Resume

Carmelo Walsh CISSP, CCSP, CISM, CRISC, CDPSE, OpenFair, ITIL v3

Results-Driven Cybersecurity Executive | 30+ Years of Enhancing IT & Security Capabilities

Passionate about strengthening IT and cybersecurity programs to drive business resilience and operational excellence. Proven expertise in developing and maturing security programs, solving complex challenges, and optimizing cost efficiency through strategic project funding. Experienced in leading cross-functional teams to successful outcomes. I specialize in Business Information Security, Governance, Risk & Compliance, Security Operations, Application Security, Incident Response, Detection Engineering, Cybersecurity Monitoring, Threat Intelligence, Vulnerability Management and Business Resiliency. Skilled at aligning security initiatives with business goals to mitigate risk and ensure long-term success.

Accomplishments and Professional Information Security Experience:

Vice President, Cyber Defense: Security Operations
Magellan Health August 2021 – Present		 Cybersecurity Executive | Proven Leadership in Building Security Programs That Work Meritoriously promoted to Senior Director and subsequently to Vice President a year later, I serve on the Cybersecurity Senior Leadership Team, overseeing Security Operations at Magellan. I develop and lead high-performing teams across Detection Engineering, Incident Response, Vulnerability Governance, Application Security, Threat Intelligence, Incident Response, and Security Investigations/Business Resiliency.
I create strong leaders and drive a culture of security within and beyond the Cybersecurity organization, striving for excellence that protects the enterprise. I set strategic direction and establish clear objectives to reduce vulnerability exposure and minimize mean time to detect and recover from incidents. Success is measured through rigorous tracking of metrics and key performance indicators, ensuring continuous improvement and resilience.
Major Accomplishments :
  • Spearheaded the transformation of a struggling vulnerability management program into an industry-leading vulnerability governance model by aligning teams, focusing on data integrity, and enhancing operational efficiency and the decrease of vulnerabilities by over 90%
  • Developed and strengthened our internal security operations team, eliminating the need for a 3rd party security service provider and reducing expenses by $1 million annually and decreasing the false positive rate to below 1%
  • Evaluated and recommended a cost-effective application code scanning solution, gaining developer buy-in and saving the company more than $250K annually.
Director, Business Information Security Officer Magellan Health: MRx August 2020, – August 2021 Orchestrated information security work and led the demonstration of control effectiveness through metrics presentation to the customers as it relates to our contractual obligations, regulatory requirements, and company policies.
Drove business relationship capabilities to enable customer value through information security.
Oversaw the performance of our information security programs as they relate to customer facing services; including processes that drive account management capabilities to respond to a customer.
Brought awareness of information security’s operational effectiveness to C-level leadership to continually increase our maturity.
Worked with teams on CAPs and POAMs and provide customers status.
Major Accomplishments :
  • Stepped up after the MRx BISO’s unexpected departure, addressed customer concerns and secured their confidence, and played a key role in closing the Medi-Cal deal within 4 months.
  • Asked by the current CISO at the time to apply for the role of Senior Director over the Security Operations Center.
GRC Risk Manager CSAA Insurance Group August 2013 – August 2020,Governance Subject Matter Expert,Built out GRC program. Built and operationalized the GRC program, aligning it with enterprise goals.
Developed a GRC Roadmap that guided governance and compliance efforts.
Created a Compliance/Audit evidence vault, reducing audit fatigue and improving efficiency.
Established a Risk Management Framework and a Risk Analysis process aligned with enterprise risk, enhancing risk visibility and decision-making.
Served as Archer Product Owner, managing the development team to build modules aligned with GRC objectives, improving workflow efficiency and automation.
Conducted various assessments (inherent risk, enterprise risk, application risk) and controls testing, ensuring risk visibility and mitigation.
Assisted in building the third-party assessment process, enhancing vendor risk management.
Led compliance efforts by providing auditors with scoped evidence, ensuring audit readiness and reducing business disruption.
Drove issue remediation and facilitated business decision-making on identified findings.
Advanced the maturity of Enterprise Security Awareness, reducing human risk and improving security posture.
Provided security advisory services and consulting, enabling informed security decisions and enhancing overall organizational security.
Operational Risk Consultant (contract) Wells Fargo June 2012 – July 2013 Acted as a Subject Matter Expert (SME) on Wells Fargo Information Security policy and the Information Security Risk Assessment (ISRA) methodology, ensuring policy adherence and risk alignment.
Provided expert guidance on security policies and methodologies, strengthening compliance and risk management processes.
Partnered with Information Security Officers (ISOs) across multiple lines of business to gather security information and assess risks, fostering collaboration and ensuring comprehensive risk evaluation.
Conducted risk assessments and delivered rated analyses, identifying security gaps and evaluating business impact.
Recommended risk-reducing solutions to mitigate vulnerabilities and strengthen security posture, enhancing overall enterprise security.
Information Security Officer (contract) Arizona Department of Education January 2010 – May 2012 Maintained security operations by monitoring, analyzing, and responding to potential threats, ensuring continuous protection of enterprise systems and data.
Proactively identified and mitigated security incidents, minimizing downtime and protecting sensitive information.
Responded to audits by providing timely and accurate documentation, ensuring compliance with regulatory standards and reducing the risk of non-compliance penalties.
Collaborated with internal teams to address audit findings and implement corrective actions, strengthening the organization’s compliance posture.
Performed vulnerability assessments to identify, analyze, and prioritize security weaknesses, enabling the organization to remediate risks before exploitation.
Recommended and implemented remediation strategies, improving overall security resilience and reducing the organization’s attack surface.
Director of Information Technology and Security Corbins Electric November 2008 – January 2010 Provided IT service management and support to core business functions, including CAD development and billing systems, ensuring seamless operations and minimizing downtime.
Maintained high availability of critical business systems, directly contributing to improved service delivery and operational efficiency.
Safeguarded IT operations by implementing and maintaining basic security fundamentals, protecting systems from potential threats and vulnerabilities.
Strengthened the security posture by applying best practices, reducing the risk of operational disruptions.

