Experience Summary
Cybersecurity governance executive with 18+ years of experience leading enterprise GRC programs, regulatory compliance, and cyber risk management across highly regulated global institutions. Proven track record translating complex compliance requirements into practical GRC solutions, delivering integrated reporting and executive risk dashboards that support risk-based decision-making at the senior leadership and board level. Experienced partnering across engineering, risk, operations, and business functions to drive control assurance and continuous improvement in environments where data integrity, auditability, and operational accountability are paramount.
Certifications
Certified Information Systems Security Professional
Certified in Governance, Risk and Compliance
Certified Data Privacy Solutions Engineer
Certificate of Cloud Security Knowledge
GIAC Cloud Security Architecture and Design
GIAC Certified Incident Handler
Core Competencies
Cybersecurity Governance · Regulatory Compliance · Enterprise Risk Assessments · Executive & Board Reporting · Audit & Regulatory Remediation · Incident Response Governance · Tabletop Exercises · Third-Party Risk Management · Vulnerability Management · Application Security · Secure SDLC · DevSecOps · Cloud Security (AWS/Azure) · IAM & Data Protection · Security Metrics & KRIs · Security Policy & Standards
Tools & PlatformsSIEM/EDR · Splunk · CrowdStrike · Qualys · Tenable · Checkmarx · ServiceNow · Archer
Regulatory & Security Frameworks
NIST CSF · NYDFS 500 · ISO 27001 · CIS Controls · FFIEC · SWIFT CSCF · FDIC
Work Experience
Vice President — Head of Cybersecurity Governance (CIO Organization)
06/2022 – Present
Israel Discount Bank (IDB Bank)
- Drive security and compliance outcomes across engineering, risk, and operations enterprise-wide, reporting directly to CISO.
- Built executive dashboards integrating SOC metrics, incident trends, and cyber risk indicators for senior leadership and risk committees.
- Cut cyber risk reporting prep time by 50% by automating reporting across Qualys, Splunk, and CrowdStrike.
- Reduced repeat audit findings by 50% by overhauling incident response governance and tabletop exercise programs.
- Directed enterprise control alignment across engineering and security organizations to maintain compliance with FFIEC, NYDFS 500, NIST CSF, and SWIFT CSCF.
- Led remediation of FedLine, SWIFT CSCF, and internal audit findings across critical banking systems, tracking and managing findings in Archer.
- Evaluated emerging AI security tools and governance frameworks to assess risk and compliance impact.
- Main point of contact for cybersecurity regulatory examination evidence requests.
Vice President, Information Security Officer
04/2021 – 06/2022
Mizuho Americas — Americas Risk Management (2LOD) & CIO Organization (1LOD)
- Led governance oversight for the enterprise Incident Response program, including tabletop exercises, policy management, and maturity initiatives.
- Directed application security governance and secure SDLC initiatives across development teams, overseeing SAST/DAST testing for 100+ applications using Checkmarx, SonarQube, AppSpider, and Netsparker.
- Built KRIs and reporting metrics to track application security risk and remediation progress.
- Partnered with Internal Audit, Compliance, and Risk Management to track remediation activities and strengthen governance and control processes using Archer as the GRC platform of record.
- Provided guidance on IAM, data protection, and DLP-related security controls.
- Updated enterprise security policies and standards across cloud security, acceptable use, and end-user computing, and led monthly security awareness communications.
Assistant Vice President, Information Security Officer
12/2018 – 04/2021
Mizuho Americas — Americas Risk Management (2LOD)
- Held the same core responsibilities as the role above prior to promotion to Vice President, building the foundation for the Incident Response, application security governance, and GRC reporting programs.
Vice President, Information Security Specialist
06/2017 – 12/2018
BNY Mellon, New York, NY
- Led and quality-controlled cybersecurity assessments for bank affiliates and third parties using NIST, ISO 27001, and BNY Mellon's Cybersecurity Services Model.
- Identified control gaps and vulnerabilities, partnering with stakeholders on sustainable, risk-aligned remediation strategies.
- Built cybersecurity maturity dashboards that improved executive visibility and risk-based decision-making across business units.
Security Assessment Technical Lead & Security Subject Matter Expert
09/2014 – 05/2017
Blue Canopy Group, Arlington, VA
- Led 20+ NIST 800-53A security assessments for federal enterprise systems.
- Coordinated vulnerability assessments and penetration testing aligned with OWASP Top 10 using Tenable, Splunk, and SailPoint.
- Developed Windows and macOS security configuration baselines to meet USGCB and FDIC requirements.
- Led secure architecture review and remediation initiatives across infrastructure and application environments.
Education
George Mason University, Fairfax, VA
M.S., Applied Information Technology, 2013
B.S., Management, 2008
Professional Affiliations
- ISC2 NYC
- ISACA New York Metropolitan Chapter