Profiles search

Adam Tucson Hale (BSCyS)

Sr. Cybersecurity TPRM @M&T Bank | ex-Robinhood | Marine Corps Veteran
East Pensacola Heights, FL, United States

Details

Education: Bachelor of Science - Digital Forensics Concentration

Cyber Security

National University

2017 : 2021

Certificate

Security

Advance Security Concepts

2017 : 2017

Introduction to Programming

Computer Programming, Specific Applications

Grantham University

2016 : 2017

Associate's degree

Criminal Justice

Grantham University

2011 : 2014
Experience: Worked directly under the Cybersecurity Third Party Risk Management program and operated as a security consultant to internal business lines. Conducted in-depth risk assessments both virtually as well as onsite at our vendors corporate headquarters and data centers. Traveled to several locations within the U.S. and outside including India, and the United Kingdom while conducting vendor due diligence reviews. While doing so I utilized a risk-based approach to ensure appropriate security principles and controls are applied and protected customer and corporate assets in line with the Bank’s risk appetite.

● Mentored and provided leadership to junior staff within the Cybersecurity TPRM team.

● Accompanied senior leadership on (7) third-party international onsite visits including India and the United Kingdoms while documenting results, and presenting findings to risk committees upon request.

● Redefined the TPRM security questionnaire from the NIST SP 800-53 to the NIST CSF framework.

● Conducted (50) security assessments of vendors' data centers and corporate headquarters to determine an adequate level of risk for the bank and over (200) vendor due diligence reviews.

2022 : Present

M&T Bank

Vice President : Senior Cybersecurity Controls Testing & Assessment Specialist

Led a team of (3) analysts to conduct over (400) information security risk assessments on potential 3rd party vendors and integrations; to determine a sufficient level of risk for Robinhood. Provided oversight and insight into the regulatory and security expertise of third-party vendors. Matured Robinhood Vendor Risk Management program through program development e.g., policy enhancements, onboarding better security tooling, and improving and retaining an accurate list of vendors.

● Conducted (10) in-house infrastructure risk assessments and (400) vendor security assessments.

● Designed a risk rating model for third-party vendors, and the level of review needed.

● During cross-functional reviews and joint operations, collaborated with our Application Security,

Corporate Engineering, Privacy Legal, and Legal department(s).

● Assisted our Privacy and Legal department with over (50) contract red linings and agreements.

● Developed several policies surrounding the vendor review process and its review lifecycle.

● Identified bottleneck points where vendor security assessments took longer than expected and developed streamlined processes to mitigate the issue and optimize our overall SLAs.

2021 : 2022

Robinhood

Security Program Manager - TPRM

• Implementation and management of the technologies that drive the GRC function, including at least a partial role in our fraud and anti-money laundering backend services.

2020 : 2021

Robinhood

Vendor Risk Analyst

Aided in the development of our customers' 3rd party security programs. While doing so I presented over (100) executive presentations demonstrating external risks and overall improvement. Additionally, I worked as an extension of our client's security team through Managed Services. In doing so I was able to identify risk(s) and provide remediation assistance to the parties involved; while conducting over (600) security assessments.

● Reviewed and advised on the following security assurances : HITRUST Reports & Interim/Bridge

Letters, SOC 3, SOC 2 Type II, SOC 2 Type I, SOC 1, and ISO 27001 & 9001.

● Provided oversight of compliance, audit, and regulatory reviews and acted as the primary point of contact for leadership.

● Demonstrated proficiency in developing and sustaining client relationships.

● Conducted over (700) remediations efforts; related to security vulnerabilities and patching.

2019 : 2020

CORL Technologies

Lead Security Consultant - Vendor Risk Management

Led mitigations of IT risks and advised in the planning and development of audit engagements. Assisted in

managing company compliance requirements to provide security consultations on projects and ensured

system-wide security analysis.

● Planned, oversaw, & conducted (10+) audits, risk assessments, & mitigation strategies; conducted

research, onsite interviews, testing, document review & data analysis for various projects.

● Assisted client organizations with readiness : regulatory, compliance, SOC 2 readiness, and risk registers.

● Communicated results and helped drive client success; As a liaison, worked directly with clients to

recommend feasible solutions for various projects; proven ability to partner with team members or work

independently; thorough understanding of HITRUST, SOC 2 Reports, HIPAA.

2018 : 2019

Meditology Services

Information Technology Risk Management - GRC Analyst & Security Consultant
Company: M&T Bank
Years of Experience: 16

Skills

Analytical Skills, Auditing , C++, Cascading Style Sheets (CSS), Client Relations, critical thinking, Customer Relationship Management (CRM), Cybersecurity, Executive-level Communication, Executive Presentation Skills, Executive Reporting, GRC, HITRUST, HTML5, Internal Audits, IT Risk Management, JavaScript, Leadership, Management, Microsoft Excel, Microsoft Office, Military Experience, NIST 800-53, Operational Planning, Policy Analysis, Policy Development, Policy Writing, Program Management, Programming, Project Management, project team management, public speaking, Python (Programming Language), Regulatory Compliance, Risk Assessment, Risk Management Framework, Security Consulting, Start-ups Management, Third Party Risk Management (TPRM), Time Management, Vendor Management, Vendor Security Risk Management, Vulnerability Scanning, Wireshark, Security Clearance, Military Operations, Defense, Tactics, Weapons

About

I am a cybersecurity professional who's proficient in third-party program management (TPRM), security consultancy, and external/internal auditing. I am able to effectively identify and mitigate technology risks and have a proven track record while working in highly regulated industries such as financial services (PCI, GLBA), banking (FDIC, CCPA, GDPR), and healthcare (HIPPA). I have assisted over (50) major healthcare systems, (10) insurance firms, and (10) financial services to mature their TPRM programs and accurately identified their vendor's risks, and provided remediation assistance through in-house due diligence and security consultancy. Collectively I have conducted over (1200) security audits and assessments relating to TPRM and GRC and have a robust working knowledge of program development.



- Served honorably in the Marine Corps for (10) years.



- Awarded the Navy & Marine Corps Achievement Medal due to professional achievement in the superior performance in my duties.



- Current members of Infragard, Third Party Risk Association (TPRA), & O.W.A.S.P.