Additional IT Experience

2004-2008 Senior Information Security Analyst Nationwide Insurance
2002-2004 Information Security Manager Arizona Dept of Health Services
2000-2002 Senior Technical Analyst Alltel Communications Inc
1999-2000 Regional IT Coordinator First Horizon National Corporation
1996-1999 Network Specialist Arizona Dept of Corrections
1992-1996 US Marine – Corporal – Aviation Ordnance United States Marine Corps

Education and Certification:

Degree Certifications & Year Inactive Certifications
Bachelor of Science in Information TechnologyUniversity of Phoenix – 2003 ITILv3 Foundation,CISSP ,CCSP ,CRISC ,CISM ,OpenFAIR,CDPSE,Mitre Att&ck,Purple Teaming,2011,2014,2019,2019,2019,2020,2020,2021,2021 Novell CNE,CCNA,PCI ISA,PCI/P,AWS CCP,

Professional Skills:

  • Cybersecurity Leadership – Proven ability to lead and develop high-performing security teams across multiple disciplines.
  • Incident Response & Threat Management – Expertise in detecting, analyzing, and responding to security incidents to minimize risk and downtime.
  • Vulnerability Governance – Successfully transformed vulnerability management programs to reduce exposure by over 70%.
  • Governance, Risk, and Compliance Expertise – Built and operationalized GRC programs aligned with enterprise goals, enhancing risk management and compliance.
  • Audit & Compliance Management – Strong knowledge of regulatory requirements and contract obligations, ensuring audit readiness and reducing business disruption.
  • Risk Assessment & Mitigation – Conducted enterprise, application, and vendor risk assessments, delivering actionable insights and reducing security gaps.
  • Application Security & Code Scanning – Identified cost-effective solutions to enhance application security while reducing operational costs.
  • Third-Party Risk Management – Established vendor assessment processes to strengthen supply chain security and mitigate third-party risks.
  • Security Operations & Monitoring – Managed security operations, proactively identifying threats and protecting enterprise systems.
  • Strategic Business Alignment – Translated security objectives into business value, gaining executive buy-in and improving security maturity.
  • Security Awareness & Training – Advanced enterprise security awareness programs, reducing human risk and enhancing security posture.
  • Process Automation & Efficiency – Leveraged technology to improve workflow efficiency and automate GRC processes, reducing manual effort and increasing effectiveness.