Mike Kirchmeier, MBA, CISA
VP, Technology Risk and Cyber Security at Standard Industries- Claim this Profile
Click to upgrade to our gold package
for the full feature experience.
Topline Score
Bio
Erin Barnes
I worked with Mike on several projects at Bloomberg. He is trustworthy, smart and thoughtful, a great team player, and a real subject matter expert.
Donnamarie Baldwin - MBA, PMP, CISA, ITIL
Mike was one of the strongest people on my team. He is extremely organized and knowledgeable. He was able to perform his work with very little oversight and managed multiple projects at once. He is very well versed in IT environments, as well as risk and audit techniques. He was also enjoyable to work with. His positive attitude and ability to connect with peers and clients was very valuable.
Erin Barnes
I worked with Mike on several projects at Bloomberg. He is trustworthy, smart and thoughtful, a great team player, and a real subject matter expert.
Donnamarie Baldwin - MBA, PMP, CISA, ITIL
Mike was one of the strongest people on my team. He is extremely organized and knowledgeable. He was able to perform his work with very little oversight and managed multiple projects at once. He is very well versed in IT environments, as well as risk and audit techniques. He was also enjoyable to work with. His positive attitude and ability to connect with peers and clients was very valuable.
Erin Barnes
I worked with Mike on several projects at Bloomberg. He is trustworthy, smart and thoughtful, a great team player, and a real subject matter expert.
Donnamarie Baldwin - MBA, PMP, CISA, ITIL
Mike was one of the strongest people on my team. He is extremely organized and knowledgeable. He was able to perform his work with very little oversight and managed multiple projects at once. He is very well versed in IT environments, as well as risk and audit techniques. He was also enjoyable to work with. His positive attitude and ability to connect with peers and clients was very valuable.
Erin Barnes
I worked with Mike on several projects at Bloomberg. He is trustworthy, smart and thoughtful, a great team player, and a real subject matter expert.
Donnamarie Baldwin - MBA, PMP, CISA, ITIL
Mike was one of the strongest people on my team. He is extremely organized and knowledgeable. He was able to perform his work with very little oversight and managed multiple projects at once. He is very well versed in IT environments, as well as risk and audit techniques. He was also enjoyable to work with. His positive attitude and ability to connect with peers and clients was very valuable.
Credentials
-
Certified Security & Compliance Specialist (CSCS)
ECFirstAug, 2011- Nov, 2024 -
Certified Information Systems Auditor (CISA)
ISACADec, 2009- Nov, 2024
Experience
-
Standard Industries
-
United States
-
Manufacturing
-
100 - 200 Employee
-
VP, Technology Risk and Cyber Security
-
May 2019 - Present
Identifying the cybersecurity needs from the foundation up in building the larger cyber team while leading the cyber risk controls and assurances function. Execute and lead cyber risk technology initiatives, selection and implementation of risk assessment frameworks, quantification and KPI build-out. Trusted security advisor and partner with all areas of the business. Identifying the cybersecurity needs from the foundation up in building the larger cyber team while leading the cyber risk controls and assurances function. Execute and lead cyber risk technology initiatives, selection and implementation of risk assessment frameworks, quantification and KPI build-out. Trusted security advisor and partner with all areas of the business.
-
-
-
Time Inc.
-
United States
-
Book and Periodical Publishing
-
700 & Above Employee
-
Global Director, Information Security Governance, Risk & Compliance
-
Feb 2014 - May 2019
Responsible for leading and defining strategic Information Security initiatives within Governance, Risk Compliance (GRC), Application Security (AppSec) and Incident Response for the organization. Identify and prioritize Information security risk reduction and quantification projects. Support the organization's move to Amazon AWS, establish security standards and ensure compliance with PCI, ISO 27001. Lead the global GDPR compliance initiative across the company and all subsidiaries. Perform architecture reviews with the goal of recommending best security practices for deploying applications securely to the cloud. Manage penetration testing engagements and tools to proactively identify threats for remediation. Identify vendor partners and representative information security products to meet the needs of the organization. Show less
-
-
-
Bloomberg
-
United States
-
Financial Services
-
700 & Above Employee
-
Manager - IT Security, Assurance and Compliance - New Services
-
May 2010 - Jan 2014
Responsible for leading the team with a mission to advance and mature the overall security posture of the firm through the execution of strategic IT security control and governance initiatives. IT Security Control Advisory • IT security control advisory to identify, manage and mitigate risks over the CIA (Confidentiality, Integrity & Availability) of Bloomberg and customer data. Implement IT security policy and procedure development aligned with the ISO 27001 framework Legal, Regulatory, Privacy •Provide security department guidance on various national and international InfoSec and privacy regulations. Work extensively with Bloomberg's legal team in writing security control contract addendums / MSA's & SoWs for high risk vendor/business partner and business associate (BAA) agreements Security Solutions & Assessment • Deploy and manage Proof of Concept (POC) security and control initiatives around Data Loss Prevention (DLP), Secure Documentation Management, Mobile/BYOD (Bring Your Own Device) and USB/removable media device control solutions HR Business Information Security Officer (BISO) - Employee Data projects and Privacy compliance • Compliance with Data Protection regulations surrounding PII (Personally Identifiable Information), PHI (Protected Health Information) as it pertains to HIPAA and HITECH and reviewing the Administrative, Physical and Technical Safeguards, Standards and Implementation Specifications. Consultative security direction and control requirements in implementing complex benefits solutions both in-house and via vendor outsourcing. Vendor/Third Party Risk Assessment • Conduct a Test of Design of the vendors IT security controls via inspection of documents (SSAE16), facilitate network/web-app penetration testing and negotiate a required Data Privacy & Security Requirements (DPSR) vendor security schedule. Key security decision maker in RFPs where the business explores the use of out-sourcing, off-shoring and consulting arrangements Show less
-
-
-
KPMG US
-
United States
-
Financial Services
-
700 & Above Employee
-
IT Advisory Services
-
Jan 2005 - May 2010
CISA (Certified Information Systems Auditor), Senior Associate at KPMG LLP's New York IT Advisory Services Practice with 5 years in audit and advisory business experience specializing in Business System Controls including ERP advisory / SOX-404 with a primary focus on SAP. • Lead Sr. Associate on large Sarbanes-Oxley section 404 integrated IT audits containing both Legacy and SAP R/3 systems including supervising and training Associates and interns in identifying and testing both IT General Controls and Application Controls • Experience in performing comprehensive segregation of duties analysis and access testing through the use of the SAP Compliance Calibrator (VIRSA) including an analysis of mitigating controls • Team lead for the development of the Global RCM (including, BASIS Security, Change Management, Data Conversion) for a long term Advisory Services engagement in the pharmaceuticals sector on the SAP ECC, BI, SCM, GTS application platforms.. • Proficient in writing Standard Operating Procedures and IT Policies in an advisory capacity including documenting business processes in Flow Chart and narrative form •Extensive experience with Sarbanes-Oxley Section 404 in regards to both identifying appropriate internal controls in an advisory capacity and assessing the effectiveness of the controls during an integrated and Financial Statement Audit. Show less
-
-
Community
