Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Thomas Klevinsky

North East,MD

Summary

Senior cyber risk and security control executive with 20 years experience identifying risk, developing controls, and creating world class governance frameworks. Expertise in cloud security, vulnerability management, regulatory compliance, and risk governance. Background in architecting secure public cloud systems, enhancing identity management frameworks, and meeting resiliency requirements. Able to drive strategic security initiatives, ensure regulatory alignment, and lead cross-functional teams to mitigate risk. Earned a MBA degree along with CISSP, CISM, CCSP, and AWS certifications.

Overview

27
27
years of professional experience
1
1
Certification

Work History

Executive Director - Principal Cloud Cyber Architect

JP Morgan Chase
01.2016 - Current
  • Lead the Chase Consumer Bank Cyber Architecture organization focused on detecting and remediating technology risk and providing specific design guidance to meet regulatory requirements and risk targets
  • Designed a public cloud framework that ensures access control, audit, resiliency, and consistency for all Chase applications slated to migrate to AWS
  • Selected and implemented best-in-class tools for vulnerability scanning, identity management, drift detection, control implementation, log monitoring, data protection, key management, and resiliency
  • Migrated over 600 applications serving millions of customers to AWS with a focus on zero trust
  • Program includes executive briefings provided monthly to executive stakeholders ensuring budget and timeline adherence
  • Created a privileged identity management and vulnerability management system that provided a unified governance system resulting in a 56% reduction in the time to identify and mitigate risks
  • Implemented policies, procedures, and standards for use and protection of confidential data in public cloud systems
  • Enhanced and executed a due diligence program for all new acquisitions
  • Program focuses on developing initial integration designs and timelines to ensure seamless security integration post-acquisition
  • Led the regulatory and contractual remediation efforts for Chase Card Services (Audit, PCI, SOX, NIST, GDPR, SOC2), ensuring verifiable compliance with external requirements and maintaining continuous engagement with auditors and regulators
  • Achieved a 20% reduction in deployment time to the public cloud by automating recurring tasks

Vice President - Technology Control Officer

Chase Consumer Bank
01.2012 - 01.2016
  • Led the governance, remediation, and oversight organization for operations and data management in Chase Bank
  • This includes vulnerability detection, penetration testing, threat modeling, control development, and executive briefings
  • Developed comprehensive 2-year and 5-year strategic roadmaps to integrate development activities with new control infrastructure, managing full budget accountability and headcount forecasting to align with organizational objectives
  • Directed the Data Control team, comprising 11 Senior Technology Control Officers, responsible for assessing, tracking, and overseeing the data ecosystem and operations development organization, ensuring compliance and operational efficiency
  • Designed and implemented executive dashboards and led review committees to prioritize and mitigate risks, driving accountability and timely remediation of identified vulnerabilities
  • Led threat modeling, vulnerability assessments, and acceleration initiatives, driving control adoption and remediation efforts for legacy systems to enhance security and reduce risk exposure
  • Acted as the Data Protection Subject Matter Expert for Chase, defining and deploying industry-leading standards for data-at-rest and data-in-transit encryption, while pioneering the strategy for quantum-safe encryption to future-proof security
  • Led the initial PCI DSS review and subsequent remediation efforts, ensuring compliance and strengthening security posture across credit card systems

Vice President - Global Identity and Access Management

Chase Consumer Bank
01.2008 - 01.2012
  • Managed the access control and governance program for over 1,200 applications and 35,000 users
  • Led a geographically dispersed team focused on engineering, process design, regulatory compliance, and control development for the full Identity Management and Access Control programs
  • Led and executed comprehensive Security Architecture reviews and approval processes for all new projects, ensuring alignment with security standards and minimizing risk exposure
  • Designed and delivered a range of internal security training sessions including Data Protection, Resiliency, PCI Compliance, Data Governance, Password Vaulting, Emerging Trends, Identity Management, Penetration Testing, Phishing, and Personal Data Protection
  • Deployed a centralized Role-Based Access Control (RBAC) program, improving access management efficiency and strengthening security across the organization
  • Created executive-level and audit dashboards that provided a transparent view of the organization’s current security posture, enabling informed decision-making and proactive risk management
  • Developed a resource allocation strategy that optimized the effectiveness and coverage of the Identity Administration function, implementing a follow-the-sun 24-hour support model to ensure continuous service and rapid response times
  • Formulated the access strategy for critical systems including mainframe authorizations, Card Data Warehouse, and privileged access management
  • Led the integration of Chase Paymentech, Commercial Card, and Chase Canada into the Card Services infrastructure, extending access control policies and ensuring consistency and compliance across these entities
  • Directed the incident response team, managing timely and effective resolution of security incidents, minimizing impact, and ensuring continuity of operations

