Profiles search
Federico Paulino, CISSP, CISM, CRISC
Regional Information Security Officer
Pelham, NY, United States
Details
Experience:
The Regional information Security Officer defines the Branch’s Information Security Program at the US Operations and monitors compliance with its objectives. The RISO directs the planning, development, implementation and monitoring of security for enterprise information systems and processes located at the US Operations. The Regional Information Security Officer develops and implements security training and awareness programs to educate employees about our information security solutions and requirements. The scope of the RISO program is branch-wide, is aligned to FFIEC and Head Office rules and encompasses all media (electronic or print).
- Implementing and overseeing the branch’s Information Security Program to maintain alignment with global policies and regulations as well as local ones.
- Serving as an advisor to senior management on topics and issues related to Information Security, which can allow them to create a strategy that can benefit the branch.
- Overseeing the access control program to prevent any privilege creep from occurring and maintain user access based on the least privilege principle.
- Actively collaborating with the local and global Information Technology teams to maintain the branch’s risk exposure at a very minimum level.
- Maintaining users up-to-date with the latest cyber-security news and awareness training to improve the branch’s security posture
- Monitoring security logging and event management systems to detect risks and protect the bank’s systems and network from unauthorized access and harmful applications
- Coordinating with the BCP owner the implementation plan to ensure that all information systems resources can be restored in a secure manner, based on a risk based approach.
2018 : Present
Handelsbanken
Regional Information Security Officer
Responsible for implementation of the Bank’s Information Security Program and Vendor Management Program. Overseeing the testing and monitoring of information security controls for compliance with Bank policies and regulatory requirements to ensure that Bank and customer information is properly secured.
- Participated in the Internet Banking Risk Group meetings, risk assessments that were performed for cybersecurity, critical technologies, applications, or devices that are implemented or revised.
- Coordinated the Bank’s responses to potential data breaches according to the Bank’s Incident Response Plan.
- Oversaw the annual review of employee access rights to Bank systems to verify alignment with job responsibilities.
- Monitored the configuration of all Bank applications to ensure they met the standards set forth in the Information Security Program.
- Performed information security assessments on internal controls, security testing and evaluation, systems security reporting, network security penetration testing, and diagnosing of IT infrastructure.
- Reviewed system logs for the Bank’s infrastructure to identify trends. Investigated abnormalities and exceptions to the Bank’s Information Security Program.
- Proposed changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.
- Oversaw the installation and maintenance of network facilities, including hardware, software, and systems, including servers related to security.
- Monitored security logging and event management systems to detect risks and protect the bank’s systems and network from unauthorized access and harmful applications
- Implemented strong security measures, such as : Symantec EPP/Web Filter, firewalls, policy, IDS/IPS, VPN solutions and physical security practices
- Administered input into vulnerability and patch management processes to ensure patches are prioritized based on vulnerability risk
2015 : 2018
Banco Estado
Information Security Officer
Responsible for managing day-to-day operations of the network including installation and maintenance of multi-functional/multi-user information processing systems, peripheral equipment and auxiliary devices.
- Efficiently & effectively maintained TCP/IP, UDP, internet & intranet routing, switching and bridging functions in LAN, WAN & VPN environments
- Successfully transferred data between information processing equipment & systems; provided assistance in the design, preparation, editing and testing of computer programs
- Functioned as Information Security Officer, deftly safeguarded the American Network against unauthorized software/hardware or application during 2012-2014; ensured the closure of 20 Telecommunications projects on every base in the southern region of Afghanistan
o Monitored internal control systems to ensure that appropriate information access levels and security clearances were maintained
o Supervised compliance with the organization’s security policies and procedures among employees, contractors, alliances and other third parties and applied corrective action
o Performed information security risk analysis and periodic information system activity reviews in order to identify potential security weaknesses, recommend improvements to amend vulnerabilities, implement changes and document upgrades
o Performed program management for multiple projects with varying priorities. Actively involved in business presentations, discussions, budget planning, project evaluation and assessment work with senior executives and higher military authority
o Supervised IT project schedules and resource plans, managed budgets and project priorities, tracked project progress and provided guidance for successful completion of project within budget and time
2006 : 2015
US Army
Information Technology Specialist
- Implementing and overseeing the branch’s Information Security Program to maintain alignment with global policies and regulations as well as local ones.
