Requests
3
Keep in touch with meI'm using Intch to connect with new people. Use this link to open chat with me via Intch app
Network Power<100 people
Roles
🧨80%
Consulting
🧑💼73%
C-level Executive
🔥66%
Startup Founder
Geos
🇺🇸100%
United States
Work Background
Red Spider SecurityManaging Director
Jan. 2022IrvineGuide multiple clients through the entire project lifecycle, from the planning phase to the conclusive meeting stage. Spearheaded vital business development initiatives that align with the organization's strategic direction and core competencies, fostering growth and alignment with business objectives. Additionally, took the lead in documenting processes and crafting Standard Operating Procedures (SOPs) to ensure adherence to both regulatory requirements and company policies.
* Orchestrated a strategic IT outsourcing initiative for Nano Banc, transitioning to a Managed Service Provider in Oklahoma City, which streamlined the internal IT team from eight to three members, saving $100k+ monthly. Enhanced operational efficiency, reducing open ticket resolution time from three days to four hours. Achieved a record-high patching completion rate of 98.8%, while ensuring FFIEC compliance through meticulous Cybersecurity Assessment Tool execution.
* Executed in-depth vulnerability scans and penetration testing for Community West Bank, uncovering, and mitigating critical security vulnerabilities, including open ports and missing patches. This strategic intervention significantly reduced the organization's threat footprint, enhancing overall security posture.
* Led a comprehensive gap assessment for CBC Federal Credit Union, aligning their control environment with the NIST 800-53 framework, which identified the need for enhanced policies and SOPs. This major strengthening of cybersecurity measures catalyzed the refinement of foundational practices and bolstered the information security program through proper tool configuration.
* Delivered ADA compliance services for Bayshore Mortgage Funding and Unify Financial Credit Union, conducting website scans and outlining remediation steps to ensure full compliance. This initiative specifically enhanced the browsing experience for visually impaired customers, enabling easier navigation through voice-enabled website content.
Friendly Hills BankEVP - Chief Information & Technology Officer
Jan. 2022 - Dec. 2023Orange County, California, United StatesDeveloped and executed the Information Security and IT Risk Management strategy to proactively test and mitigate current and emerging technological risks. Led the creation of a Vendor Management program to ensure thorough due diligence, aligning with FFIEC guidelines for vendor compliance. Authored the IT Strategic Plan for 2022-2025, detailing a forward-looking tactical approach and budgetary considerations to support technology-driven objectives. Fostered engagement with business unit leaders to assess new initiatives, identify potential risks, and devise effective mitigation strategies. Initiated and led security awareness and training campaigns to cultivate a culture of cybersecurity awareness across the organization. Provided comprehensive reports on technology governance and risk management to the Board, steering committees, government agencies, and law enforcement, ensuring strategic alignment and transparency in IT initiatives.
* Crafted a comprehensive suite of Information Technology and Information Security Policies and Procedures, establishing a solid foundation for organizational IT governance and cybersecurity practices. * Spearheaded the formation of specialized Steering Committees for IT and Information Security, including IT Steering and Business Continuity/Disaster Recovery (BC/DR) Committees, to ensure strategic oversight and alignment with organizational objectives and best practices.
Nano BancSVP - Chief Information Security Officer
Jan. 2019 - Dec. 2022Irvine, California, United StatesDeveloped and executed a comprehensive Information Security and IT Risk Management strategy, addressing both current and emerging risks through rigorous testing and mitigation efforts. Led the establishment of a vendor management program, ensuring due diligence aligned with FFIEC guidelines for enhanced vendor security compliance. Authored the IT Strategic Plan for 2019-2022, incorporating detailed tactical and budget forecasts to guide future technology investments. Engaged with business unit leaders to evaluate new initiatives, assessing inherent risks and devising strategies for risk mitigation. Spearheaded security awareness and training campaigns, elevating organizational cybersecurity culture. Provided critical reports to the Board, steering committees, government agencies, and law enforcement, ensuring transparent communication of security posture and initiatives.
* Established comprehensive Information Technology and Information Security Policies and Procedures, creating a robust framework for organizational cybersecurity and governance. * Spearheaded the implementation of Steering Committees to enhance strategic oversight across critical areas, including IT, Policy and Standards, and Business Continuity/Disaster Recovery (BC/DR), fostering cross-functional collaboration and alignment with best practices. * Successfully conducted annual Disaster Recovery (DR) tests for more than 42 applications and network connections, ensuring compliance with FFIEC requirements and demonstrating resilience in critical system recoverability.
