Profiles search
Rich Levy
Business Information Security Officer/Senior Director @ KPMG | CISSP, CIPP/IT
Hoboken, NJ, United States
Details
Experience:
- I am responsible for cyber security across KPMG’s global tax and legal practice.
2020 : Present
KPMG
Business Information Security Officer/Senior Director
- I directed the Security Architecture group for the US and Americas. I also guided the activities of a global team of senior security architects while quadrupling the size of the group in three years. I collaborated with line-of-business IT personnel to develop solutions that incorporated necessary security controls dictated by risk factors and the regulatory environment.
- I led security efforts to modernize security architecture review processes. I strongly advocated cloud-native concepts, DevSecOps, security as code, and zero trust. I spearheaded the deployment of security controls for the firm, including credential theft mitigation (CTM), endpoint detection and response (EDR), and password-less authentication solutions.
- I developed a cloud security practice to partner with internal federated IT teams developing SaaS solutions and migrating heavily regulated workloads to public clouds (Azure/AWS/GCP), including solutions for corporate tax, and small-to-midsize company bookkeeping, healthcare life sciences, and audit lines.
- I developed and implemented the security architecture strategy and guided the development and launch of architecture and security solutions to protect against advanced and commodity threats. I collaborated with security compliance teams regarding client security concerns, contractual obligations, and regulatory compliance. In addition, I supported compliance for NIST, FAR/DFARS, HIPPA, HITRUST, SOC2, and PCAOB.
- I selected and deployed advanced workstation controls and minimized credential theft through re-engineering of the Active Directory and supporting infrastructure. I ensured advances in baseline and cloud security, design patterns, security principles, reference architecture, and technical hardening standards.
2014 : 2020
KPMG
Head of Security Architecture/Director
- I spearheaded all security aspects for a multi-year systems integration engagement for a public safety client. I was tasked to direct all aspects of the security program, including architecture, compliance, engineering, incident response, monitoring, and policy. I also led cyber security for Vexcel (Microsoft subsidiary/FAR-compliant prime contractor) and supervised complex systems integrations.
- I developed and implemented security controls for core infrastructure, custom embedded devices, distributed networks, IoT devices, and mission-critical applications. I interacted closely with clients regarding emerging security threats within their business/mission context. In addition, I developed and implemented strategies to mitigate financial and security risks.
- I designed, implemented, and oversaw critical security control functions along with vulnerability management, which incorporated forward/reverse proxies, intrusion detection/prevention systems (IDS/IPS), security information, and event management (SIEM), and web application firewalls (WAF).
- I oversaw security concerns for the supply chain. Collaborated with technology partners to enhance the overall security of products and services. I also conducted secure development lifecycle (SDL/S-SDLC) audits to evaluate software vendors to ensure compliance with secure coding mandates and protocols.
- I was assigned to direct budget and margin issues that impacted security-centric change orders and contract extensions. Interacted closely with program leaders throughout the organization and subcontractors. I sought to develop and promote a culture of individual responsibility for information security in the program.
- I served as a proactive member of an interdisciplinary working group tasked to advise worldwide Microsoft customers on techniques to defend and neutralize credential theft attacks.
2011 : 2014
Microsoft
Program Information Security Officer (Senior Consultant II)
2007 : 2011
United Natural Foods
Security Engineering Technical Lead
2020 : Present
KPMG
Business Information Security Officer/Senior Director
- I directed the Security Architecture group for the US and Americas. I also guided the activities of a global team of senior security architects while quadrupling the size of the group in three years. I collaborated with line-of-business IT personnel to develop solutions that incorporated necessary security controls dictated by risk factors and the regulatory environment.
- I led security efforts to modernize security architecture review processes. I strongly advocated cloud-native concepts, DevSecOps, security as code, and zero trust. I spearheaded the deployment of security controls for the firm, including credential theft mitigation (CTM), endpoint detection and response (EDR), and password-less authentication solutions.
- I developed a cloud security practice to partner with internal federated IT teams developing SaaS solutions and migrating heavily regulated workloads to public clouds (Azure/AWS/GCP), including solutions for corporate tax, and small-to-midsize company bookkeeping, healthcare life sciences, and audit lines.
- I developed and implemented the security architecture strategy and guided the development and launch of architecture and security solutions to protect against advanced and commodity threats. I collaborated with security compliance teams regarding client security concerns, contractual obligations, and regulatory compliance. In addition, I supported compliance for NIST, FAR/DFARS, HIPPA, HITRUST, SOC2, and PCAOB.
- I selected and deployed advanced workstation controls and minimized credential theft through re-engineering of the Active Directory and supporting infrastructure. I ensured advances in baseline and cloud security, design patterns, security principles, reference architecture, and technical hardening standards.
2014 : 2020
KPMG
Head of Security Architecture/Director
- I spearheaded all security aspects for a multi-year systems integration engagement for a public safety client. I was tasked to direct all aspects of the security program, including architecture, compliance, engineering, incident response, monitoring, and policy. I also led cyber security for Vexcel (Microsoft subsidiary/FAR-compliant prime contractor) and supervised complex systems integrations.
- I developed and implemented security controls for core infrastructure, custom embedded devices, distributed networks, IoT devices, and mission-critical applications. I interacted closely with clients regarding emerging security threats within their business/mission context. In addition, I developed and implemented strategies to mitigate financial and security risks.
- I designed, implemented, and oversaw critical security control functions along with vulnerability management, which incorporated forward/reverse proxies, intrusion detection/prevention systems (IDS/IPS), security information, and event management (SIEM), and web application firewalls (WAF).
- I oversaw security concerns for the supply chain. Collaborated with technology partners to enhance the overall security of products and services. I also conducted secure development lifecycle (SDL/S-SDLC) audits to evaluate software vendors to ensure compliance with secure coding mandates and protocols.
- I was assigned to direct budget and margin issues that impacted security-centric change orders and contract extensions. Interacted closely with program leaders throughout the organization and subcontractors. I sought to develop and promote a culture of individual responsibility for information security in the program.
- I served as a proactive member of an interdisciplinary working group tasked to advise worldwide Microsoft customers on techniques to defend and neutralize credential theft attacks.
2011 : 2014
Microsoft
Program Information Security Officer (Senior Consultant II)
2007 : 2011
United Natural Foods
Security Engineering Technical Lead
Company:
KPMG
Spoken Language:
English, Spanish
About
With over 14 years of experience in information security, I am a passionate and results-oriented leader who drives digital transformation and cloud security across KPMG's global tax and legal practice. As the Business Information Security Officer and Senior Director, I am responsible for cyber security strategy, governance, risk management, and operations for one of the largest professional services firms in the world.
My core competencies include cloud computing, assurance and compliance, SaaS products, highly regulated enterprise environments, and complex systems integration engagements. I have a proven track record of leading innovative cloud security programs and guiding teams to deliver robust commercial solutions. I have also collaborated with line-of-business IT personnel to develop solutions that incorporate necessary security controls dictated by risk factors and the regulatory environment. I hold the CISSP, CIPP/IT, and Security+ certifications, as well as an MBA from the University of Massachusetts at Amherst.
Profile Photo
