Leo Park

Sr. Director of Cyber Security at Click Therapeutics, Inc.
  • Claim this Profile
Contact Information
us****@****om
(386) 825-5501
Location
New York City Metropolitan Area
Languages
  • Korean -
  • English -
Skills

Topline Score

Topline score feature will be out soon.

Bio

Generated by
Topline AI

You need to have a working account to view this content.
Join now
You need to have a working account to view this content.
Join now

Credentials

  • CISA
    ISACA
    May, 2018
    - Nov, 2024
  • Certified Information Systems Security Professional
    (ISC)²
    Dec, 2016
    - Nov, 2024
  • MCSE
    Microsoft
    May, 2004
    - Nov, 2024
  • MCSE : Security
    Microsoft
    May, 2004
    - Nov, 2024
  • CCNA
    Cisco
    Mar, 2004
    - Nov, 2024

Experience

  • Click Therapeutics, Inc.
    • United States
    • Biotechnology Research
    • 100 - 200 Employee
    • Sr. Director of Cyber Security
      • Jan 2022 - Present

      Click Therapeutics is the industry-leading DTx IT platform provider to global pharmaceuticals like Otsuka and Boehringer Ingelheim. Design, develop and implement the company's security, data protection, IT risk management and other IT-related compliance programs which center around HIPAA, Hitrust, GDPR compliance and other privacy law and FDA regulation, including 510k. • Develop, implement and maintain the HITRUST-friendly IT security program. • Develop, update and manage IT… Show more Click Therapeutics is the industry-leading DTx IT platform provider to global pharmaceuticals like Otsuka and Boehringer Ingelheim. Design, develop and implement the company's security, data protection, IT risk management and other IT-related compliance programs which center around HIPAA, Hitrust, GDPR compliance and other privacy law and FDA regulation, including 510k. • Develop, implement and maintain the HITRUST-friendly IT security program. • Develop, update and manage IT security policy and procedure to sustain a high-quality IT security program. • Submit audit and compliance reports to governing bodies, legal entities, and external authorities, helping the company comply with the privacy guidelines (e.g., GDPR) and acquire relevant certificates (such as SOC-1, SOC-2, HITRUST, ISO 27001 etc.) • Manage IT Risk management program, including application, system and vendor, to ensure compliance with the company's security program with a risk register. • Provide security input in the project to foster ' security in design.' culture. • Manage security training and awareness program, including periodic phishing campaigns. • Detect, respond, investigate, remediate and document security-related incidents.

    • Enterprise Security Architecture
      • Apr 2021 - Jan 2022

      • Develop, implement and maintain the actionable security and compliance policy, procedure, process and report. • Partner with developers and engineers to update, enforce and monitor technical and procedural controls to protect the company's physical and intellectual assets and data. • Develop and maintain a strategy for managing security-related audits, compliance checks, and external assessments. • Create and execute a strategic annual Compliance Monitoring and Testing plan including… Show more • Develop, implement and maintain the actionable security and compliance policy, procedure, process and report. • Partner with developers and engineers to update, enforce and monitor technical and procedural controls to protect the company's physical and intellectual assets and data. • Develop and maintain a strategy for managing security-related audits, compliance checks, and external assessments. • Create and execute a strategic annual Compliance Monitoring and Testing plan including annual BCP and Incident management drill. • Ensure IT compliance programs meet all industry applicable rules, regulations, standards, and laws. • Track and ensure adequate and timely resolutions to all audit/review issues relating to IT compliance by utilizing the GRC application. • Conduct Third Party risk assessments and manage IT risk register. • Review contracts and QMS documentation.

