Information Security Project Management
Resume:
PROFESSIONAL EXPERIENCE
INFORMATION SECURITY MANAGER TTEC ENGLEWOOD, CO
SEPTEMBER 2022-MARCH 2024 REMOTE WORKING
• Governed internal staff key performance indicators for new client assurance and supplier management tasks and assignments.
• Increased new and tenure (digital & commercial) client revenue growth
(>25%) through collaboration and strengthening the information security technology and environment strategies for RFI/RFP and project management.
• Managed and supported multiple million-dollar client accounts from presales, to contract closure, to project and technical development and to launch.
• Advanced the organization’s supplier/vendor management program, policies, contract exhibits, and standard operational procedures (SOPs), including AI technology questionnaires/requirements, to PCI DSS, SOC 1, and SOC 2 Type II, HITRUST and ISO 27001 accreditation. Worked to align program to NIST CSF v.2.0.
• Managed, audited, and monitored, and solution, suppliers/vendors’ adherence to organizational and client stipulated information security, risk, industry and regulatory compliance models, and deliverables.
• Supplier/vendor security and compliance management principal for the global organization's annual, independent, third party, industry compliance framework audit assessments (e.g., PCI DSS, SOC 1 and SOC 2 Type II, ISO 27001, HITRUST, HIPAA).
• Performed monthly, quarterly, and annual business revenue reporting for senior leadership, stalk holders and Board of Directors (BoD). These reports focused on KPIs, KRIs of the organization for internal cybersecurity tools, third party vendors and new and tenure clients. These metrics demonstrated investments, values/revenue growth, and cyber threats initiatives to remediate ensuring the organization is appraised of the situation and cybersecurity maturity level they are comfortable to accept. The following reporting metrics performed as followed: o Identifying level of preparedness involving critical systems, tools, and applications to eliminate or limit exposures and threats. o Identified vulnerabilities and exposures threats. Providing solutions to eliminate or lower risks.
o Identified the type of cyberthreats and security incidents (e.g. vulnerability, lack of control, phishing attempt)
o Method or mean time to detect such an incident or event. o Identify the amount of time to isolate the event. o Identify the Time for resolution of such threats. o What systems are working and what systems are outdated. o How many threats are internal (employees) vs systems tools and resources.
o If human error, how many identified the need to go through additional security awareness training. Identifying repeat offenders.
o Providing percentage charts that show the data metrics from MoM, QoQ, YoY, to provide a define story of where the organization could resolve potential and security risk more effectively while building and maintaining trust with their external and internal partners and develop growth revenue.
• Lead Assistant to Prime on information security and industry compliance negotiations for commercial client and supplier/vendor agreements, statements of work (SOWs), master service agreements (MSA) to ensure DAWN L. WENTZELL
INFORMATION SECURITY PRINCIPAL
AND MANAGER,
CLIENT & SUPPLIER ASSURANCE MGMT.
PROFILE
Detailed-oriented, and revenue results
driven, information security, IT compliance
and quality assurance professional, with 13
+ years’ experience, managing key
functional and industry compliance
framework processes at intersections of
information security, supplier/vendor
security and IT risk assessments, and
company client sales security procurement
management.
EDUCATION
ASSOCIATES ADVERTISING &
COMMERCIAL ART
WCCC YOUNGWOOD, PA
JUNE 2004
KEY SKILLS
O SOLID EXPERIENCE WITH CALL CENTER
ENVIRONMENT (B2B, B2C)
O ROBUST KNOWLEDGE OF INFORMATION
SECURITY ADMINISTRATIVE, TECHNICAL AND
PHYSICAL CONTROLS, SAFEGUARDS AND
REGULATORY POLICIES AND CONTROLS
INVOLVING PII, SENSITIVE PII, CHD/PAYMENT
CARD INFORMATION, HIPAA, FINANCIAL DATA
O STRONG COMPREHENSION AND WORKING
KNOWLEDGE OF INDUSTRY COMPLIANCE
FRAMEWORKS (E.G., PCI DSS, SOC 1 & 2 TYPE II,
ISO 27001, HITRUST AND HIPAA)
O WORKING EXPEREINCE, KNOWLEDGE, AND
FUNCTIONS OF VENDOR AND SUPPLIER
MANAGEMENT (POLICIES, PROCESSES,
ANALYSIS, TRACKING, AUDITING, AND
MONITORING)
************@*****.***
Gilbert, AZ 85296
2 of 2
O WORKING KNOWLEDGE OF INFORMATION
SECURITY TOOLS AND FUNCTIONS (DLP, AV/AM,
PAM, SIEM, VPN, IDS, IPS, VULN. SCANNING)
O SOLID COMPREHENSION AND WORKING
KNOWLEDGE OF MULTIPLE IT TECHNOLOGY
PLATFORMS (E.G. NICE, GENESYS, CISCO WXCCE,
ETC.) AND IT RISK VENDOR GRC PLATFORMS
(E.G. ARAVO, ARCHER, ONETRUST, ETC.)
