Profiles search

David Steiner

Cyber & Information Security | Technology Risk Management | IT Audit | Leadership | Compliance | Banking | Governance
Portland, OR, United States

Details

Education: BS

Information Systems & Quantitative Analysis

Portland State University - School of Business
Experience: 2018 : Present

Wells Fargo

Information and CyberSecurity Consultant

As the bank’s subject matter expert, led a team responsible for cybersecurity program governance. Focus areas included policies and standards, privacy, enterprise and asset-level risk and control assessment, issue management, employee and customer security awareness training, project and product consulting, regulatory compliance and audits/examinations, and board/management reporting.

2017 : 2018

Umpqua Bank

SVP Cybersecurity Risk and Governance Manager

Led the bank’s Information Security and Business Continuity Planning (BCP) programs and teams. Program areas included governance (e.g., policies, standards, committees), ongoing risk/threat assessment, business impact analysis, evaluation of appropriate security controls, testing of control operating effectiveness, awareness training, project and product development consultation, incident response program, data loss prevention, third party vendor evaluations, threat intelligence, oversight and reporting of business unit BCP plan testing, emergency communications, proactive compliance with correlated industry regulations, and federal banking examinations.

2014 : 2017

Umpqua Bank

SVP Information Security Officer

Directed the technology audit team reporting directly to the Chief Audit Officer. Scope of responsibility included traditional technology functions in addition to payment services (i.e., wire transfer, ACH, check processing, ATM). As a working manager, was responsible for all phases of the technology audit process, SOX, new project and product consulting, data analysis, regulatory examination coordination for IT Audit and the CIO organization, and Board presentations.

2007 : 2014

Umpqua Bank

SVP IT Audit Manager

Independently managed all phases of concurrent complex technology audits with teams of three to seven auditors. Audits focused on cybersecurity areas including governance, system hardening (e.g., client/server operating systems, network appliances, databases, applications), network security, identity & access management, privilege management, change and configuration management, vulnerability and patch management, encryption, and data/system recovery.

2004 : 2007

Wells Fargo Bank

Technology Audit Manager
Company: Wells Fargo
Years of Experience: 29

Skills

Analytical Skills, Auditing, Banking, Business Analysis, Business Continuity, Business Process Improvement, Change Management, CISA, Commercial Banking, Disaster Recovery, Distributed Team Management, Enterprise Risk Management, FFIEC, Financial Analysis, Financial Risk, GIAC, GLBA, Incident Management, Information Security, Information Security Management, Information Technology, Internal Audit, Internet Banking, IT Audit, Leadership, Management, Operational Risk Management, PCI DSS, Project Management, Regulatory Compliance, Retail Banking, Risk Assessment, Risk Management, Sarbanes-Oxley Act, Software Development Life Cycle (SDLC), Team Building, Vendor Management, Vulnerability Management

About

Accomplished risk management leader with 22 years of meaningful information security, audit, and technology risk management experience.High performer with a track record of adding business value, program and strategy improvement, risk identification and mitigation, enhanced compliance, and heightened quality.Broad knowledge base, including strong information security, audit, and risk management acumen, driving change through professional experience and education of key stakeholders on business risks and the value in risk management techniques.



Exceptional work ethic with the ability to understand complex subject matter, apply strong analytical skills, and communicate at both a detailed and C suite level.Outstanding relationship builder using collaboration, professional and understandable communication, knowledge sharing, trust building, and follow‐through.



Passionate coach, focused on developing and retaining local and virtual teams through inspiration, encouragement, empowerment, and modeling by example. Fifteen years of management experience, including leading teams of managers, with the ability to manage multiple people, tasks and bodies of work simultaneously.



Email: steinerd71@yahoo.com



Cloud Security, Third Party Vendor Risk, Control Testing, Incident Response, Sarbanes Oxley (SOX), Risk Assessment, External Audit/Exam Management, ISO 27001/27002, NIST CSF, CIS Top 20, FFIEC, HIPAA, COBIT, COSO, SSAE 16 SOC, OWASP, GDPR, GLBA, PCI, Vulnerability Management, Malware, Web/Mobile Application Security, Authentication, Business Continuity Planning, Disaster Recovery, Policy/Standards, Configuration Baselines (e.g., Operating Systems, Network Appliances), Agile/Waterfall, Data Loss Prevention, Fraud Mitigation, GRC, DDOS, Logging and Monitoring, Intrusion Detection/Prevention, Asset Management, Wireless, Mobile Device Security, Network Security, ACL, FDIC, OCC, FINRA, SEC, Social Engineering Threats, Online Banking, Encryption, Privacy, Breach Laws