Profiles search
Christopher Carcich
Vice President - Information Security @ Pershing
New York, NY, United States
Details
Experience:
2014 : Present
Pershing, a BNY Mellon company
Vice President - Information Security
- Responsible for coordination and support for all Information Security activities, programs and initiatives for multiple Global Consumer Group / Cards business areas across North America.
- Support businesses, risk and controls teams, and application managers by providing Information Security oversight, input and assessment on projects and the deployment of emerging technologies.
- Be a resource to the business unit on Information Security issues.
- Be able to help the business area interpret the IS rules for individual local situations, and to escalate to Information Security Senior Management where needed.
- Evaluate key business processes, their supporting applications, and network services to determine the appropriate Information Security solutions Manage and support the completion of regular business unit IS actions.
- Apply knowledge of standards, best practices, position papers and general process areas to coordinate the effective review of the business(s) operating processes and process control manuals commensurate with published risk methodologies and business strategies.
- Lead Global Information Security Awareness Week 2012 and 2013 for Citi Cards, including coordination of large scale presentations and awareness material.
- Prepare and present strategies, recommendations, IS related projects and value propositions to senior leadership teams. Communicate exposures and mitigation status to senior management, as appropriate, using effective communication and influencing skills.
- Work with system(s) business owners, technology assessment teams (i.e., Application and Infrastructure Vulnerability Assessments teams), as well as the ISO community to ensure vulnerabilities and system exposures are sufficiently mitigated to maintain risk at acceptable levels and ensure compliance with policies, standards and technical requirements.
2012 : 2014
Citi
Business Information Security Officer - Citi Cards
- Responsible for assisting in the engineering of the application connectivity through Perimeter Security Operations (PSO) managed firewalls.
- Created and managed documentation for all B2C connectivity in the Citi Connectivity Registry (CCR). Represented all in-process requests that involve high risk connectivity for approval on the Third Party Access Solutions Working Group (3PASWG) weekly Call for Information Security risk review.
- Reviewed firewall change requests for accuracy and security policy compliance to support all B2B connectivity.
- Provide technical guidance to other External Connectivity Management team members.
-Provide technical guidance to Citi Businesses, ISO's (Information Security Officers), Citi clients and 3rd party vendors.
- Documented new policies and/or procedures as required by Citi Information Security Management.
- Worked with other External Connectivity Management group members to ensure that the Process Control Management documentation and other documentations (drawings, databases, spreadsheets, etc.) are up to date and accurate.
- Responsible for reviewing Firewall and ACL connectivity to support secure data transfers.
- Worked with the Businesses, ISO's (Information Security Officers), Citi Relationship Managers, and IT Groups to re-mediate the vendor identified issues including Encryption, Data Authorization and Data Transmittal.
- Interact with Customers/Vendors and Information Security Risk Assessors.
- Provide assistance to the business and Customers/Vendors for file movement and data protection of those files as required by Citi policy.
- Evaluate Firewall Changes for security risk and policy compliance in the Change Management System for implementation approval.
- Maintained information for Firewall rules database, External connectivity drawings, CCR System, Netinfo request review system, DTA (Data Transfer Authorization) Database and Archer Database.
2010 : 2011
Citi
Senior Security Analyst - External Connectivity Management, Global Information Security
• Reviewed Security Architecture to fulfill the regulatory requirements with the Federal Financial Institutions Examination Council (FFIEC) and Office of the Comptroller of the Currency (OCC).
• Recommended solutions for remediation of security issues.
• Participation on corporate governance boards, developing and improving policies
• Created and led committees to oversee changes to the existing security assessment questionnaire in conjunction with Information Security standards and Federal and State regulatory requirements.
