Amit Garg BERKELEY RESEARCH GROUP, LLC 1800 M Street, N.W. 2 nd Floor Washington, D.C Direct: agarg@thinkbrg.

Transcription

1 Curriculum Vitae Amit Garg BERKELEY RESEARCH GROUP, LLC 1800 M Street, N.W. 2 nd Floor Washington, D.C Direct: agarg@thinkbrg.com SUMMARY Amit Garg brings over 17 years of information security consulting, business development, customer relationship management, and program management experience in complex and highly visible projects with senior executive sponsorship. He has worked with clients including large federal civilian agencies, military organizations, and Fortune 500 companies in the banking, insurance and financial services, healthcare, life sciences, consumer products, and retail verticals. Mr. Garg s expertise includes enterprise security program management, enterprise governance, risk management and compliance (egrc), data protection, business resiliency, security culture awareness and training, project management, and cybersecurity due diligence for mergers, acquisitions, and divestitures. He has extensive experience with regulatory requirements including FISMA, HIPAA, NIST, and ISO/IEC 27001, as well as industry best practices across multiple verticals. Mr. Garg has had proven success in engaging with clients, understanding business objectives, identifying and analyzing business issues, laying out tactical and strategic roadmaps, and proposing and executing on those strategies. EDUCATION Certificate, Executive Education, Leadership Development, Yale University - Yale School of Management, 2008 M.S., Information Security Management/Engineering Management, George Washington University School of Engineering & Applied Science, 2006 B.A. Economics, Emory University, 1998 PRESENT EMPLOYMENT Director, Technology Advisory Practice, Berkeley Research Group, Present PREVIOUS POSITIONS Advisory Solutions Principal, RSA Security, the Security Division of EMC,

2 Manager in Security & Privacy Services, Technology Risk, Deloitte & Touché LLP, Information Security Consultant, e-management Consultants, Federal Account Manager, Cyberguard Corporation, 2004 Sales Engineer/Manager, Corsec Security Inc., Business Development Lead/Consultant, f3 Solutions Group, Business Development/Project Manager, Diginexo Inc., Government Account Manager, SCO Inc., SECURITY CLEARANCE 2009 DOD Secret PROFESSIONAL AWARDS 2014 Platinum Award for outstanding performance and service to RSA PROFESSIONAL AFFILIATIONS Present Certified Member, International Information Systems Security Certification Consortium (ISC2) Certified Member, Project Management Institute (PMI) Certified Member, Business Continuity Institute (BCI) Member, International Association of Privacy Professionals (IAPP) Member, Software and Supply Chain Assurance Working Group (SSCAWG) Member, Industrial Control Systems Joint Working Group (ICSJWG) Member, Information Systems Security Association Northern Virginia Chapter Committee Member, Engineer Alumni Association, George Washington University BUSINESS AND NOT-FOR-PROFIT AFFILIATIONS Member, egrc.com Advisory Board - a group of Fortune 500 entities dedicated to training the next generation of governance, risk, and compliance practitioners. Member, Engineer Alumni Association, George Washington University School of Engineering & Applied Science 2

3 Board Member, American Barber Workforces Foundation Volunteer member, American Red Cross, National Capital Region, Vice President of Sponsorship, Network of South Asian Professionals (NetSAP) DC Chapter, 2004 PUBLICATIONS & THOUGHT LEADERSHIP CONTRIBUTIONS Developed an IT Security Due Diligence Framework for assessing risk for acquisition targets for a Fortune 100 retail organization, 2013 Co-developed content and delivered a webinar on Managed Regulatory Compliance Outsourcing to fellow practitioners 2012 Led and served as client service ambassador at Welcome 2 Deloitte, a two day new hire orientation to 200+ new hires, Developed and presented data separation strategy workshops to senior executives of a Fortune 100 consumer retail organization, 2011 Developed a data separation strategy playbook for a Fortune 100 consumer retail organization, 2011 PUBLISHED REVIEWS Led the development of Deloitte whitepaper Meeting Compliance Challenges: Leveraging the Value of Outsourcing in support of launch of new service offering, 2012 SELECTED CONSULTING EXPERIENCE Project 1: M&A IT Security Due Diligence Client Organization: Fortune 100 Retail Organization Role: M&A IT Security Advisor Duration: February 2013 April 2013 Description: Led work stream for IT Security due diligence of potential acquisition targets. Contributions included developing IT Security Due Diligence Risk and Controls framework and playbook. Led the development of remediation plans for pre-sign, pre-close, and postclose activities. Project 2: Governance, Risk, Compliance (GRC) Vendor Evaluation Client Organization: Fortune 200 Financial Services Client Role: Project Manager / Security Lead Duration: September 2012 February 2013 Description: Led engagement to assess and select a GRC vendor for enterprise risk management solution. Facilitated vetting process with over 40 senior executive stakeholders from multiple business units including Finance, Risk, Compliance, BASEL, SOX, IT, 3

