Bill Casti
SUMMARY
Resourceful Independent Compliance Consultant.
ISO 27001, ISO 9000 Compliance Analyst.
PCI QSA, v3.2.1 and v4.0
PCI Consultant.
Information Security Assessor.
Project Management.
Risk Evaluations.
Internal Audits.
Federal and State Regulations.
Secured Initial ISO Certification.
Strategized Privacy.
Integrated Vendors.
Controlled Documents.
CERTIFICATIONS
SSCP
CISSP-ISSMP
FIP
ISFS
ITIL
CISA
ISMS
CQA
PCIP
Cloud+ CE
HIPAA/HCISPP
CRISC
Security+
CIPP and CIPM
ITSM
NIST CSF
PCI QSA
CISSP
SOTP
CDIA+
Project+
CITP
CISM
TL-QMS
Specialties: I have been an advisor, consultant and/or a compliance assessor with multiple government and/or quasi-governmental agencies including the Federal Emergency Management Agency (FEMA) in Washington DC; the Securities Industry Automation Corporation (SIAC) in Brooklyn NY; Federal Home Loan Mortgage Corporation (‘Freddie Mac’) in McLean VA; the US Agency for International Development (USAID) in Baghdad, Iraq; the California State Compensation Insurance Fund (SCIF); the California Department of Motor Vehicles; the Sacramento (CA) Municipal Utility District (SMUD).
PROFESSIONAL EXPERIENCE
Link Technologies 07/2022 – 05/2023
QSA
Performance of recurring Payment Card Industry assessments of clients to assure their information and data security compliance to the PCI DSS requirements mandated by the payment brands, i.e. VISA, Mastercard, etc.
Sacramento Municipal Utility District 03/2022 – 06/2022
PCI QSA Consultant
Completed annual SAQ-A and SAQ-B assessments for PCI compliance requirements.
Prepped for transitions to PCI v4.0 by drafting new procedures, revising existing documents, developing transition timelines, and guiding applicability.
Toyota Financial Services 09/2021 – 02/2022
Compliance Analyst
Coordinated contractual project management and compliance analysis services for multiple TFS global affiliate organizations to remediate assessment deficiencies.
Directed technical SMEs to deploy and configure applications, such as Veracode, Microsoft Information Protection, Okta MFA, Centrify, and BitLocker.
Realogy 06/2021 – 07/2021
Senior Data Privacy Analyst
Assisted with 2021 CCPA compliance while strategizing data privacy regulatory concerns.
3M, MN 01/2021 – 03/2021
Vendor Support Activity Consultant
Increased the initial OneTrust instance, populating with the acquired company’s vendors and internal vendor sponsors.
Semtech – Sunnyvale, CA 08/2020 – 01/2021
ISO 27001 Certification Consultant
Guided a company going through initial ISO 27001 certification, securing in January 2021.
Narrowed client scope while reviewing and recommending documentation enhancements.
Attended assessor meetings.
VSP – Sacramento, CA 09/2019 – 03/2020
IT Auditor, PCI QSA
Collaborated with the global company as a supplemental resource for PCI compliance as well as NACHA and ISO 27001 reviews.
Assisted internal auditing, document reviews, auditing frameworks, and control analysis.
California Department of Motor Vehicles – Sacramento, CA 04/2019 – 10/2019
Security Consultant, PCI QSA
Drafted Record of Compliance and archived verification records.
Completed annual PCI DSS v3.2.1 assessment, evaluating procedures, processes, and documentation within the scope of the Cardholder Data Environment.
Comscore. Inc. – Portland, OR 09/2018 – 01/2019
Senior Compliance Analyst
Evaluated third-party vendor risk and supplier review management activities.
Liaised with senior management, service owners, stakeholders, and external vendors.
Google Cloud – Sunnyvale, CA 05/2018 – 08/2018
Regulatory Compliance Analyst
Controlled compliance requirements for multiple global information security standards to better discern compliance for cloud products marketed to global and regional jurisdictions.
Certent – Roseville, CA 03/2018 – 05/2018
ISO 27001 Implementation and Compliancy Consultant
Guided client through ISO 27001 ISMS pre-assessment, Stage 1, and Stage 2 assessments.
Analyzed and verified client documents according to ISMS standards.
PTP, State Compensation Insurance Fund – Pleasanton, CA 03/2017 – 12/2017
Information Security Consultant
Performed as PCI QSA and consultant assigned to the quasi-state agency in California.
Provided PCI-DSS v3.2.1 SME resources to their PCI-DSS compliancy and remediation efforts.
Collected and collated supporting evidence.
Developed the client’s PCI compliancy program.
Sutter Health – Roseville, CAJ 06/2016 – 02/2017
Information Security Risk Analyst III
Completed 104 “orphaned” third-party vendor risk assessments.
Completed 12 months’ work in 8 months.
Involved in improving process controls, security, and privacy controls.
PREVIOUS PROFESSIONAL EXPERIENCES
Nike
Senior IS Risk Analyst
Allina Health
Senior IS Engineer
Target
IS Engineer, Analyst
S.C. Johnson
IS Risk Analyst
Publicis
ISO Implementation Consultant
Cisco Systems
IA Program Manager
Nationwide Insurance Company
Info Risk Management Group, Senior Consultant - IS Risk Analysis Epiq Systems, Senior eGRC Systems Security Engineer
Standard Insurance Company
Service Delivery Manager, IT Infrastructure Security Operations
AQC
Consultant in IS Compliance and Governance, ISO 27001 Auditor and Consultant
USAID – Iraq, Tatweer Project, Management Systems International
ISO, Process Design and IT Strategy Advisor
Bearing Point
Senior IT IS Advisor
EDS, Government Solutions Group
Delivery Excellence, InfoSec Standards Compliancy Manager, Senior ITIL InfoSec Management Process Architect