Patrick Salas

In my role as CIO, and as a partner, I have the responsibility to operate, further develop, and grow the vCISO consulting practice, delivering key consulting services like these to our clients:
• Information Privacy compliance with HIPAA, CCPA/CPRA, GDPR, and other laws and regulations.
• Information security program evaluation and prescriptive recommendations to improve their security posture.
• Information Security Program and Policies to assure data protection and readiness for saucerful ISO27001, and for SSAE18 SOC Type 2 attestation audits.
• Information
• Cloud security (Azure & AWS) services that help clients contextualize the secure architecture of their cloud environments and applications to implement distributed controls and management visibility.
• Cyber resilience services that help clients prepare for, respond to, and recover from cyber incidents.
• Cyber education and awareness services that help clients train and empower their employees to be cyber savvy.
• Business process optimization and proper workflow automation.

• Manage Technology Strategic budget to streamline the cost value of current renewals and new strategic implementations.
• Reporting to the CIO and the COO, for board oversight of the enterprise risk management of the firm.
• CISO's functional role and responsibilities oversee the information security/privacy program and operations.
• Chief Data Officer functions with information-related audits/assessment director responsibility, and overall cybersecurity compliance and controls for the firm globally
• Manage client audits/assessments of companies in highly regulated industries (financial services, healthcare, etc.) including Privacy sensitive companies under
• Managed vulnerability assessments and risk treatment
• Managed DLP, SIEM, and SOC operations and incident response
• Revised and documented policies and procedures for proper information management and assurance

• Oversaw InfoSecurity employees and data assets by enforcing and regulating security policies and procedures and monitoring and maintaining security systems and enhancing the architecture.
• Managed Vendor Risk Assessments and due Diligence.
• The primary point of contact for Client Audits and periodic Assessments.
• GDPR, and other Privacy including HIPAA and CCPA, and CPRA Privacy Compliance.
• Identifies, reviews, and recommends information security improvements as they relate to the achievement of Kramer Levin’s business goals and objectives, including preparation for
• Championed and managed the ISO/IEC 27001 & 27701 Certification initiatives while improving the Firm's Information Security Posture, SOC Type II attestation audit, NIST controls, and ISMS practices
• Drive client (in Finance and Healthcare industries) Internal audits and corrective action compliance projects
• Manages operational security SOC, and drives remediation efforts related to information security; remediation may be from incidents, penetration tests, vulnerability scans, internal/external audits and Critical Practice assessments
• Lead and representing information security in delivery / operational meetings; conducting information security operational review meetings with key stakeholders on topics including information security status and performance
• Maintains an information security strategy (forward looking roadmap), aligning services / portfolio components to the strategy in line with SANS top 20 technical controls,Firewall Management
• Oversight, and FIPS-related controls, and financial examiner's audits from clients.
• Maintains the Business Continuity manual, maintaining all procedures and policies are up to date as required by the firm's CIO
• Data scientist and influencer in architecture, data retention/deletion, Document Management, and business intelligence
• Manages the vendor's/suppliers' risk assessment and vetting process.
• Developed and grew staff competencies through team development, implementation, and support of specific training for various responsibilities.
• Created robust data mapping architecture to manage compliance with multiple regulations including CCPA, CPRA, GDPR, HIPAA, and other regional data control requirements.
• Directed security services and safety functions to align key processes with goals and objectives of organization and regulatory compliance.
• Enhancements to the Data Loss Prevention to limit confidential and protected data (PI) leakage.
• Reviewed violations of computer security procedures and developed mitigation plans.

• Role, oversee all internal and client activities related to the development, implementation, incident response, and adherence to the Firm’s privacy program in compliance with federal and state laws and industry standards including early preparation for EU
• General Data Protection Regulation ( GDPR )
• Manage Audits by client companies in including public sector, and most importantly client assessments of companies in highly regulated companies (financial services, insurance, healthcare, etc.)
• Functional CPO responsibilities working in concert with the Chief Information Officer (CIO) and Privacy Expertise Partners in the establishment of the Firm's Information Security and Risk Management program to maintain information assurance and prepare for GDRP and NIST compliance throughout the global MoFo enterprise organization distributed over in 17 offices in key technology and financial centers in the
• United States, Europe and Asia, our clients include some of the largest financial institutions, investment banks, and Fortune 100 companies in America
• In charge of multipractice Data
• Protection Officers (DPO's) around all international offices, and in charge of performing and directing risk assessments (i.e., protected information privacy and security audits, policies and procedures, trends analyses, audits, projects and violation investigations) to ensure Firm-wide compliance with Privacy Shield and GDPR
• Advise and partners with Chief Information Officer on information technology risk and control implementation, such requirements as regulatory, external audit and risk management processing, conducting periodic technology risk assessments
• As
• Department Manager, oversee and lead the implementation of information security safeguards, firewall management, and overall IT Strategy
• Ensures confidentiality of the Firm’s data, proprietary information, and intellectual property
• Consistent with the Firm’s policy I documented.
• Monitored alarm systems and CCTV footage to enable prompt attention and response.
• Developed and implemented security policies and procedures to establish clear guidelines for operations and maintain quality standards.

