Post Job Free
Sign in

It Security Third-Party

Location:
Chicago, IL
Posted:
May 07, 2025

Contact this candidate

Resume:

Ali Hussain

Cyber Governance Risk and Compliance Leader

Cell: 630-***-**** *********@*****.***

LinkedIn: https://www.linkedin.com/in/ali-hussain-9651008/

SUMMARY

As a highly skilled and multifaceted IT professional with over 20+ years of experience, I specialize in IT Security Risk and adherence testing of Cybersecurity controls and policies. My solutions-oriented approach enables me to tackle complex challenges head-on, driving successful outcomes and ensuring that all IT Security protocols are implemented and tested with precision.

•Expertise in NYDFS, HIPAA, SOX, GLBA, PCI-DSS, CCPA, GDPR, NIST 800-53, ISO 27001, and HITRUST compliance regulations and cybersecurity frameworks

•Achieved a 100% passing rate for all compliance audits in the last 5 years

•Reduced vulnerabilities by 50% and improved system availability by 30% through deploying and auditing Unix/Linux and Windows systems, developing BC/DR plans, and conducting vulnerability scanning using Nessus and Qualys

•Managed large teams of up to 20 consultants for multiple global, multi-lingual, full life cycle, and large-scale custom development projects with a proven track record of delivering successful strategic plans, portfolios, programs, and projects in a timely and cost-effective manner

EXPERIENCE

Rotary International

July 2023 – Current

Manager – Risk and Compliance

•Spearheaded and successfully executed the PCI DSS 3.2.1 to PCI DSS 4.0 upgrade initiative, ensuring the organization’s payment card industry compliance remained robust during the transition. This included comprehensive gap analysis, control updates, and a successful alignment of all security protocols with the new 4.0 framework.

•Led cross-functional collaboration with IT, legal, and compliance teams to conduct a thorough review of current PCI controls and processes, adapting them to the evolving PCI DSS 4.0 requirements. This ensured minimal disruption while addressing key security vulnerabilities identified during assessments.

•Coordinated and executed PCI DSS 4.0-specific training sessions for internal teams, educating employees on the changes in the new standard, its impact on daily operations, and the criticality of adherence to new compliance requirements.

•Developed and implemented a comprehensive third-party risk management strategy, conducting risk assessments for all external vendors and partners who handle payment card information. This ensured that third-party vendors maintained security measures that aligned with PCI DSS 4.0 standards, reducing potential risks to the organization.

•Monitored and managed third-party relationships, ensuring that vendor agreements and controls reflected the organization's heightened compliance obligations under PCI DSS 4.0, and facilitated the completion of third-party assessments, audits, and reviews as needed.

•Established robust monitoring and reporting mechanisms for PCI DSS compliance and third-party risks, regularly tracking vendor performance and internal compliance progress. Provided clear, transparent updates to internal stakeholders and executive leadership on the progress of PCI DSS 4.0 implementation and ongoing third-party risk assessments.

•Proactively addressed and mitigated third-party security risks identified during routine risk assessments, including contract negotiations, service-level agreements, and audit activities, to ensure ongoing compliance with

•both PCI DSS 4.0 and internal risk management standards.

•Collaborated with departments and stakeholders to implement necessary technical and procedural updates across the organization to achieve a seamless transition to PCI DSS 4.0, safeguarding sensitive cardholder data and reducing the risk of non-compliance.

•Played a pivotal role in regulatory adherence and strategic alignment, continuously adapting policies and procedures to meet the evolving requirements of PCI DSS 4.0, GDPR, and other key data protection regulations. Ensured that third-party vendors also adhered to these standards through due diligence, audits, and vendor management practices.

•Fostered a culture of continuous improvement in third-party risk management through the adoption of innovative technologies and tools that enhanced third-party security assessments, vulnerability monitoring, and audit reporting.

Epilogue Consulting Inc.

November 2022 – July 2023

Cyber Consulting Practice Lead

•Led comprehensive security controls testing reviews for third-party vendors, SaaS solutions, and infrastructure manufacturers across various industries, identifying and mitigating potential risks and vulnerabilities.

•Led HITRUST assessments for clients in various industries, ensuring adherence to HITRUST CSF v9.0, and addressing E1 compliance issues through remediation planning and corrective action implementation.

•Directed the remediation of E1 complaints for clients undergoing HITRUST certification, identifying and resolving areas of non-compliance related to security controls, risk management, and vendor management.

