Tina Hessel

Dubuque, Iowa, United States

ad3f13@r.postjobfree.com

linkedin.com/in/tina-hessel1

Summary

As a Sr Risk Manager at TransUnion, I leverage my PCI Assessor credential and my background in medical management, risk management, and audit to ensure the security and privacy of information and computer systems. I have over two years of experience in this role, and over six years of experience in regulatory compliance administration at IBM.

I participate in assessments, contract reviews, customer requests, and compliance questions related to information security, and I assist risk owners in developing and implementing appropriate controls and remediation plans. I also collaborate with security teams, business units, and external stakeholders to align current processes with industry standards and client requirements. I am passionate about improving internal practices, delivering training content, and mentoring junior team members. Experience

Sr Risk Manager

TransUnion

Dec 2021 - Present (2 years 2 months)

Participate in assessments of Neustar s suppliers for compliance with information security related requirements in supplier contracts.

Assist with ad-hoc customer information security related information requests to ensure tracking, prioritization, engagement of appropriate internal functions/personnel, and timely response to customers.

Participate in contract reviews to ensure information security related requirements are accounted for in established controls or if new controls or control changes will be required. Participate in responses to information security related compliance questions from prospective customers in questionnaires, and existing customers in audit questionnaires. Assist risk owners in the development of mitigation plans. Track mitigation plans to completion. Validate mitigation through security testing and supporting evidence. Engage with business units to perform and coordinate technical assessments to identify and analyze cyber security risks. Assessments to include architecture reviews and analysis of security testing from vulnerability assessments and penetration testing. Analyze risks for likelihood and impact. Provide analysis results and mitigation recommendations.

Tina Hessel - page 1

Act as a liaison between the risk, technology and security functions and the business units to help facilitate risk management program processes and activities. Acquired PCI DSS certification..

Lead Compliance and Audit Analyst

Teleperformance

Mar 2021 - Jan 2022 (11 months)

• Develop, track and monitor status of Compliance and Audit team initiatives and projects

• Align current business processes with client requirements and external security standards/obligations, such as NIST, FISM, PUB1075, ISO 27001:2013, PCI-DSS, HIPAA/HITRUST, etc., as well as Service Organization Control reporting

• Identify, document and assist in the remediation of security deficiencies and gaps with business suitable controls

• Works with security team in the creation of policies, procedures, or guidelines to ensure the security and privacy of information and computer systems.

• Review Statements of Work, Master Service Agreements, and other contracts for security obligations and identify areas of exposure

• Serve as liaison between internal and external customers and management to maximize the adoption of and support for security plans and procedures within the organization.

• Serve as a liaison between the organization’s clients and security auditors, concerning information security

• Identify and lead the appropriate subject matter experts to participate in the identification and analysis of risk scenarios

• Collect and review control evidence

• Works with security team in the creation of policies, procedures, or guidelines to ensure the security and privacy of information and computer systems for AllianceOne.

• Review Statements of Work, Master Service Agreements, and other contracts for security obligations and identify areas of exposure

• Serve as liaison between internal and external customers and management to maximize the adoption of and support for security plans and procedures within the organization.

• Serve as a liaison between the organization’s clients and security auditors, concerning information security

• Identify and lead the appropriate subject matter experts to participate in the identification and analysis Regulatory Compliance Administrator

IBM

Oct 2014 - Nov 2020 (6 years 2 months)

Managed and coached regulatory team to maintain industry knowledge and skills in areas of compliance, audit and risk management to improve internal processes and practices.

• Developed and delivered training content for a division of 30 employees during tenure as administrator

• Created a document program to eliminate use of hard copy documents

• Oversaw the development of the Watson Health project

• Mentored and coached junior team members by transferring knowledge to perform their roles

• Facilitated and participated in internal audits by identifying compliance issues Tina Hessel - page 2

• Respond to external and internal audits, continuous monitoring, penetration tests and various vulnerability, assessments, including ongoing monitoring of compliance control to ensure constant. functionality through ongoing upgrades and changes.

• Created and advised team how to improve internal controls and processes while preparing for risk assessments during audits

• Single point of contact for audits which included routing data requests to delivery teams, reviewing responses prior to replying to auditors

• Ensure compliance and adherence to state, national, and international requirements including Sabranes Oxley (SOX), PCI, HIPAA, GDPR, ITAR and CCPA

• Perform qualification and validation activities for document management system used to assign and track IBM and customer regulatory documents

• Coordinate corrective actions to respond to audit findings Won 4 Manager Awards for my work with compliance and regulatory issues. Won 1 Work In Excellence award.

Security and Compliance Analyst

IBM

Jun 2011 - Oct 2014 (3 years 5 months)

• Piloted audit readiness reviews by assessing account compliance to contractual requirements as well as IBM and client security documents and global process documents

• Created training program for new team members

• Created action plans and responses to all audit observations

• Collaborated with other teams while conducting health checks on servers of customers

• Create daily/weekly/monthly reports for account teams reporting of status of health check progress

• Conducted research on how to create a tool to automate the health check process

• Produced a web page and video that went global on how to conduct audits CMA/Lab Supervisor

Crescent Community Health Center

Oct 2008 - May 2011 (2 years 8 months)

Supervised lab personnel, conducting and overseeing quality assurance, collecting, analyzing and interpreting lab results, all the while working in the clinic medical assisting. Supervised daily clinic laboratory operations, including employee training.

- Implemented lab testing procedures, ensuring quality control and cost effectiveness.

- Developed safety protocols, purchased adequate lab supplies and equipment, input patient data and test results for billing which enabled all activities to remain in-house versus having patients travelling to other medical facilities.

- Procured appointments for low income patients by establishing relationships with nearby providers and facilities.

Education

Apostolic Bible Institute Inc

Bachelor of Arts (B.A.), Theology/Theological Studies Obtained a BA in Theology with a minor in Music

Northeast Iowa Community College

Tina Hessel - page 3

ASN, Registered Nursing/Registered Nurse

University of Iowa

Certificate, Emergency Medical Technology/Technician (EMT Paramedic) Licenses & Certifications

PCI Assessor - PCI Security Standards Council

Issued Aug 2023 - Expires Aug 2026

Skills

Payment Card Industry Data Security Standard (PCI DSS) • IT Audit • Test Procedures • Risk Assessment • Critical Thinking • Administration • Problem Solving • Communication • Healthcare • Access

Honors & Awards

Excellence and Eminence Award

I received this award in 2018 for my work with the regulatory and compliance team./IBM. Manager Choice Award - John Shenko

Received this award twice in 2014 and twice in 2016/IBM. Tina Hessel - page 4

Contact this candidate