Vice President - Security Architect

JPMorgan Chase
01.2006 - 01.2008
  • As a Security Architect for JPMorgan Chase Corporate Technology, I held primary responsibility for driving the strategy and development of high-impact, high-visibility security initiatives
  • My role encompassed comprehensive architecture reviews for new projects, technology selection, target state evaluation, and managing regulatory compliance activities
  • Key areas of focus included SOX compliance, global data privacy, and application security standardization
  • Developed and managed a comprehensive compliance program for user administration and certification, addressing a significant deficiency identified during the 2005 SOX audit
  • Created a streamlined log review program, reducing logs from 25 databases and 42 systems to a concise three-page daily report highlighting suspicious activity
  • Created recovery plans for contingencies such as the Avian Flu, terrorist attacks, and regional natural disasters
  • Developed the Unix Security Strategy, which included the deployment of a standardized user repository, stronger authentication controls, and centralized user administration
  • Represented JPMorgan Chase as a key participant in the Financial Services Information Sharing and Analysis Center (FS-ISAC)
  • Drove consistent privacy requirements as the Technology Lead for the Privacy Oversight Committee

Vice President, Security Operations Director

MBNA America (acquired by Bank of America)
04.2003 - 01.2006
  • Senior Manager at the largest independent credit card issuer
  • During tenure, merged with Bank of America
  • Primary responsibility was the management of 24 Vice Presidents and Senior Security Professionals
  • High-level, high-effective operations team with full monitoring, control, and response requirements
  • Duties included staffing, budgeting, strategy development and guidance, performance management, executive presentations, project management, staff development, and corporate leadership boards
  • Additional responsibilities were focused on information security compliance, control development and implementation, standards development, regulatory compliance, and administrative audits
  • Developed a cross-discipline intrusion detection team focusing on host, network, and file level detection
  • Successfully developed and applied key Sarbanes-Oxley 404 reviews and controls
  • Superior rating on all OCC audits
  • Developed a comprehensive vulnerability testing methodology utilizing risk-based metrics to prioritize efforts
  • Deployed granular discretionary access controls to partition privileged access across multiple operating systems
  • Developed two-factor authentication mechanisms used in connection with remote access and VPN
  • Developed UNIX and Microsoft security standards and compliance processes
  • Responsible for a $5 million budget, executed to within 3% of plan
  • Responsible for risk review and recommendation for new software being purchased or developed
  • Reduced software costs by an estimated 22% by managing security software purchases more effectively
  • Successfully implemented a 24-hour critical patch application process
  • Reducing patch time by more than 300%

Senior Manager, Enterprise Risk Services

Ernst & Young LLP
11.1997 - 04.2003
  • Responsible for managing, developing, installing, and providing managed security and security audit services for clients in all industries
  • Managed a team of 15, to execute penetration testing and security reviews
  • Managed and executed Ernst & Young’s Profiling Service line
  • Including: risk analysis, penetration testing, vulnerability assessment, secure architecture design, IDS deployment, software selection, system hardening, policy/procedure development, business continuity planning, incident response and security awareness training
  • Founded the Ernst & Young Security Practice in Ireland
  • Served as the Subject Matter Expert for profiling services in the US
  • Developed the best practices for leading security solutions and software
  • Instructor and developer of Ernst & Young’s Extreme Hacking Course
  • Speaker at International conferences on Security Testing and hacker threats
  • Authored Hack I.T.: Security through Penetration Testing published by Addison Wesley
  • Published in 3 languages with over 50,000 copies sold

Education

MBA -

Wilmington University
New Castle, DE

Bachelor of Science - Business

University of Maryland
College Park

Skills

  • Program management
  • Strategic planning
  • Budgeting and financial management
  • Relationship building
  • Innovation and creativity
  • Leadership development
  • Compliance and regulations
  • Stakeholder relations
  • Government relations
  • Crisis management
  • Business administration
  • Team bonding
  • Policy formulation
  • Executive leadership
  • Leadership and people development
  • Policies and procedures
  • Effective communicator and public speaker

Certification

Certified Information Systems Security Professional (CISSP)
Certified Cloud Security Professional (CCSP)
Certified Information Security Manager (CISM)
AWS Certified Solution Architect, Associate (AWSAA)

Timeline

Executive Director - Principal Cloud Cyber Architect

JP Morgan Chase
01.2016 - Current

Vice President - Technology Control Officer

Chase Consumer Bank
01.2012 - 01.2016

Vice President - Global Identity and Access Management

Chase Consumer Bank
01.2008 - 01.2012

Vice President - Security Architect

JPMorgan Chase
01.2006 - 01.2008

Vice President, Security Operations Director

MBNA America (acquired by Bank of America)
04.2003 - 01.2006

Senior Manager, Enterprise Risk Services

Ernst & Young LLP
11.1997 - 04.2003

MBA -

Wilmington University

Bachelor of Science - Business

University of Maryland

Similar Profiles

CREATE PROFILE
Thomas Klevinsky