Profiles search
Joseph Koodray
Director - Information Security Officer at Citrin Cooperman
Midland Park, NJ, United States
Details
Education:
BSBM - Graduate High Honors
Business Management
University of Phoenix
Bio Major (pre-med), Information Technology, Business, Graduate Courses
Fairleigh Dickinson University-Florham Campus
Project Management Tools
Applied Business Technology Corporation (ABT)
Advanced Certification
Project Management Software Development Methodologies - Method1
Arthur Andersen Consulting
Graduate - High Honors Programming
Cobol, RPG, OS/DOS JCL, Assembler
Computer Processing Institute (CPI)
Business Management
University of Phoenix
Bio Major (pre-med), Information Technology, Business, Graduate Courses
Fairleigh Dickinson University-Florham Campus
Project Management Tools
Applied Business Technology Corporation (ABT)
Advanced Certification
Project Management Software Development Methodologies - Method1
Arthur Andersen Consulting
Graduate - High Honors Programming
Cobol, RPG, OS/DOS JCL, Assembler
Computer Processing Institute (CPI)
Experience:
2020 : Present
Citrin Cooperman
Director - Information Security Officer
• Created Information Security Role - responsible for all aspects of information security, risk management and audit coordination. Created, Implemented and Socialized the following :
• Created, Planed, Maintained and Executed Organizational Information Security Architecture
• DLP (Data Loss Prevention)
• PCI Enforced segregated VLAN’s
• PCI VLAN Penetration Testing : developed scope, engaged vendor, facilitated issue review meetings with SME’s and stakeholders, prioritized issues by risk level, managed, monitored and provided Senior Management remediation status. Performed initial PCI self-assessment to obtain a compliance baseline. Utilized Qualys PCI remote scanning and reporting capabilities.
• Penetration Testing : Created scope, engaged vendor, managed testing and monitored remediation activities (Testing : Internal, External, Web & Wireless)
• Perform Internal Vulnerability Scans using technology aimed at comparing exploits currently in the “wild” against “scanned internal assets”. This methodology presents a more tactical and focused approach to remediation of vulnerabilities and decreases organizational risk
• Data Classification; Policy, Standard, Process tool selection and implementation
• Created the Internal Risk Committee; Charter, Risk Inventory, Audit Inventory &Remediation Status
• Perform Organizational Phishing Testing
• Created Information Security Training Curriculum
• Responsible for SIEM relationship, Incident Response, & migration to MDR (Managed Detection & Response) solution
• Instrumental in Influencing the way audits within the organization are being performed
• Reported status on Information & Security Issues & Initiatives to the Audit Committee of The Board of Directors
• Relationships with FBI, NYPD, NYPD Shield, TINYg, ICOM, Infragard & Secret Service
• BCP & DR Consultative Guidance and Governance
2016 : 2020
National Septermber 11 Memorial & Museum
Director of Information Risk and Security
* National September 11 Memorial & Museum (11/2013 - 02/2014) Performed IT General Controls Audit
* Novartis Pharmaceuticals (02/2014 - 07/2015) Performed reviews of validated applications, systems and processes. Application review of (GXP & SOX)
2013 : 2016
Experis Finance & Accounting Services
Professional, IT Risk Advisory Services
Vice President - Global Head of Audit and Compliance January 2010 - November 2013
* Selected to develop and lead global IT Infrastructure Audit and Compliance organization based on prior successes in this domain
* Created global strategy with a winning balance of local accountability and centralized direction setting and oversight
* Planned, socialized and obtained approval by local and regional leadership in a highly decentralized organization; also engaged Regional Internal Audit, and Regional PWC to maximize buy-in of all stakeholder and minimize risk of jurisdictional gaps in design
* Global model deployment on target of plan approval
* Areas of responsibility consistent with those listed in prior role
2010 : 2013
AIG Global Services
Vice President - Global Head of Audit and Compliance
Domestic based function (Livingston, Houston and Fort Worth), responsible for the following :
* Sarbanes-Oxley 404 Management Testing – Infrastructure, Operations, Change Management, Logical and Physical Security and Backup
* Business Information Security Officer (BISO) – Control Standard Reviews, Risk Acceptance, Software Security Assessment, Entity Assessment Submissions, Security Awareness Training, Data Loss Prevention, Security Incident Management, Review and monitor ESM reports, VONTU (email scans for PII, HIPPA, ABA, etc.)
* Audit Liaison – Primary interface for any infrastructure related audit (internal, external, regulatory) for the global infrastructure utility
* Self Identified Risk – Chair GS Risk Committee, facilitate identification and classification of risks, monitor remediation activities, ensure risks are identified in corporate repository
* Compliance – Monitor and ensure that regulatory requirements and standards are being adhered to.