O WORKING KNOWLEDGE OF REPORTING
METRICS FOR DIFFERENT DEPARTMENTS THAT
HIGLIGHT CRITICAL AREAS TO IMPROVE AND
AREAS THE ORGANIZATION TO CONITNUE IN
INVESTMENTS.
O WORKING KNOWLEDGE, FUNCTIONS, AND
EXPERIENCE WITH MICROSOFT 365 SUITE,
SHAREPOINT, SALESFORCE
O EFFECTIVE INTERPERSONAL AND PROFESSIONAL
COMMUNICATOR
O MULTITASKER OF DIFFERENT CLIENT
PROGRAMS AND INTERNAL PROJECTS
WORDWIDE TO COMPLETION AND END OF
LIFECYCEL
O INNOVATOR, PROBLEM SOLVING, STRAGETIC
THINKER AND MUSCLE MEMORY TECHNIQUES
O KNOWLEDGE OG BUSINESS CONITNUITY AND
DISASTER RECOVERY OBJECTIVES
CORE VALUES
INTEGRITY DEDICATION DRIVE
EQUALITY HUMILITY
appropriate alignment and acceptable risk levels for the organizations and client’s requirements.
• Continued to support Information Security Principal job duties. INFORMATION SECURITY PRINCIPAL TTEC ENGLEWOOD, CO OCTOBER 2014-SEPTEMBER 2022 REMOTE WORKING
• Facilitated, bridged, educated, and maintained relationships between the organizational teams (including IT, Operations, IT Compliance, Legal, Procurement, Sales and supporting organizational departments), for new and tenure client sale security initiatives and supplier/vendor partnerships.
• Performed and completed (annual avg. 300) information security and industry compliance business analysis tasks, effectively marketed, and aligned the company’s information security and industry compliance programs, technology, and platforms providing security solutions for identified risks.
• Trained, and managed internal staff on RFI/RFP sale security tasks, supplier/vendor and IT risk assessments and audits (internal & external), and client information security solution assessments/audits, identifying vulnerabilities and risks to remediation closure.
• Collaborated, created, developed, and managed external facing, business and information security and technology (RFI/RFP) technical writing playbook solutions and remediation strategies.
• Initially created, developed, and governed the organization’s supplier/vendor management program, questionnaires, and procedures.
• Initially created, developed, and governed the Global Information Security
(GIS) ServiceNow Request guidelines and standard operational procedures
(SOPs).
• Assisted Security Operations Center (SOC) with security and IT risk investigations, complying to company playbooks, runbooks, incident response processes while providing remediation solutions and escalating to appropriate Operations, IT Leadership, Compliance, and stakeholders for additional resolutions.
• Collaborated, created, developed, and managed the global organization’s security awareness program and employee content. Created the security awareness and compliance content that focuses on the following: o CIA Triad
o User and Special/Privileged access controls
o Industry compliance frameworks (e.g., PCI/CHD; PII, sPII, HIPAA) o How to Report a Suspicious activity
o Where to locate the organization’s information security and compliance policies.
o Corrective action Process. Why its Vital to immediately report any suspicious activity and/or fraud to management, leadership HC and Legal.
SENIOR COMPLIANCE OFFICER REVANA (ACQUIRED BY TTEC) TEMPE, AZ
JUNE 2014-OCTOBER 2014 REMOTE & HYBRID WORKING
• Managed the AZ call center site locations IT and Regulatory compliance initiatives for organization and client relations.
• Collaborated and performed internal and external client and organizational industry compliance audit assessments and assisted with implementations regarding remediation efforts.
• Performed organization’s SAP technology IT SOX audits.
• Managed and performed network SIEM audits and addressed violators.
• Collaborated and performed with HC, Legal and Operations involving fraud 3 of 2
investigations and corrective action proceedings.
• Overseen the AZ site locations for the US State Do Not Call Registrations. QUALITY ASSURANCE MANAGER REVANA (ACQUIRED BY TTEC) TEMPE AND PHOENIX, AZ
APRIL 2012-SEPTEMBER 2014 BRICK AND MORTAR WORKING
• Governed the AZ call center site locations’ Call and Screen Capturing Quality Assurance program for client sale and customer service programs.
• Developed and managed global quality assurance staff for client sales and customer focus call scripting requirements and scoring tasks.
• Created quality assurance weighted assessments and scoring guidelines.
• Collaborated with Operations and clients to ensure calibration with client’s quality assurance requirements.
• Collaborated with HC, Legal, Operations and clients for fraud investigations.
• Performed and managed quarterly business reports for client programs. QUALITY ASSURANCE LEAD ASSISTANT STREAM GLOBAL
PHOENIX, AZ
MAY 2010-APRIL 2012 BRICK AND MORTAR WORKING
• Supported the lead and QA Manager on the Quality Assurance program for client sale and customer service programs.
• Performed, coached, and trained agents/associates and operational staff on client call scripting requirements procedures and methods.
• Collaborated with Operations and clients to ensure calibration with client’s quality assurance requirements.
Contact this candidate