Open to opportunities

Kevin Fallon

@kevinfallon

Message

Experienced information security manager specializing in third-party risk and governance.

United States

Message

What I'm looking for

I'm seeking a hybrid/remote Information Security Manager role focused on third‑party risk, GRC, IAM, and business continuity where I can lead automation, strengthen controls, and drive measurable compliance and resilience improvements.

I am an information security and risk management professional with an MBA and certifications (CISM, CTPRP), focused on building scalable third‑party cyber risk, GRC, IAM, and business continuity programs. I lead cross‑functional teams to align security controls with business objectives and regulatory standards.

Throughout my career I implemented automation tools (Whistic, Process Unity, SailPoint, Fusion RM), completed 130+ third‑party assessments annually, and drove SOC 2 and PCI‑DSS certification efforts, reducing audit discrepancies by 25%. I translate complex technical risk into business impact, strengthen resilience through BCP/DR planning, and enhance security awareness via targeted programs.

Experience

Work history, roles, and key accomplishments

Current

Information Security Risk Analyst

Current

DuPont Specialty Products

May 2025 - Present (4 months)

Manage third-party cyber risks for a divestiture program and contributed to global security architecture and governance to align with enterprise objectives and regulatory expectations.

Third Party Risk Management GRC IAM Risk Assessment Policy Development Vulnerability Management Security Governance

Third Party Cyber Risk Analyst V

TD Bank

Feb 2025 - May 2025 (3 months)

Managed and maintained the Third-Party Cyber Risk Program, providing risk consulting, control design assessments, and stakeholder reporting to support enterprise technology risk management.

Third Party Risk Management Regulatory Compliance Stakeholder Management Incident Advisory Governance

Third Party Cyber Risk Program Manager

Best Egg

Jan 2021 - Jan 2024 (3 years)

Established and led the Third-Party Cyber Risk Program, automating assessments and onboarding tools which supported 130+ annual assessments and remediated over 400 IT risks to strengthen compliance and resilience.

Whistic ProcessUnity PCI DSS Business Continuity

Information Security Specialist

Best Egg

Jan 2017 - Jan 2021 (4 years)

Developed GRC and IAM programs, implemented SailPoint and Azure AD provisioning, and automated access review processes to improve compliance and operational transparency.

GRC IAM Sailpoint Azure Active Directory Policy Development

Information Security Analyst

Best Egg

Jan 2015 - Jan 2017 (2 years)

Built an enterprise Information Security Management Program aligned to ISO 27001 and authored policies, procedures, and provisioning documentation to enhance data protection and compliance.

ISO 27001)Policy Writing IAM Provision Documentation Freshservice Risk Management Security Awareness

Compliance Analyst

JP Morgan Chase & Co.

Jan 2014 - Jan 2015 (1 year)

Managed high-priority complaint investigations and regulatory matters, negotiated settlements, and ensured accurate case documentation in accordance with FINRA requirements.

Regulatory Compliance Investigation FINRA Case Management Risk Assessment Documentation

Data Security Analyst

Decision Data Company

Jan 2015 - Present (10 years 8 months)

Implemented an enterprise ISMS aligned to ISO 27001, conducted application audits and provisioning reviews, and streamlined processes to improve consistency and security controls.

ISO 27001)IAM Provision Process Improvement Documentation