Profiles search
Kevin Birchfield, CISA, CISM, CDPSE
Vice President, Information Security Lead Analyst at Citi
New York, NY, United States
Details
Experience:
• Recruited to return to former team and lead third party assessments on critical business relationships for the Global Information Security Division
• Conducted over 350 third party Information Security Assessments in my career
• Trainer for newly hired information security assessors
• Team Leader for policy team to create new process guides for single assessment strategies, 4th party subcontractor assessments, and other processes involving suppliers for Citi
• Developed new procedure guides and business practices for handling relationships with global clearing, custody, and agent banks
2016 : Present
Citi
Vice President, Information Security Lead Analyst
Work with software development teams to ensure compliance with Information Security standards. Recommend changes, enhancements, or additions to the security controls of business applications that will enhance the Information Security profile of the organization's processes. Work with software developers to develop strategies and plans for improving both architecture and application security.
2015 : 2016
Citi
VP Technical Information Security Officer
Perform on-site and remote Information Security reviews for the Supplier IS Risk Management area ensuring compliance with Citi Information Security Standards.
• IS Assessments include determining the appropriate levels of controls to safeguard sensitive data and validate those controls are implemented.
• Responsible for providing a full write-up of the Information Security Assessment that includes results, gaps and threat assessment for IS Risk Management.
• Provide guidance for audit preparation and help with remediation of IS GAPs covering COB, Data Encryption, Authorization, Transmittal, Storage, Intrusion Detection / Prevention, Software Development Standards, Change and Incident Management, Cloud Computing, 4th Party Contractors, Physical Security, Data Center Standards, Security Policies and Procedures, IS Governance, Software Development Life Cycle. Review SSAE16 SOC Reports, PCI Compliance, HIPAA, CISS.
2011 : 2015
Citi
VP Lead Information Security Assessor
2006 : 2011
Citi
Business Recovery Coordinator
2004 : 2006
Citi
Helpdesk Analyst
• Conducted over 350 third party Information Security Assessments in my career
• Trainer for newly hired information security assessors
• Team Leader for policy team to create new process guides for single assessment strategies, 4th party subcontractor assessments, and other processes involving suppliers for Citi
• Developed new procedure guides and business practices for handling relationships with global clearing, custody, and agent banks
2016 : Present
Citi
Vice President, Information Security Lead Analyst
Work with software development teams to ensure compliance with Information Security standards. Recommend changes, enhancements, or additions to the security controls of business applications that will enhance the Information Security profile of the organization's processes. Work with software developers to develop strategies and plans for improving both architecture and application security.
2015 : 2016
Citi
VP Technical Information Security Officer
Perform on-site and remote Information Security reviews for the Supplier IS Risk Management area ensuring compliance with Citi Information Security Standards.
• IS Assessments include determining the appropriate levels of controls to safeguard sensitive data and validate those controls are implemented.
• Responsible for providing a full write-up of the Information Security Assessment that includes results, gaps and threat assessment for IS Risk Management.
• Provide guidance for audit preparation and help with remediation of IS GAPs covering COB, Data Encryption, Authorization, Transmittal, Storage, Intrusion Detection / Prevention, Software Development Standards, Change and Incident Management, Cloud Computing, 4th Party Contractors, Physical Security, Data Center Standards, Security Policies and Procedures, IS Governance, Software Development Life Cycle. Review SSAE16 SOC Reports, PCI Compliance, HIPAA, CISS.
2011 : 2015
Citi
VP Lead Information Security Assessor
2006 : 2011
Citi
Business Recovery Coordinator
2004 : 2006
Citi
Helpdesk Analyst
Company:
Citi
Profile Photo
