Chief Information Security Officer (CSO)
Thomas Wesiel Partners
Designed and implemented formal Information Security program for the firm through on-going assessment of risks and putting into action policies and procedures as well as technical controls to minimize highest risks. The program functions include Information Risk and Privacy assessment, assurance of Compliance with applicable regulations and law, management of network security applications and operations, and Crisis and Business Continuity planning.
- Establish, streamline, and maintain firm and Information Technology security policies and procedures.
- Assess, implement, oversee operations of appropriate technologies for vulnerability assessment and remediation, laptop encryption, network behavior analysis, E-Mail encryption, Text Message logging (for Compliance), Financial Controls Management (SOX). On-going assessment and maintenance of content filtering and anti-virus technologies.
- On-going assessment of information security and compliance risks to the business and reporting of such risks to IT Steering Committee.
- Collaborate with Legal and Compliance to ensure the Information Technology function and controls are appropriate for current and upcoming regulation and law. Ensure technical controls are put into place to backup firm Policy where applicable. Work with IT Groups to comply with new regulations as they pertain to the business.
- Implement and maintain Information Technology Sarbanes-Oxley (SOX) program.
- Work with Internal Audit, external auditors, and regulators for review and testing
- Responsible for Enterprise Business Continuity planning. Coordination with business units to ensure up to date and accurate business line plans and impact analysis documents. Oversee on-going maintenance of Information Technology documentation, technology failover planning and implementation to business needs. Work in partnership with Human Resources and Compliance to create and maintain internal as well as regulatory plans.