Regional Information Security Officer

• Jul 2022 - Present

SVP, Cybersecurity

• Mar 2022 - Jul 2022

Head of Data Protection Services Head of Data Protection Services

Director of Cyber Security

• Jun 2021 - Mar 2022

I lead Cyber Technical Investigations, which includes Cyber Security Incident Response and Digital Forensics teams. This includes activities ranging across cybersecurity incident response, forensic investigation, threat intelligence, vulnerability analysis, and support of advanced threat detection & response technologies. I also lead and provide technical direction to the Cyber Security Automation team, responsible for the engineering, development, implementation, and operations of Security Orchestration Automation and Response. I build, develop, and maintain relationships with customers, internal & external, and vendors to formulate effective solutions related to Information Security for Freddie Mac. I provide thought leadership and guidance to build the necessary controls and infrastructure to provide proactive detection and response to ensure the firm's security. I assure the availability of the appropriate level of technology, staffing, skill levels, and processes required to deliver information security processes, procedures, and solutions to protect confidentiality, integrity & availability of Freddie Mac's information assets and enhance overall security posture. Show less

Sr. Manager (Acting Director) - Cyber Security

• Apr 2017 - May 2021

I led Cyber Security Incident Response Team, accountable for response, triage and recovery activities for Information Security Incidents impacting the company’s information technology assets. I helped rebuild the Security Incident Response function for the firm, instituted repeatable processes, overhauled documentation, adopted & applied several industry-standard frameworks such as NIST, US-CERT, MITRE ATT&CK to Incident Response processes. I led Cyber Security process maturity to support cloud transformation. I also provided leadership and operation support for Event Monitoring, Forensics, Threat Intelligence, Advanced Threat Detection, and Malicious Software Analysis. Show less

Manager, Information Security

• Nov 2013 - Apr 2017

I led an operations & engineering team that was responsible for enterprise-wide 25+ Information Security & Data Protections tools, including Identity & Access Management (IAM) system (including Provisioning, Re-certification, Password Vaulting, Centralized Authorization), Data-at-rest encryption system, Dynamic Data Masking (DDM), General Risk Control (GRC)system, Managed File Transfer service, SIEM/Log aggregation tool, API Gateway besides multiple other tools and applications. I supervised and managed a team of 20+ security analysts, engineers, and consultants. Show less

Tech Lead - Information Security

• Jul 2010 - Oct 2013

Led a project to revamp the IAM stack, including retiring an existing IAM system built on the aging Sun IDM platform and migrated its functionality by implementing a new state-of-the-art Modern Access Control (MAC) system. New System was built using the latest technology supporting Identity and Access Management activities for internal and external users, technologies platforms, and applications.

Technical Analyst

• Mar 2009 - Jul 2010

I was liaised with Product Management and Business teams in refinement of business requirements for software product development. I developed functional specifications and led documentation efforts for hand-off to development and quality assurance teams. I worked closely with IT team to specify, design and enable identity and access management functions for role based access to the financial applications under-development. I was responsible for coordination of the Application security assessments. I led the design and architecture of the data model for a new financial application to support multi billion-dollar transactions per week. I conducted risk assessments and supported development of techniques for deployment, integration and migration of solutions including user authentication and authorization. I closed worked with business, development and operations teams to drive consensus agreement as to scope, timing, risk, resources, etc. and ensure timely delivery of scoped business requirements. Show less

Sr. Systems Analyst

• May 2005 - Mar 2009

I worked as an analyst consultant at company clients. Additionally, I also assisted the firm in managing their internal information systems needs such as negotiating internal information systems purchases as well as development contracts. I worked as an analyst consultant at company clients. Additionally, I also assisted the firm in managing their internal information systems needs such as negotiating internal information systems purchases as well as development contracts.

Sr. Business System Analyst

• Jan 2006 - Jan 2009

I was a Sr analyst on InfoSec team that was responsible for implementing an Identity and Access Management (IAM) system to improve the efficiency of IAM processes including automatically managing users’ access privileges within Fannie Mae's IT resources, enhance security, and diminish the burden associated with regulatory compliance such as Sarbanes-Oxley (SOx) I was a Sr analyst on InfoSec team that was responsible for implementing an Identity and Access Management (IAM) system to improve the efficiency of IAM processes including automatically managing users’ access privileges within Fannie Mae's IT resources, enhance security, and diminish the burden associated with regulatory compliance such as Sarbanes-Oxley (SOx)

Misc

• Jul 1997 - May 2005

Worked in several companies on various IT and security related projects with growing responsibility. Worked in several companies on various IT and security related projects with growing responsibility.