Josh McMahon
Experience:
2022 : Present
Verra Mobility
Director Information Security
* Responsible for developing an offensive security “ Red Team” program focusing on enterprise risk and identifying possible attack vectors both externally and internally.
* Experience with adversary (APT) attack infrastructure command and control (C2), Thorough understanding of supporting attack infrastructure.
* Managed penetration test against targeted solutions.
* Specialty operations included social engineering, insider threat, and physical access assessments.
* Responsible for translating technical reports into business sense. In summary, identify quick wins and determine roadmaps for larger remediation projects.
* Key role in evaluating vendor third party risk related to supply chain attacks and inherited risk.
* Responsible for enterprise security awareness exercises; extensive experience with phishing security awareness platform and data driven metrics.
2021 : 2022
American National
Director of Offensive Security / Red Team
* Member of the EISO (Enterprise Information Security Organization) overseeing the company security policies, cyber security and security concerns based on risk to the organization.
* Responsible for logical access controls governing financially significant applications and sensitive information in scope for regulatory compliance.
* Decision maker and responsibility owner for Identity Access Management with user population of 10,000+
* Lead organization from manual processes related to the account on-boarding to full automation.
* Responsible for implementation of enterprise wide IAM (Identity Access Management) solution. This solution addressed risks related to inappropriate access and efforts to streamline account lifecycle management. Account lifecycle events such as on-boarding off-boarding, transfer, LOA across various user types (employees, contractors, and 3rd party vendors.)
* Lead implementation of a file integrity monitoring solution. An enterprise wide solution providing visibility on event activity and data classification on enterprise assets.
* Lead implementation of an enterprise privileged access solution (PAM) which secured privileged accounts and micro-segmentation.
* Responsible for developing and driving an effective enterprise-wide phishing awareness program.
* Responsible for providing a secure remote connectivity for 3rd party vendors into the organization’s internal resources.
* Responsible for meeting regulatory requirements for the following regulations : NYDFS 500, PCI DSS, SOX, GLBA and CCPA.
2019 : 2021
American National
Director of Information Security
Cyber security architect focusing on global vendor risk management.
2018 : 2019
Sysco
Cyber Security Architect
Leveraged experience as an ethical hacker to protect the organization from individuals seeking sensitive data such as credit card numbers, employee data and vendor data. Having the mindset of a hacker and “what would the hacker do” helped guide the organization with offensive security countermeasures and prevent breaches.
Utilized in-depth understanding of cyber security to educate the corporate leadership team and guide decision making related to the need for cyber security.
Partnered with executives, management, and a team of 40 staff members including network, infrastructure, system administrators to achieve company driven initiatives which improved the overall security posture and reduced the threat landscape.
2017 : 2018
BlueLine Rental
IT Security Manager
Company: Verra Mobility
Years of Experience: 24
Spoken Language: English