• Dual role, the primary CIO role in charge of the enterprise IT organization and operations, and also filling the gaps for CISO in charge of Information Security compliance and running the Information Security operations.
• Enhanced the P& L with the creation and documentation of new lines of business for management consulting and application development pioneering into AWS cloud implementations
• Researched new technologies and chose the best options for company priorities and cost-effectiveness.
• Business Intelligence, Privacy, Compliance, Cloud Architecture & Security operations,
• Governance, Information Security, Enterprise Risk Management, & Technology Strategic
• Technology Strategic Budget Planning
• Responsibilities for in-house infrastructure and client advisory
• In his dual role as CIO and CISO he was instrumental in the company's success until it acquisition by a larger Technology Consulting conglomerate.
• Devised and wrote corporate technology procedures, modifying security policies and professional development goals for each worker level.
• Help the company balance the P&L by creating new lines of business and coached Engagement Directors for further engagement growth and expansion.
• Directed data center re-architecture and enhancements to accommodate growing cloud scalability and security demands.
• Analyzed financial investment in IT systems, the potential return on investment, and impact on productivity.
• Guided testing process and validation for major software releases.
• Assessed business requirements to forecast annual budgetary operational costs.
• Led agile teams to deliver products quickly and to respond to user requirements.
• Configured and implemented IT initiatives to produce measurable business value.

• CISO for hire, and Risk Management responsibilities in the the Americas division
• Provided subject-matter expertise to Executive Management and managed the Strategic Information Security Program to attain maximum results while addressing regulatory compliance, privacy, and internal audit issues
• Monitoring and Oversight of strategic and tactical operations including Identity and Access Management (IAM) and Role-based Access Controls
• Drafted reports and documents to improve correspondence management, schedule coordination and recordkeeping.
• Created, managed, and executed business plan and communicated company vision and objectives to motivate teams.
• Reduced operational risks while organizing data to forecast performance trends.
• Chaired weekly meetings with executive leadership to identify opportunities for improvement, establish milestones, and tailor products to individual markets.
• Supported regulatory compliance by overseeing audits to verify protocol adherence.

• For hire services, leading the Privacy and Information Security function at the firm, and managing the appointed team, handling strategic planning and tactical monitoring of information security controls, including local Information Security Policy and Standards
• Responsibilities for oversight of the IT management in accordance with CobIT and ITIL best practices
• Chair the Information Risk Management and Systems Security Governance Committee, with the representation of the main lines of business for the Americas
• Facilitate executive management reporting in a regular basis
• Champion information security-related projects and initiatives.
• Interpreted and applied relevant data privacy laws and regulations to global operations.
• Coordinated with executive leadership on strategic initiatives relating to member information, privacy protections and alignment among data privacy and security activities.
• Collaborated with legal, accounting and other professional teams to review and maintain compliance with regulations.
• Directed technological improvements, reducing waste and business bottlenecks.

• Demonstrated proficient leadership skills to motivate employees and build competent teams.
• Hired and managed employees to maximize productivity while training staff on best practices and protocols.
• Clarified roles, responsibilities, and expectations of staff.
• Collaborated with senior management to develop strategic initiatives and long-term goals.
• Addressed compliance with PCI-DSS thus opening additional business opportunities for the publishing division (BNA) of the firm.
• Identified opportunities to improve business process flows and productivity.

• CPO's on-site advisory to the CIO and the CFO with interim responsibility for the Information
• Security Program, CObIT, ISO 27002, PCI DSS compliance, Privacy Laws and Regulatory
• Compliance advisory
• Best Practices in eCommerce Marketing and Information Technology
• Optimization
• Enterprise Resource Planning (ERP) proposed to the CIO as the strategy to automate the most critical business processes
• In this effort worth over $20 Million in budget responsibilities include the following:
• Oversee Canon’s Application and Infrastructure Vulnerability Testing and documentation and tracked and reported to Executive Management on progress of corrective actions
• Enterprise-level Projects Planning, Executive Presentation, Project
• Management/Oversight
• Role-Based Access Control Analysis and role re-engineering
• Oversight of enterprise-level projects scoping and budget allocations
• Document the Security
• Architecture rules and review process
• Establish the Development QA standards and Security
• Review Process
• Championed major improvements on the existing state of Information Security and Enterprise Risk Management accross the organization including PCI DSS compliance campaign and remediation.
• Managed information system regulatory compliance to meet updated guidelines.
• Completed vulnerability scans to identify at-risk systems and remediate issues.
• Outlined and maintained security patching schedule to efficiently address ongoing system issues.
• Recommend improvements in security systems and procedures.
• Encrypted data and erected firewalls to protect confidential information.
• Researched and developed new computer forensic tools.

