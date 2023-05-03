KXCO are very pleased to announce Charles Tango has joined the advisory board at KXCO.

Charles Tango is one of the leading figures in the US Tech industry.

Highly accomplished IT and Risk Management Leader, with a proven record of securing digital transformation, deploying emerging technologies, and balancing business with IT risk. Winner of the Top 100 CISOs for 2020 award at the 2020 Blackhat Conference. Special expertise in regulatory compliance, communication, and process improvement. Significant experience presenting complex IT risk topics to both technical and non-technical audiences, including Boards of Directors. Established board member in both an advisory and independent board member capacity for security startups and Fortune 500 companies. Active thought leader and speaker in Cybersecurity forums and conferences.

PROFESSIONAL EXPERIENCE

Sysco, Houston, TX 2020 – Present

Chief Information Security Officer (CISO) & Head of IT Risk Management

Sysco, a Fortune 60, is the global leader in selling, marketing and distributing food and non-food products to restaurants, healthcare and educational facilities, lodging establishments and other customers around the world.

Accountable for all cybersecurity and IT risk management across Sysco brands globally including Security Operations, Privacy, Records Management, Vendor Risk, Identity Management, and Business Resiliency. Report directly to the Chief Information Officer with matrix reporting to the Board Audit Committee.

Upon hire, executed an immediate capability assessment of Sysco’s IT risk programs, culture, and staff. Developed a corresponding capability acceleration strategy.

Overseeing a $300MM cybersecurity capability improvement globally across areas including Identity & access Management, Data Loss Prevention, Network Security, Governance, and Cloud

Transitioning security staff augmentation to internal full-time global resources as part of an organizational cost optimization effort.

In conjunction with the office of the CIO, actively driving the organization’s digital transformation by securing the platforms of the future and providing an easier migration strategy

Immediately responded to the changing business priorities and IT Risks associated with COVID-19, remote workforce, and shift in consumer habits.

Developed and rapidly deployed direct to consumer, point of sale, and e-commerce strategies which mitigated privacy and IT risk to the greatest extent possible.

Immediately brought relevant business areas into compliance with PCI, CCPA, and GDPR.

Altria Group, Richmond, VA 2016 – 2020

Chief Information Security Officer (CISO) & Head of IT Risk Management

Altria Group, the Fortune 150 parent company of such notable brands as Phillip Morris USA, Ste. Michelle Wine Estates, and US Smokeless Tobacco is a global leader in the manufacturing, sales, and distribution of superior tobacco and wine products. Most recently Altria Group became the largest shareholder of JUUL Labs, the leading e-vapor company, and Cronos Group, a leader in the Canadian cannabis market.

As Altria’s first Chief Information Security Officer, accountable for all cybersecurity and IT risk management across Altria brands globally including Privacy, Records Management, Vendor Risk, and Business Resiliency. Report directly to the Chief Information Officer with matrix reporting to the Board Audit Committee.

Upon hire, executed a 90-day capability assessment of Altria’s IT risk programs, culture, and staff. Developed a corresponding capability acceleration strategy.

Established and continuously refined the 5-year strategic roadmap for IT Risk. Within 3 years achieved an overall higher maturity rating than industry peers while spending ~50% less.

Oversaw the development and execution of two key IT risk programs to protect one of the largest repositories of sensitive consumer information in the United States as well as the trade secret formulae of pre-market products.

Aligned the IT risk program for the company’s digital transformation, including direct consumer digital marketing, advanced data analytics, public cloud expansion, and consumer product development.

Ensured Altria’s programs met all regulatory, locality, and industry requirements including HIPAA, PCI, SOX, GDPR and the forthcoming CCPA.

Developed a consumer product security framework to prepare the organization for the sale of “smart, connected” consumer products while ensuring consumer privacy and security.

Expanded the IT Risk program to cover the Operational Technology (OT) manufacturing and laboratory environments to protect Altria’s critical infrastructure.

Oversaw the outsourcing of non-critical IT risk functions to a global Managed Security Services Provider to drive efficient utilization of internal resources.

Established quarterly Board Audit Committee and semi-annual Board reporting cadence with corresponding material.

Focused resources on key areas of IT Risk including Vulnerability & Threat Management, Incident Response, Data Loss Prevention, Network Access Control, Privileged Access Management, Risk Intelligence, and Risk Metrics.

Sterling National Bank (Formerly Provident Bank), Montebello, NY 2013 – 2016

Chief Information Security & Risk Officer (CISRO)

Sterling National Bank is a regional commercially focused bank in the NY Metro area with a recent track record of significant growth both organically and through acquisitions, which drove the need for enhanced risk management programs. Sterling National Bank merged with Provident Bank and Astoria Bank to form a prominent regional bank in the NY Metro area.

As the Chief Information Security and Risk Officer, responsible for the departments governing Information Security, Operational Risk, Vendor Risk Management, Business Continuity, and Model Risk Management. Reported directly to the Chief Operating Officer with matrix reporting to the Chief Risk Officer, Board Audit Committee, and Board Enterprise Risk Committee.

