Lufsec L.

Vendor Risk Management: Developed a Vendor Risk Assessment tool increasing the capability of the team and increased efficiency with automation for requests by 35%. The tool includes an on-line assessment, initial risk definition for each vendor and initial remediation required. Risk Assessment: Improved time to answer the Risk Assessment from 30 days to 1-2 weeks making questions more clear. Added +150 questions to the assessment but made it smarter and dynamic asking specific questions on the beginning of the assessment to capture business scope and profile. (For example questions for e-commerce site, or hosting provider, or digital marketing, etc.) Compliance with Kimberly-Clark Standards: Added an area on the on-line risk assessment for vendors to upload required documents for review and analysis against SSAE 16 requirements, PCI compliance, etc. Increased the number of Risk Assessments performed per year by 60% through Global training and creating a synergy and work process with Procurement and Legal teams. The relationship with these two areas positioned security to engage and participate in vendor selection processes and also review of Master Agreements, Contracts and Statement of Work. Security Framework: Changed the process and increased the scope of Risk Assessments to adjust with security best practices following NIST and ISO. Covered not only “confidentiality” but also integrity and availability. Diminished 75% of escalated Risk Assessments to management (Sr. Manager and CISO) resolving vendor and business risk issues and remediation requirements at the lowest level possible. Translate Technical Requirements to Business Language: Implemented a Risk Management process to a spinoff Health Care company (Halyard Health) on time and on budget. Participated in meetings with the Chief Information Security Officer (CISO) and Business Director to translate technical security concerns to business language providing pragmatic understanding of the real threat to empower the business to make smart decisions. Public Key Infrastructure (PKI): Led implementation of a cloud PKI solution (Symantec mPKI) for mobility to a spin-off new company (Halyard Health) on time and on budget. Led and managed the global PKI solution for Kimberly-Clark including Root Certified Authority, Issuing/Subordinated Certified Authorities, NDES server, OCSP, Safenet Luna SA 5 Hardware Secure Module (HSM) and integration with MDM solution Vulnerability Management: Proved to management the need for a Vulnerability Management Solution. Designed and implemented from definition of scope, vendor selection, installation and operation of the devices. Built processes, procedures and policy for executing the discovery and vulnerability scans and integrating with support areas (desktop, network, server, etc.). Increased visibility of threats and engaged other teams to patch and update their devices increasing the overall security. Performed discovery and vulnerability scans every 30 days and specific scans when new threats appeared (i.e. Poodle, Shellshock, Heartbleed, etc.) using Beyond Trust Retina and Nessus Policies and Standards: Developed Information Security Standards (Cryptography, PKI, Hardware Disposal, Password Management, Remote Access, Two Factor Authentication, Risk Management and Vulnerability Management). Data Privacy: Led an information security Data Privacy project with Global Security and Legal. Security Awareness: Promoted multiple information security awareness campaigns including social engineering calls raising the security knowledge of employees. Security Strategy: Provided definition of Information Security Strategy for Risk, Vulnerability, PKI and Third Party Access Management. Data Loss Prevention (DLP): Led development and implementation of a DLP Solution for a single location in Latin America as a pilot. Configured the device to monitor for two weeks before implementing the policy settings. IT Network: Managed $3M Capital Budget for Latin America Network Operations. Led Latin American MPLS Data Network deployment. Successfully reduced 50% of Latin American network costs and doubled capacity. Led standardization of IT infrastructure in Latin American reducing the Total Cost of Ownership. Reduced 20% of Data Center Infrastructure with VMware virtualization.