Richard J. Van Horn

rvh
     Richard J. Van Horn

Senior Cybersecurity professional (LinkedIn) with over 25 years experience in the financial services industry. I have both the technical and business background to bridge the gap between the two different areas:

  • Business Information Security Officer (BISO): Explained technology risks and their business impact to business sponsors. Prioritized solutions based on a cost / benefit analysis.
     
  • Technology Risk Program Manager: Assessed technology related risks and identified and deployed both technical and operational solutions.
     
  • Technology Compliance Manager: Performed COBIT and FFIEC assessments, managed SoX assessments.

 

I have also worked on methodologies to assess technology risk both qualitatively and quantitatively, where the probability and impact of events is measured. These assessments are an invaluable way to convey risk and impact of technology issues to non a non technical audience. It is also very helpful with cost / benefit analyses to justify budget to mitigate these risks. 

I presented my views at the annual North America OpsRisk conference and the Center for Financial Professionals annual summer conference.  

CISA

CRISC

For a major financial institution in the U.S., I was part of a team that deployed an internal PKI that issued certificates to internal applications and devices.  I am the author or co-author of several patents related to authentication on the Internet.  I am a member of ISACA and had the following designations: Certified Information Systems Auditor (CISA) and Certified in Risk and Information Systems Control (CRISC).  

A few highlights:

+ Risk & Control Self Assessments (RCSAs)
+ Regular Reviews and Enhancements to Critical Controls
+ IT Compliance Management & Oversight
+ Technology Risk Assessments
+ 3rd Party Vendor Assessments
+ Identity & Access Management
+ Policy Development and Governance
+ Cyber Program & Technical Project Management
+ Data Leakage Protection & Data Privacy
+ Building and Developing High Performing Teams
+ Collaboration with Audit, Technology, Cyber & Business Stakeholders
Extrapolate