Created the Operations and Technology Risk Management department including policies, procedures, and staffing requirements; bringing together all domains related to IT and Operational Risk.

Led the creation of the Information Security Program and organization, including key initiatives such as Distributed Denial of Service (DDoS) prevention, Incident Response, Data Loss Prevention, Identity Management, Application Security, Vulnerability Management, and Vendor Assessments.

In conjunction with the CIO, developed and executed the bank’s digital transformation – from a traditional brick and mortar institution to a financial institution based on data analytics, digital client interaction, and omnichannel delivery.

Implemented the MetricStream eGRC platform to automate IT and Operational Risk, including Vulnerability Management, Business Continuity, Vendor Management and KRI collection.

Redesigned and oversaw the implementation of Sterling’s network and network security infrastructure, including the enhancement of firewalls, IDS/IPS, VPN, web filtering, and network access control.

Launched a comprehensive Security Information & Event (SIEM) program and platform, based on LogRhythm, to oversee changes and potential threats to the bank’s IT environment.

Represented Operational and IT Risk on the New Product Steering Committee.

Presented to the Board Audit Committee and Enterprise Risk Committee quarterly on the overall state of IT and Operational Risk within the bank.

Interfaced with internal and external auditors as necessary (e.g., SOX) as well as bank regulators for examination; provided periodic updates for ongoing remediation efforts.

In response to new regulatory requirements, developed and launched a robust Vendor Risk Management program to identify and assess the bank’s critical vendors.

Developed the bank’s Enterprise Risk Management framework which integrated all IT, Operational, Market, and Credit Risk into one end-to-end process for senior management and board consumption in alignment with the changing regulatory landscape.

Provided risk management expertise and recommendations for the bank’s critical initiative of replacing the core banking platform and ancillary products for e-banking, wire transfers, ACH, debit, and AML/BSA platforms utilizing outsourcing and SaaS.

CITIGROUP, New York, NY 2004 – 2013

Senior Vice President – Operations & Technology Global Risk Management Strategy 2010 – 2013

Program Manager – Enterprise Supplier Risk Management (ESRM) Strategic Enhancement Program (StEP)

Citi Operations & Technology (O&T) encompasses over 150,000 staff across 100+ countries to provide mid and back-office support for all Citi product lines. The StEP organization consisted of a $50 million budget including 60+ full time employees, contractors, and consultants who support the Program Office (PO). The StEP portfolio directed 30+ tactical and strategic projects to improve Supplier Risk Management at Citi in its oversight of 23,000 Supplier Relationships.

As the head of StEP, and Program Manager, responsible for building and managing the PO which ensured Supplier Risk Management kept pace with the evolving threat landscape across Citi globally. Worked closely with senior leaders including the Citi CISO as well as partners in Supplier Risk, Information Security, Business Continuity, Technology, Enterprise Risk, Privacy, Compliance, Legal, Anti-Money Laundering, and Procurement.

Provided Subject Matter Expertise for the development of the risk scoring methodology for the Enhanced Risk Management Process (ERMP), which identified Citi’s cross-discipline IT / Operational risks and tiered them based on materiality to provide a holistic view of risk to senior management.

Directly contributed to a Satisfactory rating during a regulatory exam by leading an independent assessment of Citi’s Supplier Risk Management program, which identified 30+ strategic enhancements to improve Supplier Risk Management at Citi.

Developed an industry leading quantitative Supplier Risk Tiering model to determine a Supplier’s Inherent and Residual risk by documenting characteristics that drive its risk and the controls necessary to mitigate them.

Established quantitative and qualitative Supplier Risk Tolerance measures, thresholds, and breach responses, in alignment with COSO, to be leveraged by senior leaders across Citi business lines.

Oversaw the development of several critical enhancements, including: Restructuring of the Supplier Risk Management Governance Model Design and development of a future-state ESRM platform Establishing Key Performance Indicators (KPI) / Key Risk Indicators (KRI), and Designing processes to monitor levels of Supplier concentration and over-dependence.

Successfully established the StEP PO, including budgeting and business justification to O&T senior leadership, which: Oversaw all aspects of program and project execution Set strategic Supplier risk management objectives and ensured alignment of project scope Identified and addressed emerging risks, including 4 th parties and cloud computing Ensured the successful closure of multiple internal audit issues and regulatory findings On-boarded 40+ resources in 8 months



Vice President – Citi Technology Infrastructure Global Information Security 2004 – 2010

Program Manager – Information Security Risk Assessment

Led IS and IT Risk Management initiatives for Citi Technology Infrastructure (CTI), which supports systems and network connectivity for Citigroup, Citibank, Citi Cards, and other business lines globally. Coordinated regional risk Project Managers and prepared financial forecasts for IS projects. Developed and oversaw Information Security Risk Assessment (ISRA) program worldwide, derived from ISO, NIST 800 and FFIEC guidelines. Monitored IS and IT risk. Represented CTI at the corporate steering committee level and served as liaison during regulatory audits.

