Tina Hessel
Dubuque, Iowa, United States
ad3f13@r.postjobfree.com
linkedin.com/in/tina-hessel1
Summary
As a Sr Risk Manager at TransUnion, I leverage my PCI Assessor credential and my background in medical management, risk management, and audit to ensure the security and privacy of information and computer systems. I have over two years of experience in this role, and over six years of experience in regulatory compliance administration at IBM.
I participate in assessments, contract reviews, customer requests, and compliance questions related to information security, and I assist risk owners in developing and implementing appropriate controls and remediation plans. I also collaborate with security teams, business units, and external stakeholders to align current processes with industry standards and client requirements. I am passionate about improving internal practices, delivering training content, and mentoring junior team members. Experience
Sr Risk Manager
TransUnion
Dec 2021 - Present (2 years 2 months)
Participate in assessments of Neustar s suppliers for compliance with information security related requirements in supplier contracts.
Assist with ad-hoc customer information security related information requests to ensure tracking, prioritization, engagement of appropriate internal functions/personnel, and timely response to customers.
Participate in contract reviews to ensure information security related requirements are accounted for in established controls or if new controls or control changes will be required. Participate in responses to information security related compliance questions from prospective customers in questionnaires, and existing customers in audit questionnaires. Assist risk owners in the development of mitigation plans. Track mitigation plans to completion. Validate mitigation through security testing and supporting evidence. Engage with business units to perform and coordinate technical assessments to identify and analyze cyber security risks. Assessments to include architecture reviews and analysis of security testing from vulnerability assessments and penetration testing. Analyze risks for likelihood and impact. Provide analysis results and mitigation recommendations.
Tina Hessel - page 1
Act as a liaison between the risk, technology and security functions and the business units to help facilitate risk management program processes and activities. Acquired PCI DSS certification..
Lead Compliance and Audit Analyst
Teleperformance
Mar 2021 - Jan 2022 (11 months)
• Develop, track and monitor status of Compliance and Audit team initiatives and projects
• Align current business processes with client requirements and external security standards/obligations, such as NIST, FISM, PUB1075, ISO 27001:2013, PCI-DSS, HIPAA/HITRUST, etc., as well as Service Organization Control reporting
• Identify, document and assist in the remediation of security deficiencies and gaps with business suitable controls
• Works with security team in the creation of policies, procedures, or guidelines to ensure the security and privacy of information and computer systems.
• Review Statements of Work, Master Service Agreements, and other contracts for security obligations and identify areas of exposure
• Serve as liaison between internal and external customers and management to maximize the adoption of and support for security plans and procedures within the organization.
• Serve as a liaison between the organization’s clients and security auditors, concerning information security
• Identify and lead the appropriate subject matter experts to participate in the identification and analysis of risk scenarios
• Collect and review control evidence
• Works with security team in the creation of policies, procedures, or guidelines to ensure the security and privacy of information and computer systems for AllianceOne.
• Review Statements of Work, Master Service Agreements, and other contracts for security obligations and identify areas of exposure
• Serve as liaison between internal and external customers and management to maximize the adoption of and support for security plans and procedures within the organization.
• Serve as a liaison between the organization’s clients and security auditors, concerning information security
• Identify and lead the appropriate subject matter experts to participate in the identification and analysis Regulatory Compliance Administrator
IBM
Oct 2014 - Nov 2020 (6 years 2 months)
Managed and coached regulatory team to maintain industry knowledge and skills in areas of compliance, audit and risk management to improve internal processes and practices.
• Developed and delivered training content for a division of 30 employees during tenure as administrator
• Created a document program to eliminate use of hard copy documents
• Oversaw the development of the Watson Health project
• Mentored and coached junior team members by transferring knowledge to perform their roles
• Facilitated and participated in internal audits by identifying compliance issues Tina Hessel - page 2
• Respond to external and internal audits, continuous monitoring, penetration tests and various vulnerability, assessments, including ongoing monitoring of compliance control to ensure constant. functionality through ongoing upgrades and changes.
• Created and advised team how to improve internal controls and processes while preparing for risk assessments during audits
• Single point of contact for audits which included routing data requests to delivery teams, reviewing responses prior to replying to auditors
• Ensure compliance and adherence to state, national, and international requirements including Sabranes Oxley (SOX), PCI, HIPAA, GDPR, ITAR and CCPA
• Perform qualification and validation activities for document management system used to assign and track IBM and customer regulatory documents
• Coordinate corrective actions to respond to audit findings Won 4 Manager Awards for my work with compliance and regulatory issues. Won 1 Work In Excellence award.
Security and Compliance Analyst
IBM
Jun 2011 - Oct 2014 (3 years 5 months)
• Piloted audit readiness reviews by assessing account compliance to contractual requirements as well as IBM and client security documents and global process documents
• Created training program for new team members
• Created action plans and responses to all audit observations
• Collaborated with other teams while conducting health checks on servers of customers
• Create daily/weekly/monthly reports for account teams reporting of status of health check progress
• Conducted research on how to create a tool to automate the health check process
• Produced a web page and video that went global on how to conduct audits CMA/Lab Supervisor
Crescent Community Health Center
Oct 2008 - May 2011 (2 years 8 months)
Supervised lab personnel, conducting and overseeing quality assurance, collecting, analyzing and interpreting lab results, all the while working in the clinic medical assisting. Supervised daily clinic laboratory operations, including employee training.
- Implemented lab testing procedures, ensuring quality control and cost effectiveness.
- Developed safety protocols, purchased adequate lab supplies and equipment, input patient data and test results for billing which enabled all activities to remain in-house versus having patients travelling to other medical facilities.
- Procured appointments for low income patients by establishing relationships with nearby providers and facilities.
Education
Apostolic Bible Institute Inc
Bachelor of Arts (B.A.), Theology/Theological Studies Obtained a BA in Theology with a minor in Music
Northeast Iowa Community College
Tina Hessel - page 3
ASN, Registered Nursing/Registered Nurse
University of Iowa
Certificate, Emergency Medical Technology/Technician (EMT Paramedic) Licenses & Certifications
PCI Assessor - PCI Security Standards Council
Issued Aug 2023 - Expires Aug 2026
Skills
Payment Card Industry Data Security Standard (PCI DSS) • IT Audit • Test Procedures • Risk Assessment • Critical Thinking • Administration • Problem Solving • Communication • Healthcare • Access
Honors & Awards
Excellence and Eminence Award
I received this award in 2018 for my work with the regulatory and compliance team./IBM. Manager Choice Award - John Shenko
Received this award twice in 2014 and twice in 2016/IBM. Tina Hessel - page 4