Summary
Overview
Work History
Education
Skills
Certification
Speaker
Additionalinformation
Onlinepresence
Author
Timeline
Generic
Norman Levine

Norman Levine

Chatham,NY

Summary

Seasoned Information Technology executive with over two decades of expertise in Third-Party Vendor Risk Management, Data Governance, and GRC. Demonstrated success in elevating Vendor Risk Management Programs to industry-leading standards, negotiating complex IT Security Addendums, and overseeing risk reviews for portfolios exceeding $23.5 billion. Recognized for driving innovation and delivering substantial bottom-line results through robust risk management strategies.

Overview

24
24
years of professional experience
2
2
Certification

Work History

Managing Director

Cyber Risk Partners LLC
07.2024 - Current
  • Offer a comprehensive suite of cybersecurity and compliance services, including SOC 2, IT Audits, and Data Privacy
  • Implement Third-Party Risk Management strategies to mitigate potential data breaches
  • Identify and pursue opportunities for service expansion, including renewals and cross-sells
  • Standardize operating procedures to optimize service delivery and maximize client utilization of vendor risk management solutions.

Senior Manager - Cyber Risk Management and TPRM

Omnicom Group
02.2022 - 07.2024
  • Spearheaded the transformation of Omnicom Group’s Vendor Risk Management program, implementing comprehensive security reviews and leading SOC 2 readiness assessments
  • Designed and enforced cutting-edge policies aligning Data Management, Risk Management, and Compliance initiatives
  • Acted as the driving force behind a culture of risk awareness, successfully integrating risk mitigation strategies across all business units
  • Collaborated with senior leaders, including Sourcing, BISOs, CISOs, and Compliance teams, to ensure consistent communication and execution of risk management practices, enhancing the organization’s cyber resilience.

Senior - Third-Party Vendor Risk Management

Cigna, Inc.
06.2019 - 02.2022
  • Led Cigna’s Tier 1 Vendor Risk Management operations, managing critical security reviews and orchestrating risk mitigation strategies for high-impact vendors
  • Pioneered the development and implementation of advanced TPRM policies, guidelines, and procedures, improving compliance and reducing organizational risk exposure
  • Partnered with IT departments to deploy innovative technological solutions, automating risk management processes and increasing the efficiency and accuracy of vendor risk assessments.

Senior - Global Management Oversight - TPRM

Stanley Black and Decker
01.2013 - 11.2018
  • Served as the Global Lead for all third-party cyber risk vendor evaluations, overseeing a $14 billion portfolio of IT Security Reviews and Addendums
  • Successfully negotiated agreements that aligned with the organization's strategic objectives while ensuring compliance with global data privacy regulations, including GDPR
  • Managed critical data privacy initiatives in partnership with the Data Privacy Officer, fostering a proactive approach to privacy risk management
  • Developed and led high-performing teams, promoting a culture of continuous improvement and operational excellence.

Manager IT Compliance and Audit

Home Box Office, Inc.
11.2006 - 01.2013
  • Managed HBO’s IT Compliance and Audit programs, with a focus on third-party risk, data privacy, and IT compliance audits
  • Served as the single point of contact for Internal and External Auditors for all IT audits
  • Acted as the primary liaison for internal and external audits, ensuring the successful execution of SOX IT audits and PCI compliance measures
  • Oversaw global disaster recovery, change management, and problem management processes, ensuring operational continuity and risk mitigation across all business units.

Various Corporate Contracts
03.2005 - 07.2006
  • Conducted IT Corporate Audits for Cigna, Inc
  • Managed IT SOX Assurance for the clients of Fiondella, Milone, and LaSaracina, CPA's LLP
  • Managed IT SOX Assurance for 1800FLOWERS.COM, Carle Place, NY
  • Project Manager/ SOX and IT Audit for FANNIE MAE; GRC, Reston, VA
  • Wrote a SOX Compliance Document for GRT Corporation.

