Profiles search
Carmine Fontana
IT Risk Leader | CISSP | CRISC | CISA | CCSP | GCIH | GCSA | ISA | SSGB
Richmond, VA, United States
Details
Education:
Bachelor of Science - BS
Information Systems
Virginia Commonwealth University
Technical Development
Global Knowledge
2011 :
Professional Development
Alstom University
2003 : 2013
Information Systems
Virginia Commonwealth University
Technical Development
Global Knowledge
2011 :
Professional Development
Alstom University
2003 : 2013
Experience:
- IT Risk Management leader at the 2nd line of defense aligned to strategic business areas enabling better decision making related to risk management and defensible security supporting key business processes.
- Leading Federal Reserve System security advising for product evolution of US Cash Processing, Cash applications, and for the joint US Currency program with Federal government stakeholders.
- Mentoring / developing Bank IS team and other colleagues to upscale security, risk, and consulting skills.
- Executing large financial institution security and risk management reviews and training / mentoring Supervision and Regulation examiners to enable maturity of their cyber supervision program.
- Security partner for Robotics Process Automation squad to make sound security decisions related to the design, operations, and maintenance of RPA integrations with systems.
- Collaborated with cross functional teams and created / updated Information Security policies and standards for the Federal Reserve System as part of a collaborative process with key stakeholders.
2022 : Present
Federal Reserve Bank of Richmond
Information Security Technical Advisor - Advanced
2019 : 2022
Federal Reserve Bank of Richmond
Information Security Analyst - Advanced
- Primary business partner for Altria Group 3rd line of defense for information technology risks and controls and led the enterprise IS risk assessment for 2017 and 2018.
- Executed audits that identified, reported, and tracked opportunities to manage risk in the following areas : cloud security, vulnerability management, identity and access management, 3rd Party risk, and M&A’s.
- Aligning to COBIT / NIST frameworks, I impacted the following risk areas : vulnerability & incident management, public cloud, data governance, and data security controls for PCI, PHI, SPII and IP.
- Launched IS advisory services function providing consulting services for changing higher risk areas
- Developed organizational capabilities in the areas of data security, privacy, and risk management
2016 : 2019
Altria
Senior Auditor
- Appointed to lead a function in the 1st line of defense and a multi-year program with a scope of 135 sites in the America’s region charged with aligning and optimizing corporate resources to strategy resulting in optimizations of solutions from 190 -> 21, application reductions of 60 -> 12, maintenance contract reductions from 103 -> 5, managed services from 40 -> 3, OEM suppliers of 25 -> 6, and TCO -20%.
- America’s IT Governance team leader, problem manager, and critical incident leader focused on quality, change management, and exception management. Impacted operations KPI through reduction of incidents by >65% and critical incidents by >90%
- Led risk assessments for M&A activities and 3rd party suppliers, transfers to corporate management, and developed an organization (8 direct reports) to achieve program and operations objectives supporting our business. Further, I led the integration activities for function / region to GE supporting the acquisition.
2009 : 2016
GE (Acquired Alstom in Nov 2015)
IT Manager in IT Engineering & Security Organization @ Alstom / Lead IT Project Manager @ GE Digital
- Responsible for Power division IT infrastructure strategy, projects, and operations for 46 sites
- Established IT general controls following COBIT for the following areas : change management, incident management, problem management, operations, business continuity / recovery, physical security
- Rationalized products / service portfolio resulting in TCO optimizations of > 25%
- Regular publication of project, operations, and resource dashboards
2003 : 2009
GE
Senior Telecommunications Analyst
- Leading Federal Reserve System security advising for product evolution of US Cash Processing, Cash applications, and for the joint US Currency program with Federal government stakeholders.
- Mentoring / developing Bank IS team and other colleagues to upscale security, risk, and consulting skills.
- Executing large financial institution security and risk management reviews and training / mentoring Supervision and Regulation examiners to enable maturity of their cyber supervision program.
- Security partner for Robotics Process Automation squad to make sound security decisions related to the design, operations, and maintenance of RPA integrations with systems.
- Collaborated with cross functional teams and created / updated Information Security policies and standards for the Federal Reserve System as part of a collaborative process with key stakeholders.
2022 : Present
Federal Reserve Bank of Richmond
Information Security Technical Advisor - Advanced
2019 : 2022
Federal Reserve Bank of Richmond
Information Security Analyst - Advanced
- Primary business partner for Altria Group 3rd line of defense for information technology risks and controls and led the enterprise IS risk assessment for 2017 and 2018.
- Executed audits that identified, reported, and tracked opportunities to manage risk in the following areas : cloud security, vulnerability management, identity and access management, 3rd Party risk, and M&A’s.
- Aligning to COBIT / NIST frameworks, I impacted the following risk areas : vulnerability & incident management, public cloud, data governance, and data security controls for PCI, PHI, SPII and IP.
- Launched IS advisory services function providing consulting services for changing higher risk areas
- Developed organizational capabilities in the areas of data security, privacy, and risk management
2016 : 2019
Altria
Senior Auditor
- Appointed to lead a function in the 1st line of defense and a multi-year program with a scope of 135 sites in the America’s region charged with aligning and optimizing corporate resources to strategy resulting in optimizations of solutions from 190 -> 21, application reductions of 60 -> 12, maintenance contract reductions from 103 -> 5, managed services from 40 -> 3, OEM suppliers of 25 -> 6, and TCO -20%.
- America’s IT Governance team leader, problem manager, and critical incident leader focused on quality, change management, and exception management. Impacted operations KPI through reduction of incidents by >65% and critical incidents by >90%
- Led risk assessments for M&A activities and 3rd party suppliers, transfers to corporate management, and developed an organization (8 direct reports) to achieve program and operations objectives supporting our business. Further, I led the integration activities for function / region to GE supporting the acquisition.
2009 : 2016
GE (Acquired Alstom in Nov 2015)
IT Manager in IT Engineering & Security Organization @ Alstom / Lead IT Project Manager @ GE Digital
- Responsible for Power division IT infrastructure strategy, projects, and operations for 46 sites
- Established IT general controls following COBIT for the following areas : change management, incident management, problem management, operations, business continuity / recovery, physical security
- Rationalized products / service portfolio resulting in TCO optimizations of > 25%
- Regular publication of project, operations, and resource dashboards
2003 : 2009
GE
Senior Telecommunications Analyst
Company:
Federal Reserve Bank of Richmond
Years of Experience:
29
Skills
Budgets, Business Process Improvement, Contract Negotiation, Cost Reduction/Avoidance, Data Center, Enterprise Software, Information Technology, Integration, ITIL, IT Infrastructure Management, IT Management, IT Service Management, Leadership, Management, People Development, PMP, Program Management, Project Management, Project Planning, Project Portfolio Management, Risk Management, Service Delivery, Six Sigma, Solution Architecture, Strategic Planning, Strategy, Telecommunications, Telephony, Vendor Management, VoIP, WAN, Wireless, IT Infrastructure, Business Process, Project Portfolio
About
Experienced and trusted technology infrastructure, security, risk, and people leader with roles in all lines of defense, including regulatory, for large multinational manufacturing, engineering, consumer packaged goods / retail, financial, and services organizations.
Profile Photo
