Louanne Cameron
United States
Summary
Dynamic and results-driven Director of Cybersecurity & Technology Risk with 20 years extensive experience in the Financial Industry. Proven track record of navigating IT Security Risk Management, Regulatory/Audit, Security Assessment/Testing, and Security Operations. Adept at developing and implementing robust controls to mitigate risks and ensure compliance. Skilled in collaborating with stakeholders to prioritize and address technology risks. Holds multiple cybersecurity certifications and a Master's degree in Science, with a solid foundation in Management Information Systems.
Overview
10
10
years of professional experience
1
1
Certification
Work History
SVP Information Security Technology Risk
BNY Mellon
New York, United States
04.2023 - Current
- Develop qualitative quarterly risk assessments for the Wealth Management business units to identify potential threats and vulnerabilities covering a total of 100 technology systems
- Develop and implement appropriate controls and safeguards to mitigate identified risks and ensure compliance with regulatory requirements for 10 Wealth Management Risk Controls Self Assessments
- Collaborate with various stakeholders, including IT teams, business units, and senior management, to identify and prioritize technology risks and develop risk mitigation strategies
- Act as a subject-matter expert and advisor to senior management on technology risk and control matters
- Participate in 5 internal and 2 external audit examinations, ensuring that corrective actions are implemented to address findings and recommendations.
- Reduced Technology Incidents by 20% by implementing new Incident Management processes and training in the business lines.
- Hire, train and manage 5 plus staff members
- Attended and presented to various Risk Committees and Board on the current risk status for Wealth Management lines of business.
- Facilitated the monthly Technology Risk meetings for the various technology groups to ensure awareness of the prevailing technology risk within their respective domains
Senior Information Security Risk & Compliance Management
U.S Bancorp
Fort Lauderdale, United States
06.2020 - 10.2022
- Assisted with strategic and tactical deliverables of the information security GRC program covering re-engineering to future states
- Delivered milestones for large information security control projects, executing over 10 associated milestones
- Improved the Bank's security compliance programs, providing oversight for 4 major regulatory compliance programs
- Developed corporate information security policies, assisting in the management of 5 new policy developments and updates
- Evaluated the current controls to ensure appropriate risk addressed and effectiveness maintenance by control and process
- Provide assistance with the management and development of corporate information security policies
- Provide Information Security subject matter expertise in various risk assessments and remediation efforts
- Provide oversight or support for key information security governance, risk, and compliance initiatives.
Regional Business and Technical Information Security Manager
CITIBANK
Fort Lauderdale, United States
02.2014 - 06.2020
- Provided Information Security oversight, resulting in 95% compliance with Information Security Policy, Standards, and Procedures for Latin America and Caribbean Regions
- Oversaw 150 plus Risk Assessment process covering all the Technology domains, resulting in the comprehensive risk analysis and action plans
- Managed and ensured 100% compliance for SOX and PCI, addressing I.S-related compliance processes
- Coordinated Security Incident actions during security events leading to averted imminent loss of information or value for the Business unit and its customers
- Approved all Technical Assessment reviews for SDLC projects, PAM, FIDs, and BRM for Regional Latam Applications
- Ensured 98% compliance to MFA/SA, Key Management and Vulnerability Threat Management for applications
- Managed IS Business Compliance Questionnaire, Application Compliance Questionnaire, and Ethical Hacking Test VA for SDLC processes
- Guided the business in the development of action plans and tracked closure of information security issues resulting from Self-Assessment, Audit, Risk Assessment, and Vendor Reviews
- Validated the implementation of controls to safeguard sensitive data for the Business, Technology, and Information Security initiatives.
- Managed a team of 13 plus country BISO within the Latam Region
Education
Master in Science -
NOVA SOUTHEASTERN UNIVERSITY
Bachelor of Science in Management Information Systems -
LONG ISLAND UNIVERSITY
Skills
- Risk Assessment
- Data Protection & Asset Classification
- Identity & Access Management
- Policies and Procedures
- Process Improvements
- Business Development & Re-engineering
- Staff Development
- Strategic Goals & Roadmaps
- Program Oversight
- Incident Management
- Third Party Management
- Insider Threat
- Security Testing & Vulnerability Management
- SDLC
- Security Operations
- Network Security
- Security Development Lifecycle
- Cloud
- KPI Tracking & Metrics
Certification
- Certified Information Security System Professional (CISSP)
- Certified Information Security Auditor (CISA) - ISACA
- Certified Data Privacy Solution Engineer (CDPSE) - ISACA
- Certified Information Security Manager (CISM) - ISACA
Timeline
SVP Information Security Technology Risk
BNY Mellon
04.2023 - Current
Senior Information Security Risk & Compliance Management
U.S Bancorp
06.2020 - 10.2022
Regional Business and Technical Information Security Manager
CITIBANK
02.2014 - 06.2020
Master in Science -
NOVA SOUTHEASTERN UNIVERSITY
Bachelor of Science in Management Information Systems -
LONG ISLAND UNIVERSITY