Profiles search
Eric Liebowitz
Chief Information Security Officer, Americas at Thales
McLean, VA, United States
Details
Experience:
2019 : Present
Thales
Chief Information Security Officer - Americas
Lead the team for CyberSecurity functions including :
- Security Monitoring (SOC)
- Forensics/Investigations
- Incident Response
- Threat Intelligence
2016 : 2019
Freddie Mac
CyberSecurity Director
- Built a new Patch & Vulnerability Management program to define corporate patching cycles and timelines to remediate identified vulnerabilities in applications and infrastructure components.
- Utilizing a hybrid framework, developed a Security Risk Management program to identify, assess and report risks which allowed appropriate business leaders to make informed risk decisions. Oversaw compliance programs to ensure successful completion of annual PCI & MRC certifications.
- Reviewed and rewrote existing policies and standards, making them easy to understand and realistic to follow.
- Established a Security Council made up of business leaders and implemented an IT Governance framework that drove the IT Security program in support of business goals and objectives.
- Built a new security awareness and training program that included monthly security articles, new hire training, and simulated phishing training to reduce risk throughout the organization.
- Hired and mentored a highly motivated team of Security professionals to fully establish an IT Governance, Risk and Compliance function within IT Security.
2014 : 2015
AOL
Technical Director
- Chief of Staff to CISO during a tremendous company change, attrition, and government scrutiny.
- Created business cases in support of an annual budget and initiative planning process that included acquisition of new tools, vendors and managed services.
- Developed a 3 year roadmap that included procurement of tools, services and staff to strengthen the Information Security program and reduce risk across the organization.
- Analyzed and enhanced the existing risk management program in line with industry standards and the changing threat landscape adding significant value to the identification of business risks.
- Promoted IT Governance by reviewing and updating existing policies and standards to account for changing technology and business requirements.
- Facilitated simulated phishing campaigns to test and train employees on the dangers of social engineering, reducing the risk of compromise to corporate assets.
- Closed two Significant Deficiency audit findings (made up of 50 Major and 130 other legacy issues) while building strong relationships with internal and external audit teams.
2011 : 2014
Freddie Mac
Information Security Director
- Reviewed, selected and implemented cutting edge tools to provision and de-provision technology access.
- Provided requirements and performed testing on a new Access Recertification system to review and affirm appropriateness of access to Financial and Privileged systems.
- Built and implemented a credential vault solution to manage access to thousands of shared system accounts and passwords reducing the risk of accounts being abused to access financial systems and data.
- Reviewed and updated dozens of IT General Controls that were required to execute processes that ensured financial systems were protected from internal and external threats.
2009 : 2011
Freddie Mac
Senior Manager
Thales
Chief Information Security Officer - Americas
Lead the team for CyberSecurity functions including :
- Security Monitoring (SOC)
- Forensics/Investigations
- Incident Response
- Threat Intelligence
2016 : 2019
Freddie Mac
CyberSecurity Director
- Built a new Patch & Vulnerability Management program to define corporate patching cycles and timelines to remediate identified vulnerabilities in applications and infrastructure components.
- Utilizing a hybrid framework, developed a Security Risk Management program to identify, assess and report risks which allowed appropriate business leaders to make informed risk decisions. Oversaw compliance programs to ensure successful completion of annual PCI & MRC certifications.
- Reviewed and rewrote existing policies and standards, making them easy to understand and realistic to follow.
- Established a Security Council made up of business leaders and implemented an IT Governance framework that drove the IT Security program in support of business goals and objectives.
- Built a new security awareness and training program that included monthly security articles, new hire training, and simulated phishing training to reduce risk throughout the organization.
- Hired and mentored a highly motivated team of Security professionals to fully establish an IT Governance, Risk and Compliance function within IT Security.
2014 : 2015
AOL
Technical Director
- Chief of Staff to CISO during a tremendous company change, attrition, and government scrutiny.
- Created business cases in support of an annual budget and initiative planning process that included acquisition of new tools, vendors and managed services.
- Developed a 3 year roadmap that included procurement of tools, services and staff to strengthen the Information Security program and reduce risk across the organization.
- Analyzed and enhanced the existing risk management program in line with industry standards and the changing threat landscape adding significant value to the identification of business risks.
- Promoted IT Governance by reviewing and updating existing policies and standards to account for changing technology and business requirements.
- Facilitated simulated phishing campaigns to test and train employees on the dangers of social engineering, reducing the risk of compromise to corporate assets.
- Closed two Significant Deficiency audit findings (made up of 50 Major and 130 other legacy issues) while building strong relationships with internal and external audit teams.
2011 : 2014
Freddie Mac
Information Security Director
- Reviewed, selected and implemented cutting edge tools to provision and de-provision technology access.
- Provided requirements and performed testing on a new Access Recertification system to review and affirm appropriateness of access to Financial and Privileged systems.
- Built and implemented a credential vault solution to manage access to thousands of shared system accounts and passwords reducing the risk of accounts being abused to access financial systems and data.
- Reviewed and updated dozens of IT General Controls that were required to execute processes that ensured financial systems were protected from internal and external threats.
2009 : 2011
Freddie Mac
Senior Manager
Company:
Thales
About
A passionate IT Security Leader with progressive Information Security experience in a heavily regulated industry. Successful in managing multiple security domains for large Financial Services and Technology organizations. Managed domestic and international Security teams with a record of successfully building and maturing Information Security programs in diverse cultural environments. Strong leadership and communication skills with the ability to translate risk factors and solutions into terms the business can work with. Successful in delivering innovative Security solutions that meet corporate strategic goals while promoting a team-orientated work environment.
Profile Photo
