Nicole Rosen

Information Security, Privacy & Cyber Risk Executive

ad4l9k@r.postjobfree.com mailto:ad4l9k@r.postjobfree.com• 949-***-****

LinkedIn • Long Beach, CA

Accomplished leader with substantial experience in overseeing comprehensive information security and governance, risk, & compliance strategies, leveraging extensive expertise to safeguard organizational assets and mitigate threats across various settings.

Proven track record of leading companies to achieve and sustain top-tier cybersecurity compliance standards. Skilled in evaluating and enhancing existing security policies & procedures to align with regulatory requirements and industry standards, such as ISO 27001/27002, NIST 800-53 & CSF, OWASP, PCI DSS, SOC 2, HIPAA, SOX, GLBA, GDPR, & CCPA/CPRA. Proficient in creating and delivering effective security awareness and training initiatives to foster culture of security within organizations. Talented in aligning security practices with industry best practices and future regulatory requirements, while managing relationships with third-party partners and vendors to uphold stringent security protocols. Success in heading Cybersecurity, Compliance, Data Protection, Risk Management, Privacy, Cloud Security, Secure Development, Governance, Product Security, and Content Security initiatives for diverse regional and international enterprises, including Fortune 500 organizations. Renowned for pioneering results through initiation of robust security strategies anchored in "metrics-first" approach, ensuring tangible outcomes to harmonize organizational security posture and risk tolerance with strategic business objectives.

Known for implementing and maintaining security best practices across diverse technology stacks and platforms.

Excelling in strategic roadmap development and day-to-day operational execution within dynamic environments.

Areas of Expertise

Cybersecurity Strategy

Cross-functional Collaboration

Staff Training & Leadership

Project & Program Management

Metrics-Driven Approach

Regulatory & Industry Compliance

Threat intel & monitoring

Strategic Planning & Analysis

Data Protection & Privacy

Governance Frameworks

Third-Party Risk Management

Cloud Security

Security Technology Integration

Change Control & Management

Incident Response

Professional Experience

Disney Streaming/Hulu, Santa Monica, CA 2019 – 2023

Director, Information Security Risk Management (Cybersecurity Risk, Data Protection & Content Security)

Served as interim Hulu BISO while Director, Head of Information Security GRC for Hulu during Disney Streaming merger.

Spearheaded daily company Information Security Risk & Data Protection operations aimed at ensuring smooth workflow and driving business growth. Lead information security representation for privacy initiatives, while collaborating with enterprise engineering, data & analytics, and legal teams. Created and initiated security policy requisites for moving into a more expanded AWS cloud transformation in line with the greater cloud platform modernization program to expand our cloud footprint and reduce on-premises presence. Implemented OneTrust Privacy modules owned by Legal & Vendor Risk module owned by Information Security for annual security risk posture assessments of third parties and business partners.

Developed and reported on 227 NIST CSF-based Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs), streamlining processes via automated reporting with significant focus on product security, derived from application security and vulnerability management teams.

Led strategic oversight for cybersecurity risk management, data protection, and content security for 2 distinct corporate network environments & 4 streaming platforms.

Streamlined OneTrust Privacy opt-out/opt-in and PII deletions & information requests processes & procedures.

Enhanced data & analytics governance, records information management and legal hold programs by establishing robust processes for data storage & information sharing.

Facilitated data-driven risk-based decision-making by co-leading transition to "Metrics First" risk-based model-driven information security program approach.

Designated Hulu Information Security privacy leader for privacy engineering activities & BigID data mapping in achieving and maintaining compliance for CCPA/CPRA.

Managed and participated in performing 200+ third-party risk assessments annually, which was quadruple the amount from the previous year.

Developed Hulu’s Information Security Governance, Risk & Compliance, Third Party Security Risk Assessment, Content Security, Risk Management & Data Protections programs and expanded them across the entirety of Disney Streaming.

Played lead management role in successfully executing and overseeing 3 PCI compliance assessments engagements for Hulu.

Enforced policies and processes in alignment with corporate policy, ISO standards (27001/27002) and NIST 800-53 & CSF.

Responsible for advising, obtaining, collecting & reporting of executive risk acceptance and oversaw implementation of any subsequently agreed compensating controls.

Managed five-member team for assessing and supporting strategic partners, suppliers, and vendors, while guaranteeing compliance with The Walt Disney Company’s Global Information Security’s defined Cybersecurity Risk posture and FAIR.

Led unsecure device retirement efforts with the living room devices engineers, especially in support of eliminating those utilizing TLS 1.0 & 1.1.