* Reporting – Central monitoring of audit activity (active audits, open issues, remediation, risks and SOX testing)
* Database Monitoring – Established service as product offering. Currently supporting nineteen financially significant databases
* Facilities Management (core infrastructure for two datacenter facilities– tier 3 and 4)
2007 : 2010
AIG Global Services
Vice President Of Administration and Compliance
Citrin Cooperman
Director - Information Security Officer
• Created Information Security Role - responsible for all aspects of information security, risk management and audit coordination. Created, Implemented and Socialized the following :
• Created, Planed, Maintained and Executed Organizational Information Security Architecture
• DLP (Data Loss Prevention)
• PCI Enforced segregated VLAN’s
• PCI VLAN Penetration Testing : developed scope, engaged vendor, facilitated issue review meetings with SME’s and stakeholders, prioritized issues by risk level, managed, monitored and provided Senior Management remediation status. Performed initial PCI self-assessment to obtain a compliance baseline. Utilized Qualys PCI remote scanning and reporting capabilities.
• Penetration Testing : Created scope, engaged vendor, managed testing and monitored remediation activities (Testing : Internal, External, Web & Wireless)
• Perform Internal Vulnerability Scans using technology aimed at comparing exploits currently in the “wild” against “scanned internal assets”. This methodology presents a more tactical and focused approach to remediation of vulnerabilities and decreases organizational risk
• Data Classification; Policy, Standard, Process tool selection and implementation
• Created the Internal Risk Committee; Charter, Risk Inventory, Audit Inventory &Remediation Status
• Perform Organizational Phishing Testing
• Created Information Security Training Curriculum
• Responsible for SIEM relationship, Incident Response, & migration to MDR (Managed Detection & Response) solution
• Instrumental in Influencing the way audits within the organization are being performed
• Reported status on Information & Security Issues & Initiatives to the Audit Committee of The Board of Directors
• Relationships with FBI, NYPD, NYPD Shield, TINYg, ICOM, Infragard & Secret Service
• BCP & DR Consultative Guidance and Governance
2016 : 2020
National Septermber 11 Memorial & Museum
Director of Information Risk and Security
* National September 11 Memorial & Museum (11/2013 - 02/2014) Performed IT General Controls Audit
* Novartis Pharmaceuticals (02/2014 - 07/2015) Performed reviews of validated applications, systems and processes. Application review of (GXP & SOX)
2013 : 2016
Experis Finance & Accounting Services
Professional, IT Risk Advisory Services
Vice President - Global Head of Audit and Compliance January 2010 - November 2013
* Selected to develop and lead global IT Infrastructure Audit and Compliance organization based on prior successes in this domain
* Created global strategy with a winning balance of local accountability and centralized direction setting and oversight
* Planned, socialized and obtained approval by local and regional leadership in a highly decentralized organization; also engaged Regional Internal Audit, and Regional PWC to maximize buy-in of all stakeholder and minimize risk of jurisdictional gaps in design
* Global model deployment on target of plan approval
* Areas of responsibility consistent with those listed in prior role
2010 : 2013
AIG Global Services
Vice President - Global Head of Audit and Compliance
Domestic based function (Livingston, Houston and Fort Worth), responsible for the following :
* Sarbanes-Oxley 404 Management Testing – Infrastructure, Operations, Change Management, Logical and Physical Security and Backup
* Business Information Security Officer (BISO) – Control Standard Reviews, Risk Acceptance, Software Security Assessment, Entity Assessment Submissions, Security Awareness Training, Data Loss Prevention, Security Incident Management, Review and monitor ESM reports, VONTU (email scans for PII, HIPPA, ABA, etc.)
* Audit Liaison – Primary interface for any infrastructure related audit (internal, external, regulatory) for the global infrastructure utility
* Self Identified Risk – Chair GS Risk Committee, facilitate identification and classification of risks, monitor remediation activities, ensure risks are identified in corporate repository
* Compliance – Monitor and ensure that regulatory requirements and standards are being adhered to.
* Reporting – Central monitoring of audit activity (active audits, open issues, remediation, risks and SOX testing)
* Database Monitoring – Established service as product offering. Currently supporting nineteen financially significant databases
* Facilities Management (core infrastructure for two datacenter facilities– tier 3 and 4)
2007 : 2010
AIG Global Services
Vice President Of Administration and Compliance
Company:
Citrin Cooperman
Years of Experience:
38
Skills
Microsoft Office, Research, Writing, Readiness, Punctual, Analytical Abilities, Microsoft Word, Customer Service, Community Outreach, Trials, Analytical Skills
About
Operations and Systems Executive with a strong track record of developing and implementing strategic initiatives that improve operations, controls, processes and systems resulting in improved compliance, reduced risk, increased visibility and productivity. A change agent with particular strength in managing relationships and expectations of internal and third party compliance audit organizations.
Profile Photo