Dramatically reduced risk, with significant projected resource savings, by standardizing risk management across all business units and incorporating into an event driven ISRA process supporting annual GLBA attestations and SOX / PCI compliance.

Established and consistently maintained compliance with ISO 27001 certification requirements for GIS. Achieved certification through improvements to internal and governance processes.

Subject Matter Expert (SME) for ISO 27001 certification of data centers worldwide. Developed and implemented repeatable programs. Played key role in Citi becoming one of the first financial industries to achieve ISO 27001 certification for all data centers.

Represented CTI and worked with Engineering and corporate governance groups to set Infrastructure Defense Program’s tactical and strategic goals. Objectives included: security for Virtualization, Cloud Computing, Remote Access, and advanced Firewall/Proxy services.

Produced productivity increases as large as 30% and reduced defects as much as 95% for programs, by developing KPIs to measure and trend IS programs globally.

Worked with Security Engineering and Operations groups to lead a project that delivered multi-million dollar savings by automating Security Incident and Event Monitoring and identifying budget reductions.

Managed the security incident response program for CTI globally, and interfaced with Citi’s investigative and forensics organization for the reporting and response of security incidents identified.

With the Citi Security Engineering function, assisted development of end-to-end risk assessment methodology embedded into the SDLC and Technology Development Life-Cycle (TDLC).

IGX GLOBAL, Hackensack, NJ 2003 – 2004

Department Head, Security Managed Services

Security Operations Center Manager

Created and led Managed Services division for large security products VAR. Hired and supervised multiple direct reports. Managed issue identification and escalation. Led Level 1-3 support plus product and service engineering. Administered budgets, negotiated vendor contracts, and procured hardware and software.

Built group into reliable revenue stream and managed products on behalf of customer via Security Operations Center (SOC), either remotely through the IGX data center or at client locations.

Developed all SOC policies and procedures, including incident response, reporting, KPIs, and SLAs.

Increased sales to $750k and led development of packaged security offerings, including managed 3 rd -party firewalls, intrusion detection systems, e-mail, virus scanning, web proxies, and more.

-party firewalls, intrusion detection systems, e-mail, virus scanning, web proxies, and more. Assisted with sales by preparing and conducting technical presentations to C suite executives.

KIODEX, New York, NY 2002 – 2003

Senior Systems & Security Engineer

Served as Director of Security and Technology Infrastructure. Oversaw network and IS operations

management. Managed vendor relations to support hardware, software, support, and 3rd-party services.

Negotiated ISP agreements and contract renewals. Served as Technical Lead for all corporate IT projects.

Worked closely with Microsoft, Sun, Oracle, Cisco, and other vendors.

Reduced ISP costs 15% and achieved larger decreases in Oracle, Sun, and Cisco support.

Managed complete corporate network and data center network redesign initiatives.

Improved and updated all security and disaster recovery policies and procedures.

Improved efficiency by implementing uptime monitoring for 24×7 production data center.

UGO NETWORKS, New York, NY 2000 – 2002

Data Center Operations and Security Team Lead

Directed all data center operations at ISP/telecom/internet company. Coordinated a large engineering team and planned and managed technology upgrades. Provided security policy management for the entire network and systems environment. Managed hardware, software, and facilities vendor management functions.

Designed and implemented a 24×7 enterprise e-commerce data center to provide global support.

Played a major role in 2 data center migration initiatives.

Enhanced an ad-serving environment handling more than two billion impressions per month.

Carried out design and implementation of web hosting/co-location environment that processed more than 10 million unique visitors per month.

Consistently met SLA of 99.7% availability and maximum business continuity for all systems.

CAREER NOTES: Previously held position of Senior System Administrator & Security Specialist at IOPLEX COMMUNICATIONS (1998-2000). Details available on request.

Advisory Board Member:

IBM Security 2017 – Present

Bloccelerate VC 2018 – Present

MaxxPotential 2017 – 2021

Scanta AI 2020 – Present

OptimEyes AI 2020 – Present

Lytical Ventures 2022 – Present

Board Member:

Virginia Cybersecurity Partnership 2016 – Present

Richmond Technology Council 2016 – 2020

EDUCATION

Bachelor of Science (BS) – Business Excelsior College

Under the name Knightsbridge KXCO became one of Asia’s leading financial services companies with interests in Institutional investment, Private Equity, Capital Markets, Publishing, and Agriculture that span every continent of the world. We have unprecedented experience in Equities, Banking, Private Equity, Trading and Funds Management.

KXCO Chain1 is the 1st client developed under the KXCO umbrella. It is built with Java, and it offers several benefits that make it an attractive choice for organizations looking to build blockchain solutions.

While FBX is the Chain Currency for KXCO you can pay in any Fiat or Digital Asset, the system will automatically process the transaction and buy the required amount of FBX at the same time without you having to do any conversions or additional work, fast, easy and safe.

Visit KXCO

Visit FBX

Buy FBX

MEXC

PROBIT