  • Twill
    • United States
    • Mental Health Care
    • 100 - 200 Employee
    • Director of IT Compliance, Security and Risk
      • Dec 2019 - Apr 2021

      Design, develop and implement Happify’s security, data protection, IT risk management and other IT-related compliance programs which center around HIPAA, PCI DSS, GDPR compliance and other privacy law • Coordinate, monitor, develop, implement and maintain the HITRUST-friendly IT Compliance program. • Create a framework that effectively measures compliance standards with information policies. • Develop and maintain a strategy for managing security-related audits, compliance checks… Show more Design, develop and implement Happify’s security, data protection, IT risk management and other IT-related compliance programs which center around HIPAA, PCI DSS, GDPR compliance and other privacy law • Coordinate, monitor, develop, implement and maintain the HITRUST-friendly IT Compliance program. • Create a framework that effectively measures compliance standards with information policies. • Develop and maintain a strategy for managing security-related audits, compliance checks, and external assessments. • Create and execute a strategic annual Compliance Monitoring and Testing plan. • Ensure IT compliance programs meet all industry applicable rules, regulations, standards, and laws. • Track and ensure adequate and timely resolutions to all audit/review issues relating to IT compliance by utilizing the GRC application. • Review, improve, create, and monitor security processes and company IT policies. • Conduct Third Party risk assessments. Show less Design, develop and implement Happify’s security, data protection, IT risk management and other IT-related compliance programs which center around HIPAA, PCI DSS, GDPR compliance and other privacy law • Coordinate, monitor, develop, implement and maintain the HITRUST-friendly IT Compliance program. • Create a framework that effectively measures compliance standards with information policies. • Develop and maintain a strategy for managing security-related audits, compliance checks… Show more Design, develop and implement Happify’s security, data protection, IT risk management and other IT-related compliance programs which center around HIPAA, PCI DSS, GDPR compliance and other privacy law • Coordinate, monitor, develop, implement and maintain the HITRUST-friendly IT Compliance program. • Create a framework that effectively measures compliance standards with information policies. • Develop and maintain a strategy for managing security-related audits, compliance checks, and external assessments. • Create and execute a strategic annual Compliance Monitoring and Testing plan. • Ensure IT compliance programs meet all industry applicable rules, regulations, standards, and laws. • Track and ensure adequate and timely resolutions to all audit/review issues relating to IT compliance by utilizing the GRC application. • Review, improve, create, and monitor security processes and company IT policies. • Conduct Third Party risk assessments. Show less

  • New York University
    • Higher Education
    • 700 & Above Employee
    • Sr. Manager of IT Risk Management and Complaince
      • Mar 2018 - Dec 2019

      • Manage and improve IT compliance program for the global university and work with other business units regarding compliance programs (PCI DSS, HIPAA, FERPA, GLBA, NYC DFS 500 and GDPR) focus on Personally identifiable information protection. • Lead compliance-related working group with affected department’s lead to develop, identify and improve the compliance program. • Lead risk assessment and mitigation through Governance, Risk analysis and Compliance including overseeing penetration… Show more • Manage and improve IT compliance program for the global university and work with other business units regarding compliance programs (PCI DSS, HIPAA, FERPA, GLBA, NYC DFS 500 and GDPR) focus on Personally identifiable information protection. • Lead compliance-related working group with affected department’s lead to develop, identify and improve the compliance program. • Lead risk assessment and mitigation through Governance, Risk analysis and Compliance including overseeing penetration testing, reducing vulnerabilities, and partnering with external vendors to assess risk. • Perform Information technology reviews of the global university including policies, procedures, application system development lifecycle, change management and other IT control to meet with compliance requirements. • Manage a team of IT, risk assessors, to meet with emerging compliance and cybersecurity risk and the university’s cloud migration including AWS and Azure. • Manage Risk Register of identified, residual and accepted risks. Show less • Manage and improve IT compliance program for the global university and work with other business units regarding compliance programs (PCI DSS, HIPAA, FERPA, GLBA, NYC DFS 500 and GDPR) focus on Personally identifiable information protection. • Lead compliance-related working group with affected department’s lead to develop, identify and improve the compliance program. • Lead risk assessment and mitigation through Governance, Risk analysis and Compliance including overseeing penetration… Show more • Manage and improve IT compliance program for the global university and work with other business units regarding compliance programs (PCI DSS, HIPAA, FERPA, GLBA, NYC DFS 500 and GDPR) focus on Personally identifiable information protection. • Lead compliance-related working group with affected department’s lead to develop, identify and improve the compliance program. • Lead risk assessment and mitigation through Governance, Risk analysis and Compliance including overseeing penetration testing, reducing vulnerabilities, and partnering with external vendors to assess risk. • Perform Information technology reviews of the global university including policies, procedures, application system development lifecycle, change management and other IT control to meet with compliance requirements. • Manage a team of IT, risk assessors, to meet with emerging compliance and cybersecurity risk and the university’s cloud migration including AWS and Azure. • Manage Risk Register of identified, residual and accepted risks. Show less

