Jeff F.
Details
Western Governors University
2018 : 2020
Bachelor of Electrical Engineering
University of South Carolina
1981 : 1985
2022 : Present
Bitso
Chief Information Security Officer
Progressive hands-on leader creating modern cyber security solutions for FinTech Next-Gen Digital Banking. Building enterprise information security programs from the ground up for SaaS, IaaS, and PaaS environments to align with the future of Digital Banking and Cryptocurrency Exchanges.
• Utilizes cutting edge, innovative ideas, and processes, along with big data analytics to drive these programs by fully embracing the latest advancements in digital technology and cyber security to fight ransomware and phishing attacks.
• Enhancing customer and employee experiences with technologies that make it easier to stay secure and compliant with the latest federal and state regulations. Reduced costs and overhead by eliminating the dependency on legacy hardware and software, ensuring that information assets, our employees, and our customers are secure.
• Builds effective relationships with stakeholders and cross-functional teams to help set company strategy, influence roadmaps, and create security programs whose vision and evolution supports business goals and objectives.
• Develops the information security strategy, roadmap, and budget then presents to the CEO, CIO, and Board of Directors establishing Critical Success Factors ensuring KPIs and KRIs align with business objectives.
• Partners with business leaders creating visibility of security risks across all departments, reducing risk by education and awareness, maturation of the security risk posture, and the NIST Cyber Security Framework.
• Drives security and innovation from digital transformation to technological advances like artificial intelligence and data mining, harnessing the information and adapting quickly to security challenges ensuring demands on enhanced security do not impact the customer experience.
• Created DevSecOps to support and oversea security for DevOps establishing business requirements and identifying security gaps in CI/CD pipelines and the Software Development Life Cycle (SDLC).
2020 : 2022
American Challenger Bank
Chief Information Security Officer
Led and empowered teams of security engineers, developers, analysts, & architects focused on security architecture, product engineering, application security, container security, configuration management, endpoint security, and static code analysis. Partnered with CISO and business leaders establishing the cloud security framework utilizing NIST CSF and SOC2 compliance aligning with regulatory requirements, including CCPA and GDPR , to support business objectives and goals.
• Developed enterprise security solutions protecting the cloud and data against malware, ransomware, and threat actors, performing security and operational risk assessments and reviews reducing risk of attack and data loss. Identified potential issues and coordinated with DevSecOps teams, stakeholders, and their leadership to remediate.
• Counseled business leaders creating strategic partnerships, setting strategic direction and strategic vision of the cyber security framework, and creating the roadmap ensuring the enterprise security model aligns with business objectives.
• Directed cross-functional teams developing & executing security compliance programs for Vulnerability Management and Application Security identifying risks and weaknesses. Collaborated with business leaders, IT support teams, and developers to aggressively remediate security findings reducing number of vulnerabilities by 40% in 6 months.
• Oversaw annual budget of $5.2MM while forecasting and assessing programs, services and tools for cost savings opportunities and continuous improvement decreasing annual expenses by $900K renegotiating contracts and licenses.
• Engineered the security architecture that migrated 8 data centers and over 45K servers to AWS, Azure, and GCP including managing the project plan that migrated applications to AWS Lambda reducing EC2 footprint and cost.
• Motivate, mentor and coach a diverse group of globally dispersed teams setting goals, delivering performance reviews and talent management.
2016 : 2020
Capital One
Sr. Director Cyber Security Engineering & Architecture
Directed security analysts and DevSecOps teams managing red team/ blue team exercises, threat detection, and incident response (CIRT). Supervised the Security Operations Center (SOC) delivering industry trend analysis, threat intelligence, and threat modeling in addition to contributing to the Cyber Security technology roadmap. Facilitated intelligence briefings, quarterly business reviews, and executive presentations to C-Level and business leaders.
• Provided leadership and guidance heading the redesign and expansion of a global Cyber Security Operations Center focused on 24x7 security monitoring, incident response, threat intelligence, and digital forensics.
• Implemented aggressive anti-phishing program including internal training and phishing campaigns resulting in increased awareness and a rapid take down of fake websites reducing occurrences from dozens per month to single digits.
• Reshaped and enhanced the Incident Response Playbook creating a Task Force to act on imminent threats, identify opportunities to optimize threat detection approaches globally and monitoring emerging threats more effectively.
• Directed teams of security SMEs supporting DEVOPS secure Software Development Life Cycle (SDLC), establishing business requirements and identifying security gaps in CI/CD pipeline (Continuous Integration / Continuous Delivery).
• Orchestrated migration of SIEM to Splunk utilizing Security Orchestration Automation and Response (SOAR) integration to monitor and alert on cloud events. Employed Big Data analytics achieving 25% increase in real-time analysis.
