Melody Pereira
Company
Cogitativo
Title
Chief Information Security Officer
Biographical Info
  • Information security and technology risk management leader with 20+ years designing and leading $MM in security programs and operations.
  • • Defines enterprise security strategy, delivers information integrity and confidentiality, ensures legal and regulatory compliance.
  • • Advises the board and executive team on threat environment, risk trends, and alignment of security strategy and business objectives.
  • • Provides risk analysis, enterprise security governance, risk mitigation, IS policy, IT audit/compliance, and incident response in banking, securities, electronic payments, insurance, and resort management sectors.
  • • Leads teams in change management processes, comprehensive incident response capabilities, vulnerability management, penetration testing, and business continuity/disaster recovery planning.
  • Achievements:
  • • Built Charles Schwab's first Information Security Department, sold plan to board, and directed implementation.
  • • Created First Republic Bank's first formal IS/IT Risk and Compliance program to meet GLBA and SOX standards. Significantly improved the bank's URSIT scores.
  • • Obtained MGM Resort's first PCI-compliant ROC resulting in slashing cyber insurance premiums while raising coverage.
  • • Integrated GRC processes and reporting for 3 VISA global security departments, streamlining assessments by leveraging compliance with key controls.
  • • Developed ICOFR-compliant IT and security control structure for Allianz. Consolidated and addressed all audit issues.
  • • At Fireman's Fund's breakup, worked with personal lines buyer Chubb/ACE to ensure security and monitoring during the transition, ensuring all commercial lines' security during integration with Allianz.

  • Regulations:
  • • Financial regulations and standards: SOX, SEC, GLBA, FISMA, FFIC, and PCI.
  • • Healthcare regulations: HIPAA, HITECH, HITRUST.
  • • Application control structures: Open-SAMM, OWASP.
  • • Government frameworks: NIST, FEDRAMP, and industry standards ISO27001/002, CCM, COBIT, COSO, CSF, UCF, COBIT, COSO.