Manager IT Audit - Information Technology and Architecture

KPMG, LLP
01.2001 - 03.2005
  • Co-managed the bifurcation of Bearing Point from KPMG
  • Conducted IT audits of Information Systems and Sarbanes-Oxley compliance using COSO and CobiT standards
  • Developed business processes for data/Internet security, auditing, and implementation of best practices.

Education

Skills

  • Third-Party Vendor Risk Management
  • Disaster Recovery
  • Business Continuity Planning
  • Data Governance and Privacy (GDPR, DORA, NIS2, CCPA, HIPAA)
  • Governance, Risk, and Compliance (GRC)
  • Risk Assessment and Mitigation
  • IT Auditing and Compliance Management
  • Regulatory Compliance (SOC 2, SOX, ISO 27001, NIST CSF, CIS, OWASP, FedRAMP, HITRUST)
  • Process Optimization and Standardization
  • Vendor Risk Management Platform Administration
  • Third-Party Risk Identification and Assessment
  • Contract Negotiation Support
  • Information Security and Privacy Control Implementation
  • Team Leadership and Mentoring
  • Performance Metrics Analysis

Certification

  • Certified Information Systems Auditor (CISA)
  • Certified Data Privacy Solutions Engineer (CDPSE)

Speaker

Speaker at Global Resilience Federation (11/2024)

Additionalinformation

Authoring a book on Third Party Vendor Risk Management and Data Privacy – Taylor and Francis Publisher, An active member of ISACA, participating in committees focused on advancing third-party risk management practices and staying abreast of evolving industry standards., Former Associate Instructor at SANS.ORG - Third Party Risk Management Live Stream, Speaker at Global Resilience Federation - 11/2024, Podcast on Auditing, AI, and Advancing Your Skill Set, Board of Directors - Treasurer - New York Chapter - ISACA (2008 - 2010), Cyber Security Advisory Board – Pace University

Onlinepresence

https://www.linkedin.com/in/NormanJLevine, https://www.cyberriskpartnersllc.com

Author

Author of an upcoming book on Third Party Vendor Risk Management and Data Privacy (Taylor and Francis Publisher)

Timeline

Managing Director

Cyber Risk Partners LLC
07.2024 - Current

Senior Manager - Cyber Risk Management and TPRM

Omnicom Group
02.2022 - 07.2024

Senior - Third-Party Vendor Risk Management

Cigna, Inc.
06.2019 - 02.2022

Senior - Global Management Oversight - TPRM

Stanley Black and Decker
01.2013 - 11.2018

Manager IT Compliance and Audit

Home Box Office, Inc.
11.2006 - 01.2013

Various Corporate Contracts
03.2005 - 07.2006

Manager IT Audit - Information Technology and Architecture

KPMG, LLP
01.2001 - 03.2005

Similar Profiles

  • THOMAS GARRUBBA

    THOMAS GARRUBBATHOMAS GARRUBBA

    Director of Third Party Risk Management (TPRM) Services at Echelon Risk + Cyber, LLCDirector of Third Party Risk Management (TPRM) Services at Echelon Risk + Cyber, LLC

  • BRIAN DERRICO

    BRIAN DERRICOBRIAN DERRICO

    FOUNDER & CHIEF CONSULTANT at TRIDENT CYBER PARTNERS, LLCFOUNDER & CHIEF CONSULTANT at TRIDENT CYBER PARTNERS, LLC

  • Nicole Ferguson

    Nicole FergusonNicole Ferguson

    Account Manager at Florida Risk Partners LLCAccount Manager at Florida Risk Partners LLC

  • Christian Wood

    Christian WoodChristian Wood

    Sales and Leasing Consultant at Ruge's SubaruSales and Leasing Consultant at Ruge's Subaru

  • Erin Maxwell

    Erin MaxwellErin Maxwell

    NYS Licensed Massage Therapist at Self EmployedNYS Licensed Massage Therapist at Self Employed

CREATE PROFILE
Norman Levine