• Created and led the vendor Security Assessment/Information Security Risk Assessment integration team to help fuse internal risk assessment methodologies with external third party vendor risk to more completely assess overall risk stance
• Worked to integrate BITS FISAP (Financial Institution Shared Assessment Program) into vendor assessment program
• Provided Information Security guidance to North America Information Technology assessment team members
2006 : 2010
Citi
Senior Information Security Risk Assessor - Technical Lead
•Reviewed new and ongoing Americas Information Technology projects from an Information Security perspective to identify potential risks through the use of security assessments, risk analysis and review of information security controls
•Assisted in defining appropriate mitigation strategies through the use of security technologies, policies and procedures
•Worked with Infrastructure, Network, Messaging Services, Security Operations and Client (desktop) Teams to ensure security and Support Methodology is consistent with strategic and tactical objectives and to ensure technical compliance in relevance to production environment
•Tracked AV threats through mailing lists and antivirus groups and performed an analysis of potential impacts the threats can have on our company
•Monitor industry information news from security vendors, security agencies and governmental resources for new threats/vulnerabilities
•Troubleshoot, coordinate and document major virus/worm outbreak issues
•Designed, built, executed and project managed the consolidation of the Americas disparate Antivirus infrastructures for Server clients on the firm’s intranet as well as in the public and private DMZs
•Designed, built, executed and Project managed the creation of a single Antivirus infrastructure for the Americas un-managed workstation clients, made recommendations for the future direction of Americas Antivirus Environment
•Lead technical resource on the Ernst and Young Global Antivirus initiative
•Designed, built, executed and project managed the Americas Symantec Enterprise Security Architecture (SESA) infrastructure
•Americas Antivirus Infrastructure Production Service owner, responsible for 65000+ clients as well as day to day operational monitoring of the management consoles
•Security Auditing of environments as requested
2000 : 2006
Ernst & Young
Information Security Specialist
Pershing, a BNY Mellon company
Vice President - Information Security
- Responsible for coordination and support for all Information Security activities, programs and initiatives for multiple Global Consumer Group / Cards business areas across North America.
- Support businesses, risk and controls teams, and application managers by providing Information Security oversight, input and assessment on projects and the deployment of emerging technologies.
- Be a resource to the business unit on Information Security issues.
- Be able to help the business area interpret the IS rules for individual local situations, and to escalate to Information Security Senior Management where needed.
- Evaluate key business processes, their supporting applications, and network services to determine the appropriate Information Security solutions Manage and support the completion of regular business unit IS actions.
- Apply knowledge of standards, best practices, position papers and general process areas to coordinate the effective review of the business(s) operating processes and process control manuals commensurate with published risk methodologies and business strategies.
- Lead Global Information Security Awareness Week 2012 and 2013 for Citi Cards, including coordination of large scale presentations and awareness material.
- Prepare and present strategies, recommendations, IS related projects and value propositions to senior leadership teams. Communicate exposures and mitigation status to senior management, as appropriate, using effective communication and influencing skills.
- Work with system(s) business owners, technology assessment teams (i.e., Application and Infrastructure Vulnerability Assessments teams), as well as the ISO community to ensure vulnerabilities and system exposures are sufficiently mitigated to maintain risk at acceptable levels and ensure compliance with policies, standards and technical requirements.
2012 : 2014
Citi
Business Information Security Officer - Citi Cards
- Responsible for assisting in the engineering of the application connectivity through Perimeter Security Operations (PSO) managed firewalls.
- Created and managed documentation for all B2C connectivity in the Citi Connectivity Registry (CCR). Represented all in-process requests that involve high risk connectivity for approval on the Third Party Access Solutions Working Group (3PASWG) weekly Call for Information Security risk review.
- Reviewed firewall change requests for accuracy and security policy compliance to support all B2B connectivity.
- Provide technical guidance to other External Connectivity Management team members.
-Provide technical guidance to Citi Businesses, ISO's (Information Security Officers), Citi clients and 3rd party vendors.
- Documented new policies and/or procedures as required by Citi Information Security Management.
- Worked with other External Connectivity Management group members to ensure that the Process Control Management documentation and other documentations (drawings, databases, spreadsheets, etc.) are up to date and accurate.
