Information Security Officer
Resume:
***** ********* **, ****** ******, CA, ***** • ********@*****.*** • 657-***-****
VICTOR KUMAR
Deputy Chief Information Security Officer
PROFESSIONAL SUMMARY
Executive, and Deputy Information Security Officer with over 20 years of extensive supervisory experience in Information Technology risk, Physical security, regulatory requirements, security technologies, cloud security, enterprise risk management. Have good written skills, solid problem-solving skills, and focus on attention to detail, ability to work independently. Adept at aligning data privacy, IT governance, IT strategies with IT management and business objectives, leveraging skills in virtualization, impact analysis, incident management, emergency response, and vulnerability assessment to enhance organizational resilience during crisis management. Committed to pioneering innovative security solutions and fostering a culture of initiative-taking threat analysis and management to safeguard critical assets.
EMPLOYMENT HISTORY
DEPUTY CHIEF INFORMATION SECURITY OFFICERMar 2024 – Dec 2024
HealthCare Services (Contract)Costa Mesa
Strategic Planning and Leadership: Lead cybersecurity strategy, oversee risk management, and ensure regulatory compliance. Implement penetration testing, mobile security, and network security.
Align security initiatives with business objectives and regulatory requirements: Updated security protocols, enhancing real-time vulnerability management. Developed cross-functional teams to address emerging cybersecurity and cloud challenges and communicated to executive management and non-technical audiences.
Foster a culture of security awareness and continuous improvement: Foster partnerships with IT and operations teams in Business Continuity Planning and emergency management to integrate security measures across the organization.
Collaborate with Stake Holders: Information Protection Governance team in developing long-term strategies, following the policies and IT Security Controls.
Tool Integration: Analyzed technical requirements and security metrics to identify vulnerabilities and optimize defense strategies. Assisted with identity access management, security incident response / investigations on security breaches, implementing preventive measures with a sense of urgency and ownership.
Automation and Innovation: Streamline incident response procedures, significantly reducing average resolution time. Achieved substantial improvement in overall security posture for data protection.
Security Operations: Spearheaded 24/7 security protocols, enhancing real-time threat response. Develop cross-functional teams to tackle emerging cybersecurity challenges.
AUDIT AND ASSURANCE TECHNOLOGY DIRECTORJul 2021 - Jul 2023
KPMG USAIrvine, CA
Analyzed deliverables internal / External Audits and tracked key performance indicators using tools such as Service Now, Confluence, and Microsoft Office, resulting in a 15% increase in on-time project completions and a 10% reduction in budget variances.
Manage Financial Services clients (Banks) on annual external IT audits.
Streamlined internal processes by implementing a project management system, reducing project completion time by 25% and improving team collaboration and productivity.
Collaborate with cross-functional teams to evaluate and prioritize risks and manage effective mitigation strategies.
Monitor the risk landscape and adapt the risk register to address five key emerging threats.
Develop and implement short and long-term technology Audit programs to determine performance and outcomes aligned to company external Audit needs and zero trust architecture.
• Facilitate leadership of the KPMG community and internal staff by conducting technology training and workshops on technical knowledge of multiple security domain areas such as engineering, applications, system, and network security.
.
DEPUTY CHIEF INFORMATION SECURITY OFFICERJan 2018 - Jun 2021
CorVel CorporationIrvine
•Team Management: Lead, mentor, and develop a team of cybersecurity, analysts, and architects, fostering a culture of innovation and accountability.
•Cross-Functional Collaboration: Work in tandem with the CISO and Principal on business process analysis to develop, refine, and implement the organization's cybersecurity IT risk, strategy, and policies.
•Executive Communication: Present cybersecurity strategies, risks, and metrics to the CISO, CIO, VP of Infrastructure, Technology & Cybersecurity Executives, translating technical concepts into business impacts.
•Compliance and Risk Management: Help drive and manage operational analytical problem-solving and Audit Findings for PCI-DSS, ISO 270001/2 and NIST controls and control deficiencies.
•Team Management and Development: Lead and manage programs/subcommittee within the oversight and governance committee, focusing on specific areas configuration management of cybersecurity.
•Architecture and Design: As information security Subject Matter person, spearhead risk management, cybersecurity program management and governance initiatives for portfolio of four projects.
•Budget Oversight: Supervise software development environment practices, budgets, cost controls, and people resources, results and direct and mentor four indirect team members in effective incident response processes.
•Performance Metrics: Created cyber security, privacy, and IT Asset life including project goals and milestones, IT security budgets, and resource requirements.
•Vulnerability Management: Delegate and manage incident/Issue response and application vulnerability management, change management, compliance projects, asset lifecycle management, third party vendor risk evaluation, and risk management.