•Managed security assessments and remediation strategies for clients, aligning with industry regulations, including HITRUST, ISO 27001, HIPAA, and PCI-DSS. Focused on achieving compliance milestones and addressing E1 findings to maintain certification.

•Collaborated with cross-functional teams to ensure compliance with regulatory requirements and industry standards, including NIST 800-53, ISO 27001, HIPAA, HITRUST, and PCI-DSS.

•Developed and maintained tailored security assessment questionnaires for clients’ HITRUST assessments, ensuring they addressed the latest compliance requirements and reflected evolving industry best practices.

•Conducted thorough and detailed onsite controls testing, where necessary, to ensure all controls were functioning correctly and any identified gaps were recorded, reported, and escalated to management.

•Provided expert guidance and advice to internal teams and clients on cybersecurity best practices, threat intelligence, and incident response planning.

•Led the development and implementation of cybersecurity frameworks, policies, and procedures to ensure compliance with industry regulations and standards.

•Managed and mentored a team of junior analysts, providing training and guidance on industry trends, emerging threats, and new technologies.

•Collaborated with cross-functional teams, including IT, legal, and compliance, to develop comprehensive risk management strategies and ensure alignment with business goals.

Illinois Housing Development Authority

March 2022 – November 2022

Director of Cybersecurity – Security GRC

•Designed, developed and implemented HITRUST remediation plans, ensuring completeness and validation of all risk assessments, and reported progress towards final certification.

•Managed IT Security Governance and Compliance initiatives in relation to NY DFS cybersecurity regulations, assessing operations fitness of third parties using SIG by shared assessment questionnaire.

•Conducted in-depth risk-based security assessments on third-party hosted environments and managed the remediation of third-party audit findings and management responses.

•Provided advice to IT, business teams, and internal GIS customers on security certifications scope, controls management, and monitoring approach.

•Conducted comprehensive security assessments, vulnerability scans, and penetration testing to identify and mitigate potential risks across various industries.

•Developed and implemented customized security policies and procedures to meet regulatory compliance requirements, such as HIPAA, PCI DSS, and GDPR.

•Review information on incidents and submitted the findings to the DLP team to reduce false positive.

•Collaborated with internal stakeholders and third-party vendors to ensure compliance with security protocols and enhance overall security posture.

•Strong communication and collaboration skills, with experience working with Senior Leadership and HR to raise Employee Cybersecurity awareness through online training initiatives.

•Proficiency in conducting ongoing Cybersecurity Risk assessments and providing effective mitigation strategies.

•Exceptional leadership skills, with the ability to lead and coach a team of Cybersecurity professionals, fostering their development and mentorship while driving the maturation of the Enterprise Cybersecurity risk posture and program.

•Excellent project management abilities, including the creation, addressing, and maintenance of project plans and service requests, while consistently delivering within project deadlines.

•Communicated and presented findings and recommendations to senior management and technical teams.

U.S Cellular Corporation

May 2015 – March 2022

Security Risk Assessments Manager

•Led HITRUST assessments and worked to align organizational practices with HITRUST CSF (v8.1 and v9.0) standards, addressing E1 compliance issues and implementing corrective actions to ensure successful certification.

•Managed remediation strategies for E1 complaints identified during HITRUST assessments, collaborating with cross-functional teams to resolve gaps in security controls, risk management processes, and vendor management practices.

•Identified and implemented cutting-edge technologies to align with policy objectives and mitigate risks across the enterprise, including third-party risk, privacy, and data protection, in line with HITRUST and other regulatory standards.

•Contributed to the annual PCI Audit while integrating HITRUST compliance efforts, offering strategic recommendations to improve security posture and enhance adherence to both HITRUST and PCI DSS requirements.

•Led risk assessments and audits, focusing on identifying gaps in compliance with HITRUST CSF, GDPR, CCPA, ISO, NIST, and other regulatory frameworks. Developed risk mitigation strategies to address deficiencies and improve compliance.

•Conducted internal reviews to measure compliance with regulatory frameworks, ensuring continuous alignment with HITRUST standards and addressing E1 and other compliance findings in a timely manner.

•Provided leadership to team members, setting departmental and individual goals, developing development plans, conducting coaching and mentoring sessions, and continuously reviewing and improving the supported model, including HITRUST training and best practices.

