Randy Stanger

VP, Independent Technology Risk Advisor Sr - Information Security (May 2018 - November 2019 and April 2021 - Current)

• Communicate aggregate Information Security risks to senior leaders in formal reporting and committee presentations.
• Execute deep-dive application assessment for Information Security Risk
• Present subject matter expertise to at conferences and working sessions to peers
• Active voting member in two formal risk committees as the Information Security representative (3rd Party Supplier Risk, Operational Loss Forecasting)
• Execute independent assessment of security program against the CRI FS Profile
• Create material and actively present directly to the OCC and FRB
• Challenge the lines of business, MIS teams, security programs against standards and best practices
• Challenge new technologies include artificial intelligence and cloud (SaaS, PaaS, IaaS), with focus on cloud providers Azure and AWS
• Define and communicate the Information Security Board and Executive level metrics
• Challenge against high risk Information Security focus areas, to include vulnerability management and access management

VP, Independent Technology Risk Manager Senior - Information Security (November 2019 - April 2021)

• Evaluate the cyber security and information security programs against industry best practices and security frameworks, to include NIST CSF, FFIEC CAT, CRI FS Profile, and MITRE ATT&CK Framework
• Managed 6 member team to challenge the security program
• Present independent view of Information Security risk to Internal Audit and Federal Regulators at minimum of a monthly cadence
• Establish, challenge, and improve the governance of the Information Security framework at a large financial institution. This includes policies, procedures, controls, metrics, and escalation paths.
• Evaluate Information Security risk for upstream and downstream dependencies. This includes 3rd/4th party vendors and subsidiaries.
• Review and challenge security policies and procedures. Measure lines of business adherence to security governance and make corresponding changes to governance as applicable.

Program Manager - Malware and Cyber Threats

• The National Cyber-Forensics and Training Alliance is a non-profit partnership between private industry, government, and academia to identify, mitigate, and disrupt cyber crime.
• Established strategic roadmap for Malware and Cyber Threats Program
• Restructured Malware and Cyber Threats Program to meet current analytic requirements
• Filled 5 positions using a competitive and fair selection hiring process
• Managed a team of 9 full time employees and 4 interns
• Set priorities and monitored progress on analytic efforts
• Presented program project information to external partners, multiple times a week
• Coordinated program progress with senior leadership

Software Development(United Kingdom and Fort Meade, MD)

FBI Liaison (Pittsburgh, PA)

• Integrated DoD liaison to Law Enforcement
• Fostered public, private, educational partnerships

Threat Analyst(United Kingdom and Fort Meade, MD)

• Over 10 years of hands-on cyber analysis
• Team leader for cyber analysis team, 2+ years
• PCAP and malware analysis using industry standard tools
• Wrote over 100 product reports
• Organized and ran a cyber working group to find solutions to a specific threat
• Proficient with Windows, OSX and Linux
• Experienced in coordinating with both domestic and foreign intelligence community partners
• Skilled in programming languages to include assembly, Python, Ruby and more
• Skilled in databases to include Oracle and MySQL
• Cloud application development, 3+ years

System Administration(United Kingdom and Fort Meade, MD)

• Worked in a mixed Linux, Solaris and Windows environment
• Extensive use of virtual machines

Electrical Engineering Design and Development (Fort Meade, MD)

• Over 3 years of hands on electrical engineering design and development experience
  
• Received two invention awards resulting in two classified patents

Other

• Department of Defense TS SCI security clearance