Risk Management Network
Resume:
DIANE MCCARTHY
CISSP, CRISC, CISA, CCSP
704-***-**** ad5c7z@r.postjobfree.com https://www.linkedin.com/in/dianemmccarthy/ SECURITY, PRIVACY & RISK MANAGEMENT PROFESSIONAL
A leader with 20+ years of experience strengthening and enhancing IT infrastructures using risk management methodologies that identify threats to an organization's assets and enables risk-based decisions on control deployment. Proficient in the use of risk management to identify threats to an organization which facilitates risk-based decision-making regarding control deployment and mitigation strategies. Solid background in identifying key security and privacy requirements and translating them into a priority-driven actionable roadmap. Holds a Bachelor of Science in Telecommunications and Network Management and has obtained multiple certifications, CISSP, CISA, CRISC, and CCSP. Has extensive knowledge of multiple frameworks, control alignment, and regulatory compliance. EXPERTISE
● GRC & Policy Management
● Risk Management
● Quantitative Risk Analysis
● Vulnerability Management
● IT Compliance Auditing
● Third-Party Risk Management
● Tool Rationalization
● Threat Modeling
REGS & FRAMEWORKS
● ISO 27001
● SOC 2 Type 1 & Type 2
● CIS
● NIST CSF, NIST 800-53
● MITRE/ATT&CK
● NERC CIP
● PCI DSS
● SIG Lite
● GDPR, PIPEDA
● HIPAA, CCPA/CPRA
TOOLS
● Security Platform Development
● Archer GRC
● ServiceNow GRC
● FAIR RiskLens
● Tableau
● Python
● PostgreS
EXPERIENCE
Director of Security Advisory
Carbide Secure, Nova Scotia, Canada (Remote) February 2022 – Current Advise clients on best practices and strategies to enhance their cybersecurity posture. Consults on privacy laws, security control frameworks, and risk management methodologies to enhance customers’ cybersecurity and privacy programs. As well as provide insight on the Carbide Platform design and overall program.
● Consult with over 70 clients’ on their current security infrastructure, identify gaps, and recommend solutions to mitigate risks and protect against cyber threats.
● Develops content and executes audit readiness strategies that have resulted in a 100% success rate for customers undergoing certification audits such as SOC 2 and ISO 27001.
● Creates policy baselines that encompass 90% of multiple control frameworks and privacy regulations that Carbide supports.
Assistant Director
Visiblerisk (Acquired by BitSight); Boston, MA (Remote) July 2020 - February 2022 Played a key role in designing and implementing a high-quality cybersecurity quantification risk rating platform for effectively communicating cyber risk and third-party risk for clients.
● Successfully implemented the FAIR methodology into a risk quantification platform that provides valuable security insights for risk-based decision-making. The company sold for 25 million dollars. Cybersecurity Manager
PWC (PricewaterhouseCoopers LLP) Charlotte, NC January 2016 - July 2020 Led high-performing teams to consult and manage privacy, security architecture, and risk management initiatives for Fortune 500 customers. Identified vulnerabilities, addressed gaps, and aligned security practices with industry standards and legal regulations.
● Saved a company from significant financial loss after uncovering security issues while performing due diligence during a merger and acquisition project.
● Optimized the GRC Archer Platform to provide instant security gap analysis, resulting in a 90% reduction in assessment duration.
● Utilized threat modeling technique that resulted in hours of saved code redevelopment time.
● Developed tailored security and privacy programs for a minimum of 4 different companies based on identified risk and privacy requirements such as GDPR.
● Completed a tool rationalization project saving the customer two million dollars a year. Risk Management Lead
TIAA Financial Services; Charlotte, NC August 2012 – January 2016 Designed a company-wide risk assessment program including GRC risk management automation utilizing Archer and the FAIR methodology.
● Risk assessment automation resulted in a 75% improvement in efficiency by streamling the business and security requirements.
● Mapped TIAA-specific controls into the Archer platform ensuring 99% compliance with automated documenting and approval cycle of the 1% exceptions.
● Remediation efforts were 100% documented and monitored to completion including automated email reminders.
● Executive-level reporting integrated control assessments, penetration tests, code reviews, and remediation efforts into a single comprehensible risk-based report. Information Security Officer
Wells Fargo & Company; Charlotte, NC May 2007 – August 2012 Conducted detailed information security assessments to uncover inefficiencies across internal and vendor applications and develop mitigation strategies. Established and participated in the design, execution, and monitoring of the vendor security program.
● Implemented timesaving interview techniques resulting in a 50% reduction in time spent on security information gathering.
● Maintained relationships with over 100 third-party vendors completing assessments and consulting on mitigation strategies.
● Developed and implemented questionnaires and remediation follow-up techniques resulting in 100% alignment of security policies, processes, and practices with Wells Fargo's expectations.
● Consolidated findings from questionnaires, code reviews, penetration tests, and mitigation strategies into a single report, reducing report generation time by 75%.
● Created automated access control reviews increasing review completion often to 100%. CERTIFICATIONS
● Certified Information System Security Professional (CISSP) 315456 -11/17/2011
● Certified Risk and Information Systems Control (CRISC) 1518363 -2/25/2015
● Certified Cloud Security Professional (CCSP) 315456 7/7/2019
● Information Security Auditor (CISA) 14115909 -4/14/2014 EDUCATION
Devry University; Addison, IL
Bachelor of Science in Telecommunications and
Network Management
(GPA: 3.76/4.0, Graduated with Honor)
College Of Dupage; Glen Ellyn, IL
Associates of Applied Science
(GPA 3.95/4.0, Graduated with Honors)
704-***-**** ad5c7z@r.postjobfree.com https://www.linkedin.com/in/dianemmccarthy/
Contact this candidate