Profiles search
Brendan Cotter CISM
Senior Information Security Manager at Red Oak Sourcing
Providence, RI, United States
Details
Experience:
Working to continually improve and grow the IT security program to better protect critical information and support the needs of business partners.
• Managing security compliance activities, including patching and configuration management as well as vulnerability scanning/resolution
• Conducting technical reviews to identify and mitigate security weaknesses and ensure proper hardening of critical systems
• Evaluating security incidents and executing the necessary response
• Working with third-party vendors to meet corporate security requirements and conducting risk assessments for all new and existing systems
• Developing and conducting companywide IT/information security awareness programs
2020 : Present
Red Oak Sourcing
Senior Information Security Manager
As an Information Security Specialist at Upserve, I am engaged in all aspects of the Security program and interact with every segment of the business to ensure a robust security posture while continuously working to support our growth, the products we produce, and the customers we serve.
• Design and deliver security training for the corporate security awareness program
• Conducting risk assessments, and facilitating business impact analyses of systems, personnel, processes, and third-parties
• Overseeing security assessments such as penetration testing, bug bounties, and code reviews
• Collaborate on the development of secure configuration standards, as well as overseeing and reporting on compliance with the standards
• Align the security program with NIST CSF, BSIMM, and additional industry standards
• Ensuring compliance with PCI DSS requirements and effectively demonstrating our compliance to third-parties
• Evaluating vulnerabilities for security impact and overseeing compliance with remediation standards
• Researching and building attacker models
2019 : 2020
Upserve
Information Security Specialist
• Develop and maintain a continuous, targeted Social Engineering Awareness and training program, providing management reporting of internal results compared to industry standards
• Guide business lines on the Information Security Risk Assessment process and provide review and approval of completed assessments to ensure they properly reflect the appropriate level of inherent risk the asset presents
• Assist with Gramm-Leach-Bliley Act (GLBA) activities including the creation of threat assessments, customer information flows, validation of control testing results, and periodic reporting on the effectiveness of controls in place to protect customer information
• Review and certify Business Services Risk Audit findings to ensure that controls are in place to protect the organization from cyber-security risks and adhere to regulatory requirements under GLBA, FFIEC, PCI & SOX as well as NIST CSF.
• Advise business and technology project teams on the implementation of Information Security (IS) requirements during technology efforts and escalate any failures to comply with IS controls in app/system implementations
• Provide guidance in the determination of inherent IS risk related to vendors processing and storing information on behalf of the Bank to ensure the appropriate controls are evaluated by the vendor management team to determine the IS residual risk of vendor services
• Primary point of contact for Information Security policy, process, and governance inquiries, utilizing an understanding of divisional business, systems
2017 : 2019
Citizens Bank
Infomation Security Specialist
• Assist the Application Security team to administer and manage the penetration testing and application code scanning programs in place to ensure network tests are conducted and timely remediation efforts completed
• Support business and technology projects as well as other efforts including implementation of Information Security programs relating to corporate security
• Support the Corporate Security Team in the production of high quality, informative and accurate management information for the division
• Provide guidance to business lines and technology service providers as they apply information security policy requirements within daily business activities
• Maintain reporting of current risk position for divisions and track actions to address or mitigate information security risk
• Identify and mitigate IS related risks and drive policy compliance
2015 : 2017
Citizens Bank
Information Security Support Analyst
2013 : 2014
Johnson & Wales University
Technical Support Assistant
• Managing security compliance activities, including patching and configuration management as well as vulnerability scanning/resolution
• Conducting technical reviews to identify and mitigate security weaknesses and ensure proper hardening of critical systems
• Evaluating security incidents and executing the necessary response
• Working with third-party vendors to meet corporate security requirements and conducting risk assessments for all new and existing systems
• Developing and conducting companywide IT/information security awareness programs
2020 : Present
Red Oak Sourcing
Senior Information Security Manager
As an Information Security Specialist at Upserve, I am engaged in all aspects of the Security program and interact with every segment of the business to ensure a robust security posture while continuously working to support our growth, the products we produce, and the customers we serve.
• Design and deliver security training for the corporate security awareness program
• Conducting risk assessments, and facilitating business impact analyses of systems, personnel, processes, and third-parties
• Overseeing security assessments such as penetration testing, bug bounties, and code reviews
• Collaborate on the development of secure configuration standards, as well as overseeing and reporting on compliance with the standards
• Align the security program with NIST CSF, BSIMM, and additional industry standards
• Ensuring compliance with PCI DSS requirements and effectively demonstrating our compliance to third-parties
• Evaluating vulnerabilities for security impact and overseeing compliance with remediation standards
• Researching and building attacker models
2019 : 2020
Upserve
Information Security Specialist
• Develop and maintain a continuous, targeted Social Engineering Awareness and training program, providing management reporting of internal results compared to industry standards
• Guide business lines on the Information Security Risk Assessment process and provide review and approval of completed assessments to ensure they properly reflect the appropriate level of inherent risk the asset presents
• Assist with Gramm-Leach-Bliley Act (GLBA) activities including the creation of threat assessments, customer information flows, validation of control testing results, and periodic reporting on the effectiveness of controls in place to protect customer information
• Review and certify Business Services Risk Audit findings to ensure that controls are in place to protect the organization from cyber-security risks and adhere to regulatory requirements under GLBA, FFIEC, PCI & SOX as well as NIST CSF.
• Advise business and technology project teams on the implementation of Information Security (IS) requirements during technology efforts and escalate any failures to comply with IS controls in app/system implementations
• Provide guidance in the determination of inherent IS risk related to vendors processing and storing information on behalf of the Bank to ensure the appropriate controls are evaluated by the vendor management team to determine the IS residual risk of vendor services
• Primary point of contact for Information Security policy, process, and governance inquiries, utilizing an understanding of divisional business, systems
2017 : 2019
Citizens Bank
Infomation Security Specialist
• Assist the Application Security team to administer and manage the penetration testing and application code scanning programs in place to ensure network tests are conducted and timely remediation efforts completed
• Support business and technology projects as well as other efforts including implementation of Information Security programs relating to corporate security
• Support the Corporate Security Team in the production of high quality, informative and accurate management information for the division
• Provide guidance to business lines and technology service providers as they apply information security policy requirements within daily business activities
• Maintain reporting of current risk position for divisions and track actions to address or mitigate information security risk
• Identify and mitigate IS related risks and drive policy compliance
2015 : 2017
Citizens Bank
Information Security Support Analyst
2013 : 2014
Johnson & Wales University
Technical Support Assistant
Company:
Red Oak Sourcing
About
Information Security professional using my experience in cyber security, risk management, and regulatory assurance into designing, implementing and maintaining comprehensive and effective corporate security programs.
I strive to deliver value and work with the understanding that information security exists to enable people, teams, and my company as a whole to make educated, risk-based decisions to best protect information entrusted to us.
Skilled in Threat & Risk Assessments, Vulnerability Management, Penetration Testing, Regulatory Compliance, Organizational Structure/Policy Implementation, Endpoint Security, Security Education & Awareness.
Profile Photo
