Cyber Security, GRC, IT, Information Security
Resume:
David Gianna, PhD, MBA, MSc
Beacon, NY 845-***-**** *******@*****.*** linkedin.com/in/dgianna
Security Breach Investigations Disaster Recovery Cybersecurity Policies and Procedures Enforcement
Risk Management Framework (RMF) Current Best Practices Information Security Technologies
HIGHLIGHTS OF CYBERSECURITY FRAMEWORKS AND METHODOLGIES EXPERIENCE
(Wells Fargo): Aligned risk management framework with PCI DSS, FFIEC, NIST 800-53, and ISO standards at Wells Fargo,
advised on cybersecurity policies, standards, procedures, and frameworks to reduce risk and ensure regulatory compliance. Provided oversight to demonstrate compliance to regulators.
Go-to person for strategic guidance on PCI DSS remediation, implementation, and assessment for compliance validation and sustainability. Collaborated with teams to redesign architecture, realign risk controls, and to transform their organizational processes to achieve security and compliance. This includes a review of large-scale GCP cloud rollout, mobile payment applications (for white card clients like Houzz, Hotels.com), advisement on ATM transaction risk controls.
Provided oversight as Lead in the Technology Information Security & Risk Management (TISRM) organization at Wells Fargo, interacting with teams that execute payments, merchant services, global PCI compliance, third-party risk management, application development, network penetration testing, ATM transactions, and mobile applications and operational services.
(Protiviti, Verizon, NetSPI): Served with clients (Verizon Telematics, Flight Centre, MTA, Port Authority of NY&NJ) to ensure rollout of secure cloud and networking environments, application development aligning with the PCI DSS and the former PA DSS.
Developed and maintained cyber security policies and procedures at various clients in the Retail, Transportation, Banking/Finance industries to comply with regulatory frameworks and industry standards including PCI DSS, HIPAA, NIST & ISO.
Collaborated across multiple disciplines to achieve security, privacy, and compliance goals. Worked with Long Island Rail Road (LIRR) on enterprise-wide network redesign including network segmentation and strong access controls; Worked with Metro North Railroad (MNR) on data center migration, on-board payment system implementation, validation, and rollout.
EXPERIENCE
Wells Fargo Bank N.A., a Wells Fargo & Co. division 2019 - 2025
Vice President & Lead Operational Risk Officer, 2021 - 2025
Continuous improvement of risk management activities through review, audit, monitoring, and challenge actions.
Aligned Wells Fargo governance and risk management framework (RMF) with compliance requirements.
Influenced risk management through operational risk reviews for risk events and near risk events.
Oversight of the Wells Fargo PCI Program Office to reduce cardholder data risk by 45%.
Improved the delivery, execution and accountability for Wells Fargo global PCI compliance.
Ensured management of third-party vendors and operational risk for ATM and payment channels.
Audited major incident response actions (over $10MM) to drive adoption of security best practices.
Business Risk & Control Officer, 2019 - 2021
Executed assessments of applications, processes, and platforms that store, process, and transmit cardholder data.
Enabled enterprise-wide risk reduction in payment channels through application of the PCI DSS.
Developed strategy for third-party vendors to measurably reduce risk to payment data.
Drove innovations in architecture for encryption, tokenization, and network segmentation to reduce PCI risk.
Raised awareness of payment security, and PCI compliance through PCI Center of Excellence.
Collaborated to revise Wells Fargo policies for regulatory compliance and alignment with Wells Fargo controls.
Protiviti 2011 - 2019
Senior Manager
Provided leadership, and technical and engagement management of medium to large task-based consulting teams.
PCI-DSS Assessment, Remediation, and Advisory services for Retail, Banking, and Transit services.
Developed mobile on-board rail fare payment system used by two large commuter railroads.
Designed and implemented a PCI-compliant parking payment system used at four airports.
Achieved a secure enterprise-wide network architecture for a large commuter railroad.
Designed a PCI-compliant architecture for an internal cloud hosted by a major bank.
Successfully led a PCI-initiative for a connected automobile services provider.
Created an internal PCI Center of Excellence at a major pharmaceutical corporation.
Acted as virtual Chief Information Security Office (vCISO) for major client in retail industry.
