Marcy Axelrod
Details
Business Administration
University of Phoenix
2000 : 2002
Bachelor of Arts
Economics
University of Wisconsin-Madison
· Collect business requirements and provide advice to ensure that Information Security policy is complied with for processes and systems
· Assist in improving the information security posture with respect to delivering services and partnering with IT and business leadership.
· Understanding key assets and processes, identifying, and evaluating risks and controls, and suggesting incremental controls or risk mitigation strategies where necessary.
· Communicating business compliance with Information Security Policy and Standards by continuously monitoring and reporting on risks and documented exceptions.
· Advocating for required changes and continuously managing the policy and standards exceptions program
2022 : Present
Royal Caribbean Group
Business Information Security Officer
· Supporting GRC initiatives
· Collaborating with the Legal and Human Resources to support privacy initiatives
· Creating and maintaining a policy framework for the company; mapping information security requirements to security policies
· Supporting audit and compliance initiatives
2021 : 2022
Pantheon Platform
GRC Engineer (Principal)
· Creating and implementing a Data Loss Prevention (DLP) program.
· Identifying data elements and working with data owners and custodians to ensure security best practices are followed.
· Developing and putting into place data security controls in conjunction with the Zynga GRC team.
· Identifying ways to mitigate data risks in the environment.
2020 : 2021
Zynga
Data Security Engineer (Security Principal)
Governance Specialist responsible for :
· Leading ISO 27001 and SOC 2 programs and audits.
· Developing and maintaining cybersecurity plans, strategy, and policy to support and align with organizational cybersecurity initiatives and regulatory compliance.
· Supporting the creation and maintenance of security policies, standards, processes and guidelines for approval by Firm management.
· Supporting the lifecycle of the Security Awareness program.
2019 : 2020
Kirkland & Ellis
Security Governance Specialist (Director Level)
Director responsible for :
· ISO 27001 audits
· Information Security Policies and Standards; writing, updating, and aligning regulatory requirements and environment
· Privacy lead for domestic and international privacy requirements
· Risk assessments
· Audits
· Create internal audits to ensure internal alignment with security program and regulatory requirements
· Perform audits that fulfill regulatory requirements
· Perform audits that align with best practices
· Contract reviews
· Penetration test and remediation coordination
· Disaster recovery tests
· Education and awareness program
· Create and distribute content to domestic and international employees
· Support annual signoff on code of conduct and security policies
2015 : 2019
IRI Worldwide
Director - IT Security Compliance
Skills
Analysis, Budgets, Business Analysis, Business Process, Business Process Improvement, Business Requirements, CRM, Customer Relationship Management (CRM), Data Privacy, DLP, Enterprise Software, Enterprise Systems Implementation, Incident Response, Information Security, Information Technology, Integration, Internal Investigations, IT Governance, IT Risk Management, IT Security Policies, IT Strategic Planning, Leadership, Management, Operations Management, Process Improvement, Project Management, Records Management, Requirements Analysis, Security, Software Documentation, Software Quality Assurance, Strategic Planning, Team Leadership, Technical Documentation, Training, Vendor Management
About
A high energy, adaptable team-oriented information security and governance leader with extensive management and operational experience in the finance, banking, big data, hospitality and big data industries.
Areas of expertise include:
IT Governance; Systems Implementations
Process reengineering; Software and Data Quality Assurance
IT Strategic Planning; Data Privacy, HIPAA, and PCI
Systems Conversion and Integrations; Policies and Standards
Incident Response; IT Compliance
Executive Reporting: Records Management and Data Retention
Information security programs; ISO 27001, SOC 2
Data Loss Prevention (DLP)
Data Privacy - US and EU
Profile Photo
