Adam Hale
Pensacola,FL
Summary
Results-driven cybersecurity professional with expertise in third-party risk management (TPRM) programs and control testing. Skilled in training team members to proactively identify and highlight potential risks. Committed to long-term risk management by establishing robust internal protocols and fostering a culture of responsibility and attentiveness. Experienced in working with startups and larger institutions, collaborating on TPRM programs, assessing vendors, and cultivating stronger stakeholder relationships. Successfully assisted over 50 major healthcare systems, 10 insurance firms, and 10 financial services companies in enhancing their TPRM programs through security consultancy.
Overview
6
6
years of professional experience
1
1
Certification
Work History
VP.O (Vice President Officer) - Sr. Cybersecurity TPRM Consultant (IC-Level 7)
M&T Bank
11.2022 - 09.2024
- Conducted in-depth risk assessments virtually as well as onsite at our vendors corporate headquarters and data centers
- Traveled on behalf of the Bank to lead onsite vendor risk reviews at our vendors data centers and corporate locations.
- Developed a training program for new hires, current staff within the TPRM space, and for collaborating teams such as Procurement, Legal, BC/DR, and etc.
- Mentored and provided leadership to junior staff within the Cybersecurity TPRM team
- Accompanied the banks CISO on (9) third-party international onsite visits including various locations within India and the London while documenting results, and presenting findings to risk committees upon request
- Redefined the TPRM security questionnaire from the NIST SP 800-53 to the NIST CSF framework
- Conducted (50) security assessments of vendors' data centers and corporate headquarters to determine an adequate level of risk for the bank and over (400) vendor due diligence reviews.
Senior Security Analyst((IC-Level 6)Contract)
Ramp Financial
06.2022 - 10.2022
- Owned the successful planning, coordination, and execution of 3rd party-risk assessments and audits
- Conducted over (200) vendor reviews and (50) legal contracts e.g., DPAs, MSAs, and M/NDAs
- Supported Ramp’s Security and IT team(s) with risk projects such as critical process analysis, employee training, and mentoring junior team members
- Built and maintained a comprehensive vendor repository in collaboration with the Privacy and Legal team(s)
- Owned the internal security assurance process and responded to (20) customers due diligence requests conducted on our business and Ramp’s SaaS offering
- Built Ramp’s Trust Portal to showcase our security program to customers and potential clients.
Security Program Manager(IC-Level 5) - Vendor Risk Management
Robinhood Financial LLC
12.2020 - 06.2022
- Led a team of (3) analysts to conduct over (400) information security risk assessments on potential 3rd party vendors and integrations; to determine a sufficient level of risk for Robinhood.
- Provided oversight and insight into the regulatory and security expertise of third-party vendors with collaboration with team members and directors.
- Matured Robinhood’s Vendor Risk Management program from an adolescent state.
- Conducted (10) in-house infrastructure risk assessments and (400) vendor security assessments.
- Designed a risk rating model for third-party vendors, and the level of review needed.
- During cross-functional reviews and joint operations, collaborated with our Application Security, Corporate Engineering, Privacy Legal, and Legal department(s) to mitigate our vendor risks.
- Assisted our Privacy and Legal department with over (50) contract red linings and agreements.
- Developed several policies surrounding the vendor review process and its review lifecycle.
- Identified bottleneck points where vendor security assessments took longer than expected and developed streamlined processes to mitigate the issue and optimize our overall SLAs.
Lead Security Consultant(IC-Level 4) - Third-Party Risk
Meditology Services & CORL Technologies
08.2018 - 12.2020
- Managed (15) different projects that included client profiles and their vendors while maintain positive
- I aided in the development of our customers' 3rd party security programs and demonstrated proficiency in developing and sustaining client relationships.
- While doing so I presented over (100) executive presentations demonstrating external risks and overall improvement.
- Assessed security compliance, security program organization, policies, and procedures, general risks and vulnerabilities.
- Reviewed and advised on the following security assurances: HITRUST Reports & Interim/Bridge Letters, SOC 3, SOC 2 Type II, SOC 2 Type I, SOC 1, and ISO 27001 & 9001.
- Conducted over (700) remediation efforts; related to security vulnerabilities and patching.
- Planned, oversaw, & conducted (10+) audits, risk assessments, & mitigation strategies; conducted research, onsite interviews, testing, document review & data analysis for various projects.
Education
Bachelor of Science - Digital Forensics
National University
San Diego, CA02.2021
Certificate in Intro to Programming - Python, C, C++, JavaScript, CSS, HTML
Grantham University
03.2017
Associates of Arts in Criminal Justice - undefined
Grantham University
07.2014
Skills
- Third-Party Risk Management
- Program Development
- Audit Engagements
- Security Consultancy
- Developing security plans
- Risk Mitigation
- Infrastructure Assessment
- Regulatory Compliance
- Data Security
- Application security
- Continuous Improvement
- Problem-solving aptitude
Accomplishments
Navy and Marine Corps Achievement Medal (June 2015), 3rd Award - Good Conduct Medal (June 2016), Letters of Appreciation (Feb 2016).
Certification
CISSP, TBD
Military Service
U.S. Marine Corps, 10, Riot Control Sentry, Okinawa, Japan, 2007, 2011, Facilities Chief & Lead Food Service Instructor, Wyoming, Pennsylvania, 2011, 2015, Lead Maintenance Non-Commissioned Officer, Oceanside, CA, 2015, 2017, Sergeant of the Guard(IT Security - 6 months), 2015, 2017, Security Officer, 2017
Securitystandardsreports
- SOC 1-3 Reports
- ISO 27001
- HITRUST
- HIPAA
- NIST SP 800-53 & NIST - 171
- NIST CSF
- PCI DSS
- CIS
- GDPR
- CMMC
Awards
- Navy and Marine Corps Achievement Medal, 06/2015
- Good Conduct Medal, 06/2016
- Letters of Appreciation, 02/2016
Timeline
VP.O (Vice President Officer) - Sr. Cybersecurity TPRM Consultant (IC-Level 7)
M&T Bank
11.2022 - 09.2024
Senior Security Analyst((IC-Level 6)Contract)
Ramp Financial
06.2022 - 10.2022
Security Program Manager(IC-Level 5) - Vendor Risk Management
Robinhood Financial LLC
12.2020 - 06.2022
Lead Security Consultant(IC-Level 4) - Third-Party Risk
Meditology Services & CORL Technologies
08.2018 - 12.2020
Bachelor of Science - Digital Forensics
National University
Certificate in Intro to Programming - Python, C, C++, JavaScript, CSS, HTML
Grantham University
Associates of Arts in Criminal Justice - undefined
Grantham University
Similar Profiles
Tarvisha MaldonadoTarvisha Maldonado
Fraud Associate/Fraud Associate Senior at M&T BankFraud Associate/Fraud Associate Senior at M&T Bank
Marilyn InterisanoMarilyn Interisano
Mortgage Customer Outreach Specialist II at M&T BankMortgage Customer Outreach Specialist II at M&T Bank
Indira ChaconIndira Chacon
Relationship Banker at M&T BankRelationship Banker at M&T Bank
Ricardo GardinerRicardo Gardiner
Senior Customer Service Representative at M&T BankSenior Customer Service Representative at M&T Bank
Jaden TaylorJaden Taylor
Lead Construction Laborer at CC Edwards ConstructionLead Construction Laborer at CC Edwards Construction