Post Job Free
Sign in

Information Security Risk Management

Location:
Santa Ana, CA
Salary:
220K
Posted:
July 22, 2024

Contact this candidate

Resume:

Victor Kumar

Orange County Area 657-***-**** ad7fq0@r.postjobfree.com LinkedIn URL- linkedin.com/in/victor-Kumar

CISO / CSO / VP IT Assurance and Audit Director

Innovative Executive Leader - Enterprise Information Security, Privacy and Risk Management & Compliance Audits

Develop and Oversee strategic Security landscape

Communicate Risk activities with all stakeholders

Advise Governance and Policy compliance for HIPAA, PIC, HITRUST, ISO27001, GDPR,CCPA, SOX, JSoX, NYDFS

Manage IT security, Cyber security, and Compliance

Provide periodic updates to Management

Strong written and verbal communication

Conduct security reviews and provide feedback

Ability to influence and manage cross functional teams

Assist with Third Party Vendor Risk Management

Cloud security assessments

Evaluate ID access Management controls

Network and End point vulnerability assessments

Evaluate Incident Management and Change Management policies and procedures

Vulnerability and Incident Management Oversight

SELECTED ACCOMPLISHMENTS

•Eliminated labor costs by 20% via effective team training in multitasking and collaboration.

•Raised efficiency and productivity rate by 45% by transforming and re-engineering processes that accelerated business performance and workflow efficiencies.

•Discovered future technology needs and created strategic roadmaps to strengthen programs towards growth projections.

•Expanded Stakeholder communication by 40% and launched automated reporting.

Hoag Presbyterian Hospital

HealthCare Services

Deputy CHIEF INFORMATION SECURITY OFFICER 03/2024- To Present

Work in tandem with the CISO and Principal to develop, refine, and implement the organization’s cybersecurity posture, strategy, and policies

Share leadership responsibilities for the cybersecurity team, promoting strategic initiatives and ensuring alignment with business goals

Help drive and manage operational metrics

Lead and manage programs / subcommittee within the oversight and governance committee, focusing on specific areas of cybersecurity

Report key findings and recommendations back to the main oversight and governance committee

Co-manage all aspects of cybersecurity operations, ensuring robust protection against cyber threats

Oversee the design, implementation, and maintenance of effective cybersecurity measures

Conduct regular security assessments and lead the response to cyber incidents

Capable of driving clear communications on both strategic and day-to-day cybersecurity issues and risks to a wide audience inside and outside the DNC

Assist in managing the cybersecurity budget, advocating for resources necessary to protect organizational assets and information

Evaluate and advocate for the adoption of new cybersecurity technologies and tools to enhance security and operational efficiency

Communicate effectively with senior management and other stakeholders about cybersecurity threats, strategies, and changes

Represent the cybersecurity department alongside the CSO in executive meetings and consultations

Ensure the organization complies with laws and regulations.

Evaluate and manage 3rd party Vendor Management.

Collaborate with leaning Management and assist with employee security awareness training.

Review and assess security implications of new technologies and projects.

Review and update incident and recovery plans.

Update KPI indicators and metrics to measure effectiveness.

Prepare Key reports for senior management.

KPMG USA Irvine, CA

Big4 International CPA firm specializes in Accounting, Audit, Tax and consulting. 07/2021- 07/2023

Technology Assurance Director

• Analyzed deliverables and tracked key performance indicators using Microsoft Office, resulting in a 15% increase in on-time project completions and a 10% reduction in budget variances.

•Streamlined internal processes by implementing a project management system, reducing project completion time by 25% and improving team collaboration and productivity.

•Collaborate with cross-functional teams to evaluate and prioritize risks and manage effective mitigation strategies.

•Oversee IT audit at Los Angeles Department of Water and Power (DWP).

•Monitor the risk landscape and adapt the risk register to address five key emerging threats.

•Develop and implement short and long-term technology Audit programs to determine performance and outcomes aligned to company external Audit needs and zero trust architecture.

•Facilitate leadership of the KPMG community and internal staff by conducting technology training and workshops.

•Maintain knowledge of advances in information technology systems and applications, CSF, NIST, COSO, COBIT and ISO 27000 framework.

•Control operational IT budget and expenditures of (10) concurrent client project/ department parameters.

CorVel Corporation Irvine, CA 08/2018 –07/2021

A Systemized National provider of risk management solutions, intelligence, and insight for workers’ compensation, auto, health, and disability management clients and generating $1 B in annual revenue.

Deputy CHIEF INFORMATION SECURITY OFFICER

•Work in tandem with the CISO and Principal to develop, refine, and implement the organization’s cybersecurity posture, strategy, and policies

• Share leadership responsibilities for the cybersecurity team, promoting strategic initiatives and ensuring alignment with business goals

• Help drive and manage operational metrics

• Lead and manage programs / subcommittee within the oversight and governance committee, focusing on specific areas of cybersecurity

•As information security Subject Matter person, spearhead cybersecurity program management and governance initiatives for portfolio of 4 projects.