  • Con Edison
    • United States
    • Utilities
    • 700 & Above Employee
    • Cyber Security (NERC CIP) Compliance
      • Jan 2015 - Apr 2018

      • Prepare and manage federal, state and internal IT audits by NERC (North American Electric Reliability Corporation), DPS (Department of Public Service) and NATF peer review. • Prepare and perform mock audits of Cyber Security compliance program and manage 3rd party assessment and gap analysis by Big 4. • Prepare audit document packages and participate in on-site, off-site and spot check audits. • Manage cybersecurity program (NERC CIP) for High impact cyber systems of Energy Control… Show more • Prepare and manage federal, state and internal IT audits by NERC (North American Electric Reliability Corporation), DPS (Department of Public Service) and NATF peer review. • Prepare and perform mock audits of Cyber Security compliance program and manage 3rd party assessment and gap analysis by Big 4. • Prepare audit document packages and participate in on-site, off-site and spot check audits. • Manage cybersecurity program (NERC CIP) for High impact cyber systems of Energy Control Center with RSA Archer. • Perform technical, administrative and quality assurance tasks related to the cybersecurity program. • Proficient in all NERC CIP cybersecurity standards and proposed standards changes. • Evaluate, monitor and design firewall configurations, IDS analyses and SIEM activities. • Check the baseline of cyber systems and evaluate the discrepancy. • Review and write procedures that detail and identify the processes required to meet compliance with current and changing regulatory standards. • Evaluate compliance tools and methods and work with other organizations to develop and improve automated methods for maintaining and tracking compliance. • Evaluate the impact of pending compliance standards on current organizational policies and procedures. • Work with various groups to identify procedural changes, implement change schedules and manage progress. • Monitor and report on the status of compliance and conduct evaluations of each area's compliance processes to ensure compliance with NERC CIP reliability standards. • Make presentations to various Company organizations and at the executive level. Show less • Prepare and manage federal, state and internal IT audits by NERC (North American Electric Reliability Corporation), DPS (Department of Public Service) and NATF peer review. • Prepare and perform mock audits of Cyber Security compliance program and manage 3rd party assessment and gap analysis by Big 4. • Prepare audit document packages and participate in on-site, off-site and spot check audits. • Manage cybersecurity program (NERC CIP) for High impact cyber systems of Energy Control… Show more • Prepare and manage federal, state and internal IT audits by NERC (North American Electric Reliability Corporation), DPS (Department of Public Service) and NATF peer review. • Prepare and perform mock audits of Cyber Security compliance program and manage 3rd party assessment and gap analysis by Big 4. • Prepare audit document packages and participate in on-site, off-site and spot check audits. • Manage cybersecurity program (NERC CIP) for High impact cyber systems of Energy Control Center with RSA Archer. • Perform technical, administrative and quality assurance tasks related to the cybersecurity program. • Proficient in all NERC CIP cybersecurity standards and proposed standards changes. • Evaluate, monitor and design firewall configurations, IDS analyses and SIEM activities. • Check the baseline of cyber systems and evaluate the discrepancy. • Review and write procedures that detail and identify the processes required to meet compliance with current and changing regulatory standards. • Evaluate compliance tools and methods and work with other organizations to develop and improve automated methods for maintaining and tracking compliance. • Evaluate the impact of pending compliance standards on current organizational policies and procedures. • Work with various groups to identify procedural changes, implement change schedules and manage progress. • Monitor and report on the status of compliance and conduct evaluations of each area's compliance processes to ensure compliance with NERC CIP reliability standards. • Make presentations to various Company organizations and at the executive level. Show less