- Serving as an advisor to senior management on topics and issues related to Information Security, which can allow them to create a strategy that can benefit the branch.
- Overseeing the access control program to prevent any privilege creep from occurring and maintain user access based on the least privilege principle.
- Actively collaborating with the local and global Information Technology teams to maintain the branch’s risk exposure at a very minimum level.
- Maintaining users up-to-date with the latest cyber-security news and awareness training to improve the branch’s security posture
- Monitoring security logging and event management systems to detect risks and protect the bank’s systems and network from unauthorized access and harmful applications
- Coordinating with the BCP owner the implementation plan to ensure that all information systems resources can be restored in a secure manner, based on a risk based approach.
2018 : Present
Handelsbanken
Regional Information Security Officer
Responsible for implementation of the Bank’s Information Security Program and Vendor Management Program. Overseeing the testing and monitoring of information security controls for compliance with Bank policies and regulatory requirements to ensure that Bank and customer information is properly secured.
- Participated in the Internet Banking Risk Group meetings, risk assessments that were performed for cybersecurity, critical technologies, applications, or devices that are implemented or revised.
- Coordinated the Bank’s responses to potential data breaches according to the Bank’s Incident Response Plan.
- Oversaw the annual review of employee access rights to Bank systems to verify alignment with job responsibilities.
- Monitored the configuration of all Bank applications to ensure they met the standards set forth in the Information Security Program.
- Performed information security assessments on internal controls, security testing and evaluation, systems security reporting, network security penetration testing, and diagnosing of IT infrastructure.
- Reviewed system logs for the Bank’s infrastructure to identify trends. Investigated abnormalities and exceptions to the Bank’s Information Security Program.
- Proposed changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.
- Oversaw the installation and maintenance of network facilities, including hardware, software, and systems, including servers related to security.
- Monitored security logging and event management systems to detect risks and protect the bank’s systems and network from unauthorized access and harmful applications
- Implemented strong security measures, such as : Symantec EPP/Web Filter, firewalls, policy, IDS/IPS, VPN solutions and physical security practices
- Administered input into vulnerability and patch management processes to ensure patches are prioritized based on vulnerability risk
2015 : 2018
Banco Estado
Information Security Officer
Responsible for managing day-to-day operations of the network including installation and maintenance of multi-functional/multi-user information processing systems, peripheral equipment and auxiliary devices.
- Efficiently & effectively maintained TCP/IP, UDP, internet & intranet routing, switching and bridging functions in LAN, WAN & VPN environments
- Successfully transferred data between information processing equipment & systems; provided assistance in the design, preparation, editing and testing of computer programs
- Functioned as Information Security Officer, deftly safeguarded the American Network against unauthorized software/hardware or application during 2012-2014; ensured the closure of 20 Telecommunications projects on every base in the southern region of Afghanistan
o Monitored internal control systems to ensure that appropriate information access levels and security clearances were maintained
o Supervised compliance with the organization’s security policies and procedures among employees, contractors, alliances and other third parties and applied corrective action
o Performed information security risk analysis and periodic information system activity reviews in order to identify potential security weaknesses, recommend improvements to amend vulnerabilities, implement changes and document upgrades
o Performed program management for multiple projects with varying priorities. Actively involved in business presentations, discussions, budget planning, project evaluation and assessment work with senior executives and higher military authority
o Supervised IT project schedules and resource plans, managed budgets and project priorities, tracked project progress and provided guidance for successful completion of project within budget and time
2006 : 2015
US Army
Information Technology Specialist
Company:
Handelsbanken
Spoken Language:
English, Spanish
About
☛Thank you for visiting my profile...
Versatile and highly competent Information Technology Professional possessing nearly 13 years of experience in monitoring, defining and identifying cyber-related risks in corporate IT, performing cyber security tasks such as system administration, requirements definition, analysis, design, testing, and implementation as well as developing and maturing existing programs and solutions to protect those systems. Skilled in assisting IT Manager for streamlining IT operations in alignment with business objectives of the organization. Proficient in planning, coordinating, directing and designing IT-related activities, as well as providing support on daily operational activities of IT. Possess solid management skills and the ability to identify, recommend, develop, implement and support cost-effective technology solutions for all aspects of the organization.
Profile Photo
