Marilyn Sousa

Details

Education: Education, Training, and Certifications
• ISACA CDPSE | Certified Data Privacy Solutions Engineer
• ISACA CISA | Certified Information Systems Auditor
• ISACA CISM | Certified Information Security Manager
• CompTIA Security+
• ISACA CSX | Cybersecurity Nexus
• ISC2 CISSP Boot Camp
• Certified Multimedia Design Networks Specialist
• A.A. General Studies | University of Maryland
• A.A.S. Electronic Systems Technology | Community College of the Air Force

Experience: Certified CISA, CISM, and CDPSE professional with over 12 years of experience in security compliance, IT auditing, and regulatory requirements. Known for a strong work ethic, reliability, and the ability to "get things done." Proven ability to collaborate effectively with teams and ensure the delivery of audit criteria without discrepancies. Skilled in advancing security posture and compliance frameworks in diverse industries, including healthcare, financial institutions, software services, and government entities.

Committed to operational excellence and a culture of integrity continues to drive our progress and foster a resilient, compliant organizational framework. Seeking a new opportunity in a direct hire remote position where I can leverage my skills and experience to drive security compliance and risk management initiatives.

Years of Experience: 12

Spoken Language: English

Skills

• IT Auditing and Assessment
• Vendor Risk Management
• Audit Management
• Control Assurance
• Privacy
• Business Continuity and Disaster Recovery
• Policy Management
• Industry Regulation Compliance (NIST, CMMC, HIPAA, SOC 1, SOC 2, SOC 3, SSAE, SOX, PCI DSS, FISMA, SCADA, ISO, GLBA)

About

• Efforts in the Governance, Risk Management, and Compliance domain have been pivotal for establishing robust IT controls and achieving critical certifications like SOC 2 Type II and PCI DSS. Managed and oversaw Upgrade's first IT SOC 2 Type II and PCI DSS to v4 audit to meet requirements, achieving reports with no audit exceptions.
• Successfully navigated complex audits, integrating tools like Vanta and Drata to collaborate with teams to streamline evidence delivery and fortify security posture. Efforts in GRC management have not only strengthened compliance frameworks but also enhanced customer trust through robust privacy protections.
• Implemented IT gap analysis and mitigated areas for GLBA and Data Privacy requirements.
• Led GLBA compliance efforts, identified critical gaps, and implemented remediation. With a focus on pre-emptive risk management, we've conducted comprehensive IT gap analyses, ensuring GLBA and Data Privacy requirements are not only met but exceeded.
• Proactive approach to cybersecurity and compliance auditing lays a strong foundation for readiness.
• Select, implement, and manage oversight adherence to IT Training via KnowBe4 including phishing training; develop internal IT policies aligning with compliance and regulatory requirements.
• Defined and managed IT Risk Management and IT Vendor Management Programs.
• Provided leadership and subject matter expertise to compliance audit teams.
• Directed and oversaw external IT auditing requests and provided compliance security evidence for multiple ERP SaaS products.
• Acting as the Cloud Security Program / Project Manager, provided IT, operational, and compliance security compliance evidence | SSAE SOC 1 Type II, SOC 2 Type II, SOC 3 rolling audits | for SaaS products on cloud platforms of AWS, Azure and Equinix utilizing Salesforce.
• Oversaw and managed obtaining the required evidence, reviewing, and working with internal teams to provide audit evidence and deliver to external Auditors.
• Conducted monthly and quarterly internal security assessments to ensure systems operated and were maintained in accordance with internal security policies / practices.
• Conducted Third Party Vendor Risk Management assessments and responded to security assessments.
• Developed and maintained NIST 800-171 System Security Plans (SSP) and POA&M. Provided consulting for CMMC and NIST 800-53 FedRAMP.