Program Manager Risk Management

Amanda Mendieta

Phone: 415-***-****

******.*.********@*****.***

EXPERIENCE

Turo 2024-Present

Cyber GRC Enterprise Risk Program Manager

• Technical and program lead for Cyber GRC compliance for SOX readiness and ITGC compliance o Led cross-functional teams to implement enterprise-wide Identity and Access Management initiatives and SailPoint access management tooling, including role-based access controls, user access reviews, privileged access management, and user provisioning, reducing security and compliance incidents by 30%

o Defined and enforced access governance policies, ensuring compliance with regulatory frameworks such as SOX, NIST, ISO, PCI, and GDPR

• Designed and implemented Governance, Risk and Compliance Programs for cross-functional teams o Built and maintained risk registers to track and prioritize enterprise risks, ensuring alignment with organizational risk appetite while conducting policy reviews and updates to embed best practices into security and risk management protocols

• Designed and implemented information security vendor risk management program and risk classifications o Established vendor risk management programs, incorporating SLA monitoring, security posture evaluation, and ongoing compliance assessments with 25 vendors throughout 2025 o Lead fraud assessments and incident management remediations identified with high-risk vendors Apple Inc. 2018- 2023

Crypto Services PKI Audit and Compliance Technical Program Manager

● Manager and lead of the annual WebTrust audit for all in scope Certificate Authorities managed by the Apple Crypto Services team

o Managed over $1mil audit budget to perform external audit for 4 audit framework procedures o Successfully managed and maintained security control suite of 176 controls with stakeholders internal and external to Crypto Services; received clean audit opinion 5 years in a row o Lead quality assurance testing initiatives for code reviews during TLS and S/MIME compliance and functionality updates to certificate deployments

o Performed master of ceremony functions for key ceremony generations; lead project to ensure key generation ceremonies were in compliant while auditors were present to witness o Lead software engineer team to improve internal linting solutions for audit capabilities

● Designed and lead Security and Compliance Incident Response program that require public disclosure and reporting on Bugzilla by Mozilla to the Certificate Authority and Browser community o Apple Lead Representative and liaison of all Certificate Authorities and Root Programs to close out public incident reports

● Lead Apple Representative in the global Certificate Authority/Browser Forum to influence and spectate updated security and compliance requirements that will impact the organization o Lead internal Apple Compliance committee to perform risk assessments for security and compliance updates mandated by the global Certificate Authority/Browser Forum Santander 2017- 2018

Cyber Security Vendor Program Risk Manager

● Managed and lead of all 15 West Coast and Midwest vendor assessments for information security and business continuity

o Manage internal and external relationship and delivered assessment reports for all west coast and midwest vendors based on NIST 800-53 framework

o Manage delivery of final security observations to both the business and the vendor

● Conducted risk assessments based on vendor SOC 1 & SOC 2 reports as well as technical evidence gathering and utilizing frameworks such as ISO 27001 and NIST 800-53 Deloitte & Touche LLP 2013-2017

Cyber Security Senior Consultant

● Big data analytics machine (Splunk) implementation and expansion to incorporate biomedical devices onto the logging and monitoring platform

o Current state security incident logging and monitoring assessment to determine required devices to be incorporated for security event management

● Oracle Clinical Systems security design assessment o Project manager and lead delivery manager for biometric tools client utilizing Oracle Clinical systems leading a team of 5; delivered technical security assessment benchmarking HIPPA privacy standards, NIST 800-53, ISO 31700, ISO 27001, etc.

● Implemented Cyber Threat Intelligence (CTI) capabilities for retail client post major data breach o Conducted cyber threat intelligent analytics utilizing ThreatConnect as well as other intel tools o Produced framework and streamlined structure for CTI metrics as well as CTI industry threat trends and analytics

● Lead security and privacy assessments and product roll out for ‘Obamacare’ implementation for the State of Nevada and State of Connecticut

● Public Key Infrastructure lifecycle governance and Certificate Authority design and implementation for major airline organization

Deloitte Mexico 2016

Cyber Risk Senior Consultant

● Lead technical resource conducting a full security assessment for large Financial Industry client with emphasis on network and infrastructure security

o Lead team to conduct security and business process assessment based on NIST framework

● Co-lead for business development initiative for Security Information and Event Management as well as Cyber Threat Intelligence capabilities for Deloitte Mexico clients o Identified potential clients to advance and expand cyber fusion center managed services o Composed executive level business development informative reports demonstrating managed services for the Cyber Fusion Center

EDUCATION

Bachelor of Business Administration in Management Information Systems May 2013 C. T. Bauer College of Business, University of Houston, Houston, Texas HONORS AND AWARDS

● Most Powerful Latina’s top 50 Rising Start List 2021, 2022, 2023

● Association of Latino Professionals for America (ALPFA) Most Promising Professional of the year recipient 2016 ACTIVITIES

● Association for Latino Professionals for America (ALPFA): Board of directors 2014-2026

● Association for Latino Professionals for America (ALPFA): Regional West Coast Director for the national committee 2024-2026

SKILLS

GRC Management, Cyber Security Risk Management, Vendor Risk Management, Data loss prevention, Cross-functional stakeholder management, Program Management, Project Management, Security and Privacy Controls, Linting Solutions, SQL, Business Requirements Gathering, Security Compliance, Stakeholder Management, Incident Response, Data Analytics, Policy Documentation, Project Financial Planning, Strategic Initiatives, SCRUM, Relationship Management, Splunk, SIEM, Data analytics, Cyber Threat Intelligence, Venafi, WebTrust, NIST 800-53, PCI, GDPR, ISO Security and Privacy Standards, Risk Assessments, Venafi, Public Key Infrastructure, ThreatConnect, Quality Assurance Testing, Microsoft SharePoint, Oracle Clinical Systems, Problem Solving, Mentoring, Coaching

Contact this candidate