East West BankFVP - IT Risk Management and Compliance
Jan. 2012 - Dec. 2019Greater Los Angeles AreaLed strategic oversight for IT Risk Management, Compliance, and Business Continuity, conducting gap analyses against FFIEC and NIST with over 3,600 controls and presenting findings to the board. Managed annual vendor evaluations and security awareness training and oversaw 16+ audits, including vulnerability assessments in Hong Kong and China. Directed audit remediation, vulnerability risk acceptance, and encrypted USB deployment across multiple regions. Enhanced vendor risk management through new templates and risk registers and implemented LANDESK (now Ivanti) for remote laptop patching. Authored management responses for audit reports, reinforcing security and compliance.
* Spearheaded the formation of the Vulnerability Management Team through strategic process changes in Information Security, enhancing organizational cyber defense capabilities.
* Led the BC/DR Department overhaul, aligning with corporate resilience objectives, significantly boosting team morale and department reputation.
* Initiated a pivotal audit process requiring senior management participation, fostering enhanced communication and alignment between IT and Internal Audit departments.
* Directed the comprehensive review and implementation of PeopleSoft changes, establishing standard operating procedures for critical Sarbanes-Oxley (SOX) applications, and ensuring regulatory compliance.
* Implemented rigorous risk and security assessment processes for all IT-supported projects and new vendor evaluations, strengthening organizational risk management and vendor oversight.
Tangible ComplianceIT Compliance and Governance Consultant
Jan. 2011 - Dec. 2012Greater Nashville Area, TNSupervision of multiple clients from planning phase to final meeting phase, encompassing providing updates to engagement executives upon completion of each phase and scheduling executive reviews
* Delivery of first-rate consulting services to the LBMC and a group of select clients, which included the following:
– Mississippi Health Association: Completion of IT risk assessment for three hospitals within the association
– Vanguard Health Systems: Delivery of IT current state assessment for recent acquisition of two locations
– Blue Cross Blue Shield of South Carolina and ViPS: Administration of annual Federal Information Security Management Act (FISMA) assessment
– Jack Henry and Associates: Carrying out of yearly Statement on Standards for Attestation Engagements No. 16 (SSAE 16) assessment
– EFT Source: Implementation of Payment Card Industry assessment on an annual basis
– The Vincit Group: Fulfillment of IT risk assessment for annual integrated audit
FishNet SecurityIT Compliance Specialist
Jan. 2010 - Dec. 2011Greater Nashville Area, TN* Management and effectual support of multiple compliance projects ranging from SOX testing to PCI reviews. * Facilitation of walkthroughs on all critical processes
* Development of process documentation diagrams with the corresponding risks and controls associated with each step of the process
* Supervision and accomplishment of the Emdeon Project through the following initiatives:
– Utilization of PCI DSS 2.0 framework for various applications including new service offerings to conduct gap assessments and impact analysis;
– Upgrading of risk assessment and analysis management (RSAM) documentation repository for PCI validations;
– Design of PCI, Electronic Healthcare Network Accreditation Commission (EHNAC) e-Prescribing Accreditation Program (ePAP) and EHNAC Home Network Administration Protocol (HNAP), Control Objectives for Information and Related Technologies (COBIT), and National Institute of Standards and Technology (NIST) 800-53 frameworks to import;
– Introduction of remediation dashboard for PCI and EHNAC testing, process binder to capture IT and business risks and controls, and desk procedures earned income tax credit (EITC) Department;
– Review of request for proposal (RFP), request for information (RFI), and questionnaires sent by Marketing for security-related items; and
– Provision of support with the creation of process flows for departmental procedures and framework for Centers for Medicare and Medicaid Services (CMS) Information Security Acceptable Risk Safeguards (ARS) framework
UHY LLPIT Audit Senior
Jan. 2009 - Dec. 2010Houston, Texas Area* Provision of hands-on assistance with the institution of a new national PCI and security practice
* Substantial contribution in establishing model for pricing vulnerability assessments and penetration testing, and for all IT general controls (ITGC) and security work execution, as well as remediation dashboard for client which used nationally
* Preparation of over 20 proposals for new services, while collaborating closely with the local and international Qualified Security Assessor Company * Generation of over $150K of additional services within first year of employment
* Management of numerous clients and various projects, from planning to final meeting phase, including the following:
– Seahawk Drilling: Execution of data conversion testing to ensure acquisition of all data from the legacy system to the new system, as well as internal and external vulnerability/IT risk assessment
– Rain CII: Evaluation of internal vulnerability and delivery of detailed memorandum to client
– Vaalco, Strategic Materials Inc., and Kayne Anderson: Control of annual financial statement support for all ITGCs, including performing walkthroughs of controls to confirm understanding as well as detailed tests of key controls to evaluate their effectiveness
