Bogdan Dragomir

Provide IT security implementation know-how and assistance. Provide Compliance audit assistance and know-how. Performed audits based on GDPR, ISO2700 and PCI-DSS Performed ethical penetration testing for large clients. Trained over 20 junior security professionals in various domains including ethical penetration testing, vulnerability assessments, architecture design. Coached over 10 CISO's on leadership skills and methods helping them to maximize their efficiency and potential.

Maintenance of enterprise security and compliance with US and EU regulations Responsible for hiring personnel Responsible for evaluating and approving new IT security technologies. Accountable for security posture of the organization and data security Responsible and accountable for multi years technology strategies. Responsible and accountable for ensuring business-ICT alignment Managed 5 Director roles each with 12-25 direct reports Managed the security for remote branches 6 in the USA, 3 in EU, 3 in Asia

Supervised and assisted developing the GRC framework needed to comply with FFIC and NIST audits. Defined the standardization common denominator to ensure future GRC maintenance and updates. Evaluated control design and efficacy to appropriately address outstanding risks

Identify, evaluate risks and recommend further actions to mitigate or lower inherent risks. Managed a team of 10 Risk Managers. Act as liaison between project teams and GIS partners. Advise network team on architecture changes Evaluate the need for security testing and define the level of engagement. Managed resiliency planning and global encryption key rotation Created the strategy to migrate from exception based risk management to controlled change risk management

Foster increased organizational maturity, and consulting services; Set new strategies to manage organization's portfolio of IT-enabled business investments. Managed acceptable boundaries for organizational risk appetite and defined the risk treatment in balance with the business objective and forecast-ed disaster impact. Defined, documented, implemented and managed new strategies targeted to maximize the quality of business cases for IT-enabled business investments.

Strategic consulting enterprise project management, incident response management, information risk management, security strategy, gap analysis and controls assessment, policy development, business impact analysis, and best practices assessment (PCI, NIST, ISO, ITIL, and COBIT) and management support. Project Management engagements for effective IT Governance based on CobIT, ISO 27000 NIST 800-53 FISMA HIPAA PCI and SOX. Acted as consulting CISM for multiple clients and coordinating cross technology teams

Managed Penetration testing programs and US and UK. Managed audits and audit remediation based on CobIT, ISO 17799, PCI, HIPAA, FISMA, SAS-70 and Sarbanes Oxley. Responsible for hiring technical personnel, conducting interviews, evaluating personnel performance. Designed and documented IT workflows, Business Continuity & Disaster Recovery solutions. Managed datacenter and professional services. Compiled financial revenue forecast and reporting.. Ensured oversight of Global Datacenter design and deployments

Improved corporate security policy, based on federal regulations (OTS), Sarbanes Oxley, HIPAA, standards such as ISO 17799, CobIT, and CISP. Performed comprehensive vulnerability assessments including Social engineering, penetration testing, physical perimeter and network and application security controls strength evaluation third-party companies. Application vulnerability testing, network and wireless security assessments. Trained IT security teams for CISCO technologies and Ethical Hacking.