Profiles search

Stephen Riordan, CISSP, CISA

Information Security Specialist at Northwell Health
Apex, NC, United States

Details

Experience: • Act as Information Security Policy consultant for the Northwell organization.

• Project leader for IT Security standards review and conversion to the NIST CSF framework.

• Work with the Risk Management team to maintain the updated standards as a module in the enterprise risk management system.

• Manage a governance process to maintain the standards with formalized updates and approvals.

• Author security relevant white-papers, coordinating subject matter expert input and industry standard information into usable documentation.

• Write IT-related guideline documentation for distribution to the Information Services organization.

2019 : Present

Northwell Health

Information Security Specialist

• Acted as Information Security consultant for RELX’ Accuity and Nextens divisions.

• Monitored security scans (Qualys & Acunetix) to completion and tracked issue resolution.

• Evaluated virus alerts and escalated attack information to resolution.

• Reviewed industry vulnerability alerts and verified countermeasure implementation.

• Performed software security reviews, and assessed risk of supplier solutions.

• Assisted with the implementation of Cisco Umbrella Web Application Filter (WAF).

• Supported client engagement for all aspects of security; primarily scheduling penetration testing and vendor security reviews.

2019 : 2019

Reed Business Information

Information Security Engineer

• Reinforce responsibility and accountability for IT Security in the firm.

• Encourage management and staff to maintain an appropriate level of awareness, knowledge and skill to allow them to minimize the occurrence and severity of Information Security incidents.

• Ensure IT Security operates under comprehensive and relevant policies and standards.

• Strengthen internal controls and prevent unauthorized and improper access to data.

• Monitor and sustain compliance with ISO standards and controls.

2018 : 2019

Safe Banking Systems

IT Security & Risk Specialist

• Reinforce responsibility and accountability for IT Security in the firm.

• Encourage management and staff to maintain an appropriate level of awareness, knowledge and skill to allow them to minimize the occurrence and severity of Information Security incidents.

• Ensure IT Security operates under comprehensive and relevant policies and standards.

• Strengthen internal controls and prevent unauthorized and improper access to data.

• Monitor and sustain compliance with ISO standards and controls.

2016 : 2018

Safe Banking Systems

IT Security Manager

• Actively administer IS Risk Management and security initiatives to mitigate risks to data resources.

• Provide expert consultation on IS Policy compliance for the Citibank NA Marketing business in support of business goals.

• Enforce corporate information security policies to ensure compliance with federal regulations and internal audit requirements.

• Oversee incident response investigation of security breaches, and assist the responsible business with resolution of the incident.

• Assess various information technology risks that the business faces in its operations and implement action plans, policy and procedural changes for risk treatment.

• Coordinate with internal and external audit and compliance groups on improvement of information technology controls.

2012 : 2016

Citibank NA

Business Information Security Officer, VP
Company: Northwell Health

About

A solution-oriented IT Security professional with notable successes managing a broad range of corporate IT initiatives, while participating in the creation and implementation of information security solutions, in direct support of business objectives.



* Demonstrated capacity to improve existing corporate policies of vendor oversight and developed methodologies to identify and mitigate risk to corporate and customer information.

* Outstanding leadership abilities with track record of coordinating and directing the implementation of group initiatives; including the management of matrix staff and peers in developing new procedures, providing ongoing training of stakeholders on process adherence, and execution of program objectives.

* Adept at compiling and organizing process metrics, in useful terms, required for program analysis and forecasting.

* Track record of increasing the positive perspective of information security programs by improving the quality of documented deliverables.



Specialties: Risk Management, Information Security Governance, IT Audit Methodologies.