Experienced Cybersecurity and GRC Director
Resume:
Paul Mitchell
*********@******.*** 925-***-****
linkedin.com/in/pauljmitchell
SUMMARY
Results-driven leader in cybersecurity, AI, GRC, and e-commerce with a proven track record of achieving ambitious goals and driving strategic decisions on risk, resource allocation, and technology adaptation. Specialize in applying GenAI and ML to enhance cybersecurity and develop countermeasures against emerging threats targeting LLMs and GenAI models. Additionally I consistently deliver compliance audits on time and with minimal disruption, streamlining processes to ensure smooth execution while maintaining a strong security posture.
EXPERIENCE
Director of Security Program Management
RingCentral Aug 2023 - Present (1 year 1 month)
Responsible for delivering all Security and Compliance programs at RingCentral, including overseeing AI security initiatives to ensure compliance and risk management in emerging technologies. Led successful, low-friction completion of compliance audits and remediation projects, managing delivery, risk, and strategic alignment for ISO 27001, ISO 27017/27018, SOC 2, PCI DSS, UK CE/CE+, HITRUST, FedRAMP certifications, as well as HIPAA, GDPR, and Privacy Shield compliance. Championed the integration of AI governance to address the unique security challenges and compliance requirements of AI-driven solutions and the application of GenAI against threats.
Director of Governance, Risk, and Compliance
8x8 Nov 2022 - Aug 2023 (8 months)
Led 8x8’s Governance, Risk, and Compliance (GRC) program, driving a strategic overhaul that established the company’s first corporate policy framework and significantly boosted its CMMI score and compliance posture. Founded and managed 8x8’s AI Security Governance program, integrating cutting-edge practices to safeguard AI technologies. Built and led the Third-Party Risk Management (TPRM) program, ensuring vendor alignment with rigorous security standards. Delivered successful SOC 2, NIST 800-53, PCI DSS, ISO 27001, and ISO 9001 audits for 2022 and 2023, achieving zero compliance gaps. Streamlined audit processes by consolidating evidence gathering, resulting in enhanced efficiency and $250K in annual savings.
Director of Product Security
8x8 Apr 2020 - Jan 2023 (2 years 10 months)
Transformed 8x8’s security strategy by leading the development of AI-driven security initiatives, including the company’s first AI security policies, ensuring safe and responsible innovation in emerging technologies. Drove the security feature roadmap, establishing a strong competitive edge across the product line. Strengthened security sales enablement by partnering directly with customers to address their security and compliance needs. Led all enterprise security projects in a strategic capacity, enhancing GRC posture and expanding PCI DSS and NIST 800-53 compliance to support new product and service offerings.
Business Analyst, Cybersecurity
Lam Research May 2014 - Apr 2020 (6 years)
Lead the team that built a game-changing $3.5M B2B DRM-enabled customer collaboration cloud portal, a patented, revolutionary solution that transformed B2B customer interactions. Implemented governance and compliance process improvements, resulting in annual cost savings of over $1.2M while maintaining industry standards and regulatory adherence.
Ecommerce Consultant
Chyral Jun 2010 - Apr 2014 (3 years 11 months)
Led collaborations with Razorfish, SapientNitro, and ThoughtMatrix (Rauxa) on prestigious accounts like HTC, Sephora, Bank of the West, Bare Escentuals, LinkedIn, Bio-Rad, Franklin Templeton, Liberty Mutual, and AAA. Delivered mobile apps and a website for HTC One, provided translation services for Bio-Rad, implemented new CMS’ for Bank of the West and LinkedIn.
Senior Business Analyst, Ecommerce
Macys.com Aug 2007 - May 2010 (2 years 10 months)
Instrumental role as the business lead in selecting and constructing the robust ecommerce platform driving Macys.com and Bloomingdales.com. Demonstrated exceptional leadership by seamlessly integrating PCI compliance measures into Macy's new ecommerce systems, followed by securing Macy's PCI attestation of compliance and SSAE 16 compliance.
EDUCATION
Newbury College
Brookline, Massachusetts
BS Computer Science, 1999
Contact this candidate