Profiles search
Rick Gammell
Director - Cybersecurity at Otis Elevator Co.
Springfield, MA, United States
Details
Experience:
2020 : Present
Otis Elevator Co.
Director - Cybersecurity Governance, Risk & Compliance
Led the global design, development and deployment of Archer GRC across all UTC business units driving common risk and control practices.
Accountable for global SOX 404 compliance, vulnerability management and controls testing and reporting in multi-vendor environment.
Identified $200k in immediate hard dollar savings and $150k in soft dollar savings by implementing effective governance and contract oversight model to manage strategic partner engagements.
2016 : 2020
United Technologies
Associate Director - Governance, Risk and Compliance
Transformation and Sustainability Leader for enterprise-wide continuous improvement initiative to ensure improvements to the SDLC and sub-processes are consistent, in-line with Industry Best Practices and improve delivery outcomes and overall customer experience :
- Reduced process waste of Waterfall Methodology by 18% and improved project cycle times by
10%.
- Implemented cross-discipline problem solving, standard work, performance metrics and
continuous improvement mechanism to ensure ongoing sustainability.
Led the centralization and streamlining of federated IT Process Analyst functions by creating a single unit consisting of 16 FTE’s, 8 onshore contractors and 4 offshore. Reduced annual overall cost of function from $4.2m to less than $1.1m through process redesign and risk-based execution model based on Voice of the Customer feedback and effectiveness metrics.
Provided overall accountability for SDLC governance, delivery consultation services and extensive project metrics program for $225m annual IT project spend.
Implemented a new, transformational operating model to reduce overall cost of function by 50% while
elevating role focus from tactical to strategic. Evaluate staff competencies and role functions to identify opportunities to source commoditized work streams, take advantage of offshore labor arbitrage.
Certified Crucial Conversations Instructor. Co-led the rollout and execution of Division-wide training program aimed at increasing staff comfort and skills with speaking up effectively and factually.
As member of Enterprise Planning & Delivery Team, partnered with IT and business Senior Leaders to provide guidance for key projects/programs/initiatives to support the strategic objectives of MassMutual.
2012 : 2015
MassMutual Financial Group
Senior Director - Enterprise Planning & Delivery
As member of IT Risk Senior Leadership Team, led several critical functions of Information Risk :
Leadership Team : As member of the Risk Leadership team, partnered with IT and business Senior Leadership Teams to develop risk identification and reduction strategies for Enterprise Information Risk Management
IT Governance : Designed and implemented an enterprise governance program in federated, highly matricied organization.
Policies & Standards : Provided overall accountability for the design, delivery and optimization of a Best-In-Class IT Policies and Controls framework designed to ensure risk is managed to an acceptable level and compliance achieved where it represents a significant risk to the business across all MassMutual business units and subsidiaries.
IT Controls : Led the design, development and implementation of an integrated controls solution, embedding control requirements into existing SDLC and operational processes resulting in a 60% reduction in testing and evidence activities at a savings of $100m annually.
Sarbanes Oxley : Delivered $250m in efficiency savings by introducing risk based controls and embedded testing for Sarbanes Oxley 404.
eGRC Platform : Key participant in the strategic alignment of control identification, testing, reporting and monitoring with risk oversight groups including Enterprise Risk Management, Information Risk, Compliance and Audit.
Digital Forensic Investigations : Implemented processes and procedures in the areas of evidence capture, handling, storage and analysis based off from leading practices used by FBI, State Police and other Law Enforcement departments.
2007 : 2012
MassMutual Financial Group
Director - Enterprise Information Risk Management
2000 : 2007
Yankee Candle Company
Manager - Information Security
Otis Elevator Co.
Director - Cybersecurity Governance, Risk & Compliance
Led the global design, development and deployment of Archer GRC across all UTC business units driving common risk and control practices.
Accountable for global SOX 404 compliance, vulnerability management and controls testing and reporting in multi-vendor environment.
Identified $200k in immediate hard dollar savings and $150k in soft dollar savings by implementing effective governance and contract oversight model to manage strategic partner engagements.
2016 : 2020
United Technologies
Associate Director - Governance, Risk and Compliance
Transformation and Sustainability Leader for enterprise-wide continuous improvement initiative to ensure improvements to the SDLC and sub-processes are consistent, in-line with Industry Best Practices and improve delivery outcomes and overall customer experience :
- Reduced process waste of Waterfall Methodology by 18% and improved project cycle times by
10%.
- Implemented cross-discipline problem solving, standard work, performance metrics and
continuous improvement mechanism to ensure ongoing sustainability.
Led the centralization and streamlining of federated IT Process Analyst functions by creating a single unit consisting of 16 FTE’s, 8 onshore contractors and 4 offshore. Reduced annual overall cost of function from $4.2m to less than $1.1m through process redesign and risk-based execution model based on Voice of the Customer feedback and effectiveness metrics.
Provided overall accountability for SDLC governance, delivery consultation services and extensive project metrics program for $225m annual IT project spend.
Implemented a new, transformational operating model to reduce overall cost of function by 50% while
elevating role focus from tactical to strategic. Evaluate staff competencies and role functions to identify opportunities to source commoditized work streams, take advantage of offshore labor arbitrage.
Certified Crucial Conversations Instructor. Co-led the rollout and execution of Division-wide training program aimed at increasing staff comfort and skills with speaking up effectively and factually.
As member of Enterprise Planning & Delivery Team, partnered with IT and business Senior Leaders to provide guidance for key projects/programs/initiatives to support the strategic objectives of MassMutual.
2012 : 2015
MassMutual Financial Group
Senior Director - Enterprise Planning & Delivery
As member of IT Risk Senior Leadership Team, led several critical functions of Information Risk :
Leadership Team : As member of the Risk Leadership team, partnered with IT and business Senior Leadership Teams to develop risk identification and reduction strategies for Enterprise Information Risk Management
IT Governance : Designed and implemented an enterprise governance program in federated, highly matricied organization.
Policies & Standards : Provided overall accountability for the design, delivery and optimization of a Best-In-Class IT Policies and Controls framework designed to ensure risk is managed to an acceptable level and compliance achieved where it represents a significant risk to the business across all MassMutual business units and subsidiaries.
IT Controls : Led the design, development and implementation of an integrated controls solution, embedding control requirements into existing SDLC and operational processes resulting in a 60% reduction in testing and evidence activities at a savings of $100m annually.
Sarbanes Oxley : Delivered $250m in efficiency savings by introducing risk based controls and embedded testing for Sarbanes Oxley 404.
eGRC Platform : Key participant in the strategic alignment of control identification, testing, reporting and monitoring with risk oversight groups including Enterprise Risk Management, Information Risk, Compliance and Audit.
Digital Forensic Investigations : Implemented processes and procedures in the areas of evidence capture, handling, storage and analysis based off from leading practices used by FBI, State Police and other Law Enforcement departments.
2007 : 2012
MassMutual Financial Group
Director - Enterprise Information Risk Management
2000 : 2007
Yankee Candle Company
Manager - Information Security
Company:
Otis Elevator Co.
Profile Photo
