People Data LabsInformation Systems and Security Operations Manager
Mar. 2021 - Dec. 2022Remote• Orchestrated the establishment and enforcement of robust security measures, aligning with industry best practices; resolved vulnerabilities, responded to incidents, and reduced liability across all risk areas, contributing to $33M in increased sales revenue.
• Led and maintain all security compliance efforts resulting in SOC2 certification with 0 findings and ISO 27001 certification with 1 minor non-conformity.
• Transformed the company’s security controls to be fully compliant with NIST 800-53r5, SOC2, and ISO 27001.
• Spearheaded the compliance and certification project for SOC2 (7 months) and ISO 27001 (11 months). The company achieved ISO 27001 certification and SOC2, type certification from March 2021 to October 2023. • Directed and supervised a team of security professionals, providing guidance and support to ensure adherence to industry best practices; enhanced team performance and achieved a 80% reduction in security ticket resolution time.
• Accelerated the strategies for the governance, risk and compliance functions across the company that support transformation of the security function by implementing more than 200 controls and across 2 standards.
• Introduced the corporate governance framework for cybersecurity risk, including identifying risks and awareness, and provide briefings to senior leaders to advise the risk of 162 critical controls that may affect business or security posture.
• Identified over 162 required controls and develop risk mitigation plans to support all business units.
• Managed, coordinated, and tracked all cybersecurity related external assessments for 2 standards (SOC & ISO) and internal audits including action plans and responses.
• Developed, operated, and maintained a security risk registry with clearly defined owners and timelines for each of 20 risks.