Sean Nealon
Details
Computer Science
Harvard University
2018
HBX CORe (Credential of Readiness)
Business
HBX | Harvard Business School
2017
Brookfield Properties
Senior Vice President, Global Head, Cyber & Information Security
As the head of global enterprise information security for this world-leading real estate owner-operator, I manage the security strategy, programs, operations, technologies, a 20-member team, and multi-million dollar budgets. My leadership extends across security practices, regulatory compliance, processes, infrastructure, cyber technology architecture, networks, applications, and data.
► INFORMATION SECURITY MATURITY
• As the foundation for advancing the global cybersecurity posture and simplifying board and C-level reporting, I established the cybersecurity baseline for measuring maturity across ~50 operating companies.
• Taking security maturity from 1.3 to 2.9 on the NIST CMMI scale, I drove the development of 3 models for security operations management and incident response across verticals.
• I advise the investment team on cybersecurity matters for M&As and conducted due diligence on companies and products.
► REGULATORY COMPLIANCE
• By teaming with legal counsel to build and implement a global data privacy program for 8 companies, including a new SaaS solution, I gained compliance with GDPR, CCPA, and PIPEDA requirements.
► SECURITY OPERATIONS MANAGEMENT
• I elevated security operations team engagement and productivity, accelerated issue resolution, and slashed personnel costs by leading the investment for the XSOAR security automation platform.
► OTHER SECURITY SOLUTIONS & PROGRAMS
• By analyzing, rationalizing, and optimizing the use of enterprise security technologies, I drastically reduced security alerts, cut costs/increased ROI, and boosted solution adoption.
• To improve systems access control, SOX compliance, and the user experience, I rolled out Okta for identity and access management (AIM) across multiple key operating companies.
• I led ongoing security monitoring by heading the RFP, vendor selection, and development of a threat intelligence platform.
• I established a global security awareness program that minimized phishing risks 60%+.
2019 : 2021
Brookfield Properties
Vice President, Global Head, Cyber & Information Security
As the company’s first information security employee, I was brought on to found the security strategy, program, team, standards, tools, processes, and procedures to support Risk & Compliance, Architecture, and Operations.
► INFORMATION SECURITY MATURITY & OPERATIONS
• I built the company’s first security information and event management program from scratch and reached the target security maturity within 18 months. The team I formed covered information security, compliance, governance, risk management, and disaster recovery.
• To protect against malware, I implemented a strong endpoint security system using AI and machine learning.
► REGULATORY COMPLIANCE
• I founded a Governance, Risk, and Compliance (GRC) program on a cloud platform with task automation to manage SOX, PCI, and PII requirements and provide visibility to all stakeholders.
• Avoiding liability and fines for PCI non-compliance, I took over the PCI function, brought in a third-party auditor, identified deficiencies, and replaced the technology across 127 properties in 30 days.
• For proper segregation of systems and authorized user access, I established a strong network access control system.
2017 : 2019
Brookfield Properties Retail (Formerly GGP)
Senior Director, Cyber & Information Security
I managed enterprise technology security operations, programs, projects, and processes for one of the world’s largest law firms, leading a team in maximizing company protection through continuous improvement.
► INFORMATION SECURITY MATURITY
• I launched an incident response team and security information and event management (SIEM) process, workflow, and solution for consolidated reporting to maximize the security posture and enable 24x7 security monitoring.
• By operationalizing and instituting a vulnerability management program, I reduced vulnerabilities 80%, enabling full weekly scans of the IT environment, automated system owner alerts, and management reporting.
• After finding that an expensive real-time security monitoring platform was not being used, I drove full adoption to boost security and capitalize on the solution ROI.
► TEAM EFFECTIVENESS
I restructured IT activities to fuel technology innovation by the architect team and systems security management by the operations team.
2016 : 2017
Kirkland & Ellis LLP
Information Security Operations Manager
Working closely with a variety of stakeholders, I led various internal initiatives and consulting engagements for information security strategies, programs, and technologies. My role covered everything from assessing client systems and processes to architecting internal solutions and orchestrating large-scale, enterprise system roll-outs.