David Gianna 845-***-**** Page 2
NetSPI 2010 - 2011
PCI Practice Lead
Performed PCI Audits, PCI Readiness Assessments and Gap Analysis, and managed PCI-related remediation projects.
Developed strategic vision and objectives to drive consulting practice dedicated to the PCI DSS and the PA DSS.
Leadership of PCI-DSS compliance practice consisting of 10 PCI-QSA and three PA-QSA consultants.
Introduced automated audit and reporting tools to streamline PCI-QSA processes to reduce delivery time.
Performed PA (Payment Applications) certification under PA-DSS in test lab for leading vendors.
Verizon Business Security Solutions, formerly CyberTrust/Ubizen 2005 - 2010
Senior Security Consultant
Expert advisor to Fortune 50 companies regarding cyber security controls, infrastructure and architecture risks, strategies, business risk, and Information Security business alignment.
Provided expert level comprehensive analysis of industry and regulatory compliance standards as well as their associated impact upon client environments and business models.
PCI-DSS compliance assessments for Fortune 50 retail and financial institutions.
Performed wireless assessments, network vulnerability assessments, and penetration testing.
Delivered architectural reviews and assessments; Policy review and coaching; VoIP security for telco.
Provided pre-sales technical support and solutions engineering.
ADDITIONAL RELEVANT EXPERIENCE
Warden Command Cyber Group, LLC 2025 – Present
Strategic Advisor
Provided product-oriented development, rollout, and application engineering and delivery for Warden clientele.
Initiated cyber/information security program for startup firm providing unique security operations solutions.
Formulated company strategy for rollout of tabletop Security Operations Table (SOT).
Training and mentoring product and operations teams to inculcate security into company culture.
Marist College 2022 - Present
Adjunct Professor
Serve as a highly rated adjunct instructor in Graduate Computer Science and Cyber Security program, teaching data networking, and cyber security courses.
Developed and delivered Internet of Things (IoT) architecture course.
Taught Data Networking
University of Maryland Global Campus 2011 – Present
Adjunct Professor
Serving as adjunct instructor in Graduate Cyber Security Program. Teach and instruct next generation of cyber/information security professionals.
Special attention to adult learners and military personnel.
Threat and vulnerability management, network security, and communications/reporting.
Civil Air Patrol (Civilian Auxiliary of the United States Air Force) 2007 – Present
Serve as volunteer operating as pilot for cadet orientation flights, air search and rescue, and aircraft ferry/positioning
Civil Air Patrol, New York Wing: Information Technology Officer, Transport Mission Pilot
Civil Air Patrol, NY-421 Squadron: Squadron Commander.
David Gianna 845-***-**** Page 3
EDUCATION
PhD Technology: Cyber Security
Capitol Technical University, Washington, DC
DsC Information Assurance & Security: (All but dissertation)
Capella University, Minneapolis, MN
Master of Business Administration: Information Systems
Marist College, Poughkeepsie, NY
Master of Science: Computer Science
Marist College, Poughkeepsie, NY
Bachelor of Science: Electrical Engineering
Rochester Institute of Technology, Rochester, NY
CERTIFICATIONS
CISSP, CCSP, CTGA, AWS Solutions Architect, ISO 27001/31000, PCI QSA/ISA.
CONFERENCE PRESENTATIONS
Conference Speaker, 2018 PCI North American Community Meeting
INDUSTRY COMMUNITY CONTRIBUTIONS
Doctoral dissertation: Dark Data Risk Management in Big IoT Data
International Information System Security Certification Consortium (ISC)2: SME for CCSP exam revisions
Payment Card Industry Security Standards Council (PCI SSC): Cloud Special Interest Group
Pace University, Seidenberg School: Former cybersecurity advisory board member
Rutgers Center for Innovation Education: Former advisory board member
OWASP: NY/NJ Metro Chapter, Former Board member, Chapter Leader
COMPETENCIES
Core
Leadership Strategy Cyber Program Development Business and Technology Alignment Audit and Analysis Network & System Security Security Architecture Internet of Things (IoT) Cloud Services & security Third Party Vendor Management Payments Security (PCI DSS, ANSI TG-3/TR-39)
Standards Compliance
ISO 27001 ISO 31000 PCI-DSS ANSI TG-3/TR-39 NIST 800-53, NIST CSF
Regulatory
FFIEC GLBA HIPAA Visa PIN Compliance
Contact this candidate