GetHiredToday

Experience IT Internal Auditor and Compliance and Information Security Program M

Posted on: 2021-06-10

PROFESSIONAL SUMMARY

Marianna Diezsi has over 15 years of experience in IT, Internal Audit, and Information Security operations.  She has worked in a variety of positions and industries with varying levels of responsibilities.  Her roles include many aspects of creating strategic planning, internal audit and certification, policy, governance, risk management, 3rd party vendor management, project and program management, strategic initiative development, compliance, as well as policy and standard development and implementation.

              

KEY HIGHLIGHTS & TECHNICAL SKILLS

Core Competencies and Governance

  • Identifies risk, impact, connection, and integration points to align technology with needs of organization and the customer
  • Compliance (FISMA-NIST, GDPR, SOX, PCI, ISO, GDPR, OTS, Privacy)
  • Demonstrated the ability to cultivate productive relationships with customers, partners, and key stakeholders
  • Proven leadership and program management experience
  • Managed ITIL based service delivery, support, and deployment and operations management

 

EXPERIENCE

 

Zulily (Qurate): 3/2020 to present

Senior Tech Compliance Program Manager

  • Managed all aspects of privacy program including, training, awareness, policy and procedure development, vendor management, and data subject rights
  • Conduct privacy reviews of 3rd parties and internal development including remediation, triage and tracking of issues
  • Develop and maintain relationships with relevant teams drive the retention & deletion efforts across Qurate brands
  • Provided technical and regulatory guidance to all departments on compliance and privacy matter to ensure compliance to regulations and standards.
  • Review and negotiate vendor contracts; to ensure proper data protection terms are included
  • Responsible for of privacy process and procedures, including vendor risk management
  • Internal PCI -ISA responsible for assisting in external PCI audit

 

Coupang: 10/2019 to 2/2020

Principal Information Security Risk Manager Security and Privacy Audit and Certification                        

  • Drive compliance of engineering and 3rd party systems against Korean laws and regulations
  • Drive external audits
  • Develop polices for risk management framework including privacy
  • Partner with key stakeholders to identify, evaluate, mitigate, and report on risks 
  • Evaluate known issues, identify root causes, and work with business team to remediate  
  • Establish audit planning and execution including security and privacy frameworks

 

Microsoft: 07/2012 to 10/2019

Sr. Risk Manager Consumer Sales and Marketing Engineering

  • Other MSFT roles: Sr. Security, Risk, and Compliance Manager -ECO (Services), Sr. Program Manager -IPG (CSS)
  • Managed a worldwide team that provides 24-hour security and fraud investigations
  • Implement privacy requirements in retail operations and development
  • Drive companywide security and compliance strategy in Services and partnering organization’s
  • Manage external audits including ISO, SOX, and PCI
  • Develop and operate centralized operational program required for an ISO 27001 and PCI certifications
  • Develop and drive a successful Worldwide Service data protection onboarding program including GDPR
  • Develop and maintain a security scorecard and BI solution to provide leadership with as heat map of assets
  • Oversight and management of international online properties including China, Singapore, Russia, London, etc.
  • Lead a high performing FTE and vendor team delivering against an aggressive set of commitments
  • Partner with engineering to in corporate security and compliance into engineering lifecycle
  • Partner with other team members and business leaders across division to define strategy and operationalize
  • Work closely with other organizations across Microsoft to drive efficiencies and share solutions, driving change
  • Develop and manage the annual Data Protection budget
  • Define performance metrics, establish measurement capabilities, and demonstrate business impact
  • Effectively implemented simple and scalable compliance controls frameworks, security controls, processes, and policies to ensure compliance with legal regulations, corporate policies, and customer commitments
  • Work with 3rd Parties to ensure compliance requirement are achieve in practice
  • Conduct all store penetration testing for PCI compliance (Metasploit and Rapid 7 certified), perform validation and bug creation for engineering

 

Ernst and Young: 08/2011 - 7/2012

Manager in IT Risk Transformation Info Security Advisory                                                               

  • Led PCI Compliance Readiness Assessments and Post-Assessment Remediation, for various merchant levels
  • Led IT audit projects focusing on both internal and external compliance as well as design effectiveness for various industries and Cloud environments; they included architecture reviews of wireless, firewall, data center and various network designs
  • Led the implementation of governance frameworks (ISO 27001, COBIT, NIST, PII, HIPAA, etc.), and regulatory compliance objectives (Payment Card Industry Data Security Standards (PCI DSS), SOX 404, etc.) for various industries and Cloud
  • Map existing Microsoft controls to FISMA NIST, ISO, SAS70, PCI, EU, etc.  and rewrite internal controls
  • Create requirements documentation for the automation of evidence gathering
  • Gather evidence for cycle testing on going control monitoring
  • Working with service team to understand customer environments and compliance/security needs
  • Educate service teams on compliance requirements per cloud environment