  • PetCareRx Inc
    • United States
    • Retail
    • 1 - 100 Employee
    • Director of Infrastructure Services
      • Jul 2013 - Dec 2014

      • Manage the PCI DSS Compliance program and audit for the company and work with CTO/CIO for IT budget, and compliance and other projects. • Organize and manage policy development, vulnerability management, and risk assessment. • Setup, optimize and maintain two Windows AD domain environments in two locations and review logs for FIM, system integrity, IP360, and SEIM using Alien Vault and Tripwire Enterprise 8.3. • Manage and address security and control issues with Windows Server… Show more • Manage the PCI DSS Compliance program and audit for the company and work with CTO/CIO for IT budget, and compliance and other projects. • Organize and manage policy development, vulnerability management, and risk assessment. • Setup, optimize and maintain two Windows AD domain environments in two locations and review logs for FIM, system integrity, IP360, and SEIM using Alien Vault and Tripwire Enterprise 8.3. • Manage and address security and control issues with Windows Server, Linux, DB, firewalls, routers, Wifi and Cloud. • Scan external/internal network regularly for security review to meet with PCI DSS requirements. • Setup, configure, review and manage all aspects of the networks at five different location’s i.e. VLAN, Firewall, IPS, VPN with Checkpoint, Juniper, Cisco and HP network devices. • Setup, optimize and maintain VMware with ESXi5.5 in multi-locations. • Manage company core data at the data center and cloud environment with MS 2012 SQL Server. • Plan, implement and manage the company’s infrastructure in all aspects. • Manage Loadbalancers using HAproxy and Nginx on the Linux environment. • Manage IT team on three different locations (NYC, Lynbrook NY, and Americus GA) and review performance annually then report to CTO. Show less • Manage the PCI DSS Compliance program and audit for the company and work with CTO/CIO for IT budget, and compliance and other projects. • Organize and manage policy development, vulnerability management, and risk assessment. • Setup, optimize and maintain two Windows AD domain environments in two locations and review logs for FIM, system integrity, IP360, and SEIM using Alien Vault and Tripwire Enterprise 8.3. • Manage and address security and control issues with Windows Server… Show more • Manage the PCI DSS Compliance program and audit for the company and work with CTO/CIO for IT budget, and compliance and other projects. • Organize and manage policy development, vulnerability management, and risk assessment. • Setup, optimize and maintain two Windows AD domain environments in two locations and review logs for FIM, system integrity, IP360, and SEIM using Alien Vault and Tripwire Enterprise 8.3. • Manage and address security and control issues with Windows Server, Linux, DB, firewalls, routers, Wifi and Cloud. • Scan external/internal network regularly for security review to meet with PCI DSS requirements. • Setup, configure, review and manage all aspects of the networks at five different location’s i.e. VLAN, Firewall, IPS, VPN with Checkpoint, Juniper, Cisco and HP network devices. • Setup, optimize and maintain VMware with ESXi5.5 in multi-locations. • Manage company core data at the data center and cloud environment with MS 2012 SQL Server. • Plan, implement and manage the company’s infrastructure in all aspects. • Manage Loadbalancers using HAproxy and Nginx on the Linux environment. • Manage IT team on three different locations (NYC, Lynbrook NY, and Americus GA) and review performance annually then report to CTO. Show less

  • Sara Computers Inc
    • Greater New York City Area
    • Manager/Head Administrator
      • Aug 2007 - Jun 2013

