Vice President, Information Security and Risk
HSBC Technologies, Inc
Total years of experience :34 years, 0 Months
Efficiently manage program level escalations through close collaboration with software development and business stakeholders. Collaboratively develop metrics and program status reports and dashboards, while coordinating with stakeholders on all aspects of stakeholder management, and software development and IT operations to evaluate product risks for both in-house and 3rd party products. Assist business in understanding risks to determine risk appetite. Function as the primary point of contact for any security reviews on products, creating risk awareness, liaise with audit. Define key performance and risk indicators (KPI/KRI).
Key Highlights:
Directed the operations of a Global Advisory Review Committee (RAC) to oversee engagement/risk management and information security engagement practices
Led the activities of the global practice to efficiently manage security engagements and provide global consolidated view of application security across HSBC
Built and directed a global team of 20 engagement and risk managers to oversee application security engagement operations, encompassing more than 300 applications across the globe and managing more than 125 concurrent projects, including the development and implementation of a global application security governance program to observe and handle risks
Initiated the development and implementation of a global application security governance program
Developed and implemented a program management methodology to standardize project engagement and risk management operations. Established and coordinated with Security Working Groups to construct a governance model to evaluate and resolve application security issues and to ascertain that all products released met the highest security industry standards. Established a project estimation and complexity model to examine estimates with actual data and past results on similar projects to refine forecasting. Spearheaded a highly proficient team to oversee 75-100 projects simultaneously.
Key Highlight:
Built a global team of project managers and security professionals to supervise all phases of the product development life cycle, ensuring all products go through comprehensive application security review, and open risks were identified and communicated to senior business stakeholders with an agreed mitigation plan
Meticulously assessed application firewall products to configure a customized setup for Teros and NetContinuum. Exhibited superior talents in managing incidents, evaluating and investigating IDS alerts, and correlating data with firewall and server logs. Oversaw information security project plans, progress, and challenges.
Key Highlights:
Directed the integration of a large intrusion detection implementation based on RealSecure internet security system with 700 host-based IDS and 25 network IDS
Initiated a pilot for security event correlation system to expertly process information from a numerous devices to support intelligence gathering operations
Demonstrated adeptness in calibrating Dolphin server as a wireless gateway for IPSec termination, constructing a WLAN with Orinoco and Cisco access points. Exemplified expertise in formulating a secure WLAN design for enterprise-level security.
Took charge of setting up a highly scalable and redundant Checkpoint NG Provider-1 solution for both Nokia and Solaris platforms. Assumed responsibility in calibrating local and wide area load balancers by applying Wide-IP and QOS dynamic load balancing techniques to efficiently manage traffic between the data centers. Established an in-depth performance, monitoring, and trend analysis system developed from open source packages.
Key Highlights:
Provided guidance and direction to secure communication at the new data center by facilitating penetration testing, vulnerability and network evaluation, firewall policy audit, and Solaris hardening
Made impactful contributions by initiating security architecture design and execution for the new data center, implementing best practices and proven technological innovations to deliver a redundant and highly scalable load-balanced environment to enhance customer service, boost uptime, and efficiently manage resources
Initiated the migration from Checkpoint to Netscreen through carrier-class NS-5200 firewalls set-up in high availability (HA) using the NSRP protocol. Formulated internal security workflows, conducted stress tests, and deliver proof of concepts for security solutions. Utilized SolarWinds, SystemWatch, MRTG and HP Openview to establish firewall monitoring. Devoted efforts in incorporating a disaster recovery facility to allow network connectivity to all business clients within 48 hours of disaster.
Key Highlights:
Pioneered the Security Team in executing a secure infrastructure through Checkpoint HA solution on Nokia IP530/IP740 appliances during the merging of Bell Atlantic Mobile, Airtouch, Primeco, and GTE Wireless
Supervised the Security Team during the internet fortification project to consolidate a number of internet point of presence (POPs) into three highly redundant fail over POPs
Guided and supported the Network Planning team in security architecture designs
Supported the operations of the network operations center, security operations center, and disaster recovery center in configuring, executing, and monitoring carrier-class security devices
Engro Chemical (Exxon Chemical) 12/1994 - 01/2000
Information Systems Advisor & Sr. Network Security Specialist
• Let the team in design and implementation of a corporate-wide network with redundant WAN links between
Headquarters and manufacturing facilities. Setup a campus-wide fiber backbone at the manufacturing plant.
• Installed and configured distributed Checkpoint firewalls in HA, RealSecure IDS, 3Com / Cisco routers and switches, Cisco Local Director, Websense, Novell NetWare, Windows NT, and USR Remote Access Servers (RAS)
• Performed daily administration, support and maintenance of the network comprising of 200+ application / database
servers, 3000+ workstations and a WAN spread over seven locations.
• Provided support for data migration over dialup to 75 remote warehouses for an sales and inventory application. Set up server farms, Network Address Translations (NATs) and Virtual IPs for external access and load balancing.
• Participated in the design and launch of the company web site and provided training to the network support staff.
PROFESSIONAL EXPERIENCE
Caltex Oil (Chevron Texaco) 11/1993 - 11/1994
Network Engineer
• Designed, implemented and deployed a Token Ring Network spanning over three locations and provided integration between standalone mainframe business / production applications and network users. This greatly enhanced
productivity and helped the company re-engineer processes for greater efficiency.
• Installed and configured Windows NT and Novell Netware servers, IBM Multiple Access Units (MAU) and Central
Access Units (CAU), 3Com NetBuilder II routers and CoreBuilder switches, Symantec Antivirus and RAS.
• Established a communication network with branch offices and Caltex affiliates worldwide using a bank-shot routing
technique based on Lotus cc:Mail Topics.
• Installed Lotus Notes Groupware and managed desktop configurations via SMS using Intel LanDesk asset
management software. Provided training to users on Groupware computing.
Borland International 09/1992 - 08/1993
Sr. Quality Assurance Engineer
• Developed C++ programs and UNIX shell scripts for functionality and usability testing to verify product compliance with the industry standards, enhanced product robustness by preparing quality assurance procedures, conducted User
Acceptance Tests (UAT) and managed Beta testers.
• Automated test suites for regression analysis and trained other members of the team on 32-bit compiler and DOS
Extender technology.
• Managed print servers and the departmental peer-to-peer network based on Windows for Workgroup.
• The test automation and verification procedures reduced the QA time by 20% and shortened the overall product
development cycle.
MetaWare Inc 03/1990 - 08/1992
Sr. Technical Support and Quality Assurance (QA) Engineer
• Established a formal QA group and developed a comprehensive bug reporting process that improved the product
quality by 25% within the first 4 months.
• Developed test suites for C/C++ compilers and libraries, automated test scripts and streamlined performance
benchmarks. Conducted User Acceptance Test (UAT) and managed clients participating in the Beta program.
• Provided 2nd level technical support for compilers and assisted R&D team with regression analysis and White and
Black box testing for the C, C++ and Pascal compilers.
• Implemented a Bulletin Board System (BBS) to distribute software updates and patches reducing the telephone
support by 30% within three months.
✓ Masters Certificate in Project Management, George Washington University
✓ BS Computer Engineering, University of California