Responsible for product security related activities not addressed by Disney Streaming’s Offensive Security team.

Designated as Information Security executive for Content Security oversight & approvals across Disney Streaming.

Co-led vulnerability management scanning, reporting, & remediation activities at Hulu.

Leader for PII and content related investigations with the SOC.

Performed architecture reviews & threat modeling in support of the Risk Management & Data Protection programs.

Responsible for security sign-off on control implementations & verifications during the Aspera Modernization project.

Ensured adherence to compliance audit requirements, including GDPR, CCPA/CPRA, PCI, SOX, COPPA, VPPA, HIPAA, and MPA best practices.

Designated reviewer & approver of security and privacy controls & requirements for all Hulu marketing websites utilizing content and/or collecting PII.

Global Eagle, Los Angeles, CA 2015 – 2019

Director, Security, Compliance & Risk (Head of Information Security)

Headed day-to-day company activities, while managing development of secure VLAN for content transmission and distribution aimed at increasing data protection. Ensured timely reporting of information security activities to senior executives on monthly and quarterly basis for strategic decision-making.

Key Accomplishments:

Played pivotal role in creating & overseeing establishment of robust Global Information Security program across international regions.

Planned and deployed Bitdefender GravityZone for 17 international locations, which included 41 servers & 1,300 international users, while ensuring effective ongoing management.

Led Tier 1 vendor assessment for The Walt Disney Companies Content Security in line with MPA best practices.

Spearheaded information security compliance initiatives for NIST, ISO, SOX, and PCI compliance.

Created the Incident Response Program and was lead during investigations & performance of forensic activities.

Performed quarterly reviews of firewall rules and employee onsite network & VPN access.

Developed & tested 7 global business continuity plans and Southern California disaster recovery plans.

Responsible for application security testing for aviation and maritime entertainment & gaming delivery.

Monitored network and system activities using advanced tools such as Bitdefender GravityZone, OpenDNS Umbrella, FireEye, and SolarWinds Network Performance Manager.

Banc of California, Irvine, CA 2014 – 2015

Vice President, Information Security

Defined design and security requirements for mobile computing, while enhancing privacy for banking customers. Organized implementation of RSA Archer GRC tool for vendor security risk management. Monitored and analyzed activities reported by Alert Logic and SecureWorks for ensuring proactive threat management. Spearheaded management of CodeGreen DLP tool and formulation of filter and encryption rules for secure email transmission.

Key Accomplishments:

Led successful management of information security annual roadmap, while steering 200+ cross-functional tasks spanning IT, HR, business continuity, privacy, information security, fraud and risk, legal, and physical security.

Directed development of 43 technology-specific minimum baseline security configuration standards and hardening guides within first month of tenure.

Oversaw and actively participated in regulatory and industry audits, while demonstrating proficiency in managing and navigating through 4 successful OCC audits.

Managed external third-party assessments and addressing of vulnerabilities in network devices & servers that were identified via vulnerability scans & penetration testing.

Co-created Red Flags Program with Compliance department.

AAA of Southern California (Experis), Costa Mesa, CA 2012 – 2013

Risk Management Contractor in Information Protection

Spearheaded creation and employment of new vendor risk management program, while yielding enhanced risk mitigation. Streamlined vendor implementation requirements and timelines for lowering vendor risk ratings and organizational liability.

Key Accomplishments:

Coordinated reporting of questionnaire results and identification of gaps for annual risk assessment reviews across 300+ vendors.

Attained 25% decrease in risk assessment review process time by determining and enhancing areas need improvement.

Identified and eliminated 26 vendor redundancies, yielding cost-saving of $1.2M in technology expenditures.

Additional Experience

Director of Information Security (Head of Information Security), PCV Murcor, Inc., Pomona, CA

Information Security Specialist, Expert, Experian, Costa Mesa, CA

Education & Professional Development

Master of Information Technology Major in Internet Security

American Intercontinental University, Illinois

Bachelor of Business Administration Major in Music Business/Management

Belmont University, Tennessee

Certifications

Certified Information Systems Security Professional (CISSP), 2005

Certified Information Privacy Professional (CIPP/US), 2006

Certified Information Privacy Technologist (CIPT), 2009

GIAC Strategic Planning, Policy & Leadership (GSTRT), 2019

Fellow of Information Privacy (FIP), 2020

GIAC Law of Data Security & Investigations (GLEG), 2020

GIAC Security Leadership Certification (GSLC), 2020

Certified Data Privacy Solutions Engineer (CDPSE), 2020

Contact this candidate