– Repcon Strickland: Formulation of IT process documents
– Oceaneering: Determination of vulnerability and creation of risk control matrix and NIST framework to client’s specific controls
– Academy Sports + Outdoors: Implementation of walkthroughs for PCI and annual PCI assessment
– Ignite: Facilitation of ITGC’s for first year SOX filer
– Atwood Oceanics and Universal Weather & Aviation: Review of internal/external vulnerability assessments and penetration testing
– Citgo Petroleum and Continental Airlines: Completion of annual PCI assessment
EYIT Audit Senior
Jan. 2007 - Dec. 2009Houston, Texas Area* Arrangement of personnel schedules and creation of executive reviews along with the engagement executives
* Conceptualization of planning memos and statements of work (SOWs)
* Notification of engagement executives upon completion of each phase
* Development of several projects for the following well-known clients toward business growth and advancement:
– Guidant Group: Accomplishment of annual SAS70 type
– Noble Drilling Corporation: Execution of annual financial statement support for client server environments, including SAP. Procedures included reviewing of company ITGC’s, performing walkthroughs of controls to confirm understanding, and performing detailed tests of key controls to evaluate their effectiveness
– Technip USA Holdings and Cal Dive International: Provision of annual financial statement support for all ITGC’s, including Oracle\ERP, while fulfilling walkthroughs of controls ensuring understanding and detailed tests of key controls evaluating their effectiveness. Analysis of SAS70 evaluations for ADP payroll function
– Helix Energy Source Group: Completion of tests to verify correct conversion of legacy database to Oracle, as well as tests on eight separate modules within Oracle, while submitting detailed memorandum to client
– ION Geophysical: Assistance with the preparation of annual financial statement for all ITGC’s, including the SQL Server ERP, while carrying out detailed tests of Active Directory and the SQL Server for effectiveness evaluation
– Dresser Rand: Oil and Gas: Delivery of support to IA in accomplishing an inventory count for a new acquisition as well as Oracle application controls using Applimation, while coordinating a detailed memo of the total value of inventory
First American Financial CorporationIT Audit Supervisor
Jan. 2005 - Dec. 2007Greater Los Angeles AreaSupervisor and team lead of 7 junior auditors with responsibility for Texas and East Coast First American entities. * Created and approved risk and key control objectives:
- Databases for Oracle and ADABAS.
- ACF2 with DB2 Mainframe.
- General Computing Controls (Physical and Logical Security, Change Management and Software Development Life Cycle.)
* Created and approved Audit Testing steps:
- Databases (Oracle and ADABAS.)
- ACF2 with DB2 Mainframe.
* General Computing Controls including:
- Physical and Logical Security.
- Change Management.
- Software Development Life Cycle.)
* Executed audit tests for the following:
- Oracle and ADABAS.
- ACF2 and DB2 Mainframe.
* All facets of GCC’s including LAN/WAN Logical and Physical Security, Change Management, SDLC, Computer Operations and Data Management
Intermix MediaManager of Internal Compliance
Jan. 2005 - Dec. 2005Greater Los Angeles Area* Drafted Risk and Control Matrices for Intermix and MySpace:
- Databases (Oracle, SQL Server.)
- General Computing Controls (Physical and Logical Security, Change Management and Software Development Life Cycle.)
* Drafted audit test plans for Intermix and MySpace:
- Databases (Oracle, SQL Server.) - General Computing Controls (Physical and Logical Security, Change Management and Software Development Life Cycle.)
* Executed audit tests for the following:
- Oracle (versions 8, 8i and 9i.)
- Physical and Logical Security.
- Change Management.
- Software Development Life Cycle.
- Operations Environment (Networking and Operating Systems.) * Drafted final reports for corporate Audit Committee review.
* Performed Quality Analysis review for application-level IT-centric Sarbanes-Oxley tests prior to submission for final report creation.
* Created Status Reports for Senior Management.
* Drafted Project Plans for continuing compliance.
* Provided status reports for Audit Steering Committee.
* Led a team of 3 people.
DIRECTVIT Auditor
Jan. 2004 - Dec. 2005Greater Los Angeles Area* Drafted and modified audit test plans for the following:
- Databases (Oracle, MS Access.)
- General Computing Controls (Physical and Logical Security, Change Management and Software Development Life Cycle.)
* Executed audit tests for the following:
- Oracle (versions 8, 8i and 9i.)
- Physical and Logical Security.
- Change Management.
- Software Development Life Cycle.
- Operations Environment (Networking and Operating Systems.)
* Drafted final reports for corporate Audit Committee review.
* Performed Quality Analysis review for application-level IT-centric Sarbanes-Oxley tests prior to submission for final report creation
Intch is a Professional Networking App for the Future of WorkSee more people like Azim on Intch
300k+ people
130+ countries
AI matching
Get Intch if you'd like to
201712 people
16
CIO/CTO @ Nysut
21
Education Consultant
33
Financial consultant @ Nedixprimecrypto.com
21781 people
16
CIO/CTO @ Nysut
42
Senior Mining Engineer @ Riot blockchain
62
CEO /Co-founder @ The James Ruff Group/ HardMoney Loans