Yaz Pervaiz, Sr. Manager Application Security for U.S. Bank - As a Global head of cyber security - Leading and managing the overall Cyber Security background. The overall cyber security program includes various cyber security domains such as infrastructure security technology, security risk management, and GRC functions. From technology side, implemented IAM as a service using Microsoft Forefront Identity Manager and Active Directory Federated Services for SSO. Outsourced SIEM monitoring to an MSSP provider and removed ArcSight SIEM solution with Solutionary Active Guard appliances. Strong experience with McAfee and Symantec endpoint and DLP, Web Proxies, IDS/IPS, network vulnerability scanning tools such as Qualys and Rapid 7. In the process of implementing BSIMM application security framework and evaluating HP Fortify and the IBM App Scan for application Source Code reviews.
A major contributor to the success of Kemper Insurance's information security program by getting commitment of company executives to the information security program’s vision, strategy and roadmaps, with clear expectations for the program’s performance. Managed potential risks and exposures, develop written Information Security policies and standards using various frameworks such as NIST, ISO 27002, COBIT and ITIL to address the identified risks, and employ a cost-effective program to mitigate the identified risks. From the context of Enterprise Risk Management (ERM), Kemper relied on the individual operating companies to present their “Top 10” enterprise risk initiatives. Provided on a semi-annual basis, this list becomes the foundation of the Kemper’s Enterprise Risk Management program. Met with ERM and Kemper executives to understand priorities in relation to Information Security Program – Alignment with key business initiatives and priorities helped appropriately build written Cyber Security policies, standards, and overall Information Security program activities.
Led the Company-wide Network Circuits contract negotiations and outsourced the network support and the management of routers/switches to AT&T's Managed services. In the area of network architecture design and building the core infrastructure, I managed a great team of network consultants who supported the company strategy in designing the appropriate network segmentation for data and voice for the various Kemper business units.
As a PCIP and CRISC certified security practitioner, I have audited internal, external and B2B networks for the PCI gap assessments and have the network team to remediate many network segmentation gaps within 90-180 days. I've managed teams at Kemper and at Discover Card, covering the support of MPLS networks, Firewalls, NIDS, Exchange 2000 servers. I've spent 7 years at Kemper Insurance in a CISO capacity, where I've written numerous security and network policies/standards. Assessed and build the security and network architecture that meet the PCI and HIPPA regulatory compliance requirements for our Property and casualty/Life and Health insurance divisions.
At Kemper, I directly reported to CFO and on a dotted-line reporting into CIO of the organization, the Information Security program was charted through the CEO office. I directly collaborated with the CEO office to re-write the corporate security charter that supported the organization security governance, vision, roadmaps, security strategy and the detailed roles and responsibilities of expected functions from various business unit security officers.