Phillip Gulla, CISSP

EXPERIENCE

Citi
New York, NY
Vice President, Information Security Officer
2011 – Present

Serve as the information security officer for O&T Finance, Workforce Management, O&T Risk Management, Global Compliance, Regulatory/Audit Management and the Data Privacy Office

Act as a subject matter expert and trusted advisor on numerous software implementation projects including: Board of Directors mobile app; Arise AuditTouch mobile app; BoardVantage mobile solution; Aceyus call center system; Aspect Open Span retail and dispute software; Prevent global email blocking program and Symantec data at rest scanning

Contribute to numerous technology initiatives and serve as subject matter expert or subject matter specialist on a variety of subjects including: mobile technology, cryptography, data leakage and application security

Partner with business and technology teams to identify risks and develop practical remediation strategies

Build and maintain strong relationships with technology teams, business managers and senior leaders in all supported businesses

Manage the publication of monthly IS reporting for the Operations & Technology and Corporate Center sectors

Create IS standards, policies and procedures and review updated standards, policies and procedures on behalf of CC_O&T IS sector office

Communicate new IS policies/efforts/initiatives to sector BISOs and business constituents and consistently promote awareness of existing policies and standards

Collaborate on numerous projects with other IS officers across more than 20 supported businesses

Manage several complex projects simultaneously and deliver all on time and on budget

Ernst & Young LLP
New York, NY
Manager
2006 – 2011

Managed teams, allocated work assignments, tracked status, reported to senior leadership and managed budgets for numerous IT and IS projects with budgets in excess of $1million

Led a major IT merger dealing with network and Active Directory migration and updated desktop builds affecting more than 10,000 employees

Coordinated with clients to execute engagements, manage budgets, allocate resources and manage staff on numerous projects

Acted as a technical resource and trusted advisor to senior executives at major global organizations

Provided regular status updates to senior executives and managed engagement progress, scope, risks and issues Reviewed, evaluated and audited IT controls for change management, logical security, physical security and computer operations for major investment banks

Performed IT general controls audits for numerous major corporations, reported findings to senior management and made recommendations for improvements in cases of control deficiency

Wrote system and technical requirements for an identity and access management system to be used at a major national water utility with 9,000 employees

Senior Analyst
2004 – 2006

Directed the implementation of an enterprise-wide software application used to track firm meetings

Performed a security review of the application which included examination of incident response procedures, user input validation, secure data transmission and user credentials

Developed single sign-on functionality using public key encryption with C# and .Net to allow users to access the vendor’s system from within the E&Y network

Migrated existing data from a Lotus Notes database containing more than 8,000 records

Defined system and technical requirements and designed system forms to firm specifications

Defined and enforced security policies for the application

Responded to and promptly addressed all support calls from application users

Performed ongoing system maintenance as necessary

Van der Moolen
New York, NY
Developer
2003 – 2004

Developed an employee scheduling and calendar application for a global, equity trading firm

Designed application and wrote code in Visual Basic, JavaScript and HTML

Performed QA testing and rewrote code as needed to ensure that the application was free from bugs prior to promotion to production environment

Performed security review of the application prior to release which included tests of user input validation, secure transmission of data and authentication of user credentials

SKILLS

Languages
C, C++, C#, Objective-C, XML, PHP, HTML, CSS, JavaScript, SQL

Applications
Nessus, Nmap, Ethereal, Visual Studio .Net, Xcode, Lotus Notes/Domino Designer, Dreamweaver, Photoshop, MS Office suite, Visio, Project

Databases
Oracle, SQL Server, MS Access

Models
Object-oriented development (OOD), Unified Modeling Language (UML), Capability Maturity Model (CMM)

Other
Intermediate Italian and Spanish language skills

EDUCATION

Boston University
Boston, MA
2002
Masters Certificate in C/C++ Programming and Windows Development

Suffolk University
Boston, MA
1996
B.S., Business Administration – Cum Laude

NYU School of Continuing and Professional Studies
New York, NY
Completed courses in iOS App Development, XML and Javascript

CERTIFICATIONS
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified Information Systems Auditor (CISA)
Certified in Risk and Information Systems Control (CRISC)

MEMBERSHIPS
International Information Systems Security Certification Consortium (ISC)²
Information Systems Audit and Control Association (ISACA)