- Responsible for reviewing Firewall and ACL connectivity to support secure data transfers.
- Worked with the Businesses, ISO's (Information Security Officers), Citi Relationship Managers, and IT Groups to re-mediate the vendor identified issues including Encryption, Data Authorization and Data Transmittal.
- Interact with Customers/Vendors and Information Security Risk Assessors.
- Provide assistance to the business and Customers/Vendors for file movement and data protection of those files as required by Citi policy.
- Evaluate Firewall Changes for security risk and policy compliance in the Change Management System for implementation approval.
- Maintained information for Firewall rules database, External connectivity drawings, CCR System, Netinfo request review system, DTA (Data Transfer Authorization) Database and Archer Database.
2010 : 2011
Citi
Senior Security Analyst - External Connectivity Management, Global Information Security
• Reviewed Security Architecture to fulfill the regulatory requirements with the Federal Financial Institutions Examination Council (FFIEC) and Office of the Comptroller of the Currency (OCC).
• Recommended solutions for remediation of security issues.
• Participation on corporate governance boards, developing and improving policies
• Created and led committees to oversee changes to the existing security assessment questionnaire in conjunction with Information Security standards and Federal and State regulatory requirements.
• Created and led the vendor Security Assessment/Information Security Risk Assessment integration team to help fuse internal risk assessment methodologies with external third party vendor risk to more completely assess overall risk stance
• Worked to integrate BITS FISAP (Financial Institution Shared Assessment Program) into vendor assessment program
• Provided Information Security guidance to North America Information Technology assessment team members
2006 : 2010
Citi
Senior Information Security Risk Assessor - Technical Lead
•Reviewed new and ongoing Americas Information Technology projects from an Information Security perspective to identify potential risks through the use of security assessments, risk analysis and review of information security controls
•Assisted in defining appropriate mitigation strategies through the use of security technologies, policies and procedures
•Worked with Infrastructure, Network, Messaging Services, Security Operations and Client (desktop) Teams to ensure security and Support Methodology is consistent with strategic and tactical objectives and to ensure technical compliance in relevance to production environment
•Tracked AV threats through mailing lists and antivirus groups and performed an analysis of potential impacts the threats can have on our company
•Monitor industry information news from security vendors, security agencies and governmental resources for new threats/vulnerabilities
•Troubleshoot, coordinate and document major virus/worm outbreak issues
•Designed, built, executed and project managed the consolidation of the Americas disparate Antivirus infrastructures for Server clients on the firm’s intranet as well as in the public and private DMZs
•Designed, built, executed and Project managed the creation of a single Antivirus infrastructure for the Americas un-managed workstation clients, made recommendations for the future direction of Americas Antivirus Environment
•Lead technical resource on the Ernst and Young Global Antivirus initiative
•Designed, built, executed and project managed the Americas Symantec Enterprise Security Architecture (SESA) infrastructure
•Americas Antivirus Infrastructure Production Service owner, responsible for 65000+ clients as well as day to day operational monitoring of the management consoles
•Security Auditing of environments as requested
2000 : 2006
Ernst & Young
Information Security Specialist
Company:
Pershing, a BNY Mellon company
About
An experienced Information Security Professional with 15+ years of Security and Operational experience and a passion for security which is reflected in my drive and strong work ethic. Well-spoken and known for my ability to communicate to all levels of management, I always strive to go further to exceed people’s expectations of myself and my work by delivering exceptional results. Honesty and integrity are central characteristics to my core values and I continually demonstrate those qualities in my professional and personal life.
I consider myself a very well rounded security professional with the ability to interpret and learn everything needed to be an effective performer when tackling any projects. My time in the financial industry has allowed me to gain knowledge in many aspects of Information Security and has given me the opportunity to build upon my strong work ethic. It is my goal to continually seek out and embrace new Information Security technology and methodologies so that I may be prepared for any circumstances that surface during my professional career.
Profile Photo
