Director, Information Security - Incident Response
Directed all aspects of Hilton’s Privacy and Information Security operations, risk management, monitoring, reporting, and investigations of all suspected breaches of privacy and information security.
Responsible for setting objectives, goals, metrics, policies, standards, guidelines, and executing risk assessments. Assist with Team Member incident response awareness. Lead compliance reporting, breach incident management, and consulting for enterprise-wide Information Security Incident Response practices, systems, and government security initiatives. Direct a staff of IT Security professionals including a Digital Forensic Expert and Information Security Incident Manager.
Established Hilton’s Information Security Incident Response program that is organized and prepared to mobilize (IT, HR, Legal, PR, Communications, Audit, Security, Risk Management, and law enforcement) to document and investigate suspected breaches and incidents, escalate appropriately, and restore information confidentiality, availability, and integrity.
Implemented an Information Security forensics capability for investigations, evidence preservation, and making technical determinations regarding breaches and recommended remediation.
Established the policy that monitors the implementation of auditable access controls for networks, systems, applications, and information that ensure that only users with the proper need and authority are granted access to systems, are allowed to execute programs, and can read, change, or delete the appropriate information on the systems.
Managed the budget for the Incident Response and Investigations team, as well as costs of external resources and consultants. Shared responsibility with the Information Security Officer of the overall operating budget of the Enterprise Information Security Office.