Alexander Fernandes
▪ Senior Cyber Security Leader, experienced in developing and designing Cyber Security strategy for the organization, working closely with Executive leadership and other stakeholders to implement the strategy and reduce IT risk to the organization in a multi-cloud environment ▪ Wide-ranging Cyber Security, Governance, Risk, Privacy and Compliance, Security Operations, Application Security, IT Infrastructure, IT Operations, Data Centre, Third Party Risk Management projects & programs with varied experience specializing in enterprise-wide IT and Information Security for Financial, Insurance, Retail, Consulting, Government & Manufacturing sector ▪ Certified CISA, CISSP, CEH and trained in TOGAF ▪ Strong understanding of security frameworks like ISO 27001, NIST CSF, NIST 800-53 and compliance requirements like PCI, SOX, SSAE16, FoIPPA, PIPEDA / PIPA, GDPR, OSFI Guidelines B10, B13 & Cyber Security Self Assessment, NERC CIP ▪ Preparing & guiding organization for successful ISO 27001, PCI DSS, SOX audits & certifications ▪ Disaster Recovery design, implementation and ongoing testing and maintenance ▪ Highly skilled in interacting with internal/external auditors and interfacing, managing key stakeholder relationships
Jurisdiction
Canada
Experience
Leading CyberSecurity & IT Risk team to manage the IT Risk Program for RBC Global Asset Management (GAM), overseeing Technology Risk Assessments, Application Security, Disaster Recovery & Business Continuity Management, Change Management, Vendor Due Diligence, Internal & External Audits and other Cybersecurity & IT Risk areas.
o Creating and Leading a brand-new 5-member global team of cybersecurity, privacy & compliance professionals o Designed, developed and deployed Global Cyber Security, Privacy & Compliance strategy in a multi-cloud environment o Preparing & Guiding the organization toward successful ISO 27001 compliance & certification o Responsible for leading the Cyber Security, Privacy & Compliance programs and related initiatives o Build & Manage a brand new Cyber Security, Compliance & Privacy team to achieve desired organizational goals o Developing an in-house cybersecurity & privacy awareness program and an ongoing phishing campaign, tracking & reporting on results o Interfacing with business stakeholders, External Auditors, & handling vendor & contract negotiations o Working with Dev Teams to integrate AppSec into existing CI/CD pipelines and processes using SAST & DAST tools o Guiding & mentoring Cyber Security team to develop Policies, SOPs, Plans, and managing Security budgets o Responsible for responding to client Security Questionnaires & Surveys against ISO 27001, NIST CSF, NIST 800-53, and HIPAA and also performing Third Party / Vendor Risk Management
Leading the Information Security team to ensure the protection of information and other assets by o Designing the organization's cyber security strategy, monitoring and reporting on progress o Defining and overseeing a corporate-wide information security protection strategy program for all computing environments, including interaction with all departments and external business partners o Conducting Security Threat & Risk Assessments and Privacy Impact Assessments as required o Introducing Shift Left methodology to the development team to ensure a proactive, early-stage security approach within the development lifecycle o Establishing and maintaining security policies and guidelines and ensuring compliance o Designing and managing Penetration Testing, Security Audits, Compliance Programs, Security Assessments, Third Party & Vendor Risk Management and providing recommendations to mitigate risks o Designing and developing Incident Response Strategy & Plan, conducting TableTop Exercises periodically o Ensuring PBC InfoSec team and other staff are trained on security policies, standards, guidelines and procedures o Raising corporate awareness of information security, establishing and maintaining a security awareness program
Education
Certification
CISA, CISSP