Jason N.
Vice President of Information Security at AffiniPay- Claim this Profile
Click to upgrade to our gold package
for the full feature experience.
-
English -
Topline Score
Bio
Carlos A. Villalba
Jason has the perfect security pedigree that most of us will ever dream of. Military background, served honorably, law enforcement background, instructor, engineer, operations, consultant, warrior, etc. When it comes to physical security assessments (any standard), social engineering (including breaking in into highly secured facilities) Jason has been my go to person. I worked side-by-side with Jason in multiple security assessment, 800-53, HIPAA, and PCI. Jason completed back-to-back many of these projects while being highly praised by clients afterwards. How many auditors can manage that? Being liked after the audit is done and bad new delivered? Jason understand security but more importantly, can translate and communicate this to the business.
Eric Nay
Jason is the best example of a technically articulate, detail oriented subject matter expert. He has an encyclopedic knowledge of the subjects at hand, and he expresses them in clear, concise language. He is a huge asset at SAIC and I can easily see how he could enhance any organization. Highly recommended!
Carlos A. Villalba
Jason has the perfect security pedigree that most of us will ever dream of. Military background, served honorably, law enforcement background, instructor, engineer, operations, consultant, warrior, etc. When it comes to physical security assessments (any standard), social engineering (including breaking in into highly secured facilities) Jason has been my go to person. I worked side-by-side with Jason in multiple security assessment, 800-53, HIPAA, and PCI. Jason completed back-to-back many of these projects while being highly praised by clients afterwards. How many auditors can manage that? Being liked after the audit is done and bad new delivered? Jason understand security but more importantly, can translate and communicate this to the business.
Eric Nay
Jason is the best example of a technically articulate, detail oriented subject matter expert. He has an encyclopedic knowledge of the subjects at hand, and he expresses them in clear, concise language. He is a huge asset at SAIC and I can easily see how he could enhance any organization. Highly recommended!
Carlos A. Villalba
Jason has the perfect security pedigree that most of us will ever dream of. Military background, served honorably, law enforcement background, instructor, engineer, operations, consultant, warrior, etc. When it comes to physical security assessments (any standard), social engineering (including breaking in into highly secured facilities) Jason has been my go to person. I worked side-by-side with Jason in multiple security assessment, 800-53, HIPAA, and PCI. Jason completed back-to-back many of these projects while being highly praised by clients afterwards. How many auditors can manage that? Being liked after the audit is done and bad new delivered? Jason understand security but more importantly, can translate and communicate this to the business.
Eric Nay
Jason is the best example of a technically articulate, detail oriented subject matter expert. He has an encyclopedic knowledge of the subjects at hand, and he expresses them in clear, concise language. He is a huge asset at SAIC and I can easily see how he could enhance any organization. Highly recommended!
Carlos A. Villalba
Jason has the perfect security pedigree that most of us will ever dream of. Military background, served honorably, law enforcement background, instructor, engineer, operations, consultant, warrior, etc. When it comes to physical security assessments (any standard), social engineering (including breaking in into highly secured facilities) Jason has been my go to person. I worked side-by-side with Jason in multiple security assessment, 800-53, HIPAA, and PCI. Jason completed back-to-back many of these projects while being highly praised by clients afterwards. How many auditors can manage that? Being liked after the audit is done and bad new delivered? Jason understand security but more importantly, can translate and communicate this to the business.
Eric Nay
Jason is the best example of a technically articulate, detail oriented subject matter expert. He has an encyclopedic knowledge of the subjects at hand, and he expresses them in clear, concise language. He is a huge asset at SAIC and I can easily see how he could enhance any organization. Highly recommended!
