AmtrakDirector Cyber Assessment
Jul. 2020 - Apr. 2024Built the Cyber Assessments team from scratch, focusing on securing Amtrak's assets including identities, devices, network/infrastructure, applications, and data. Delivered a multi-million-dollar program that significantly reduced overall enterprise risk. Implemented capabilities such as vulnerability management, application security testing, penetration testing, and social engineering simulations.
Responsibilities:
• Assist in the Cybersecurity Strategy and Governance to drive a cybersecurity strategy aligned with GRC standards and SEC requirements.
• Collaborated with business leaders to align on the cybersecurity framework and engage their support in managing cyber risk while ensuring continuous business operations.
• Served as the cybersecurity strategic advisor by providing actionable recommendations to stay ahead of cybersecurity practices.
• Communicated cybersecurity program status and updates to business leaders. • Provided insights on emerging cyber threats, vulnerabilities, and the effectiveness of security measures.
• Established and managed a risk register, conducting regular risk and vulnerability assessments.
• Evaluated and managed third-party vendors for cybersecurity risk, ensuring cybersecurity requirements in vendor contracts.
• Partnered with Internal Audit, Legal, and Public Reporting to ensure compliance with SEC rules and timely, accurate cybersecurity-related disclosures.
• Guided the cybersecurity team in managing a multi-year cybertechnology roadmap and implementing scalable cybersecurity technology management processes.
• Attracted, retained, and developed the Cybersecurity Team, fostering organization-wide confidence and cross-organizational collaboration.