Mary S.
Details
Capella University
2014 : 2019
Global Information Assurance Certification
Legal Issues of IT & Data Security
SANS Technology Institute
2013 : 2013
AA Liberal Arts
Alan Hancock College
1992 : 1994
Studies in Organizational Communication
University of Phoenix-Southern California Campus
Multidimensional Leadership Training
Athena Group LLC
Thought Industries
Vice President Information Security & IT
Report to CFO. Lead Global Information Security, Privacy, Risk & Compliance teams supporting over 1 million SaaS users in 85 countries. Serve as primary internal domain expert and represent organization externally (customers, prospects, media) regarding privacy, security and compliance.
• Within 8 months established programs and obtained ISO 27001 and ISO 27701 certifications covering mixed infrastructure product catalog (AWS cloud SaaS, Salesforce AppExchange, data center)
• Envision and define information security program architecture, tools/technologies, roles and responsibilities. Manage million+ budget and skilled resources to implement technical, administrative, and physical controls to mitigate risks to information systems including SIEM, penetration testing, vulnerability management, incident response, IDS/IPS, etc.
• Support Sales, Marketing, and Product serving as domain expert for security, privacy & compliance
• Conduct customer and vendor legal agreement review and risk assessment
• Lead response to privacy & security incidents including data subject privacy access requests
• Benchmark, assess, monitor, and communicate organizational security, privacy, compliance metrics, risks, and remediation strategies to executive leadership team
2019 : 2020
Conga
Vice President Security, Privacy, and Compliance
Reported to CISO. Collaborated with internal clients to develop creative approaches to comply with privacy and security requirements through pragmatic, scalable internal processes.
• Developed and executed GDPR compliance program for all SaaS products
• Integrated 3 acquired companies and strategically expanded compliance program from only SOC 2 to include SOC 1, and HIPAA
• Promoted culture of data privacy and security by design and by default
• Established education/awareness strategies and provided privacy, security, and compliance advice and guidance to all business units (marketing, product development/management, software development, etc.) for limiting risks to the business and providing assurance to customers
2018 : 2019
Conga
Vice President Privacy and Compliance
Reported to General Counsel. Lead and managed strategic and operational aspects of Global Ethics and Compliance Program. Advised business leaders at all levels across the enterprise on the applicability of regulations, industry standards, risk mitigation options, and the crafting of policies and procedures to safeguard the integrity and reputation of the company while simultaneously improving the privacy, security, and/or efficiency the control environment reducing risks and costs.
• Advised and trained on domestic and international privacy compliance requirements including GDPR. Conducted gap analysis and developed data inventories
• Monitored domestic and international regulatory development and enforcement trends related to business operations and translated into guidance for business leaders
• Envisioned and implemented programs to modernize Code of Conduct, whistleblower hotline, employee awareness & training content and programs
• Redesigned third-party due diligence (OFAC, SDN, background checks, etc.) process to enhance anti-corruption risk mitigation, conducted risk surveys and implemented systems to improve risk management, transparency and reporting for Board of Directors
• Drafted or reviewed privacy/data security related contract provisions with outside parties; assisted in conducting due diligence of third-party vendors and ensured any transfers of personal information complied with all applicable laws
• Procured incident response services, negotiated contracts. Member of Security Incident Response Team. Evaluated incidents for notification requirements
2013 : 2018
CSG International
Deputy Chief Global Compliance Officer
Reported to COO. Responsible for directing the information security compliance program for one of the largest privately held colocation, managed services, and cloud providers in North America with 24 data centers in five states.
• Anticipated customer needs and strategically obtained third party attestation reports, certifications, or accreditations to various regulations, standards or guidelines such as; SSAE 16/SOC 1, HIPAA, PCI DSS, AICPA's Trust Principals (SOC 2/3), NIST 800-53. Expanded program from 1 to 5 accreditations over 6 years
• Supported sales teams promoting information security program design and assurance for products, services, and corporate information security practices
• Responded to incoming prospect and customer due diligence questionnaires and customer audits
• Envisioned and implemented secure self-service portal allowing clients to obtain assurance reports and guidance documents at their convenience
• Drafted and negotiated agreements, proposal requests, and vendor agreements
• Created policies, procedures, and other white papers and promotional documents for both internal and external parties to drive and promote operational excellence
2007 : 2013
ViaWest
Director of Compliance
Skills
Amazon Web Services (AWS), Analysis, Auditing, Business Analysis, Business Process, California Consumer Privacy Act (CCPA), Certified Information Privacy Professional, CISO, Cloud Computing, Cloud Computing IaaS, Compliance, Computer Security, CPO, Cyber-security, Data Privacy, Enterprise Software, FISMA, General Data Protection Regulation (GDPR), Governance, HIPAA, Information Security, Information Technology, Interpersonal Skills, ISO 27001, IT Audit, IT Risk Management, Leadership, Legal Compliance, Legal Research, NIST 800-53, Operational Risk Management, Payment Card Industry Data Security Standard (PCI DSS), PCI DSS, Policies & Procedures, Privacy Compliance, Privacy Law, Privacy Policies, Program Management, Project Management, Regulatory Compliance, Risk Assessment, Risk Management, SaaS, Senior Program Management, Software as a Service (SaaS), Software Development, Software Development Life Cycle (SDLC), Standards Compliance, Strategic Planning, Vendor Management
About
Senior leader enabling companies to compete on trust. Build and lead high-performing teams focused on embedding privacy and security into the products, practices, and culture of the business. Participate in thought-leadership groups to both stay ahead of change and be a driving force in the industry. Drive client and partner-facing initiatives that position companies as thought leaders and positively impact their revenue.
Specialties:
• Leading the development and maintenance of strategic programs, policies and procedures around data, privacy, information security, and marketplace quality that support the growth of the business while protecting and empowering customers, consumers, clients, and partners
• Strategically obtaining certification frameworks that reinforce an organization’s positioning as an excellent steward of consumer, customer, client, and partner data
• Developing and maintaining security, privacy and compliance programs and roadmaps, managing million+ dollar budgets, security program technical architecture, tools, and resources
• Acting as internal and external advocate and expert in data privacy and security
• Partnering with Product and Engineering teams to advise on changes in regulations, standards, or risk mitigation strategies and ensure the timely remediation of risks
Compliance/Standards: EU Data Protection, GDPR, SOC 1/2/3, CCPA and other US State Data Protection & Breach Laws, HIPAA, ISO 27001, ISO 27701, PCI DSS, FFIEC, FISMA, NIST, Privacy Shield, Anti-Bribery / Anti-Corruption Regulations, export trade compliance, corporate compliance
Profile Photo
