Joseph A Scarzone
Details
2019 : Present
LBMC Information Security
Manager - Information Security Consultant
• Primary role is to perform PCI DSSv3.2.1 assessments as a Qualified Security Assessor (QSA). Certified through February 2020. Plans to achieve ISO27001 Lead Implementer in 2019 in accordance to PCI SSC defined QSA qualification requirements.
• Additionally, performed PCI DSSv3.2.1 Gap Analysis assessments and Information Security assessments.
• Manage multiple engagements at one time for Level 1 & 2 merchants and service providers.
• Engaged in all levels of client management, including executive level consulting and status.
• Mentor and guide junior associates in performing PCI DSS assessments.
• High performer and achiever, excellent organization and time management skills, driven and passionate.
2016 : 2019
Trustwave
Security Consultant
• Responsible for ensuring the confidentiality, integrity, and availability of data and services at third parties and help drive assessment approach decisions and to serve as the Information Assurance Third Party Management (IA TPM) subject matter expert for negotiations of the IA TPM contract exhibits.
• Responsible for Information Security & Risk Management due diligence activities for US Card Top Tier suppliers, such as TSYS, First Data Resources, Visa, MasterCard, 24/7, and Zoot.
• Evaluated NIST, FISMA, SOC1, SOC2, SSAE16, PCI AOC assessment results and mapped to Capital One control framework as a standard duty for all scheduled third party assessments
• Assisted third party managers in determining which risk factors exist with a third party.
• Evaluated third party relationships and determined which assessment methodology applies.
• Partnered with Global Procurement Services (GPS) and/or Legal to review deviations to IA TPM terms.
• Identified and partnered with GPS/Legal to propose risk balanced suggestions for mutual alignment
• Conducted assessments of final deviations and facilitated necessary escalation for executive acceptance.
• Assisted third parties, third party managers, and Accountable Executives with understanding risks identified by IA TPM.
• Escalated in accordance with defined procedures.
• Performed Six Sigma statistical analysis to determine process capability of Capital One’s Quality Assurance program.
• Provided process engineering consulting regarding Archer Integration Workflow project.
• Mapped existing control practices to CobiT best practices for Business Continuity/Disaster Recovery processes as well as Third Party Management processes.
• Provided in-depth analysis comparing current control framework with best practices and provided recommendations for improvement.
2012 : 2015
Capital One
Manager - Information Security & Risk Management
TEKsystems for client HSBC Bank :
• Performed third party security reviews leveraging ISO27001 methodology.
• Lead reviewed to determine effectiveness of HSBC third party security control environment.
• Documented findings, identify mitigating controls, and publish final reports with recommendations.
• Performed onsite visits to validate information security policy requirements are appropriately designed and implemented, ensured the protection of confidential, restricted, and highly restricted HSBC information shared with legal law firms.
• Utilized project management techniques to manage an aggressive review schedule.
• Documented work based on industry standard best practices via Archer Security Management tool.
• Met all service level agreements prescribed by client to complete five reviews a month.
• Recognized as high-performing consultant by client staff and management.
2011 : 2011
TEKsystems
Information Systems Security Consultant
• Served multiple roles during 9-year tenure at Allstate, as follows :
• Project Manager – managed telecom provisioning requests for the Network Provisioning Team (NPT) internal IT engineering groups. Interfaced with all relevant telecom companies, i.e. AT&T, Verizon, RBOC’s, LECs, etc to provision telecommunications services. Established Catastrophe Provisioning Process. Built order management databases to track all order requests.
• SOX Compliance/Risk Management Consultant
o Managed Allstate Level 1 and Level 2 SOX and Regulatory control framework for the Claims Technology Services, IT and Customer Enterprise Services organizations.
o Designed, implemented and tested SOX controls across Allstate’s IT organization, and helped business units address and mitigate identified gaps.
o Conducted gap analysis of Internal Audit’s Offshore Vendor Management audit results in 2008 in comparison to best practices.
o Defined offshore vendor management governance standards, to be implemented across the entire technology organization.
• IT Auditor
o Led and/or participated in Internal IT Audits for Release Management, IT Governance, User Access Management, Incident Management, Problem Management, Change Management, Configuration Management processes.
o Facilitated and led five teams in Internal Audit to develop a unified Audit Execution Process, which included standardizing audit stage deliverables, workpapers and email templates
• Six Sigma Black Belt
o Lead enterprise process improvement initiatives spanning across multiple business functions (national and international) utilizing Six Sigma process improvement methodology (DMAIC, LEAN).
o Expert in defining problem statements, project charters, process mapping, project management, statistical measurements via Minitab tool, analysis techniques, and improvement and control strategies.
o Coordinated daunting tasks that required extensive team-building and negotiation skills.
2002 : 2011
Allstate
Various Roles
About
Joseph Scarzone has over 28 years of extensive business, IT and information security experience with a prominent QSA company and large telecom, insurance and banking organizations. Joseph excels in delivering simultaneous, large-scale, mission-critical projects within the constraints of scope, quality, time, and cost, and is regarded as an empowering and thorough professional with expertise in leading and coordinating technical teams to provide innovative technical solutions and ensure customer satisfaction. Joseph is highly effective in multi-tasking in complex, multi-platform, and fast-paced environments. Worth noting was his career with a prominent insurance company that changed his career from telecom to SOX compliance, auditing and information security. Thus his journey began achieving nationally recognized certifications, such as Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Controls (CRISC), and Payment Card Industry Qualified Security Assessor (QSA), ISO27001 Lead Implementer (CIS LI), as well as the prestigious Certified Six Sigma Black Belt (CSSBB). Joseph also mastered well-known control frameworks and standards, such as CoBIT, ITIL, RiskIT and NIST to name a few.
Joseph is able to quickly ascertain risk, and expertly guide and recommend strategies to minimize or completely mitigate vulnerabilities for his clients. As Joseph likes to say, he has “The heart of a Six Sigma Black Belt, with the mind of an Auditor”, which personifies his passion to be thorough, complete, and always seek to envision and implement continuous process improvements, both personally and professionally. Driven to achieve and continually learn and evolve as a professional, husband and father, Joseph lives life to its fullest potential, and brings that passion in all that he does.
Profile Photo