•Developed and maintained cybersecurity documentation to comply with HITRUST and other industry standards, ensuring the completion of necessary reporting and meeting auditor expectations.

Sears Holdings Corporation

June 2011 – April 2015

Manager - Third Party Risk Management

•Managed risk and control assessments for high-risk third-party service providers, utilizing Business Impact Analysis (BIA) skills to identify potential areas of risk.

•Conducted thorough annual on-site controls testing and verified compliance with industry standards to ensure controls were functioning properly.

•Recorded and reported identified gaps and discrepancies that could cause business interruptions.

•Managed a team of on- and off-shore resources, including four direct reports, and conducted bi-annual reviews of the 3rd Party Risk Management program.

•Strong ability to evaluate systems, applications, networks, and retail devices for vulnerabilities and ensure compliance with Cybersecurity requirements.

•Collaborated with IT teams to design and implement security architecture and design patterns aligned with industry standards and regulatory requirements.

•Conducted technology and vendor risk assessments to identify vulnerabilities and develop strategies to mitigate risks.

•Dedication to promoting the goals, expectations, and policies of the Cybersecurity team and IT organization.

•Proven ability to create, develop, and manage comprehensive Cybersecurity Programs.

•Utilized excel modeling skills to develop a tool that quantifies a vendor's inherent and residual risk for various risk domains, aligning with regulatory requirements.

Client: CEC (Career Education Corporation) (Technisource)

March 2011 – May 2011 - Contract

Cyber Governance Manager

•I conducted in-depth self-assessments to identify potential security gaps and risks, while managing and communicating the resulting Risk Register.

•I utilized my vast knowledge of industry-standard frameworks, including NIST, ISO 27001, and PCI-DSS, to assess the information security posture of our enterprise.

•I was able to reduce risk and exposure by redesigning the process of discovering, prioritizing, remediating, and mitigating vulnerabilities.

•I also managed timetables, conducted user interviews, created use cases, and ingested over 5,000 privileged accounts with success.

Empire Today

April 2005 – March 2011

Sr. Architect/Team Lead IT Infrastructure

•As a Team Lead, I was responsible for the daily operations and administration of the Messaging, and Windows teams.

•Monitored uptime of all critical systems.

•Administered Active Directory, Antivirus servers, Backups and Firewalls.

•Upgraded security patches on Windows, Email Servers.

•Established, tracked, and improved the key IT metrics for the company and communicate process improvement opportunities to the management team.

•Incorporated best practices regarding email delivery, Windows implementations and Help Desk ITIL standards.

Consulting Experience

Client: Cardinal Health (Wipro Technologies)

June 2004 – March 2005

Storage Lead – SAN Engineer • Plan and document the migration design and architecture for the Cardinal Health entire SAN solution from EMC DMX 800 to DMX 3000.

•Maintain 100 percent uptime on all EMC SAN hardware.

•Create new solutions to improve performance, security, reliability, and scalability by improving internal processes and making hardware recommendations.

•Patch Management assistance with the distribution of Microsoft Hotfixes and Service Packs.

Client: Kraft Foods (TEK Systems)

July 2001 – June 2004

Senior Systems Administrator & Support Services Lead

•Development of the support process through the Helpdesk and the development of procedures to ensure first call resolution of application issues.

•Patch Management support at the first level for the distribution of Microsoft Hotfixes and Service Packs.

•Reported to management on support impact and improvements is also a core responsibility to meet or exceed Service Levels.

Motorola

May 1998 – July 2001 Senior Systems Engineer

•Maintained NT server and MS Exchange server, Network security rules implementation and experience with backup/recovery procedures.

•Created user and computer accounts in a domain.

•Worked to produce documentation associated with the process developed in a Proof-of-Concept structure to ensure repeatable tasks.

UOP, Teleformix, AC Nielsen (TEK Systems)

May 1996 – April 1998

Systems Administrator

•Changed token ring switches to Ethernet and supporting end user changing their token ring card to Ethernet card and troubleshoot their problems.

•Provided desktop support and network administration.

•Software supported included Office 97, Windows 95 and Windows NT 4.0

•Utilized ticketing system to track tickets and resolve issues.

TRAININGS AND CERTIFICATIONS

•CISA - 2024

•ITIL v4 - 2024

•Introduction to Cyber Security Foundations

•Azure Cloud and O365

•Emerging Leadership Training

•PMP



Contact this candidate