• (BISO) reporting to the Senior Compliance Officer of Citibank/Citigroup, responsible for the improvement, and expansion of the global Information Security and Privacy Program in all Citigroup entities including Visa, MC, and Dinners Club cards.
• Provided Information Security
• Management and Architecture expertise for enhancement of the application development and business expansion initiatives of the Global Investment Division
• Performed risk analyses to identify appropriate security countermeasures.
• Demonstrated respect, friendliness and willingness to help wherever needed.
• Proved successful working within tight deadlines and a fast-paced environment.
• Worked in concert with the Chief
• Compliance Officer to address multiple federal regulatory compliance and strategic control issues closing multiple audit gaps across the Citigroup conglomerate worldwide.
• Recommend improvements in security systems and procedures.
• Conducted security audits to identify vulnerabilities.

• (CIO) and Chief Information Security Officer (CISO)
• Patrick provided overall guidance in the transition from cold fusion (flat programming language) to Java (Object Oriented Architecture) and multiple tiers infrastructure.
• Technical Vision and Leadership for the company’s acquisition of technology infrastructure,
• Systems Control and Compliance, Vendor Management and Product, RFP, and Audit ISQ's
• Development programs, for all CPO’s eCommerce outsourcing contracts
• Simultaneously maintained CPO’s outsource consulting teams on client-site to provide pre-sales consultancy to
• CPO’s Executive-level Clients in Pharmaceutical, Finance, Media, and Manufacturing industries, all including COO, CFO, CIO and CEO management consulting
• At CPO, Patrick established a world-class outsourcing team specializing in Application Development Platforms with an overall team of Application Developers (local and offshore) to operate in accordance to the high- availability Software Development Lifecycle (SDLC) standards and Salesforce.com & Force.com implementation
• Map-out business requirements and produce specific highly scalable and reusable Software Development Objectives to be achieved by the Application Development teams, both local and offshore
• Leadership addressing ISO17799, SOX and PCI related controls and compliance gap analysis to ensure successful compliance
• Research and testing of new
• Information Security Products and Standards including Identity Management Solutions,
• Information Security Policy, Enterprise Application Integration, (EAI) and its proposed architecture
• Enterprise Project Planning and Vendor Management of outsourced services, including management of co-hosted Data Center facility and personnel
• Trained junior Internal
• Audit team on IT Audit principles using ISACA’s CobIT framework principles., Chief Architecture responsibility in charge of setting the standards for advanced application development and Enterprise Resource Planning solutions and implementation of N-tier application development architecture framework
• Initiated Proof of Concept for new development platforms including J2EE Architecture and Oracle systems implementation for Web Services
• Chief Information Security Officer responsible in liaising with Federal Regulators, Auditors, and Merrill Lynch's Legal department.
• Maintained web pages, intranet and social media accounts.
• Developed and promoted corporate brand, images and identity to media and public.

• Increased daily transaction handling volume adding up to $11M in revenues by providing the
• High Yield, Credit, and Research divisions by managing the design, implementation, and support of a Business Process Optimization, and managing the development of an automated system that
• Director of Information Risk & Security - Enterprise CISO, Vice President of Applications Development
• Business Group MIS Director (Line of business' CIO equivalent.) facilitated enhanced financial processing of daily financial product portfolio updates directly into the
• NASDAQ’s mainframe system
• Optimization and Risk Management managing a multi-million capital budget for technology-related solutions
• Conducted security audits to identify vulnerabilities.
• Performed risk analyses to identify appropriate security countermeasures.
• Monitored use of data files and regulated access to protect secure information.
• Encrypted data and erected firewalls to protect confidential information.
• Developed plans to safeguard computer files against modification, destruction, or disclosure.
• Excellent communication skills, both verbal and written.
• Proved successful working within tight deadlines and a fast-paced environment.
• Implemented a Documents Management solution for records archival and retrieval for legal records retention and EDiscovery
• Delivered first-time integration of Web-based Stock Market and M&A’s research distribution to their financial research subscribers
• (Great enhancement over plain text distribution that was previously possible exclusively through Bloomberg terminals.)

• VP with broad responsibility for Bankers Trust systems architecture globally
• Maintained personnel records and updated internal databases to support document management.
• Evaluated operational practices and identified improvement opportunities to develop revisions for systems and procedures.
• Coordinated with the human resources department to handle payroll and personnel databases.
• Studied processes, implemented cost reductions and developed reporting procedures to maintain administrative workflow.
• Drove marketing initiatives to increase brand recognition, facilitate promotion and boost revenue.
• Educated staff on organizational mission and goals to help employees achieve success.
• Developed effective improvement plans in alignment with goals and specifications.
• Created and managed project plans, timelines, and budgets.
• Supported the creation of detailed, technical financial models to value potential acquisition targets.

• Championed the strategic planning and implementation of business-critical infrastructure enhancements and services optimization for improved SLA's and technical capabilities.
• Wrote detailed reports on property damage, theft, presence of unauthorized persons and unusual incidences.
• Acted quickly during emergency situations to reduce opportunity for damage and injury.
• Regulated vehicle and pedestrian traffic onto building grounds.
• Issued access cards to authorized personnel to monitor access points.
• Leveraged physical or verbal techniques to investigate suspicious activities and resolve concerns.
• Conducted training sessions for new information security personnel to facilitate compliance with security protocols.