Profiles search
Mike Fleszar
Manager Cybersecurity TPRM at Fortress Information Security
Cornelius, NC, United States
Details
Experience:
2023 : Present
Fortress Information Security
Manager, Cybersecurity Third Party Risk Management
Responsible for the execution of the strategy and the maintenance of the Information Classification Matrix (ICM)
Develop documentation and communication plans to appropriate stakeholders of changes to the ICM
Define and execute repeatable change control procedure(s) for updates and modifications to the ICM
Partner across Information & Cybersecurity, Technology, Control Partner and the Data
Management and Insights communities to ensure all stakeholders have understanding and knowledge of required expectations
2022 : 2023
Wells Fargo
Senior Lead Business Execution Consultant - Governance Risk and Compliance
Assesses a broad range of information security controls (i.e. physical, administrative, and technical controls) based on Wells Fargo standards to determine the information security risk to Wells Fargo.
Uses unique risk criteria to identify the required assessment types and provide consultation to business partners and service providers regarding scoping and the criterion used to establish a consistent risk based approach to the third party risk assessment program.
Provides an accurate consultation within a validation based environment designed to govern the staging and execution of onsite assessments regarding time sensitive needs of both business partners and site review team members.
Facilitates understanding and agreements with business partners and third party service providers regarding the commitment and timing necessary to complete the required assessments.
Manages a large number of disparate requests from unrelated business partners each with time sensitive needs within a prescribed methodology for facilitation, follow-up and escalation's where appropriate.
Proactively communicates with request stockholders and diverse business partners to facilitate and expedite the unique needs associated with each site review request.
2018 : 2022
Wells Fargo
VP, Lead Technical Business Services Consultant - Third Party Risk Assessment Services Team Lead
I am a member of the Wells Fargo's Enterprise Information Security Site Review Team (SRT). Our team assess a broad range security controls; including physical, technical, and administrative controls. Assessments occur at 3rd party sites to determine potential risks to Wells Fargo across numerous security domains.
2017 : 2018
Wells Fargo
Operational Risk Consultant III - Site Review Analyst
• Cyber Security Program Development in accordance with 10 CFR 73.54
• Perform Digital Asset / Critical Digital Asset identification
• Perform Critical Digital Asset Assessments
• Create Critical Digital Asset modification recommendations to ensure compliance
•Team member for Cyber Security Program common controls project. Reviewing NEI 08-09 common controls, identifying gaps, and providing recommendations to close the gaps. These include recommendations for procedure revisions, technical recommendations, and even writing new procedures
•Daily interaction with all levels of client personnel from Program user and Program SMEs to Program Manager
•SME for multiple areas, led various task, and client meetings, providing briefs, documentation and presentations
•Subject Matter Expert focused on cyber security and engineering for nuclear power plants.
Current Nuclear Qualifications
• Hold Current Unescorted Access/Security Clearance
• Safeguards Qualified
• Member of Critical Group
• Radiation Worker
2015 : 2017
Booz Allen Hamilton
Senior Consultant - Cyber Security Analyst
Fortress Information Security
Manager, Cybersecurity Third Party Risk Management
Responsible for the execution of the strategy and the maintenance of the Information Classification Matrix (ICM)
Develop documentation and communication plans to appropriate stakeholders of changes to the ICM
Define and execute repeatable change control procedure(s) for updates and modifications to the ICM
Partner across Information & Cybersecurity, Technology, Control Partner and the Data
Management and Insights communities to ensure all stakeholders have understanding and knowledge of required expectations
2022 : 2023
Wells Fargo
Senior Lead Business Execution Consultant - Governance Risk and Compliance
Assesses a broad range of information security controls (i.e. physical, administrative, and technical controls) based on Wells Fargo standards to determine the information security risk to Wells Fargo.
Uses unique risk criteria to identify the required assessment types and provide consultation to business partners and service providers regarding scoping and the criterion used to establish a consistent risk based approach to the third party risk assessment program.
Provides an accurate consultation within a validation based environment designed to govern the staging and execution of onsite assessments regarding time sensitive needs of both business partners and site review team members.
Facilitates understanding and agreements with business partners and third party service providers regarding the commitment and timing necessary to complete the required assessments.
Manages a large number of disparate requests from unrelated business partners each with time sensitive needs within a prescribed methodology for facilitation, follow-up and escalation's where appropriate.
Proactively communicates with request stockholders and diverse business partners to facilitate and expedite the unique needs associated with each site review request.
2018 : 2022
Wells Fargo
VP, Lead Technical Business Services Consultant - Third Party Risk Assessment Services Team Lead
I am a member of the Wells Fargo's Enterprise Information Security Site Review Team (SRT). Our team assess a broad range security controls; including physical, technical, and administrative controls. Assessments occur at 3rd party sites to determine potential risks to Wells Fargo across numerous security domains.
2017 : 2018
Wells Fargo
Operational Risk Consultant III - Site Review Analyst
• Cyber Security Program Development in accordance with 10 CFR 73.54
• Perform Digital Asset / Critical Digital Asset identification
• Perform Critical Digital Asset Assessments
• Create Critical Digital Asset modification recommendations to ensure compliance
•Team member for Cyber Security Program common controls project. Reviewing NEI 08-09 common controls, identifying gaps, and providing recommendations to close the gaps. These include recommendations for procedure revisions, technical recommendations, and even writing new procedures
•Daily interaction with all levels of client personnel from Program user and Program SMEs to Program Manager
•SME for multiple areas, led various task, and client meetings, providing briefs, documentation and presentations
•Subject Matter Expert focused on cyber security and engineering for nuclear power plants.
Current Nuclear Qualifications
• Hold Current Unescorted Access/Security Clearance
• Safeguards Qualified
• Member of Critical Group
• Radiation Worker
2015 : 2017
Booz Allen Hamilton
Senior Consultant - Cyber Security Analyst
Company:
Fortress Information Security
Profile Photo
