Joe Camilleri
About
Joe works in the following industries: "Internet", "Libraries", "Legislative Office", "Management Consulting", "Airlines/Aviation", "Information Technology & Services", and "Financial Services". Joe is currently Sr. Director, Security at Twitter. In Joe's previous role as a Director, Security at Twitter, Joe worked in until Jan 2021. Prior to joining Twitter, Joe was a Director, Interim Chief Information Security Officer at Twitter and held the position of Director, Interim Chief Information Security Officer at San Francisco, CA. Prior to that, Joe was a Sr. Manager, Security Risk Management at Twitter, based in San Francisco, CA from May 2016 to Mar 2018. Joe started working as Vice President, Information Risk Manager at JPMorgan Chase & Co. in New York, NY in Oct 2014. From Jan 2010 to Sep 2014, Joe was Vice President, Technology Risk at Morgan Stanley, based in New York, New York. Prior to that, Joe was a Sr. Manager, Technology Risk at Morgan Stanley, based in New York, New York from Apr 2006 to Dec 2009. Joe started working as Manager, Internal Audit at Morgan Stanley in New York, New York in Oct 2005.
Joe Camilleri can be found on Finalscout.com, where members can access Joe Camilleri's email for free. Finalscout is a professional database with more than 500 million business professional profiles and 200 million company profiles.
Joe Camilleri's current jobs
Joe Camilleri's past jobs
- Run the Vendor Security Review Program - Design & Execute InfoSec Risk Assessment Process - Facilitate Annual PCI - DSS Assessment - Acting CISO Sept 2017 - Feb 2018
Lead Technology Risk Officer covering the firm’s Wholesale Risk Technology (e.g., Market Risk, Credit Risk, Country Risk) organization. Responsible for oversight and execution of operational and information security risk management programs (e.g., RCSA, App Risk Classification, App Control Assessments, Issue / Action Management, Incident Management). Make decisions on proposed risk acceptances, perform issue closure verification, and advise on all escalated incidents within the organization. Present monthly risk & control related executive summary and metrics to heads of Risk Tech management (both Technology Leaders and Business Leaders). Review third-party vendors to determine risk classification of product or services being provided. Key contributor to annual budget process including headcount estimates.
Responsible for the facilitation of the global Technology Risk and Control Self-Assessment (RCSA) which included an ISO 27001/2 based Information Security Risk Assessment (ISRA) for Technology and Non-Technology organizations. Responsible for the execution of the Technology Central Governance Assessment, which included federal risks within the Technology Organization (e.g., Policy, Risk Management, Training). Responsible for the oversight of Technology’s Process-Risk-Control framework, including maintenance and adoption. This proprietary framework is primarily based on COBIT, ISO, NIST, and ITIL and is used to organize the Firm’s technology risk assessments, align Policy and Standards to external regulations, perform root cause analysis of issues and incidents, and risk modeling. Lead project to integrate an ISO 27001/2 based (internal) Information Security framework into an existing Technology risk and control framework to establish an overarching comprehensive Tech/InfoSec framework. Provide subject matter expert consultancy to all (~85) use cases of the Process-Risk-Control framework. Played lead role in developing a proprietary application and infrastructure self-assessment tool, which assessed 2000+ assets using environmental and Q&A responses to generate inherent and residual risk values. Defined business requirements for tool functionality that delivered an “assess once, use many” result for the firm’s IT SOX 302 self-assessment process.
Provided advisory services to technology system / process owners during internal audit planning, execution, and final report generation. Reviewed entire portfolio of critical and high issues / actions and reported thematic results to Sr. Tech Risk Management; highlighted action plans that did not address the root cause of the issue. Analyzed Technology Risk related in-flight projects and measured the impact of the projects on the current risk environment. Co-developed and executed IT SOX testing methodology; managed a team of 6 staff to help deliver the annual 404 management assertions.
Managed and performed IT application audits for integrated audit engagements specifically in the Company Functions area. Areas of coverage included: HR Benefits, Executive Compensation, Accounts Payable, Internal Financial Reporting, and Corporate Services.
Specialized in application & infrastructure general computer control audits. Managed 1-7 consultants, daily audit operations, and client relationships. Responsible for creating audit programs and test plans. Actively engaged in Sarbanes-Oxley compliance efforts for 6 companies in various industries from the initial scoping and process documentation phases through control testing and remediation. Assisted firms with gap analysis and remediation planning in order to optimize control effectiveness.
IT Administrator (Feb 2001 – Mar 2004) Provided 24/7 technical support, hardware/software acquisition, installation, and communication planning for six branch offices across the US, four virtual offices, and two project offices.
IT Compliance internship
Accounts Payable Internship
Congressional Internship