► INFORMATION SECURITY MANAGEMENT
• I established global standards for on-premise and cloud solutions and a third-party risk management solution, which improved the quality of security architecture developed across 90 offices in 50 countries.
• To position a major mobile device producer for success in the information security market, I provided company executives with recommendations for the go-to-market strategy and tested pre-release devices.
• I built the foundation for what became the homegrown platform, SystemCheck, marketed and sold to clients as a new product. The solution enabled proactive IT monitoring, 37% higher system uptime, greater consulting productivity, and consulting satisfaction with the IT group.
• By designing a website to capture permissions globally and enable thousands of managers to change them independently, I eliminated 17K help desk tickets per year.
• To foster a culture of security awareness related to social engineering attacks, I selected a solution that created mock attacks and provided an avenue for feedback on unsolicited messages.
► ADDITIONAL PROJECTS
• I turned around a troubled MS Office implementation, completing the project 17 days early and below budget.
• As the manager of the mobile device strategy and program, I assessed and steered a 6-member team in deploying secure, market-leading MSM solutions.
2010 : 2016
The Boston Consulting Group
Information Security Architect, 2014 – 2016 │ IT Project Manager, 2010 – 2014
Skills
analytics, business analysis, business transformation, California Consumer Privacy Act (CCPA), change management, Cybersecurity, Cybersecurity Incident Response, data analysis, Data Privacy, Data Security, data visualization, enterprise architecture, enterprise software, General Data Protection Regulation (GDPR), Identity & Access Management (IAM), Incident Management, Information Security, information security awareness, information security engineering, Information Security Governance, information security management, Information Security Policy, Information Security Standards, ISO 27001, it management, it operations, IT Security Assessments, IT Security Best Practices, IT Security Operations, IT Security Policies & Procedures, it service management, it strategy, leadership, Management, management consulting, mobile devices, Network Security, Payment Card Industry Data Security Standard (PCI DSS), pmo, product management, program management, Project Management, project portfolio management, python, Risk Management, Security Incident & Event Management, software project management, strategic planning, vendor management, Vulnerability Assessment, sharepoint, Desktop Support, pmi, Project Implementation, VBScript, c, Siemens HiPath, technical support, sql, tableau, java, Project Portfolio, Software Project, software development, business strategy
About
Staying ahead of the curve in information security is paramount in today’s evolving company environment, where companies are leaning heavily into remote work through mobile and cloud platforms. My mission is continually advancing global systems and information security through cutting-edge strategies, programs, and practices.
I’m the Vice President, Global Head of Cyber & Information Security at Brookfield Properties, driving the IT security vision and operations that support 25+ corporate offices worldwide, 19,000 personnel, our partners, and tenants. As a strategic partner to business executives, I advise on the security impacts of potential company acquisitions and new solutions to ensure security protection across systems, networks, processes, and vendors.
► MY STORY
I have been leading enterprise system, network, and data protection for 2 decades through visionary leadership within companies that span a variety of industries, including real estate, law practice, and management consulting. I joined Brookfield Properties in 2017 and have since built a portfolio of success stories in security management.
► CAREER HIGHLIGHTS
• Building information security organizations, practices, programs, and processes from the ground up.
• Taking Brookfield Properties’ security maturity from 1.3 to 2.9 on the NIST CMMI scale.
• Automating security processes, accelerating issue resolution, mitigating risks, cutting costs, elevating team engagement, boosting productivity, and creating a culture of security awareness.
• Developing and implementing programs covering Data Privacy, Governance, Risk, and Compliance (including third-party risk management), Security Awareness, Security Operations and Incident Response, Identity and Access Management (IAM), Vulnerability Management, and Threat Intelligence.
► CERTIFICATIONS
• Chief Information Security Officer (C|CISO)
• Certified Information Systems Security Professional (CISSP)
• Certified Ethical Hacker (C|EH)
• Certified Penetration Tester (CPT)
• Project Management Professional (PMP)
► CONTACT ME
I am always happy to share my expertise and build my network. Let’s connect!
Profile Photo
