Information Security Risk Management
Resume:
Tina Hessel
Dubuque, Iowa, US *********@*****.*** 563-***-**** www.linkedin.com/in/tina-hessel1
SUMMARY
A versatile and proactive professional with extensive experience in compliance, audit, and risk management. Skilled in creating and implementing best practices for information security, compliance, and risk through audits, assessments, and policymaking. Proficient in PCI, SOC 1 and 2, FDA, HITRUST, NIST, ISO 27001, and HIPAA regulations, as well as documentation best practices.
Risk Management Auditing Data Analysis Team Leadership Training Documentation Review
Information Security Project Management Regulatory Compliance Strategic Planning Program Development
EXPERIENCE
Risk Consultant
TransUnion December 2021 - December 2023, Chicago, Illinois
Led business process initiatives for four business groups, providing compliance-related consultation and suppliers for compliance with information security-related requirements in supplier contracts. Partnered with Legal and teams to influence and support the consistent execution of the global compliance program.
Co-developed a training program for new team members.
Created and updated standardized information-gathering questionnaires for various services.
Developed short-term goals and a long-term strategic plan to improve risk control and mitigation.
Participated in daily systemwide huddle calls.
Presented risk findings with detailed analysis.
Conducted assessments of Neustar suppliers for compliance with information security-related requirements in supplier contracts.
Assist with ad-hoc customer information security related information requests to ensure tracking, prioritization, engagement of appropriate internal functions/personnel, and timely response to customers.
Participate in contract reviews to ensure information security related requirements are accounted for in established controls or if new controls or control changes will be required.
Participate in responses to information security related compliance questions from prospective customers in questionnaires, and existing customers in audit questionnaires.
Engage with business units to perform and coordinate technical assessments to identify and analyze cybersecurity risks. Assessments to include architecture reviews and analysis of security testing from vulnerability assessments and penetration testing. Analyze risks for likelihood and impact. Provide analysis results and mitigation recommendations.
Act as a liaison between the risk, technology and security functions and the business units to help facilitate risk management program processes and activities.
Acquired PCI DSS certification.
Compliance and Audit Leader
TELEPERFORMANCE January 2021 - December 2021, Salt Lake City, Utah
Managed overall audit and compliance program, ensuring business operations within policies, procedures, and regulatory guidelines. Facilitated all aspects of audits, such as HITRUST, PCI, SOC 1 Type 2, and SOC 2 Type 1 and 2 audits.
Assessed Teleperformance suppliers for compliance with information security-related requirements in supplier contracts.
Developed a program for gathering evidence for audits.
Cultivated an Agile environment, fostering collaboration with team members and SMEs during audit procedures.
Align current business processes with client requirements and external security standards/obligations, such as NIST, FISM, PUB1075, ISO 27001:2013, PCI-DSS, HIPAA/HITRUST, etc., as well as Service Organization Control reporting
Identify, document, and assist in the remediation of security deficiencies and gaps with business suitable controls
Review Statements of Work, Master Service Agreements, and other contracts for security obligations and identify areas of exposure
Serve as a liaison between internal and external customers and management to maximize the adoption of and support for security plans and procedures within the organization.
Serve as a liaison between the organization’s clients and security auditors, concerning information security
Identify and lead the appropriate subject matter experts to participate in the identification and analysis of risk scenarios
Collect and review control evidence
Regulatory Compliance Administrator
IBM October 2014 - November 2020, Dubuque, Iowa
Managed and coached the regulatory team to maintain industry knowledge and skills in compliance, audit, and risk management to improve internal processes and practices. Ensured compliance and adherence to state, national, and international requirements, including Sarbanes-Oxley (SOX), PCI, HIPAA, GDPR, ITAR, and CCPA. Responded to external and internal audits, continuous monitoring, penetration tests, and various vulnerability assessments, including ongoing monitoring of compliance control to ensure constant functionality through ongoing infrastructure upgrades and changes.
Developed and delivered training content for a division of 30 employees during tenure as administrator.
Created document program to eliminate use of hard-copy documents.
Oversaw development of Watson Health project.
Mentored and coached junior team members, enhancing regulatory, strategic, and operational performance.
Facilitated and participated in internal audits by identifying compliance issues.
Created and advised team on improving internal controls and processes while preparing for risk assessments during audits.
Served as single point of contact for audits which included routing data requests to delivery teams, reviewing responses prior to replying to auditors.
Performed qualification and validation activities for document management system used to assign and track IBM and customer regulatory documents
Responded to external and internal audits, continuous monitoring, penetration tests and various vulnerability assessments, including ongoing monitoring of compliance controls to ensure constant functionality through ongoing upgrades and changes.
Single point of contact for audits which included routing data requests to delivery teams, reviewing responses prior to replying to auditors
Ensured compliance and adherence to state, national, and international requirements including Sarbanes-Oxley (SOX), PCI, HIPAA, GDPR, ITAR and CCPA
Coordinated corrective actions to respond to audit finding
Security Compliance Analyst
IBM June 2011 - October 2014, Dubuque, Iowa
Established and maintained security and compliance for assigned accounts. Designed a training program for new team members. Created action plans and responses to all audit observations.
Piloted audit readiness reviews by assessing account compliance to contractual requirements, as well as IBM and client security documents and global process documents.
Collaborated with other teams while conducting health checks on servers of customers.
Created daily, weekly, and monthly reports for the account team’s reporting on the status of health check progress.
Conducted research on how to create a tool to automate health check process. Produced web page and video for global audience on how to conduct audits
CMA/Lab Supervisor
Crescent Community Health Center October 2008 - November 2010, Dubuque, Iowa
Managed the collection, analysis, and interpretation of 100+ lab results daily, ensuring compliance with industry
standards and regulations
Managed and oversaw daily clinic laboratory operations, facilitating efficient employee training for a team of 10 staff
members
Managed and optimized lab testing procedures, resulting in improved accuracy and increased cost savings.
Automated patient data entry and test result processing for billing, streamlining operations and facilitating in-house
patient care services
Established relationships with nearby medical providers and facilities to procure appointments for low-income
patients, resulting in a 20% increase in patient access to care.
Execute Medical Assistant duties to facilitate smooth patient care and workflow, including conducting vitals, EKGs
and patient histories in a high-volume clinic setting.
EDUCATION
Bachelor of Arts
Theology • Apostolic Bible Institute • St. Paul, Minnesota • 3.60
Certification -Paramedic
University of Iowa • Iowa City, Iowa • 4.0
AAS Nursing
NORTHEAST IOWA COMMUNITY COLLEGE • US, Iowa, Peosta • 4.0
CERTIFICATIONS
PCI DSS
AWARDS
IBM-3 MANAGER CHOICE
IBM-1 EMMINENCE AND EXCELLENCE
Contact this candidate