      • Managed and supervised a team of field technicians for over 40 small to mid-size companies’ networks and systems. • Setup, optimize and maintain 2007/10 and 2013 MS Exchange servers. • Support many different MS office suites – 2003, 2007, 2010 and Office 365. • Setup, optimize and maintain Blackberry Enterprise servers in multiple locations. • Reviewed and modified GPOs, AD and other settings according to the client’s environment. • Setup, optimized and modified client’s… Show more • Managed and supervised a team of field technicians for over 40 small to mid-size companies’ networks and systems. • Setup, optimize and maintain 2007/10 and 2013 MS Exchange servers. • Support many different MS office suites – 2003, 2007, 2010 and Office 365. • Setup, optimize and maintain Blackberry Enterprise servers in multiple locations. • Reviewed and modified GPOs, AD and other settings according to the client’s environment. • Setup, optimized and modified client’s network infrastructure in various manners such as firewalls, VLANs, VPN, and Layer 2 flow. • Created documents to modify the entire current system and network specifications. • Surveyed, planned and implemented infrastructure projects in Windows and Linux environments. • Designed, implemented and did the troubleshooting of multiple projects simultaneously for clients with various vendors including the merger of two companies’ infrastructures in multiple locations. • Provided level 3 support for field technicians. • Worked with vendors for various issues and projects. Show less • Managed and supervised a team of field technicians for over 40 small to mid-size companies’ networks and systems. • Setup, optimize and maintain 2007/10 and 2013 MS Exchange servers. • Support many different MS office suites – 2003, 2007, 2010 and Office 365. • Setup, optimize and maintain Blackberry Enterprise servers in multiple locations. • Reviewed and modified GPOs, AD and other settings according to the client’s environment. • Setup, optimized and modified client’s… Show more • Managed and supervised a team of field technicians for over 40 small to mid-size companies’ networks and systems. • Setup, optimize and maintain 2007/10 and 2013 MS Exchange servers. • Support many different MS office suites – 2003, 2007, 2010 and Office 365. • Setup, optimize and maintain Blackberry Enterprise servers in multiple locations. • Reviewed and modified GPOs, AD and other settings according to the client’s environment. • Setup, optimized and modified client’s network infrastructure in various manners such as firewalls, VLANs, VPN, and Layer 2 flow. • Created documents to modify the entire current system and network specifications. • Surveyed, planned and implemented infrastructure projects in Windows and Linux environments. • Designed, implemented and did the troubleshooting of multiple projects simultaneously for clients with various vendors including the merger of two companies’ infrastructures in multiple locations. • Provided level 3 support for field technicians. • Worked with vendors for various issues and projects. Show less

  • Synergos
    • United States
    • International Affairs
    • 1 - 100 Employee
    • System Admin
      • Nov 2006 - Apr 2007

      • Provided level 3 support for field technicians. • Upgraded and maintained Windows-based servers/desktops and Avaya phone systems. • Was responsible for supporting end-users with regards to PDAs, workstations and printers. • Managed Windows AD System and Exchange 2003 server. • Upgraded Cisco network devices and an optimized firewall. • Deployed new systems with Ghost images. • Provided level 3 support for field technicians. • Upgraded and maintained Windows-based servers/desktops and Avaya phone systems. • Was responsible for supporting end-users with regards to PDAs, workstations and printers. • Managed Windows AD System and Exchange 2003 server. • Upgraded Cisco network devices and an optimized firewall. • Deployed new systems with Ghost images.

  • Optimum Online
    • Woodbury, NY
    • Technical Support/ System Administrator
      • Mar 2006 - Sep 2006

      • Installed and maintained of Windows-based server/workstations. • Installed and configured AV server, Backup, DHCP and DNS services. • As 2nd level tech support person, answered customer calls regarding network issues and trouble shooted Windows and Mac OS environment. • Installed and maintained of Windows-based server/workstations. • Installed and configured AV server, Backup, DHCP and DNS services. • As 2nd level tech support person, answered customer calls regarding network issues and trouble shooted Windows and Mac OS environment.

Education

  • NYIT
    Master of Science (MS), Computer Science
    2002 - 2004
  • The Catholic University of Korea
    Theology
    1990 - 1998

Community

You need to have a working account to view this content. Click here to join now