Ed Capizzi
Details
♦ Conduct risk evaluation to establish current state of resiliency and recovery objectives, business continuity methodologies, and operational risk management frameworks.
♦ Review findings with executives, discuss future state and devise plans for new programs or leveraging/maturing existing tools.
♦ Execute innovative solutions for upgrading/centralizing/outsourcing security, reducing risk/vulnerabilities.
♦ Advise on immediate, sustainable, and optimal enterprise risk management, information security, IT audit/compliance and process improvements.
♦ Research and vet trusted vendor and hardware/software solution providers, engage proper resources to ensure optimal solution delivered to client.
Strengthen and elevate organizational security policies and procedures by developing robust security postures. Establish expectations and ensure accountability.
♦ Lead security functions for ~$5B public corporation. Contributed as security expert for Change and Technical Review Committees navigating configuration change management policies & processes to reduce risks.
♦ Conceptualize tactical security programs in alignment with IT/business strategies. Develop three-year roadmap to mature existing security program.
♦ Consult with healthcare client for enterprise IT logging and monitoring project. Formalize strategic project scope, select vendors.
♦ Coordinate strategic monthly patch management of critical vulnerabilities to reduce remediation resolution/impact.
♦ Design, document and monitor information security policies and best practices according to standards and compliance requirements.
♦ Contribute expertise and mentor technology teams on Information Security criticality. Provide strategic guidance, training, and tools.
2011 : Present
Catalyst Enterprises LLC
Founder/Senior Enterprise Cybersecurity Consultant
Engaged as a proven industry leader to launch robust corporate security program from inception.
♦ Served as trusted advisor/point-of-contact across all information security initiatives; physical, logical, technical, and regulatory/non-regulatory strategies.
♦ Provided recommendations to Board Audit Committee and executive leaders. Communicated technical concepts and impacts of decisions with clarity and transparency as member of IT Governance Committee.
♦ Devised and deployed all-encompassing security programs to optimize organizational safeguarding to include vulnerability assessment programs, incident response plan, employee investigations, corporate security policy, facilities security procedures, access control strategy, vendor management to mature security posture and fulfill operating security/audit requirements.
♦ Developed, documented, and monitored information security policies, best practices according to strict financial service standards and compliance requirements.
♦ Contributed key insights to resolve information security issues across internal systems and workflows while optimizing security controls.
♦ Partnered with cross-functional teams across technology and the business to consistently align objectives.
♦ Enhanced workflow and processes driving rapid incident response and proactive risk mitigation efforts.
✶Orchestrated and implemented security and risk management assessment programs. Contributed key insights as trusted advisor to C-suite on criticality of strong security posture to proactively uncover business risks. Devised KPIs for tracking vulnerabilities and measuring success of resolution.
✶Navigated organization through complex security incident and response event engaging with law enforcement and managing legal/regulatory post-event activities.
✶Drove strategic enterprise-wide implementation of security policy program. Partnered with cross-functional teams to establish standardization, procedures, and guidelines.
2009 : 2011
Colorado Housing and Finance Authority
Information Security Officer
2007 : 2009
Colorado Housing and Finance Authority
Sr. Internal Auditor
2009 : 2011
InfraGard Denver Members Alliance
Board Member
2005 : 2007
Coalfire Systems, Inc.
SR. Auditor
About
Areas I Excel In
I am a well-regarded industry leading professional with expertise launching and maturing robust security programs for enterprise organizations. For over 10 years, I have partnered with key clients on projects in manufacturing, government, financial services, healthcare, and energy sectors to recommend solutions that proactively identify/mitigate risks and minimize exposure of corporate data. I am committed to proactively safeguarding enterprise organizations from threats, vulnerabilities, risks, and security breaches. I strategically align information security with technology and operations by conducting current/future state analysis and devising roadmaps to implement complex security postures. I ensure security compliance to standardized NIST/ISO regulations and guidelines for enterprise networks. My solid business/technical acumen allows me to serve as company representative and security solution SME. I present complex technical concepts to non-technical personnel, stakeholders, senior executives, and board members with full transparency to gain buy-in and successful adoption. I am known for preparing clearly articulated documentation of procedures and policies to serve as a knowledgebase.
Some of My Proudest Accomplishments
✶Spearhead internal Vulnerability and Threat Assessment (VTA) program. Lead third-party IT security assessments and track remediations.
✶Ambassador for pilot program to devise security solutions for future pivot of onsite to virtualized business model. Promptly deployed at onset of COVID-19 pandemic working with server team to effectively monitor all remote user endpoints. Gained buy-in from senior leadership for program expansion. Organization now uses as primary model with 97% remote workers.
✶Assisted premier Third-Party Administration (TPA) firm with post-breach recovery plan and brand/client relationship turnaround. Represented company as Subject Matter Expert (SME) reaffirming customer confidence.
Profile Photo
