Thomas Sotir
Bowdoinham,ME
Summary
Results-oriented Cyber Security Manager with expertise in Third Party Risk Management and Cyber Compliance. Proven ability to lead diverse teams and manage complex projects, enhancing program efficiency and fostering collaboration. Delivered innovative solutions that drove organizational improvements.
Overview
10
10
years of professional experience
1
1
Certification
Work History
Manager
Wipro Ltd
Portland, Maine
07.2021 - Current
- Managed delivery of large end to end TPRM program with annual spend of 1.3m leveraging a split delivery model of 30 onshore / offshore resources. Reduced average workflow completion time by 75% moving from a white gloved process to self service and rationalizing program risk enabling a close out of 12+ months of backlogged open items.
- Developed use cases for an Agentic AI TPRM agent reducing TPRM workflow SLAs and resource requirements by 50% through reductions in workflow state changes, population of questionnaires based on automated document review, and improved stakeholder support.
- Sold over $3 million in projects including TPRM maturity assessments, program maturity uplifts, vendor remediation, program support, software supply chain assessments, and NIST CSF assessments.
- Collaborated on TPRM practice buildout by dcoumenting service offerings including maturity assessments, program uplifts, managed services, and development. Create go to market materials and trained resources on TPRM best practices.
- Provided SME input on standards and frameworks through creation of Impact summaries of HIPAA security rule changes for account teams and developing CISO metrics for PCI-DSS and NIST CSF control compliance.
Senior Associate
KPMG LLP
Washington D.C., US
01.2018 - 06.2021
- Lead workstreams to develop a Vulnerability Management plan and a POA&M management program including development of procedures, remediation efforts, metrics, and reporting to client leadership and regulatory agencies. Supported annual audits of 11 client SSP’s to maintain ATO including control and evidence updates.
- Lead a compliance project reviewing newly developed IT Operation and Development roles for compliance with firm policy. Lead discussions with subject matter experts to address any risk identified within the new roles.
- Implemented Third-Party Risk Management Program (TPRM) by developing policies and procedures, creating questionnaires, performing vendor assessments, managing vendor remediations, developing metrics, and training client resources.
- Lead maturity assessments based on ISO/NIST standards including conducting interviews with client leadership to understand current cyber capabilities compared against industry best practices.
- Worked on a SailPoint implementation by leading workshops with client stakeholders to understand functional needs and automate account reviews for 40 applications in scope for SOX compliance.
- Consolidated and standardized maturity assessment metrics, enhancing client understanding of performance against industry practices.
- Worked on the development of ServiceNow GRC and Security Operations (SecOps) Marketing and training materials.
Project Manager
New England Wire Products
Leominster, MA
03.2016 - 11.2017
- Developed processes and trained department leads on the use of the Enterprise Resource Planning tool.
- Created and presented reports and metrics for company leadership.
- Coordinated projects across multiple departments to ensure project deadlines were met.
- Created processes based a lean methodology to improve production efficiency.
Education
Bachelor of Arts - Economics
University of Massachusetts Amherst
Amherst, MA05-2015
Skills
- Third-party risk management
- Compliance assessments
- Compliance oversight
- Training and development
- Vulnerability management
- Cybersecurity frameworks
- ISO 27001
- NIST 800-53, 800-171
- FISMA
- PCI-DSS
- HIPAA
- CCPA
- GDPR
- NERC-CIP
Certification
Certified Information Systems Security Professional (CISSP)
Timeline
Manager
Wipro Ltd
07.2021 - Current
Senior Associate
KPMG LLP
01.2018 - 06.2021
Project Manager
New England Wire Products
03.2016 - 11.2017
Bachelor of Arts - Economics
University of Massachusetts Amherst