Bill Casti

SUMMARY

Resourceful Independent Compliance Consultant.

ISO 27001, ISO 9000 Compliance Analyst.

PCI QSA, v3.2.1 and v4.0

PCI Consultant.

Information Security Assessor.

Project Management.

Risk Evaluations.

Internal Audits.

Federal and State Regulations.

Secured Initial ISO Certification.

Strategized Privacy.

Integrated Vendors.

Controlled Documents.

CERTIFICATIONS

SSCP

CISSP-ISSMP

FIP

ISFS

ITIL

CISA

ISMS

CQA

PCIP

Cloud+ CE

HIPAA/HCISPP

CRISC

Security+

CIPP and CIPM

ITSM

NIST CSF

PCI QSA

CISSP

SOTP

CDIA+

Project+

CITP

CISM

TL-QMS

Specialties: I have been an advisor, consultant and/or a compliance assessor with multiple government and/or quasi-governmental agencies including the Federal Emergency Management Agency (FEMA) in Washington DC; the Securities Industry Automation Corporation (SIAC) in Brooklyn NY; Federal Home Loan Mortgage Corporation (‘Freddie Mac’) in McLean VA; the US Agency for International Development (USAID) in Baghdad, Iraq; the California State Compensation Insurance Fund (SCIF); the California Department of Motor Vehicles; the Sacramento (CA) Municipal Utility District (SMUD).

PROFESSIONAL EXPERIENCE

Link Technologies 07/2022 – 05/2023

QSA

Performance of recurring Payment Card Industry assessments of clients to assure their information and data security compliance to the PCI DSS requirements mandated by the payment brands, i.e. VISA, Mastercard, etc.

Sacramento Municipal Utility District 03/2022 – 06/2022

PCI QSA Consultant

Completed annual SAQ-A and SAQ-B assessments for PCI compliance requirements.

Prepped for transitions to PCI v4.0 by drafting new procedures, revising existing documents, developing transition timelines, and guiding applicability.

Toyota Financial Services 09/2021 – 02/2022

Compliance Analyst

Coordinated contractual project management and compliance analysis services for multiple TFS global affiliate organizations to remediate assessment deficiencies.

Directed technical SMEs to deploy and configure applications, such as Veracode, Microsoft Information Protection, Okta MFA, Centrify, and BitLocker.

Realogy 06/2021 – 07/2021

Senior Data Privacy Analyst

Assisted with 2021 CCPA compliance while strategizing data privacy regulatory concerns.

3M, MN 01/2021 – 03/2021

Vendor Support Activity Consultant

Increased the initial OneTrust instance, populating with the acquired company’s vendors and internal vendor sponsors.

Semtech – Sunnyvale, CA 08/2020 – 01/2021

ISO 27001 Certification Consultant

Guided a company going through initial ISO 27001 certification, securing in January 2021.

Narrowed client scope while reviewing and recommending documentation enhancements.

Attended assessor meetings.

VSP – Sacramento, CA 09/2019 – 03/2020

IT Auditor, PCI QSA

Collaborated with the global company as a supplemental resource for PCI compliance as well as NACHA and ISO 27001 reviews.

Assisted internal auditing, document reviews, auditing frameworks, and control analysis.

California Department of Motor Vehicles – Sacramento, CA 04/2019 – 10/2019

Security Consultant, PCI QSA

Drafted Record of Compliance and archived verification records.

Completed annual PCI DSS v3.2.1 assessment, evaluating procedures, processes, and documentation within the scope of the Cardholder Data Environment.

Comscore. Inc. – Portland, OR 09/2018 – 01/2019

Senior Compliance Analyst

Evaluated third-party vendor risk and supplier review management activities.

Liaised with senior management, service owners, stakeholders, and external vendors.

Google Cloud – Sunnyvale, CA 05/2018 – 08/2018

Regulatory Compliance Analyst

Controlled compliance requirements for multiple global information security standards to better discern compliance for cloud products marketed to global and regional jurisdictions.

Certent – Roseville, CA 03/2018 – 05/2018

ISO 27001 Implementation and Compliancy Consultant

Guided client through ISO 27001 ISMS pre-assessment, Stage 1, and Stage 2 assessments.

Analyzed and verified client documents according to ISMS standards.

PTP, State Compensation Insurance Fund – Pleasanton, CA 03/2017 – 12/2017

Information Security Consultant

Performed as PCI QSA and consultant assigned to the quasi-state agency in California.

Provided PCI-DSS v3.2.1 SME resources to their PCI-DSS compliancy and remediation efforts.

Collected and collated supporting evidence.

Developed the client’s PCI compliancy program.

Sutter Health – Roseville, CAJ 06/2016 – 02/2017

Information Security Risk Analyst III

Completed 104 “orphaned” third-party vendor risk assessments.

Completed 12 months’ work in 8 months.

Involved in improving process controls, security, and privacy controls.

PREVIOUS PROFESSIONAL EXPERIENCES

Nike

Senior IS Risk Analyst

Allina Health

Senior IS Engineer

Target

IS Engineer, Analyst

S.C. Johnson

IS Risk Analyst

Publicis

ISO Implementation Consultant

Cisco Systems

IA Program Manager

Nationwide Insurance Company

Info Risk Management Group, Senior Consultant - IS Risk Analysis Epiq Systems, Senior eGRC Systems Security Engineer

Standard Insurance Company

Service Delivery Manager, IT Infrastructure Security Operations

AQC

Consultant in IS Compliance and Governance, ISO 27001 Auditor and Consultant

USAID – Iraq, Tatweer Project, Management Systems International

ISO, Process Design and IT Strategy Advisor

Bearing Point

Senior IT IS Advisor

EDS, Government Solutions Group

Delivery Excellence, InfoSec Standards Compliancy Manager, Senior ITIL InfoSec Management Process Architect

Contact this candidate