David Gianna, MBA, PhD

Phone: 845-***-**** Email: ad3pia@r.postjobfree.com

• Senior executive with emphasis on Information/Cyber Security organizational transformation including policy, strategy, and organizational program development.

• Deep technical and functional experience developing cyber security teams and security program transformation.

• Making an impact as a thought leader, a public speaker, and as an adjunct professor.

CORE COMPETENCIES

Leadership · Strategy · Cyber Program Development · Business & Technology Alignment · Audit and Analysis · Network & System Security · Security Architecture · Internet of Things (IoT) · Cloud Services & security · Third Party Vendor Management · Payments Security (PCI DSS, ANSI TG-3/TR-39)

Standards Compliance: ISO 27001, ISO 31000, PCI-DSS, ANSI TG-3/TR-39, NIST 800-53, NIST CSF

Regulatory Requirements: FFIEC, GLBA, HIPAA, Visa PIN compliance

Industry Certifications: CISSP, CCSP, CTGA, AWS Solutions Architect, ISO 27001/31000, PCI QSA/ISA

PROFESSIONAL EXPERIENCE

Wells Fargo Bank: (May 2019 – present)

CURRENT ROLE: Vice President & Lead Operational Risk Officer (2021 – present)

- Reduced risk to cardholder data by 45% through second line oversight of the PCI program

- Continuous improvement of the delivery, execution and accountability for global PCI compliance at Wells Fargo

- Drive alignment of Wells Fargo controls to the PCI DSS requirements to achieve risk reduction and best practices

- Drive transformation to reduce scope of PCI, mitigate threats to cardholder data, to achieve global PCI compliance

- Ensure management of third-party vendors that store, process, or transmit cardholder data on behalf of Wells Fargo

- Collaborated with teams to drive full PCI-compliance of two partner-facing lines of business

FORMER ROLE: Business Risk & Control Officer (2019 – 2021)

- Delivered and executed assessments and baseline reviews of applications, processes, and platforms that store, process, or transmit cardholder data

- Enabled enterprise-wide risk reduction in payment channels through application of the PCI DSS

- Developed strategy for third-party vendors to measurably reduce risk to payment data

- Drove innovations in architecture for encryption, tokenization, and network segmentation to reduce PCI risk

- Raised awareness of payment security, and PCI compliance through PCI Center of Excellence

- Collaborated to revise Wells Fargo policies for regulatory compliance and alignment with Wells Fargo controls

Protiviti: Senior Manager: (September 2011 – April 2019)

Leadership, and technical/engagement management of medium to large task-based consulting teams

- PCI-DSS Assessment, Remediation, and Advisory services for Retail, Banking, and Transit services

- Developed mobile on-board rail fare payment system used by two large commuter railroads

- Designed and implemented a PCI-compliant parking payment system used at four airports

- Achieved a secure enterprise-wide network architecture for a large commuter railroad

- Designed a PCI-compliant architecture for an internal cloud hosted by a major bank

- Successfully led a PCI-initiative for a connected automobile services provider

- Created an internal PCI Center of Excellence at a major pharmaceutical corporation

- Audit against NIST 800-53 and NIST CSF, and remediation, Developed NIST training materials

- Acting virtual Chief Information Security Office (vCISO) for major client in retail industry

NetSPI: PCI Practice Lead (February 2010 – September 2011)

- Developed strategic vision and objectives to drive the consulting practice dedicated to the PCI DSS and the PA DSS

- Leadership of PCI-DSS compliance practice, consisting of 10 PCI-QSA and three PA-QSA consultants

- Introduced automated audit and reporting tools to streamline PCI-QSA processes

- Performed PCI Audits, PCI Readiness Assessments and Gap Analysis and managed PCI-related remediation projects

- Performed PA (Payment Applications) certification under PA-DSS in test lab for leading vendors

David Gianna, PhD

Verizon Business Security Solutions: Senior Security Consultant (September 2005 – January 2010) Functioned as an expert advisor to Fortune 50 companies regarding cyber security controls, infrastructure and architecture risks, strategies, business risk, and Information Security business alignment

- Provided expert level comprehensive analysis of industry and regulatory compliance standards as well as their associated impact upon client environments and business models

- PCI-DSS compliance assessments for Fortune 50 retail and financial institutions

- Performed wireless assessments, network vulnerability assessments, and penetration testing

- Delivered architectural reviews and assessments; Policy review and coaching; VoIP security for telco

- Provided pre-sales technical support and solutions engineering

Solutionary: Regional Technical Manager (September 2004 – September 2005)

Served as an expert advisor to Fortune 500 organizations, addressing cyber security strategy, roadmaps, maturity opportunities, and business alignment

- Delivered application assessments, architectural reviews, and internal vulnerability assessments

- Performed Visa CISP, MasterCard SDP and PCI compliance audits for retail and financial clients

- Delivered in-house Check Point firewall training to SOC analysts, engineers and project managers

Winmill Software: Senior Consultant and Security Instructor (September 2003 – September 2004)

- Performed security, Application Testing, Software Quality Assurance, and Business Analysis consulting

- Delivered security assessments, Check Point firewall configuration and installation

- Taught Check Point VPN-1/Firewall-1 Management I, II and III courses

Westcon: Information Security Sales Engineer (Four years)

- Developed security solutions, supported Value Added Resellers (VARs) and Sales teams

- Check Point firewall configuration and installation

- Taught Check Point VPN-1/Firewall-1 Management I, II and III courses

IBM Advanced Semiconductor Technology Center: Team Leader (Four years)

- Led five-member systems support team, including in-house Helpdesk and field/cleanroom operations

- AIX, Linux, and Windows NT server build, support, and administration

- OS/2 and proprietary industrial controls catered to the cleanroom/semiconductor facility

EDUCATION

Capitol Technical University, Washington, DC: PhD Technology: Cyber Security

Capella University, Minneapolis, MN: DsC Information Assurance & Security: (All but dissertation)

Marist College, Poughkeepsie, NY: Master of Business Administration: Information Systems

Marist College, Poughkeepsie, NY: Master of Science: Computer Science

Rochester Institute of Technology, Rochester, NY: Bachelor of Science: Electrical Engineering

INDUSTRY/COMMUNITY CONTRIBUTIONS

Doctoral dissertation: Dark Data Risk Management in Big IoT Data (2021)

Conference Speaker, 2018 PCI North American Community Meeting

International Information System Security Certification Consortium (ISC)2: SME for CCSP exam revisions

Payment Card Industry Security Standards Council (PCI SSC): Cloud Special Interest Group (2017 – 2018)

Pace University, Seidenberg School: Cybersecurity Advisory Board member (2020 – 2022)

Rutgers Center for Innovation Education: Advisory Board member (2018 – 2020)

OWASP: NY/NJ Metro Chapter Board member, Chapter Leader (2010 – 2012)

Civil Air Patrol, New York Wing: Information Technology Officer, Transport Mission Pilot

Adjunct: Marist College (2022 - Present) - Teach graduate Cybersecurity and Computer Science

Adjunct: University of Maryland (2011 - Present) - Teach graduate Cybersecurity

Adjunct: Yeshiva University (2019 - 2022) - Taught graduate Cyber & Information Security

Senior Professor: Everest College (2004 - 2014) - Taught Programming, Information Security

Contact this candidate