Paco Diaz
Details
10-D, Inc. Academy ● Compliance ● Info Security
Information Security Auditor
Manager for the Information Security Management System
Designed and oversaw security governance activities.
Ran all internal IT audit activities.
Conducted all information security risk management activities.
Managed external audit correspondence, preparation and visits.
Directed all enterprise continuity and recovery planning and testing.
Consulted management on physical and environmental security controls.
Oversight and management of security awareness training and communications.
Coordinated and executed significant projects :
- Enterprise COVID response and management.
- Enhanced privacy controls and compliance.
- Enhanced software usage tracking and reporting tools and procedures.
2016 : 2022
Unitas Global
Chief Compliance Officer
Coordinated audit visits.
Conducted control self-assessments.
Oversaw service continuity plan development and testing.
Developed and deployed information security risk assessments.
Oversaw the development and deployment of vulnerability assessment and remediation program.
Coordinated the revision and total redevelopment of information security policy.
Coordinated the development of an enhanced change management process.
2014 : 2016
AOScloud, LLC
Compliance Officer
Supported BKD’s IT Risk Services division on SOC Type I and II Reports.
- Worked with clients on descriptions and refinement of system controls.
- Tested supporting documentation for effectiveness (Type II Report) of controls.
Supported company financial auditors in IT assurance engagements.
- Worked with clients and auditors on the testing of IT general controls.
- Provided clients and auditors findings and recommendations on IT general control effectiveness and improvement.
Performed IT risk management consulting to provide clients a risk analysis and subsequent risk management process refinement.
Supported prospecting and sales work.
- Developed a battery of IT security risk assessment products for consulting work.
- Contributed to or lead IT security risk assessment consulting proposals.
- Presented internally and externally on IT risk management consulting services including Association of College & University Auditors (ACUA) and Central Association of College and University Business Officers (CACUBO) conferences.
2013 : 2014
BKD CPAs & Advisors
Senior Consultant
Work with IT security management to advance current IT compliance and risk management processes.
- Work towards formalization of baseline information security controls (NIST).
- Work the development of a comprehensive risk assessment strategy.
Work to develop relationships within the research community to serve as a liaison between university research efforts and Office of IT services.
- Work as the Office of IT liaison for research data governance committee.
- Work as the Office of IT liaison for Internet2®; the member-owned high-speed network infrastructure.
Work to develop relationships within Alabama to assist the Office in establishing a presence in Alabama telehealth initiatives.
Work with the University information security officer to develop/enhance IT policy.
2012 : 2013
University of Alabama
Director of OIT Compliance and Risk Assessment
About
I have a proven record with public and private institutions in improving the security posture of the enterprise, evaluating the performance of security controls, and leadership experience in information security governance.
I most recently brought my last employer consistent success in maintaining ISO 27001 certification, favorable opinions for SOC 2 audits, and compliance with PCI-DSS, GDPR, and HIPAA regulations. I was the de facto designer and manager of the information security management system; providing recommendations to senior management on overall security governance activities. This also included serving as the manager of the information security risk management program, business continuity/recovery plans, security awareness, internal IT audit, and security policy and standard development.
I have experience working for an audit firm performing SOC audits, IT assurance engagements, and IT risk management consulting. This also included multiple speaking opportunities at conferences on general IT controls and HIPAA compliance. Before that, I was heavily involved in the security governance of two public universities. At Texas Tech University, I served as the Director of IT Compliance, creating its first office of IT compliance. During that time, I selected and implemented a GRC solution and performed the first comprehensive information security risk assessment for Texas Tech. I guest lectured on GRC topics and led record review and consulting conversations with each university school and department. At The University of Alabama, I designed and executed an information security risk assessment using the NIST Risk Management Framework and risk-based approach.
Profile Photo