 

Clearwire: 11/2009 to 03/2011

Sr IT & Technology Risk Manager Internal Audit                                                                                                     

  • Interface with IT management and process owners to identify and assess key IT risks and controls
  • Conduct IT process and control assessments, including planning, documentation, and analysis, testing and reporting
  • Develop and implement policies, programs, standards, and controls related to IT risks, leveraging industry IT standards and frameworks such as: COBIT, ITIL, ISO 27000-series
  • Build out Clearwire’s PCI compliance program
  • Identify opportunities for efficiencies and improvements to processes, controls, and technology systems
  • Make recommendations of best business practices and enhanced controls
  • Assist management in meeting its requirements of Sarbanes-Oxley, by helping to coordinate IT SOX activities, monitoring compliance, providing technical expertise on internal control risks and best practices, and supporting coordination with the external auditors, including oversight and management of all key activities necessary for the company to meet annual and quarterly requirements
  • Work with Legal and IT to negotiate and ensure contracts meet Clearwire’s compliance requirements (PCI, SLA’s, Security)

 

Chase- Washington Mutual: 06/2002 to 03/31/2009

Business Operations Management: Business Management Analyst Sr.         

  • Program Manager for TI GDS (Global Delivery Services) program
    • Lead for internal/external audit compliance (PCI, SOX, HIPPA, etc)
    • Led development of intake and delivery processes and SLA management
    • Vendor contract negotiation (terms, cost, compliance) and monitor vendors spend across IT organization
  • Program Manager of Technology’s National Footprint
    • Real-estate capacity and space management in charge of maintaining and reducing $7M dollar budget
    • Created and implemented process for engagement, deployment, quality checks, ROB, ROI, and reporting
    • Recognized for approximately 300,000 in cost avoidance in first quarter of implementation
  • Web Traffic Analytics Technical Specialist II: Program Lead
    • Led the Web Traffic Analytics Program for global technology at WaMu team of 10+ globally
    • Developed and executed standardized methodology encompassing processes, artifacts, tools, training, and documentation for all WaMu Web Traffic Analytics projects and programs
    • Supervised cross-functional teams for planning, development (SDLC), and operations
  • Enterprise Technology Asset Management Transition to JP Morgan Chase (JPMC)
    • Managed the transition of WaMu’s technology asset management (software/hardware) services to JPMC
    • Established the partnership between WaMu and the different groups within JPMC
    • Partnered with JPMC to build a business case to deploy a enterprise software asset management solution at JPMC, for both compliance and cost saving initiatives
    • Seattle Lab Closures and Consolidation (JPM-Chase Migration)
      • Moved all applications and infrastructure equipment from rouge and or onsite labs to data centers
      • Oversaw the decommissioning of infrastructure equipment and servers
      • Scope of project included 50 plus labs with as many as 500+ servers per facility running IIS, SQL, Windows server, Unix, and various infrastructure equipment Cisco, SUN, F5 Load Balancers, Redline, etc…
    • Corporate Information Security –Rollout of Access Data’s Forensic Investigation Tool
      • Created Business case for vendor selection and managed vendor bake off
      • Created and managed budget of 250,000
      • Rolled out new tool for security monitoring

 

F5 NETWORKS: 10/1998 to 05/2002

Strategic Support Manager

  • Developing strategic support management program supporting customers who spend over one million plus specializing in enterprise load balancing architectures
  • Technical documentation for .com traffic flows
  • Troubleshoot TCP/IP protocols related to traffic flow for the bank applications
  • Creating product solutions and developing training content
    • Management and the creation of the certification program of f5 products, a revenue generation program
    • Worked with cross functional teams to develop the training content, creating a mobile lab environment
    • Providing client training and certification worldwide
  • Working with customer to architect globally load balanced networks

 

REAL NETWORKS: 11/1997 to 10/1998

Player Escalation Engineer

  • Customer resolution for escalated issues
  • Researching of unsolved issues
  • Beta testing: stress testing Player/Player Plus, and bug reporting
  • Wrote internal and external knowledge base articles
  • Tech Support Rep. presenting at trade shows
  • Troubleshoot TCP/IP protocols related to real server content

 

PHYCOM: 08/1996 to 11/1997

Customer Implementation Support Rep

  • Set up test environment to closely resemble customers (network, communication, etc.)
  • Create and execute detailed test plans.  Document all test results or problems
  • Resolve customer issues; maintain a database of resolutions used for reporting both internally and externally
  • Quality assurance for all new releases
  • Create help files within the application