•Architecture and Design: Develop strategic direction for security, privacy, and compliance planning in partnership with CTO/CISO for internal (3) companies.
•Executive Communication: Conduct business priorities and best practice for Annual Disaster Recovery and Business Continuity, test, and test results documentation, as part of information security Management.
•Regulatory Compliance: Introduce strengthened cybersecurity controls, managed services, and IT Audit to comply with SOC, NIST800-53, SOX, PCI - DSS, ISO-27001/27002, HiTrust and HIPAA standards for IT GRC governance.
•Policy Enforcement: Update seventeen and composed of 4 IT policy and procedures documentation, DLP to identify and prioritize Information Security, compliance and enforcement across enterprise-wide security landscape and governance.
COMPLIANCE REPORTING AUDITOR / CONSULTANT,
Mitsubishi Union Bank Los Angeles, CA, 02/2017 – 01/2018
•Audit and Compliance: Security and internal controls auditing role for full-service bank, analyzed, evaluated, and assessed risk, including providing compliance reporting across 10 operations, including business controls, HR, finance, and IT.
•Executive Communication: Prepare and deliver strategic project updates at meetings and via monthly reports.
•Assessed controls for NYDFS, AML, Electronic Fund Transfer (EFTA)Fair credit reporting Act (FCRA) compliance.
CIO/CISO, PROGRAM AND OPERATIONS EXECUTIVEFeb 2010 - Feb 2017
VKAN, LLC -Tustin
• Engineering and compliance: Conduct strategic planning for IT, and served as project manager AML, FINCEN, OFAC, GBLA, GMP projects.
• Vendor Relations: Reduce vendor costs by 20% annually by transforming invoices into a cloud-based system, optimizing cash flow and profits.
• Profitability and ROI: Increase YOY revenue by 20% through effective business and operations management.
• Leadership Development: Leverage exceptional people skills and critical thinking to mediate conflicts, encourage team cohesion, and drive successful project outcomes within the information security domain.
SENIOR DIRECTOR OF CORPORATE ITApr 2006 - Feb 2010
Bandai AmericaCypress
• Command and Control: Controlled support for system design, ERP applications, network, infrastructure, architecture, and MS Office to end users in three companies US, Mexico, and Canada.
• Infrastructure Enhancement: Upgrade IT infrastructure, including routers, switches, firewalls, and storage, right sized infrastructure to align with project business growth needs and minimized system failure.
• Cross Functional Team Leadership: Coaching and leading application development, security and compliance operations, infrastructure, P&L, managers, supervisors, consultants, and contractors while meeting $4M IT budget requirements.
• Performance Metrics: Boosted IT up time by 98.99% and end user satisfaction by 30% via cross training.
MANAGER AND SENIOR MANAGERFeb 1996 - Apr 2006
KPMG LLPCosta Mesa
• Audit and Assurance: Conducted IT Audi Project Management, Program Management and Risk mitigation strategies and, SOX, SOC 1, Soc2 audits.
• Merger and acquisitions: Assisted three private companies with IPO, merger, and acquisition activities.
• Leadership: Lead and manage programs/subcommittee within the oversight and governance committee, focusing on specific areas of cybersecurity.
• Client Management: Lead and manage, External IT audits for financial service clients (Banks and Insurance Companies)
EDUCATION
MASTER OF BUSINESS ADMINISTRATION
University of Herts, Hertfordshire, United Kingdom
Finance
COURSES
PMP - PROJECT MANAGEMENT PROFESSIONAL
CISA- CERTIFIED INFORMATION SYSTEMS AUDITOR
CISM- CERTIFIED INFORMATION SECURITY MANAGER
CISSP (PROGRESS) CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONAL
CSM – CERTIFIED SCRUM MASTER
CSPO—CERTIFIED SCRUM PRODUCT OWNER
CDPSE- CERTIFIED DARA PRIVACY SECURITY PROFESSIONAL
SKILLS
Cybersecurity, Risk Management, Compliance, IT Audit, Cloud Security, Vendor Management, Incident Response, Policy Development, SIEM, Vulnerability Assessment, Microsoft Azure, AWS, GRC, SQL, Virtualization, PeopleSoft, Oracle EBS, JD Edwards, SAP, Hyperion, Leadership. Incident Response, Business Continuity and Disaster Recovery, 3rd Party Vendor Management, third party audits. SIEM, ITIL, IT asset Management, Service Now, Prisma Cloud access Broker, Endpoint security, Sales Force, Service Now, Dropbox security, Data security. Cobit, Coso. GLBA.
Contact this candidate