Information Security and GRC experience, AI and Privacy Compliance

Donald F. Cesaretti, MSIA

Levittown, PA ***** PH: 609-***-****

e-mail: ******.*********@****************.*** website: www.donaldfcesaretti.net https://www.linkedin.com/in/donald-cesaretti-msia-deputy-ciso-8a6712174/ Summary of Information Security – Governance/Risk/Compliance Experience:

• Integrated Artificial Intelligence Professional certified, Integrated Risk Management Professional certified, GRC Auditor, Integrated Audit and Assurance Professional and GRC Professional certified – OCEG

• ISO 27001:2022 Lead Auditor certified - MasterMind

• Twenty years’ experience in Information Technology; Information Security, IT Audit and Standards Compliance, IT Training & InfoSec Training, Privacy, Risk Management, Artificial Intelligence, Database and Network Admin

• Hands-On Experience as Project Lead and Point of Contact with IT Industry compliance audits in HITRUST, PCI-DSS, SSAE SOC 1 & 2, ISO 27001:2013 & 2022; internal audits covering NIST CSF, RMF and NIST 800-53

• Adjunct Instructor – Computer Science Dept at Rowan University, Glassboro, NJ

• Published author in Information Security trade magazine

• Member of ISACA, OCEG and ISC2.

Current Experience:

Deputy Chief Information Security Officer - Radius Global Solutions LLC Nov 2024 - Present Radius Global Solutions LLC, a firm specializing in Accounts Receivable Management, in the Information Security Department.

In the role of Deputy CISO, I assist in the operational management of the Team, reporting to the Chief Information Security Officer.

Duties consist of the following and many others: data protection, Information System audits, vulnerability assessments, risk management assessments, management and enforcement of Information Security policies and protection of assets through a variety of tools/applications, 3rd Party Risk/vendor services security management/vetting and Information Security standards/procedures. Management, review, hiring of Information Security Department staff, member of executive IT Board. Senior Risk Analyst - MIAX Exchange Group Aug 2024 - Nov 2024 Member of the Risks and Control Team within the MIAX Cybersecurity Department as a Senior Risk Analyst. Supervised Risk and Control Team as part of GRC section of the organization. Information Security Specialist I - Radius Global Solutions LLC Aug 2019 – July 2024 Radius Global Solutions LLC, a firm specializing in Accounts Receivable Management, in the Information Security Department. My duties consist of the following and many others:

• Project Manager and Team Lead on audit processes for our HITRUST, PCI-DSS v3.2.1 and v4, SSAE 16 SOC 1 and SOC 2 and ISO 27001:2013 and 2022 certifications and attestations including NIST CSF, RMF and NIST 800-53 control audits

• Prepared, executed, and reported on audit of subset of NIST SP 800-53 cybersecurity controls to include interview, document review, and testing of systems to support compliance audit activities

• Knowledgeable on NIST Cybersecurity Framework and how the Identify, Protect, Detect, Respond, and Recover categories comprise and facilitate an information security program

• Perform internal audits and risk assessments; InfoSec Project Compliance Calendar manager

• Assist with the development, updating, execution and monitoring of all global IT security policies and procedures

• Monitors security incident and event management (SIEM) and first responder for security events and

alerts to potential (or active) threats, intrusions, and/or compromises; security event investigator

• Data Loss Prevention manager – manage, supervise and train DLP team Adjunct Instructor - Rowan University - Computer Science Department 2018 - Present Adjunct instructor where I teach courses on technology and society, specifically ethics, NIST Standards

(CSF, RMF), ISO, HIPPA, Sarbanes-Oxley Act, cybercrime, privacy laws, etc.: Computers and Society, INTR 45339 https://csm.rowan.edu/departments/cs/facultystaff/compsci_adjuncts/cesaretti.html Education:

1/2005 - 6/2006 Norwich University MS in Information Assurance (Cybersecurity) 4/2002 - 12/2004 Eastern University BA in Management of Information Systems Skillset/Background:

• Information Security Team management and Project Management

• IT and ISMS Auditing * Compliance Review * Change Management Board reviewer

• Standards Compliance · CIS / HITRUST / NIST CSF / NIST RMF / NIST 800-53

• Payment Card Industry Data Security Standard (PCI DSS) * SSAE SOC 1 / SOC 2 * ISO 27001

• Vulnerability Assessment / Exposure Management

• Privacy Professional

• Data Discovery and Governance – IT Infrastructure

• Data Loss Prevention – Manager of Data Loss Prevention Team

• ManageEngine ADAudit Plus

• OneTrust GRC and Privacy systems

• Artificial Intelligence Compliance and Security – ISO 42001 AIMS Specialty Training and Education:

2025 ISO 27001:2002 Lead Auditor certified - MasterMind 2025 Integrated Artificial Intelligence Professional - OCEG 2025 Cybersecurity Risk Awareness for Officials and Senior Management - TEEX / US Homeland Security 2024 Integrated Risk Management Professional (IRMP) - OCEG 2024 Integrated Audit & Assurance Professional (IAAP) - OCEG 2024 Certified GRC Auditor (GRCA) certification – OCEG 2024 OneTrust GRC Professional

2024 OneTrust Certified Privacy Professional

2024 OneTrust Data Discovery & Governance: Foundational Background Professional 2023 Cloud Computing 101 - Amazon Web Services/AWS Educate 2023 Exposure Management Expert certification - XM Cyber 2023 GRC Professional (GRCP) certification – OCEG

2023 Simply Cyber Definitive GRC Analyst Master Class 2020 Cyber Threat Hunting Training - April Session - Black Hills Information Security 2020 Comprehensive Cybersecurity Defense training – CDI - TEEX/US Homeland Security 2008 NJ Police Training Commission - Certified Police Training Commission Instructor 2006 National White Collar Crime Center Basic Data Recovery and Acquisition training (BDRA) 2005 NJ State Police High Technology Investigator training at Gloucester County Police Academy 2005 Camden County College - Certified Ethical Hacker Certification training 2003 Camden County College - Visual Basic .NET Programming course 2002 The College of New Jersey - NJ DOE Alternate Route Teacher Certification Program 2001 Camden County College - Networking Fundamentals training 1999 Computer Training Institute – Pennsauken HS - Basic Computer Repair Technology 1996 PJA School of Paralegal Training, PA - Paralegal with Computer Applications Training 1993 NJ Correction Officer Training Academy – Skillman - Basic County Correction Officer Training A Complete CV of my employment, skills, experience and certifications can be read on my website at: www.donaldfcesaretti.net

Contact this candidate