• Educated Business leaders and application owners on regulatory requirements and privacy laws related to PCI DSS, SOX, COBIT, and GLBA. Aligned with ISO 27001 identifying deficiencies and creatively worked with stakeholders to manage compliance against federal and state requirements (FINRA, FRB, and OCC) reducing the risk of audit findings.
2012 : 2016
Capital One
Director of Cyber Security Operations
Directed the Information Technology Risk Management Program including strategy, business and compliance risk, insider threat and Third-Party Risk Management (TPRM). Adapted to external and organization’s changing risk posture and partnered with key stakeholders proactively addressing identified risks. Managed risks following corporate policy & guidelines, legal counsel, state, & federal regulations. Played vital role in assessing risks for mergers & acquisitions.
• Led the identification and mitigation of IT risks aligning with the risk management framework. Managed compliance with internal customers, business partners, and regulatory agencies. Engaged with Enterprise Risk Management, Internal Audit, Legal, Privacy, Information Security, and other second-line functions to set expectations in remediating risks.
• Developed, implemented, and monitored a comprehensive information security and IT risk management program to ensure the integrity, confidentiality and availability of information owned, controlled, or processed by the organization.
• Oversaw internal governance processes (includes reporting, issue management, policy/standard review, risk identification, risk assessments, and risk monitoring).
• Challenged, monitored, and advised on a sound IT risk-based management strategy, review of business risk appetite, design of effective IT controls, establishing effective behaviors and an appropriate level of risk awareness, communicating, presenting, and reporting risk identification and risk mitigation to C-Level and business leaders.
• Proactively expanded security risk assessments to analyze the effectiveness of cyber security controls including SaaS, PaaS, and IaaS ensuring controls align with industry standards and security best practices (NIST, CIS, SOX, COBIT) presenting results to CIO, CISO, and business leaders influencing and reducing remediation times by 22%.
2007 : 2012
Capital One
Director Information Technology Risk Management
Skills
Amazon Web Services (AWS), Application Security, Business Continuity, Business Continuity Planning, Business Intelligence, Business Process Improvement, Cloud Computing, Cloud Security, Computer Security, Contract Negotiation, Cyber Risk Management, Cybersecurity, Cybersecurity Incident Response, Cyber Threat Intelligence (CTI), Data Center Operations, Data Center Virtualization, Docker, Enterprise Architecture, Executive Management, Identity & Access Management (IAM), Information Security, Information Security Management, Information Technology, ISO 27001, IT Audit, IT Governance, ITIL, IT Infrastructure Management, IT Operations, IT Service Management, Leadership, Mergers & Acquisitions, Microsoft Azure, Networking, Network Security, Payment Card Industry Data Security Standard (PCI DSS), Penetration Testing, People Management, Program Management, Project Management, Requirements Analysis, Security Architecture Design, Security Awareness, Security Information and Event Management (SIEM), Security Operations Center, Software Development, Software Development Life Cycle (SDLC), Strategy, Team Leadership, Vulnerability Management
About
With over 20 years of experience in information security, cybersecurity, and technology risk management, I am a transformational leader with a forward-thinking strategy and vision. I have extensive experience in creating new business capabilities through technology, aligning with the company's vision and strategy, and protecting data, processes, and innovation. I am currently the Chief Information Security Officer at Bitso, the leading cryptocurrency platform in Latin America, where I am responsible for building enterprise information security programs from the ground up for SaaS, IaaS, and PaaS environments.
As the CISO, I lead and empower teams of security engineers, developers, analysts, and architects focused on security architecture, product engineering, application security, container security, configuration management, endpoint security, and static code analysis. I partner with C-Level executives and business leaders to establish the security framework aligning with NIST CSF and ISO 27001 to achieve SOC2 compliance and to support business objectives and goals in the fast-growing and dynamic cryptocurrency ecosystem. I have developed enterprise security solutions that protect our cloud environment and data against malware, ransomware, and threat actors to reduce the risk of attack and data breaches. I am an innovator and visionary who inspires creativity and earns trust, while fostering confidence and translating big picture viewpoints into tangible action plans. I am passionate about driving digital transformation and cloud adoption strategies, and delivering solutions that bridge the gap between today's technology and tomorrow's innovations.
Areas of expertise:
Executive and Board Presentations on Security Posture and Risk Appetite
Advanced Threat Prevention and Cybersecurity Intelligence Analysis
Cloud Security Expertise in AWS, GCP, and Azure (SaaS, PaaS, IaaS, DaaS)
Security Innovation and Adopting Emerging Technologies
Proactive AI Driven Vulnerability Management
Aligning with Security Best Practices with Business Strategy
Balanced Risk Management with Governance and Compliance
Management of Large Budgets and Staff
Predictive Insider Threat Analytics
Identity and Access/Entitlements Management
Information Security Policies and Standards
Regulatory Compliance Controls (GDPR, CCPA, LGPD, SOX, GLBA, FFIEC, SOC2, PCI DSS, ISO, HIPAA)
Profile Photo
