I.

ITIL® Foundation Certification, Loyalist Certification Services

COBIT Foundation Certificate

Cloud Computing Security Knowledge (CCSK)

(Formerly PMP, CISA)

PROFESSIONAL SPEAKING ENGAGEMENTS

New Jersey Institute of Technology, “Higher Education and Critical Infrastructure Preparedness” May 2018

AWS Initiate for the Public Sector, NY “Higher Education Progress with Cloud Adoption” July 2018

Palo Alto User Conference, MA — “Visibility Afforded by Next Gen Firewalls” 2014

PROFESSIONAL AFFILIATIONS

Cloud Security Alliance (CSA)

The International Information Systems Security Certification Consortium (isc2)

ISACA

IAPP

Contact this candidate