Fahad Kabir-C-CISO, CISSP, CCSP, CISM, CDPSE

Chief Information Security Officer (CISO)

New York City Metropolitan Area

About

CISSP | CCSP | CISM | CDPSE, Series 99 certified Cybersecurity executive with 15+ years of experience designing, implementing, and operating enterprise security architectures across Financial Services, Banking, and Health & Life Sciences. Proven expertise in Defense-in-Depth (DiD) and Zero Trust architectures for core and ring infrastructure, cyber analytics, and securing high-risk, highly regulated environments. Currently serving as a Bank CISO, leading multi-disciplinary cybersecurity programs and partnering closely with board members and executive leadership to align cybersecurity strategy with business objectives. Demonstrated ability to balance business enablement and risk management, regulatory and compliance requirements, organizational risk appetite, and cost efficiency to deliver a secure, resilient, and compliant operating environment.

Experience

  • Chief Information Security Officer- CISO at ING Americas
    Mar 2023 - Present · 3 yrs 5 mos

  • Sr Vice President Information Security- Office of CISO at ING
    Oct 2019 - Mar 2023 · 3 yrs 6 mos

    •Responsible for CISO strategy and policy coordination for cyber security innovation initiatives for adequate Security requirements to align with business objectives e.g. Cloud migrations, Cyber Security. •Responsible to determine impact of security threats and translation of these into practical measures and controls to monitor implementation throughout the region to ensure security standard are aligned with security policies. •Enhance cyber security culture by providing security awareness education to dispersed technical teams globally in addition to manage and executes APT (Advance Persistent Threat) scenario analyses in collaboration with business and IT Security teams and monitor red, blue & white teaming activities. •Responsible for 3rd party application risk management and security architecture review, Business Impact Analysis (BIA) and management of penetration tests and vulnerability management programs. •Cyber Security audit & regulatory compliance officer for America’s domain to lead internal & external audits in response to different regulation e.g. SEC, NYDFS 500, NFA, FINRA and provide advice to leadership on security strategy, based on the ever-changing security landscape and observed industry practices. •Responsible to provide direction from CISO office on organizational sensitivity to craft practical security policies that match the business’ needs for Cyber Security audits, Anti-Fraud and Money Laundering. •Lead architect solution to assess and implement Cyber Security technology innovation projects, bridge the gap between business and stakeholders and be instrumental in complex implementations of systems e.g. IAM, Platform Security, Security Monitoring, Cyber Crime Resilience, IT change management and data management. •DLP Security officer (1st line of Defense) spearheads to design access & implement regional Data Leakage Prevention (DLP) to remediate key risks.

  • Senior Manager Information Security at Millennium
    Jun 2019 - Oct 2019 · 5 mos

    • Responsible for Information Security design and implementation of technologies to mitigate cyber security risks. • Lead on cyber security risk management framework (RMF) implementation for internal and external high risk trading applications, services to identify, evaluate, mitigate and protect with firm strategic and tactical solutions. • Responsible for managing various automations, deployment of work streams across diverse Information Security control groups, e.g. Penetration testing, Vulnerability Scans of application and networks Qualy’s & NMAP. • Technical Security lead for maintaining and implementation of cyber security industry best standards and guidelines in Millennium Management for IDM, IAAA, Network perimeter and Data Security globally. • Responsible to ensure continuous recertification of Security Blue Prints (SecBlue) and position papers for related Information security controls for public cloud security AWS, Azure as well as other technologies. • Lead Architect in design and evaluating security controls, integrating information systems with different IAM and other security tools like Cyber Analytics, Cloud SOC, Proxies, Meraki, DLP, Varonis DA etc. • Program lead on KY3P and TPRM for 3rd party risk management to asses due diligence questions (DDQ) to automate the process of vendor technology security architecture risk evaluation. • Maintain and remediate risks when integrating new technology across firmwide like voice detection, presence detection, biometric and other IDS and IPS solutions. • Identify gaps and inefficiencies and report to C management to provide guidelines on implementing best security improvements by assessing current situation; evaluating trends; anticipating requirements based on internal and external threats. • Responsible to create training and awareness education programs for different business groups on threat modeling to identify the need for critical security parameters.

  • Vice President- Security Architecture at Morgan Stanley
    Jul 2015 - Mar 2019 · 3 yrs 9 mos

    Head of Cyber Security 3rd Party Entity (3PE) practice. Ensure firm security controls are aligned with firm security posture via hands on cyber security assessments, peer reviews, onsite assessments (ODC’s) and special security projects. Designated Morgan Stanley Cyber Security liaison to Regulators, Exchange, Banks and industry associations for 3rd party security activities. Responsible for influencing and managing relationships with global Morgan Stanley’s BU’s and other security teams such as Cyber Analytics, Incident Response and Hunt teams to collaborate on mitigation strategies for threats and risks to the firm. Responsible for establishing the MS IT Security Policies, Risk Management Framework, NIST 800-53-63 Business leadership for improving Operation Risk Management and Supplier Risk Management (SPAR) Responsible for managing and conducting defense in depth security design reviews for high risk Applications residing in Ring architecture to address changing security landscapes and thematic risks, and provide visibility to Morgan Stanley leadership. Lead for Privilege Access Control programs, including (IDM) Identity Management and Authentication across Unix/Linux, Windows, Firewall & Mainframe and other Cyber security programs such as (DiD) Defense in Depth. Developed and implemented operational road maps with global legal and compliance ITRFD & Data Governance to incorporate Varonis-DatAdvantage tools such as TAM integration deployments in support for complex Fusion center. Complex cyber security projects management within the Governance, Security Information Systems (SIS), Cyber Analytics, Ring0 and Ring1 authentication within Defense in Depth (DiD) program. Responsible for strengthening security against cyber-attacks, protect against data leakage and remove risk to improve overall integrity of firm infrastructure broad categories, Identify, Protect, Detect, Respond, Recover.

  • Sr.IT Security Project Manager at Horizon Blue Cross Blue Shield of New Jersey
    Jun 2014 - Jul 2015 · 1 yr 2 mos

    Managing strategic Healthcare Enterprise Program Management Office (EPMO) Data Center security/relocation and IT Audit and Control Assessment Security Program of Horizon BCBSNJ in the overall business and strategic architecture of application portal management (APM). Responsible for managing enterprise application development projects across multiple application development teams based on methodologies (SDLC/Agile) in large enterprise projects and End to end Ecommerce Project Management of corporate change initiatives impacting multiple major businesses and functions. Responsible for infrastructure costs by implementing VMware virtual machine technologies to consolidate servers and perform physical-to-virtual migrations for legacy systems. Responsible for project schedules and resource planning, Managing budgets and project priorities, tracked project progress, report project status to executives by using PMO dashboards, support project team to overcome the issues and provide guidance for successful completion of project within budget and time. Represented IT Infrastructure team as a single point of contact to external vendors and internal business, QA and Dev. Responded to their needs. Suggested / evaluated implementation strategies, actively involved in negotiations about SLA, availability, performance and end user experience. Closely interacted with senior management and executives to align IT with changing business goals and vision. Delivers full project objectives on time and on budget as well as contributes to development of high-level business cases and post-implementation benefits estimates and recovery plans. Manages all project risk levels develop appropriate contingency plans and pro-actively identifies changes to eliminate future occurrences, SLA, escalation. Responsible for providing architecture design for global Data Warehousing, Business Intelligence, Enterprise Infrastructure, HIPAA IT Audit mandate/compliance and Integration projects.