•Supervise budgets, cost controls, and people resources, results and direct and mentor 4 indirect team members in effective incident response processes.

•Created 3-5 year cyber security, privacy, and ITSM roadmap including project goals and milestones, IT security budgets, and resource requirements.

•Delegate and manage incident/ Issue response and application vulnerability management, change management, compliance projects, asset lifecycle management, 3rd party vendor risk evaluation, and risk management.

•Develop strategic direction for security, privacy, and compliance planning in partnership with CTO / CISO for internal (3) companies.

•Conduct Annual Disaster Recovery and Business Continuity, test and test results documentation, as part of information security Management.

•Introduce strengthened cybersecurity controls and IT Audit to comply with SOC, NIST800-53, COSO, COBIT, SOX, PCI- DSS, ISO-27001 / 27002, HiTrust and HIPAA standards for IT GRC

governance.

•Update 17 and composed 4 IT policy and procedures documentation for Information Security, compliance and enforcement across enterprise-wide security landscape and governance.

COMPLIANCE PROGRAM SPECIALIST / CONSULTANT,

Global Eagle Entertainment, Inc. LA, CA,

02/2018 – 07/2018.

•Spearhead risk compliance program for global IT operations controls assessment program impacting financial reporting for leading global provider of airline in-flight entertainment, media content, technology and connectivity solutions across 15 International and US operations.

•Prepared, analyzed and revamped IT Risk compliance program for 15 global operations that included applications on Aws Cloud, databases, OS layer, and active domain.

COMPLIANCE REPORTING AUDITOR / CONSULTANT,

Mitsubishi Union Bank Los Angeles, CA, 08/2017 – 01/2018

•In security and internal controls auditing role for full-service bank, analyzed, evaluated, and assessed risk, including providing compliance reporting across 10 operations, including business controls, HR, finance, and IT.

•Prepare reports to executive and management decision makers with quantified risk exposure of brand operations, organize and deliver strategic project updates at meetings and via monthly reports.

VKAN, LLC Tustin, CA 02/2010 – 2/2017

Research & development and global logistics firm.

CIO / CISO, PROGRAM AND OPERATIONS EXECUTIVE

•Conduct strategic planning for IT, and served as project manager AML, FINCEN, OFAC, GBLA, GMP projects.

•Reduce vendor costs by 20% annually by transforming invoicing to cloud-based system, optimizing cash flow and profits.

•Increase YOY revenue by 20% through effective business and operations management.

•Expand customer base by 50% and raised customer satisfaction rates by up to 50% by initiating standardized customer engagement training for team members.

•Reduce operational costs by 20% by streamlining all accounting processes, including bookkeeping and tax preparation.

BANDAI AMERICA Cypress, CA 4/2006 – 02/2010

US arm of $6.4B global toy and gaming manufacturer and distributor based in Japan.

SENIOR DIRECTOR OF CORPORATE IT

•Controlled support for ERP applications, network, infrastructure, architecture, and MS Office to end users in three companies US, Mexico and Canada.

•Upgraded IT infrastructure, including routers, switches, firewalls, and storage, right sized infrastructure to align with project business growth needs and minimized system failure.

•Led application development, security and compliance operations, infrastructure, P&L, managers, supervisors, consultants, and contractors while meeting $ 4M IT budget requirements.

•Boosted IT up time by 98.99% and end user satisfaction by 30% via cross training.

•Cut IT operational costs by 40% by introducing cost and inventory controls and renegotiating vendor service level agreements and resource utilization. Reduced service costs by up to 30% from outside vendors, saving $1.8M.

KPMG US

Manager and Senior Manager 2/1996-04/2006

•Conducted IT Audi Project Management, Program Management and Risk mitigation strategies and SOC 1, Soc2 audits

•Lead and manage programs / subcommittee within the oversight and governance committee, focusing on specific areas of cybersecurity

•ERP and Cyber Security Program management

TECHNICAL S K I L L S

Microsoft Azure, AWS cloud security, Cybersecurity, GRC, Risk Management, SQL databases, Virtualization, Blueprints, and Data Explorer PeopleSoft (9.1 & 9.2) Oracle (EBS) JD Edwards Enterprise One, SAP Financial and supply chain, Oralcle EPM - Hyperion

EDUCATION & CREDENTIALS

Master of Business Administration in Finance

University of Herts, Hertford, UK

Certified Project Management Professional (PMP) Agile Certified Professional (PMI-ACP) Certified Information Systems AUDITOR (CISA) Certified Information Security Manager (CISM)

Scrum Certified Manager (SCM), Scrum Certified Product Owner (SCPO), Data Protection Security Professional (DPSE)



Contact this candidate