Amanda Mendieta

Phone: 415-***-****

ad3xv6@r.postjobfree.com

San Francisco, CA

SUMMARY

Amanda Mendieta is a passionate cyber security, cyber risk management, and GRC professional with a successful track record in analyst, project management, and program management roles. Seeking full time opportunities within these and related fields. EXPERIENCE

Apple Inc. 2018 - 2023

PKI Audit and Compliance Technical Program Manager

• Successfully received continuous clean audit opinions for the annual WebTrust audit for over 75+ in scope Certificate Authorities

• Managed over $1mil project budget to perform external audit for 4 WebTrust audit framework procedures as well as PCI audit support; streamlined annual audit efforts which cut audit project time by one month

• Successfully managed and maintained security control suite of 176+ controls with stakeholders internal and external to Crypto Services; implemented security controls throughout the audit year based on compliance updates

• Lead quality assurance testing initiatives for code reviews during TLS and S/MIME compliance and functionality updates to certificate deployments; coordinated update efforts with software engineers based on testing

• Performed head of ceremony functions for key ceremony generations; lead projects to ensure key generation ceremonies considered compliance restrictions while auditors were present to witness and deliver audit reports

• Collaborated with software engineers to optimize internal linting solutions toward compliant standards

• Performed Policy Authority Chair responsibilities and designed sections of CA security policy documents

• Designed and implemented Security and Compliance Incident Response program that required public disclosure and reporting on Bugzilla by Mozilla to the Certificate Authority and Browser (CA/B) community

• Cut public reporting time by 40% while standardizing approval workflow; Performed Apple lead representative and liaison responsibilities responding to CA/B and Root Programs to close out public incident reports

• Designed security policy update ballots on behalf of Apple and participated as the Apple representative in global CA/B Forum to influence and spectate updated security and compliance requirements that impacted the organization

• Implemented and lead internal Apple Compliance committee to deliver risk assessments, security and compliance updates, technical updates, etc., mandated by the global CA/B Forum, WebTrust, and other compliance channels Santander 2017 - 2018

Cyber Security Vendor Risk Program Manager

• Managed and lead of all 15 West Coast and Midwest vendor assessments for cyber risk and business continuity

• Manage internal and external relationship and delivered assessment reports for all West Coast and Midwest vendors based on NIST 800-53 and ISO 27001 frameworks

• Manage delivery of final security observations to both the business and the vendor

• Conducted risk assessments based on vendor SOC 1 & SOC 2 reports as well as technical evidence gathering; performed physical security assessment walkthroughs for data centers and call centers to assess data leakage prevention (DLP)

• Technical liaison for vendor risk management tool Security Scorecard with cyber security team Deloitte & Touche LLP 2013 - 2017

Cyber Risk Services Senior Consultant

• Managed a client project that implemented and expanded scope of big data analytics tool (Splunk) to incorporate biomedical devices onto the logging and monitoring platform; designed threat case scenarios considering additional scope

• Performed current state security incident logging and monitoring assessment to determine required devices to be incorporated for security event management and consider security and privacy risk of parsed data

• Acted as business liaison team lead to gather business and technical requirements to conduct implementation of security appliance platforms; delivered scope analysis to client in order to architect the security design of Splunk

• Managed global Oracle Clinical Systems security design assessment project with technical team sitting in India

• Project manager and lead client delivery manager for biometric tools client utilizing Oracle Clinical systems leading global a team of 5 resources; delivered technical security gap assessment with security implementation roadmap benchmarking against HIPPA privacy standards, NIST 800-53, ISO 31700, ISO 27001

• Implemented Cyber Threat Intelligence (CTI) capabilities and executive metrics for retail client post major data breach

• Conducted cyber threat intelligent analytics gathering utilizing ThreatConnect as well as other intel tools

• Designed framework and streamlined structure for CTI metrics as well as CTI industry threat trends and analytics

• Lead security and privacy assessments and product roll out for ‘Obamacare’ implementation for the State of Nevada and State of Connecticut; delivered NIST security and privacy-based assessment to client to incorporate into product design

• Lead Public Key Infrastructure (PKI) certificate lifecycle governance assessment and system implementation, and Certificate Authority 3-tiered design and implementation for major airline organization to respond to publicly trusted SSL certificate expiration

• Technical lead for key and certificate lifecycle management self-signing portal Venafi implementation

• Conducted current state assessment, certificate inventory and discovery, and risk assessment of PKI lifecycle management and implementation of self-signing service portal for digital certificates

• PKI and Certificate Authority Security assessment for global organization based on WebTrust frameworks Deloitte Mexico 2016 - 2017

Cyber Risk Services Senior Consultant

• Lead technical resource conducting a full security assessment for large Financial Industry clients with emphasis on network security, infrastructure security, and DLP capabilities benchmarked against NIST 800-53 standards

• Delivered security roadmap based on risk assessment and gap analysis to improve the client’s security posture

• Co-lead for business development initiatives for Security Information and Event Management as well as Cyber Threat Intelligence capabilities for Deloitte Mexico clients; Implemented managed services based on client requirements

• Identified potential clients for business development to advance and expand cyber fusion center managed services

• Composed executive level business development informative reports demonstrating managed services for the CFC EDUCATION

Bachelor of Business Administration in Management Information Systems Graduated May 2013 C. T. Bauer College of Business, University of Houston, Houston, Texas CERTIFICATIONS

Certified ScrumMaster (CSM) Issued 2022

HONORS AND AWARDS

• Most Powerful Latina’s top 50 Latinas to Watch List 2024

• Most Powerful Latina’s top 50 Rising Start List 2021, 2022, 2023

• Association of Latino Professionals for America (ALPFA) Most Promising Professional of the year recipient 2016

• ALPFA Student Symposium Keynote Speaker 2014, 2015 ACTIVITIES

• Association for Latino Professionals for America (ALPFA): Regional West Coast Director for the National Committee 2024

• Association for Latino Professionals for America (ALPFA): Mentorship Director of the San Francisco Chapter 2021-2022

• Association for Latino Professionals for America (ALPFA): President of the San Francisco Chapter 2022-2023

• Association for Latino Professionals for America (ALPFA); Vice President of Houston Chapter 2015-2016

• Association for Latino Professionals for America (ALPFA); Director of Technology of Houston Chapter 2012-2015

• Deloitte national inclusion network for ALPFA 2014-2015

• Deloitte Hispanic Network; President 2014-2016

SKILLS

Program Management, Project Management, Security and Privacy Controls, Linting Solutions, SQL, Business Requirements Gathering, Security Compliance, Stakeholder Management, Incident Response, Data Analytics, Policy Documentation, Project Financial Planning, Strategic Initiatives, SCRUM, Relationship Management, Splunk, SIEM, Data analytics, Cyber Threat Intelligence, Venafi, WebTrust, NIST frameworks, COBIT Frameworks, ISO Security and Privacy Standards, Risk Assessments, Venafi, Public Key Infrastructure, ThreatConnect, Quality Assurance Testing, Microsoft SharePoint, Oracle Clinical Systems, Problem Solving, SOC Reports, Risk Management, Threat Assessments, Jira, Confluence

Contact this candidate