Profiles search
Kyle Joerger
Information Security Risk Management | CISSP | CISM | MBA | Information Security Risk & Compliance | Technology Risk | IT Audit
Chicago, IL, United States
Details
Experience:
• Implement Operational Risk Governance, ensuring compliance with internal policies, regulations, and the 3LoD model across regionally distributed teams.
• Facilitate oversight of information security key risks and controls, perform business reviews, and advise senior management on results and recommendations.
• Implement and monitor information security internal controls in accordance with NIST-CSF.
• Ensure successful implementation of risk management framework via deep dives, risk control self-assessment (RCSA), management actions, and internal controls.
• Develop management reporting dashboards for risk-based decisions.
• Analyze security incidents, identify control framework enhancements, provide independent challenges and validation of reported metrics, and present risk-based recommendations to senior management.
• Facilitate periodic assessments of the confidentiality, integrity, and availability (CIA) of information assets.
• Deliver independent recommendations to senior management on policies and procedures.
• Perform independent analysis and root cause investigations of security incidents and events.
• Identify control framework enhancements by keeping up with industry trends, including global regulations and best practices, and monitoring changes in information security processes, systems, etc.
• Implement internal control framework (operational risk, information security, and business continuity).
• Lead regional IT Risk Committee and ensure key and/or emerging risks are effectively managed.
• Monitor user access reviews of critical and non-critical applications.
• Assist Vendor Management with Third-party Risk Management (TPRM) implementation and maturity.
Skills : Information Security Risk Management, Cybersecurity, Internal Control Frameworks, NIST-CSF, Risk-based Decision Making, Management Reporting, Third Party Risk Management, Security Incident Management, Root Cause Analysis, Trend Analysis, Industry Trends
2022 : Present
ABN AMRO Clearing USA LLC
AVP, Information Security Risk Manager
- Transitioned from support role to the lead of the Manufacturing Cybersecurity Program
- Led recurring program meetings and routinely present to executive leadership down to technical site teams to deliver program status updates and program risks/challenges
- Led Manufacturing Cybersecurity Steering Committee while collaborating with Cyber Risk Management, Architecture, and Deployment teams
- Advocated for the advancement of the Manufacturing Cybersecurity Program to ensure consistent identification, analysis, response, and monitoring of cyber risks
- Identified and promoted cross-collaboration across several enterprise teams
- Consulted business units, manufacturing teams (IT and engineering), and system owners to achieve program requirements
- Consistently demonstrated a high level of business acumen, including recognizing stakeholders needs and listening to customers, audience awareness, affinity for problem solving, etc.
- Supervised and mentored Cyber Risk Management intern
- Designed and managed dashboards to reported program metrics to leadership and key stakeholders
- Facilitated and moderated quarterly sessions to promote Cybersecurity Awareness across enterprise
- Consulted and managed enhancements to risk calculation, while partnering with the GRC team
- Continued to manage auxiliary responsibilities as detailed in prior position details herein
Consistently proved my ability to face and overcome challenges while continuously developing leadership and influence across several initiatives :
- Led the Advancing Professionals Network's (employee network) Lake County Chapter as Co-Chair
- Mentored for Abbott Mentoring Program
- Supported Cybersecurity DEI initiatives
2021 : 2022
Abbott
Supervisor, Cybersecurity Risk Management
- Enabled a seamless, efficient process to manage strategy, risk, and governance across the enterprise
- Consulted business units, manufacturing teams, and system owners to achieve program requirements
- Bolstered cybersecurity operations by designing, developing, and recommending risk solutions that are operationally viable and efficient
- Designed data visualizations to report key metrics to leadership and global operations council
- Developed a customized risk calculator for the Cybersecurity Department to enable risk rating using a consistent methodology
- Aided in the advancement of the manufacturing security program to ensure consistent identification, analysis, response, and monitoring of cyber risks
- Contributed to the development of a risk-based cyber security program to meet regulatory requirements and align with industry leading information security practices
- Continuously monitored national and international regulatory compliance and frameworks
2019 : 2021
Abbott
Cyber Risk Management Senior Analyst
- Conducted international internal audits and gap assessments for various Abbott divisions
- Assessed IT controls against policies to ensure compliance and minimize risk to the organization
- Managed the internal audit management software for the department across five countries
- Identified key risks and developed IT scope to each specific audit engagement
- Created and updated IT audit work programs and testing methodologies (e.g., firewall analysis, ITGC, SIEM)
- Assembled detailed reports and presented to executives, management, and IT staff
- Executed departmental application upgrade and rollout in Q4 of 2018
2018 : 2019
Abbott
Senior Auditor, Global IT Audit
- Managed the audit department calendar and approved project assignments
- Developed IT audit templates and service offering write-ups
- Conducted weekly departmental meetings with audit staff and executive leadership
- Advised the sales department and leadership on service offerings and project statuses
- Delivered detailed reports to executives, management, and IT staff
- Coached personnel on services to increase customer satisfaction
2017 : 2018
BAI Security
Project Manager
• Facilitate oversight of information security key risks and controls, perform business reviews, and advise senior management on results and recommendations.
• Implement and monitor information security internal controls in accordance with NIST-CSF.
• Ensure successful implementation of risk management framework via deep dives, risk control self-assessment (RCSA), management actions, and internal controls.
• Develop management reporting dashboards for risk-based decisions.
