Harold A.

• Lead the development and implementation of a comprehensive Information Security Program and Governance Structure for MIM Europe, aligning with global standards and regulatory requirements.

• Provide key subject matter expertise, oversight, and execution of MIM's Information Security Program.

• Leverage IT Risk Management and IT Control Frameworks expertise to drive program improvement and alignment with best practices.

• Review and test IT General Security Controls against internal frameworks, identify and report deficiencies, and track remediation actions.

• Drive PCI DSS Compliance, NFRA and IT Third-Party Risk Assessment programs, manage IT-related regulatory and audit security assessments and requests.

• Support reviews and contractual negotiations with partners, vendors, and customers.

• Provide guidance on IT Security Policies and Standards.

• Collaborate with Risk and Compliance to classify, document IT risks, control gaps and support in creating, maintaining, and monitoring IT Risk Metrics.

• Led comprehensive cybersecurity assessments aligned with ISO 27001 , CIS, COBIT, ITIL, and NIST CSF, driving a 65% improvement in data protection measures, a fortified security posture, and enhanced organizational compliance.

• Delivered a 40% improvement in IT risk management and compliance metrics by providing comprehensive support to all business areas ensuring for adherence to policies, procedures, standards, and reporting requirements.

• Spearheaded and streamlined SOC 2 and HIPAA audits, achieving a 50% reduction in completion time over three consecutive years.

• Identified and reduced infrastructure security vulnerabilities by 35% through vigilant identification, remediation and patch management, minimizing disruption and ensuring business continuity.

• Elevated the company's AWS cloud security posture to a 91% score through strategic security architecture and technology implementation.

• Managed the information security program, security projects, conduct regular user access reviews, internal security audits, and ensure ongoing compliance with ISO 27001 .

• Implemented a data lifecycle-based log retention policy, improving storage efficiency by 35% and ensuring regulatory compliance.

• Led SIEM optimization efforts, resulting in a 35% reduction in false positives and a 20% improvement in incident response efficiency.

• Created and implemented a comprehensive security awareness program for 500+ employees, fostering a culture of cybersecurity vigilance.

• Championed the design of a cutting-edge security, governance, risk, and compliance (SGRC) solution.

• Establish and maintain a robust information security program by evaluating and validating security practices, procedures, comprehensive security policies and controls.

• Served as an escalation path for eight (8) team members to troubleshoot security related inquiries.

• Supported cross-functional collaboration with GRC and Audit teams to provide evidence for SOC 2 Type II audit, internal user access reviews, and ISO 27001 bi-yearly audit.

• Conducted DLP and insider threat investigations, resulting in a 60% decrease in sensitive data exfiltration and a 75% improvement in security incident response times for suspicious activities, policy violations, and potential insider threats.

• Administered and managed native cloud services and enterprise network solutions, optimizing system performance and reducing downtime by 25%, leading to increased operational efficiency and enhanced user experience.

• Implemented and managed MDM/DEP solutions, achieving an 88% monthly average compliance rate and enforcing security policies. Created and edited runbooks which helped facilitate troubleshooting and productivity of team members by 70% with regards to on-call for incident response.

• Completed more than 2,000 new hire orientations, inductions, onboardings, and security awareness training.

• Managed access control and security groups for 5,000+ employees based on RBAC & ABAC.