Joseph Bernfeld, CISM, CRISC, G2700

Global Lead for Information Security Policy and Awareness at EY

Lynbrook, NY, United States

Details

Education: Associate of Applied Science

Computer Science/Data Processing

Nassau Community College

Experience: • Lead team that develops and maintains Information Security policies and security awareness campaigns

2019 : Present

Ernst & Young

Global Lead Information Security Policy and Awareness

Information Security Policy and Awareness (Jul. 2017 - Jun. 2019)

Global Lead - Information Technology Policy (Aug. 2015 - Jul. 2017)

Global Lead - Information Security Policy (Aug. 2012 - Aug. 2015)

• Author and maintain Information Security policies, standards, and guidelines

• Align policies with business strategy, international standards, and regulatory requirements

• Develop and maintain policy framework and lifecycle processes

• Develop and deliver policy and security awareness campaigns

• Develop metrics for reporting policy lifecycle status

• Provide policy consultation and guidance

2012 : 2019

Ernst & Young

Information Security Policy and Awareness

Vice President - Information Security Manager and Americas Anti-Fraud Officer (2006-2011)

Vice President - Information Security Officer (2002-2006)

Associate - Information Security Officer (1999-2002)

• Supervised a team of up to five Information Security Officers and consultants

• Supervised an international team of two Anti-Fraud Officers

• Performed security event monitoring, threat analysis, vulnerability scanning/penetration testing

• Conducted risk assessments, data classifications, and business impact analysis

• Facilitated and supervised application and system security reviews

• Managed the information security and anti-fraud awareness training programs

• Provided monthly executive level reporting

• Participated in SOX controls testing

• Managed remediation of information security and information technology related audit actions

• Reviewed and approved application/infrastructure SDLC changes

1999 : 2011

ING

Information Security Manager and Americas Anti-Fraud Officer

Assistant Vice President – Information Security Analyst (1995-1999)

Supervisor – Information Security Administrator (1994-1995)

Senior Information Security Administrator (1989-1994)

• Provided tactical anti-virus support/consultation for installation/configuration/virus eradication

• Supervised a team of two Information Security Administrators

• Maintained multiple ACF2 security systems, including user entitlements/access rule management

1989 : 1999

Merrill Lynch

Information Security Analyst

• Maintained multiple RACF security systems, including user entitlements/access rule management

1988 : 1989

J.P. Morgan

Data Security Analyst

Company: Ernst & Young

Years of Experience: 39

Spoken Language: English

Skills

Application Security, Change Management, CISSP, COBIT, Computer Security, Data Analysis, Databases, Data Privacy, Data Security, Enterprise Risk Management, Firewalls, Governance, Incident Management, Information Security, Information Security Management, Information Security Policy, Information Technology, Internet Security, IT Audit, IT Governance, IT Strategy, Network Security, Process Development, Process Improvement, Project Delivery, Project Execution, Project Management, Risk Analysis, Risk Assessment, Risk Management, Risk Mitigation, Sarbanes-Oxley Act, Security, Security Architecture Design, Security Audits, Security Awareness, Security Policy, SOX, Standards Compliance, Team Leadership, Technical Documentation, Testing

About

Global Lead for Information Security Policy and Awareness - Responsible for managing the global Information Security Policy and Awareness team - Highly accomplished, results-driven Information Security and Information Technology professional with over 36 years of broad experience securing high value financial systems for global Fortune 500 organizations. Expertise in leading a global team of Information Security professionals responsible for developing and maintaining information security policies and standards as well as developing and delivering effective information security awareness campaigns. Experienced in creating suitable global Information Security policies and standards, and managing and reducing Information Security and Information Technology risk thru policies and awareness. Proficient in building strategic partners and maintaining collaborative relationships to help secure information systems and services, while reducing information and operational risks. Proven history of skillful international collaboration, team leadership and project delivery.

Specialties include:

• Global team leadership and motivation

• Information security strategy

• Information security policies, standards, guidelines and procedures development

• Information security and anti-fraud awareness training

• Information security audits

• Information risk management

• Information risk analysis and assessment

• Information risk mitigation

• Incident management and escalation

• Project management

• SOX controls testing

• Metrics reporting

• Data privacy

• Anti-fraud