User:Nathan Smolenski

CISO - 21st Century Insurance; CISA, CISM

10 Years experience in the following areas: IT Risk Management: Application Security: Information Security Governance & Program development: Program Management: Incident Management: Training Systems Analysis, Business Analysis & Project Management:
 * Implementation of security and risk management strategies
 * Implementation and execution of risk assessment and analysis methodologies (COBIT / ITIL / ISO)
 * Integration of security process and controls into SDLC and other life cycle processes.
 * Development and management of application assurance programs.
 * Implementation of dynamic and static analysis tools
 * Application vulnerability remediation programs
 * Secure SDLC program development
 * PCI-DSS
 * Development of information security strategies
 * Enterprise Information Security posture assessment
 * Implementation of information security governance programs
 * Metrics / KPI analysis and development
 * Management of large scale Infrastructure projects
 * Internal / external resource management
 * Project / Program governance and compliance
 * Contractual performance / vendor assessment
 * Coordination and execution of DR/BCP testing
 * Management of security and operational risk events
 * Implementation and management of RCA processes
 * Designing and delivering risk management, security awareness and compliance training
 * Managing technical projects in varying size and scope
 * Leading teams of development and operational staff
 * Organizing and managing business and technical JAD sessions.
 * Requirements management
 * Business process engineering
 * Management of software deployments and enterprise level software implementations
 * Management of UAT / Testing processes and programs

Specialties Application Security, Information Security Governance, Security Standards, IT Process Engineering, Application Vulnerability Testing, Information Systems Audit, Business Analysis, Systems Analysis, Secure Software Development, Project management Technology within Banking / Investment Management / Brokerage / FX Trading / Annuities, Risk Management, DOI / SOX / ICF / PCI-DSS / HIPAA Compliance