Philip Ramey
Details
Georgetown University
2012 : 2013
Bachelor of Arts - BA
Government & Politics
George Mason University
Prudential Financial
VP - Chief Information Security Officer
2020 : 2023
Prudential Financial
Global Head of IT Operational Risk & Governance
2018 : 2020
Freddie Mac
Vice President - IT Operational Risk & Governance
Direct 150 team members managing development, implementation, and oversight of engagement risk program including governance and risk management for information security, cyber-security, privacy, business continuity, and third party risk management at service delivery level for 700+ client engagements. Manage firm’s risk and compliance framework and application based upon ISO 27001. Assess and report internal and external risks across client engagements.
Selected Achievements :
* Recruited to build and lead compliance function for Banking and Financial Services business vertical. Established central risk governance capability.
* Grew central Compliance organization from disparate set of 15 staff covering 10 engagements to 150 person organization covering 250 engagements.
* Built onboarding compliance program that covered risk gap.
Selected Skills :
* Compliance Program Development & Management
* Governance & Risk Management
* Information Security & Cyber-Security Optimization
* Budgeting & Cost Control
* Business Continuity & Privacy
* Client Engagement & Relationship Building
* Regulatory Compliance : HIPAA, PCI/DSS, FERPA, GDPR
2015 : 2018
HCL Technologies
Senior Vice President / Global Head of Engagement Risk / Chief Compliance Officer
Led Risk and Assurance operations with 5 direct and 15 indirect reports. Established comprehensive security risk assessment, security engineering, security operations, security training / awareness, and incident response capability in collaboration with Chief Information Security Officer. Directed remediation efforts for application vulnerability issues that directly impacted revenue stream.
Selected Achievements :
* Built formal information security risk assessment program and cyber security response capability for firm. Established M&A assessment program providing security risk identification, security risk remediation, and issue avoidance / cost saving approaches on 10+ acquisitions during 2 year period.
* Established risk management and assessment processes increasing awareness, coordinating risk mediation, and improving leadership understanding of risk posture.
Selected Skills :
* Risk & Assurance Operations
* Budgeting & Cost Control
* Security Risk Assessment & Mitigation
* Security Engineering & Operations
* Regulatory Compliance : HIPAA, PCI/DSS, FERPA, GDPR
* Cyber Security Program Management
* M&A Assessment Programs
* Cost Savings & Regulatory Fine Avoidance
* Policy & Procedure Development
* Corporate Governance & Risk Modeling
* Full Lifecycle Project Management
2012 : 2015
Elsevier
Vice President - Risk & Assurance
Skills
Application Security, Business Continuity, CIPP, CISA, CISSP, Cloud Computing, COBIT, Computer Forensics, Computer Security, Data Privacy, Data Security, Disaster Recovery, Enterprise Risk Management, FISMA, GCFE, GLBA, Identity & Access Management (IAM), Identity Management, Incident Response, Information Security, Information Security Management, information technology, Intrusion Detection, ISO 27001, IT Audit, ITIL Certified, Leadership, NIST, PCI DSS, Penetration Testing, Sarbanes-Oxley, Security, Security Audits, Security Awareness, Security Incident Response, Threat & Vulnerability Management, Vulnerability Assessment, Vulnerability Management, Threat & Vulnerability, Security Incident, Enterprise Risk
About
I am a highly analytical, decisive, and innovative IT executive with 20+ years of progressive Information
Security, Risk Management, IT Governance, and Compliance leadership experience communicating and advocating for security vision, business continuity, and privacy. As a globally focused leader, I have demonstrated forensic investigations, cyber threat / vulnerability management, security monitoring, infrastructure security, security threat intelligence, and training expertise. I thrive as a strategic and resourceful problem solver with an innate ability to diagnose broken processes / operations, build programs, and implement security technologies including encryption, network security, intrusion detection, and digital forensics leading large, cross functional, sourced, or matrixed teams.
Career Highlights:
* Established 1st Line of Defense (1LOD) operational risk capability within Freddie Mac's Information Technology organization. Built comprehensive risk management, risk advisory, risk assessment, and third party risk programs to increase awareness of risk within IT and inform risk based decisions. Uplifted and redesigned governance programs to provide requirements, oversight, and consistency for IT resiliency and technology architecture.
* Expanded risk and compliance insight from 2-3 engagements to 250+ engagements for HCL. Reduced risk exposure 80% via contractual service delivery compliance. Slashed threat / risk of breach of contract based on security breaches / incidents.
* Developed technology roadmap and framework to mitigate risks for Freddie Mac. Sourced and procured funding for 2 major technology implementations. Built 2 parallel security monitoring and vulnerability management programs. Closed 3 material weaknesses and reduced overhead costs 75%.
* Executed risk assessment process on 100+ programs / applications for Elsevier. Conducted M&A security assessment process for 10+ acquisitions. Established comprehensive regulatory control program for key frameworks: ISO 27001, HIPAA, FERPA, PCI/DSS, GDPR
Specialties:
Leadership & Team Building • Information Security Management • Global Information Security • Risk
Assessment & Mitigation • IT Investments, Standards, & Controls • Regulatory Compliance • Security Trend Identification • Full Lifecycle Project Management • Security Policy Development • Performance
Measurement • Governance Programs & Processes • Strategic Partnerships
Profile Photo