Credentials
-
PCI Professional (PCIP)
PCI SSCJun, 2017- Nov, 2024 -
Internal Security Auditor (ISA)
PCI SSCApr, 2017- Nov, 2024 -
McAfee Certified Product Specialist
McAfeeNov, 2012- Nov, 2024 -
Payment Card Industry Professional (PCIP)
PCI Security Standards CouncilJun, 2020- Nov, 2024 -
CISSP
ISC2 -
DISA HBSS 4.5 Administrator
Defense Information Systems Agency -
DISA HBSS 4.5 Advanced Administrator
Defense Information Systems Agency -
Network +
CompTia -
Security +
CompTia
Experience
-
AffiniPay
-
United States
-
Financial Services
-
200 - 300 Employee
-
Vice President of Information Security
-
Oct 2022 - Present
-
-
-
Plexus Worldwide
-
United States
-
Wellness and Fitness Services
-
700 & Above Employee
-
Sr Director IT Operations & Security
-
Feb 2022 - Oct 2022
Responsible for IT Operations spanning five regions with a budget of $31 million, I provide the vision and strategies to ensure the confidentiality, integrity, and availability of the company’s electronic information systems, data privacy program, data security, and compliance. Communicate risk areas to business leaders and provides risk mitigation strategies. Oversees the development and creation of policy and standards to ensure compliance with global regulatory requirements. Developed Global Data Privacy Program and selected technologies to support efficient, repeatable processes. Directs activities related to Data Protection Impact Assessments, Privacy Impact Assessments, and security risk assessments for all new and existing systems. Manages a staff of information security practitioners, data privacy analysts, and compliance professionals. Show less
-
-
Director Information Security, Privacy and Compliance
-
Nov 2018 - Oct 2022
Responsible for providing the vision and strategies to ensure the confidentiality, integrity and availability of the company’s electronic information systems, data privacy program, data security, and compliance. Communicate risk areas to business leaders and provides risk mitigation strategies. Oversees the development and creation of policy and standards to ensure compliance with global regulatory requirements. Developed Global Data Privacy Program and selected technologies to support efficient, repeatable processes. Directs activities related to Data Protection Impact Assessments, Privacy Impact Assessments, and security risk assessments for all new and existing systems. Manages a staff of information security practitioners, data privacy analysts, and compliance professionals. Show less
-
-
Information Security Manager
-
Jun 2017 - Nov 2018
Responsible for developing, leading, and mentoring the Security Operations Team. Managing the day-to-day operations of the Security Operations Center and provided situational awareness through both hands-on managing of security tools which detect, contain and remediate cyber threats. Ensured all IT security incidents were properly identified, analyzed, communicated, investigated and reported. Provided leadership direction and subject matter expertise for Threat and Vulnerability Management, data privacy, Identity, and Access Management, Architecture and Engineering, Data Protection, Governance Risk and Compliance, Security Operations, Security Awareness, and Incident Response. Directly managed a team of security and data privacy professionals. Created security policies, processes standards, controls, metrics, and key performance indicators. Show less
-
-
Security Engineer
-
Oct 2016 - Jun 2017
Responsible for developing Information Security, Data Privacy, and compliance strategic vision. Enhancing the current Security Program while implementing a long-term Security Program overhaul, developing policies, processes, and standards to ensure Plexus data, information assets, and technology platforms meet regulatory requirements and business risk expectations.
-
-
-
Terra Verde Services
-
United States
-
Senior Security Engineer
-
Jan 2013 - Sep 2016
Ensured client satisfaction and service delivery quality through the development of information technology policies, standards, processes and procedures. Partnered with clients to architect security applications and network solutions. Designed and developed key controls for PCI compliance. Worked closely with teams to integrate new skills to serve clients and develop new business. Coordinated, lead and participated in attack and penetration testing, web application assignments, enterprise security assessments, regulatory or compliance audits, implementation of IT security and Data Privacy controls. Maintained effective two-way communications with clients. Performed engagement checkpoints and deliverable reviews to ensure industry-leading practices were implemented. Provided data-driven options that best-suited clients' strategic vision. Show less
-
-
-
SAIC
-
United States
-
IT Services and IT Consulting
-
700 & Above Employee
-
Lead Technical Subject Matter Expert (SME)
-
Mar 2012 - Nov 2012
Technical Lead to implement commercial off-the-shelf (COTS) products over an enterprise network to proactively address threats both internally and externally. Served as the Lead Subject Matter Expert (SME) for McAfee, including ePO, HIPS, VSE, and Data Loss Prevention (DLP). Worked on application whitelisting, removable media threat mitigation, endpoint hardening, and authentication governance. Technical Lead to implement commercial off-the-shelf (COTS) products over an enterprise network to proactively address threats both internally and externally. Served as the Lead Subject Matter Expert (SME) for McAfee, including ePO, HIPS, VSE, and Data Loss Prevention (DLP). Worked on application whitelisting, removable media threat mitigation, endpoint hardening, and authentication governance.
-
-
-
SRA, a CSRA company
-
United States
-
Information Technology & Services
-
700 & Above Employee
-
Information Assurance Analyst
-
Nov 2011 - Mar 2012
Worked as a Military Sealift Command Afloat Network Operations Center Information Security Analyst overseeing nearly 2,000 nodes spread throughout the world. Responsible for ensuring the security of local assets and ship-based assets located throughout the world. Utilized McAfee Host-Based Security System as one of the layered approaches, which kept our assets secure from both outside threats as well as trusted insiders. Other responsibilities included: keeping abreast of the latest attack vectors and methodologies to mitigate cyber-attacker success, reviewed security logs looking for hard to detect anomalous activity, which may have indicated information spillage, ensured security measures were not circumvented, continual tested systems and software looking for “Zero Day” exploits and attack vectors. Show less
-
-
-
ManTech
-
United States
-
IT Services and IT Consulting
-
700 & Above Employee
-
Computer Network Defense Instructor
-
Feb 2011 - Nov 2011
Provided instruction on McAfee EPO Management Suite, Host Intrusion Prevention System, Anti-Virus, Device Control, and Host-Based Point products. Configured and prepared mobile training suites for use at remote training sites around the world. Provided instruction on McAfee EPO Management Suite, Host Intrusion Prevention System, Anti-Virus, Device Control, and Host-Based Point products. Configured and prepared mobile training suites for use at remote training sites around the world.
-
-
Education
-
2008 - 2011
ITT Technical Institute-San Diego
Bachelor of Applied Science (BASc), Information Systems Security
Community
