Profiles search
Hector Trevino
Lead Information Security Advisor at USAA
San Antonio, TX, United States
Details
Experience:
Primary responsibilities are to inventory, manage, and conduct on-site and virtual audits of all third-party vendors that transmit or store USAA data. Provide advice and guidance to internal business units with information security issues and communicate continuing changes in Information Security, Compliance, and Contractual requirements.
2021 : Present
USAA
Lead Information Security Advisor
• Provides information assurance capabilities through technical consultation and guidance to the business for the interpretation and assessment of information security risk for projects and technologies.
• Responds both verbally and in writing to cybersecurity inquiries and periodic exams from both internal control partners (e.g., legal, compliance, risk managers) and external control partners (e.g., third parties).
• Consult with internal issue risk management teams on supplier gaps and remediation resolutions.
2019 : 2021
USAA
Senior Information Security Advisor
• Perform physical site assessment of third-party vendors, provide peer review of work product and deliverables, and executes release of information analysis to third party business partners.
• Support cross functional teams through the problem resolution process, ensuring necessary technology security controls exist and troubleshoots Information Security issues.
• Document findings and provided Information Security advisement to business partners on security requirements and risk mitigation.
2017 : 2019
USAA
Information Security Advisor
Lead complex global IT risk and Information Security risk assessments partnering with key business stakeholders to identify, assess, and document risk and controls. Present findings and results to business owners and various levels of leadership promoting ideal solutions that meet the objectives of both the business and security risk management team. Responsible for identifying, analyzing, and documenting third party risk ensuring all due diligence controls are in place to protect classified information and adhered to compliance and security certifications.
• Lead Third Party Risk Management Program partnering with Procurement, Legal, and Information Technology departments.
• Advise on vendor contract information security addendums and discussions.
• Created Third Party Risk Management progression to include internal and external questionnaires, interviews, and workflow process.
• Spearhead security solutions on identified gaps with business stakeholders and vendors to protect classified confidential information hosted within the company or with a SaaS provider.
• Create risk remediation plans with business owners and follow through in the implementation of changes.
2015 : 2017
Rackspace, the #1 managed cloud company
Vendor Risk Management Specialist
An adviser and advocate in the development of overall information security program globally for the company. Responsible for performing global IT Risk and Information Security assessments across the organization reviewing assets, tools, and internal systems. Assess all current and new vendors in the company assigning classification according to the security risk to the company.
Project coordinator for the company’s 2014 security summit which hosted rackers, security professionals, educators, and law enforcement promoting cyber and security awareness.
2014 : 2015
Rackspace, the Open Cloud Company
Security Risk and Compliance Management Specialist
2021 : Present
USAA
Lead Information Security Advisor
• Provides information assurance capabilities through technical consultation and guidance to the business for the interpretation and assessment of information security risk for projects and technologies.
• Responds both verbally and in writing to cybersecurity inquiries and periodic exams from both internal control partners (e.g., legal, compliance, risk managers) and external control partners (e.g., third parties).
• Consult with internal issue risk management teams on supplier gaps and remediation resolutions.
2019 : 2021
USAA
Senior Information Security Advisor
• Perform physical site assessment of third-party vendors, provide peer review of work product and deliverables, and executes release of information analysis to third party business partners.
• Support cross functional teams through the problem resolution process, ensuring necessary technology security controls exist and troubleshoots Information Security issues.
• Document findings and provided Information Security advisement to business partners on security requirements and risk mitigation.
2017 : 2019
USAA
Information Security Advisor
Lead complex global IT risk and Information Security risk assessments partnering with key business stakeholders to identify, assess, and document risk and controls. Present findings and results to business owners and various levels of leadership promoting ideal solutions that meet the objectives of both the business and security risk management team. Responsible for identifying, analyzing, and documenting third party risk ensuring all due diligence controls are in place to protect classified information and adhered to compliance and security certifications.
• Lead Third Party Risk Management Program partnering with Procurement, Legal, and Information Technology departments.
• Advise on vendor contract information security addendums and discussions.
• Created Third Party Risk Management progression to include internal and external questionnaires, interviews, and workflow process.
• Spearhead security solutions on identified gaps with business stakeholders and vendors to protect classified confidential information hosted within the company or with a SaaS provider.
• Create risk remediation plans with business owners and follow through in the implementation of changes.
2015 : 2017
Rackspace, the #1 managed cloud company
Vendor Risk Management Specialist
An adviser and advocate in the development of overall information security program globally for the company. Responsible for performing global IT Risk and Information Security assessments across the organization reviewing assets, tools, and internal systems. Assess all current and new vendors in the company assigning classification according to the security risk to the company.
Project coordinator for the company’s 2014 security summit which hosted rackers, security professionals, educators, and law enforcement promoting cyber and security awareness.
2014 : 2015
Rackspace, the Open Cloud Company
Security Risk and Compliance Management Specialist
Company:
USAA
About
Highlights of expertise:
• Security Strategies & Best Practices
• Public Speaking
• Network, Systems & Data Gap Analysis
• Risk & Vulnerability Assessment
• Project Planning & Management
• Vendor Risk Management
• Training, Awareness Outreach & Standards
• Law Enforcement
Profile Photo