• Analyze security incidents, identify control framework enhancements, provide independent challenges and validation of reported metrics, and present risk-based recommendations to senior management.
• Facilitate periodic assessments of the confidentiality, integrity, and availability (CIA) of information assets.
• Deliver independent recommendations to senior management on policies and procedures.
• Perform independent analysis and root cause investigations of security incidents and events.
• Identify control framework enhancements by keeping up with industry trends, including global regulations and best practices, and monitoring changes in information security processes, systems, etc.
• Implement internal control framework (operational risk, information security, and business continuity).
• Lead regional IT Risk Committee and ensure key and/or emerging risks are effectively managed.
• Monitor user access reviews of critical and non-critical applications.
• Assist Vendor Management with Third-party Risk Management (TPRM) implementation and maturity.
Skills : Information Security Risk Management, Cybersecurity, Internal Control Frameworks, NIST-CSF, Risk-based Decision Making, Management Reporting, Third Party Risk Management, Security Incident Management, Root Cause Analysis, Trend Analysis, Industry Trends
2022 : Present
ABN AMRO Clearing USA LLC
AVP, Information Security Risk Manager
- Transitioned from support role to the lead of the Manufacturing Cybersecurity Program
- Led recurring program meetings and routinely present to executive leadership down to technical site teams to deliver program status updates and program risks/challenges
- Led Manufacturing Cybersecurity Steering Committee while collaborating with Cyber Risk Management, Architecture, and Deployment teams
- Advocated for the advancement of the Manufacturing Cybersecurity Program to ensure consistent identification, analysis, response, and monitoring of cyber risks
- Identified and promoted cross-collaboration across several enterprise teams
- Consulted business units, manufacturing teams (IT and engineering), and system owners to achieve program requirements
- Consistently demonstrated a high level of business acumen, including recognizing stakeholders needs and listening to customers, audience awareness, affinity for problem solving, etc.
- Supervised and mentored Cyber Risk Management intern
- Designed and managed dashboards to reported program metrics to leadership and key stakeholders
- Facilitated and moderated quarterly sessions to promote Cybersecurity Awareness across enterprise
- Consulted and managed enhancements to risk calculation, while partnering with the GRC team
- Continued to manage auxiliary responsibilities as detailed in prior position details herein
Consistently proved my ability to face and overcome challenges while continuously developing leadership and influence across several initiatives :
- Led the Advancing Professionals Network's (employee network) Lake County Chapter as Co-Chair
- Mentored for Abbott Mentoring Program
- Supported Cybersecurity DEI initiatives
2021 : 2022
Abbott
Supervisor, Cybersecurity Risk Management
- Enabled a seamless, efficient process to manage strategy, risk, and governance across the enterprise
- Consulted business units, manufacturing teams, and system owners to achieve program requirements
- Bolstered cybersecurity operations by designing, developing, and recommending risk solutions that are operationally viable and efficient
- Designed data visualizations to report key metrics to leadership and global operations council
- Developed a customized risk calculator for the Cybersecurity Department to enable risk rating using a consistent methodology
- Aided in the advancement of the manufacturing security program to ensure consistent identification, analysis, response, and monitoring of cyber risks
- Contributed to the development of a risk-based cyber security program to meet regulatory requirements and align with industry leading information security practices
- Continuously monitored national and international regulatory compliance and frameworks
2019 : 2021
Abbott
Cyber Risk Management Senior Analyst
- Conducted international internal audits and gap assessments for various Abbott divisions
- Assessed IT controls against policies to ensure compliance and minimize risk to the organization
- Managed the internal audit management software for the department across five countries
- Identified key risks and developed IT scope to each specific audit engagement
- Created and updated IT audit work programs and testing methodologies (e.g., firewall analysis, ITGC, SIEM)
- Assembled detailed reports and presented to executives, management, and IT staff
- Executed departmental application upgrade and rollout in Q4 of 2018
2018 : 2019
Abbott
Senior Auditor, Global IT Audit
- Managed the audit department calendar and approved project assignments
- Developed IT audit templates and service offering write-ups
- Conducted weekly departmental meetings with audit staff and executive leadership
- Advised the sales department and leadership on service offerings and project statuses
- Delivered detailed reports to executives, management, and IT staff
- Coached personnel on services to increase customer satisfaction
2017 : 2018
BAI Security
Project Manager
Company:
ABN AMRO Clearing USA LLC
About
I am an information security professional with expertise in risk assessment/management, IT audit, and vulnerability management within the healthcare / life sciences, financial services, insurance, and municipality sectors. I also gained invaluable experience in the security consulting and systems design industry. I have experience with audit framework development, cybersecurity controls, security standards reviews, security best practices (auditing and implementation), and social engineering to determine existing vulnerabilities.
I have also conducted gap and risk assessments, which included the evaluation of IT general controls (ITGC), access control, user access management, application controls, firewall configurations, video surveillance, duress alarms, and overall physical security. I have exceptional attention to detail, specifically as it relates to control testing and quality assurance / quality control (QA/QC), and I am meticulous in my reviews of audit testing results and the development of related documentation.
I have been heavily involved in the development of multifaceted security training for Fortune 500 clients. Training topics have included situational awareness and legislation (client-specific and location-based). Additionally, I continually expand my knowledge within the industry through various professional organizations, training and education, and framework research that encompass up-to-date industry standards and best practices.
Profile Photo
