Profiles search

Daniel Dragone

Cybersecurity | Governance | Risk Mgmt. | Project Mgmt. | Process Improvement | Analytics | GRC
Philadelphia, PA, United States

Details

Education: Continued Education - Bootcamp

Data Science and Visualization

Rutgers University

2019 : 2020

Master of Business Administration (MBA)

Business Strategy

BSP - Business School São Paulo

2012 : 2013

Bachelor's degree

Electrical Engineering – emphasis in Telecommunications

Universidade Paulista

1999 : 2003

Technical

Telecommunications

Escola Técnica Federal de São Paulo

1993 : 1997
Experience: Head of Global Information Security Governance, Reporting, and Data Analytics 2018 – Current

Leading the security governance, executive reporting, global risk metrics, and the security data analytics team and processes.

• Established as a trusted advisor to Security and IT Risk program leads, I positioned myself as the go-to person for effective executive communication and analytics insights.

• Creator and owner of the cyber risk & IT compliance analytics program, which provides over 15 dashboards and is used by 400+ users within IT and information security teams. This program improved metrics’ quality, increased leadership’s visibility over security issues and risks, and reduced over 80% of security teams’ time manipulating data for reporting.

• Managing and maintaining a comprehensive monthly collection of over 50 security Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) aligned to strategic Objectives and Key Results (OKRs) and the organization’s risk appetite. Our process was recognized as sophisticated and mature by a Big 4 consulting firm during a 2021 assessment.

• Revamped security’s strategic planning execution by introducing a risk-based approach and driving the development of a 3-year themed view with detailed tactical projects and risk reduction forecasts, resulting in a superior strategy outcome.

• Producing 20+ executive risk-driven reports annually that are presented by the CISO to various executive committees, including the Board of Directors and the Audit Committee.

• Spearheaded process improvement actions for Third-Party Risk Management, Identity and Access Management, Data Protection, and Vulnerability Management by defining and tracking intelligible key indicators for executive reporting.

2018 : Present

Chubb

Head of Global Information Security Governance, Reporting, and Security Data Analytics

Led the cyber risk management process, PCI and security risk assessments, internal controls, and process improvements.

• Developed and implemented a comprehensive cyber risk management framework and controls aligned with regulatory requirements, leveraging extensive knowledge of risk frameworks, such as NIST, ISO 27000 family, CIS, and FAIR, to guide the development and implementation of effective cyber risk management strategies.

• Established a successful process to perform Dynamic Application Security Testing and led a team that tested over 200+ apps in the first year (exceeding our target by 33%). Successfully engineered the process, fixed an early approach fated to underdeliver the results, tracked and reported progress to leadership, and ensured timely remediation of vulnerabilities.

• Collaborated with cross-functional teams to create information security policies, standards, and guidelines, ensuring alignment with enterprise risk mgmt., Privacy Office, industry best practices, and regional regulatory requirements.

• Implemented a more robust PCI-DSS risk assessment approach by revamping the existing methodology to leverage the industry standard CIS-RAM, resulting in improved identification, analysis, and mitigation of risks.

2016 : 2017

Chubb

Global IT Risk Senior Manager

Successfully directed regional adoption of security best practices and security awareness initiatives in Latin American offices, establishing and fostering relationships with key stakeholders and local executives to ensure the effective implementation of cybersecurity and privacy controls, chairing the IS steering committee, and improving compliance posture in the region.

• Developed a comprehensive approach to remove sensitive data from public shares. This approach was designed to reduce nearly 100% of the sensitive data in the country’s public servers and subsequently served as a model for other regions.

• Deployed two successful annual security awareness campaigns for five countries in the region, reaching more than 2,000 employees and contractors during each campaign.

Additional responsibilities :

- Assured global information security policies deployment in Latin American offices.

- Supported regional deployment of security tools

- Assessed risks regional Third-Parties and vendors

- Coordinated responses for regional Incidents

- Advised on Data Privacy regulations for Latin American countries

2014 : 2016

Chubb

Regional Information Security & Compliance Manager - Latam

Worked with two former McKinsey leaders in a process improvement engagement, drastically improving a strategic indicator for the client.

2014 : 2014

Turnaround Strategic Consulting

Independent Consultant

Delivered information security and IT risk consulting, control assurance, and IT audit services. Facilitated the creation of Information Security functions and ISO office structures, improved processes targeting a maturity state, performed risk assessments, and implemented Business Continuity Management processes. Led and mentored teams of 5 to 7 consultants.

Highlights :

• One of the largest banks in Brazil : Transformation of their security processes using CobiT, redefinition of the organizational structure, prioritization of action plans based on risk, and implementation of the IS governance office.

• One of the world’s biggest mining companies : Security strategy and process definition and implementation of the Information Security Office for the company. The project defined policies, procedures, and the operational model.

• One of the largest wholesalers in Brazil : Development and implementation of Business Continuity Plans and Crisis management scenarios. Included security gap assessments and process definitions for the security office (ISO).

• Performed over 20 internal audits and IT control assessments for financial institutions.

• Provided security awareness training sessions and security education speeches for large audiences of over 300 attendees.

2008 : 2013

Deloitte

Cybersecurity & IT Risk Consulting Manager
Company: Chubb
Years of Experience: 19
Spoken Language: English, French, Portuguese, Spanish

Skills

Application Security, Business Continuity, Business Continuity Planning, Business Process Improvement, Business Strategy, Certified Information Security Manager (CISM), CISSP, Coaching, COBIT, Control Assessment, COSO, Cyber Security Risk, Data Privacy, DLP, Enterprise Risk Management, Governance, GRC, Information Security, Information Security Awareness, Information Security Governance, Information Security Management, Infrastructure Security, Internal Audit, Internal Controls, ISO 27001, IT Audit, IT Governance, ITIL, IT Risk Management, IT Security Assessments, IT Security Policies & Procedures, Key Performance Indicators, Management Consulting, NIST, PCI DSS, Penetration Testing, Process Improvement, Project Management, Regulatory Examinations, Regulatory Requirements, Risk Management, Sarbanes-Oxley Act, Security Audits, Security Risk, Security Strategy, Six Sigma, Strategy, Talent Management, Team Management, Third Party Risk Management (TPRM)

About

Accomplished professional with over 18 years of experience in cybersecurity, risk management, project management, and process improvement, with a proven track record of success in people management. Most of my career has been dedicated to establishing and maturing information security programs, defining governance processes, assessing risks, developing mitigation strategies, managing programs and projects, and leveraging data analytics to deliver valuable insights to executives and Boards of Directors. My exceptional performance has consistently exceeded expectations. I am passionate about driving organizational growth and success through effective leadership, adaptability, and innovative problem-solving.



Over the past 8 years, I have been working for and helping Chubb Insurance mature its security processes. I'm currently leading the Global Information security governance, reporting, metrics, and data analytics processes and teams. Established as a trusted advisor to Security and IT Risk program leads, I positioned myself as the go-to person for effective executive communication and analytics insights.



As a skilled consultant for 7 years, I have had the privilege of working with top-tier clients in a variety of industries, including financial services, telecom, and healthcare. During my time at Deloitte, I honed my skills in cybersecurity, risk management, strategy development, and project management. Additionally, I have had the opportunity to leverage my expertise to provide innovative solutions tailored to their unique needs. Overall, I bring a strong track record of delivering high-quality results, building lasting relationships with clients, and collaborating effectively with cross-functional teams to achieve project objectives.



Areas of Expertise:

- Information Security

- Risk Management

- Compliance and Assurance

- Governance, metrics, and dashboards

- Business Continuity Management

- Process Improvement

- Project Management

- Customer Support and technical sales