4 Technology Risk, Operational Risk, Model Risk Management, etc. Contributions included developing assessment methodology, managing vendor selection process, creating, collecting, and analyzing survey responses, and presenting at executive briefings. Project 3: I&TRM Security Strategy Client Organization: Various Fortune 500 financial services clients Role: Security Advisor Duration: July 2012 September 2012 Description: Led work stream around governance, risk, and compliance. Contributions included drafting security action plans, developing technology risk management transformation process, developing policies and standards aligned to BASEL, SOX and other financial service regulations. Project 4: Managed Regulatory Compliance Outsourcing Initiative Role: Project Manager Duration: October 2011 June 2012 Description: Managed the development of a new service offering targeting the Life Sciences and Financial Services industries. Project 5: Security Program Support Client Organization: Multiple Fortune 100 Financial Services Clients Role: Security Advisor Duration: August 2011 September 2011 Description: Provided support to several engagement teams in the areas of: project planning, risk management, workshop planning, security policy reviews, and risk assessments. Project 6: IT Carve Out Divestiture Planning Client Organization: Fortune 100 Commercial Retail Client Role: Senior M&A and IT Security Advisor for Divestiture Planning Duration: April 2011 June 2011 Description: Provided support to PMO for divestiture planning in the following areas: project planning, risk management, communications, workshop planning. Project 7: Confidential Information Containment Initiative Client Organization: Fortune 100 Telecommunications Client Role: Project Manager / Security Lead Duration: March 2011 April 2011 Description: Identification, assessment, and containment of confidential information (i.e., intellectual property) from being transferred in the divestiture of a business unit. Project 8: GSA ICAM Program Management Client Organization: General Services Administration (GSA), Office of the CIO - Identity, Credentialing, and Access Management (ICAM) Office Role: Project Manager Duration: August 2010 February

5 Description: Provided Project Management Office (PMO) support services to a 20 member team. Responsibilities included program operations, program metrics, quality assurance, communications, project management planning, earned value management, risk management, and reporting to client senior management. Project 9: Certification & Accreditation (C&A), and Risk Management & Compliance Client Organizations: Government National Mortgage Association (Ginnie Mae), US Department of Housing and Urban Development Role: Security Lead Duration: February 2010 April 2010 Description: Provided risk management and compliance support to client. This project included gap assessment, risk analysis of identified gaps and recommendations for risk management, certification and accreditation, and management of third-party vendor providing services to Client. Project 10: Systems Engineering and Information Assurance Program Management Support Client Organization: Military Health System (MHS) - Defense Health Information Management System (DHIMS) Role: Manager / Information Assurance Officer (IAO) / IA Lead Duration: June 2007 February 2010 Description: (DHIMS) provides information management and IT solutions that capture, manage and share healthcare data for the military's Electronic Health Record (EHR). Provided mission support services to DHIMS across a broad range of management and technical functions that support the full System Development Life-Cycle (SDLC) of these systems encompassing systems engineering, technical engineering support, systems security, information assurance (IA), enterprise architecture, and requirements management. SELECTED SPEAKING ENGAGEMENTS Presented Safe and Secure Online sponsored by ISC2 to 100+ high school students in Stafford, VA, 2012 How to be a Farmer: Learn to plant your egrc talent seeds from the ground up, RSA Archer Summit & Charge Conference, 2015 Cybersecurity Litigation, Software and Supply Chain Assurance Forum, December