David Clift Email & Phone Number
@macu.com
5 phones found area 801 and 610
LinkedIn matched
Who is David Clift? Overview
A concise factual answer block for searchers comparing this professional profile.
David Clift is listed as VP Information Security Risk Officer at Mountain America Credit Union, based in South Jordan, Utah, United States. AeroLeads shows a work email signal at macu.com, phone signal with area code 801, 610, and a matched LinkedIn profile for David Clift.
David Clift previously worked as IT Risk Management Program Manager at Mountain America Credit Union and Technology Governance Relationship Manager at Zions Bancorporation. David Clift holds Master Of Accountancy, Accounting And Information Systems from Brigham Young University.
Email format at Mountain America Credit Union
This section adds company-level context without repeating David Clift's masked contact details.
AeroLeads found 1 current-domain work email signal for David Clift. Compare company email patterns before reaching out.
About David Clift
Proven IT risk / security, regulatory compliance, and audit leader with broad experience implementing security programs, establishing regulatory compliance, and building audit and control practices to protect organizations and ensure security in the health care, retail, technology, and financial services industries. Individually contribute and lead teams in implementing IT risk / security and compliance solutions and frameworks; auditing to identify control weaknesses; and reporting program results to key stakeholders (e.g. regulators, business functional groups, IT, audit, Board of Directors, and executive leadership). Also experienced and familiar with FFIEC Guidelines, NIST SP 800-53, ISO 27000-series standards (e.g. IS 27001 / 27002), AICPA Trust Principals (SSAE16 / SOC 1, SOC 2, and SOC 3), FedRAMP, COBIT, COSO, HIPAA, PCI DSS, Gramm-Leach-Bliley Act (GLBA) privacy and security rules, and Sarbanes-Oxley (SOX).
David Clift's current company
Company context helps verify the profile and gives searchers a useful next step.
David Clift work experience
A career timeline built from the work history available for this profile.
It Risk Management Program Manager
Technology Governance Relationship Manager
Risk And Compliance Program Manager
Obtained ISO 27001, ISO 27017, and ISO 27018 certification. Building Risk and Compliance program, including governance, monitoring, reporting, risk management, and related activities.
Fedramp Program Manager
Lead cross-functional IT and business teams in building FedRAMP program, timelines, and reporting, including educating senior leadership and team members on control and documentation requirements, and guiding them through the implementation and development process.• Developed data schema and strategy to build FedRAMP implementation workflow and tracking system using Workfront tool, to automate program rollout and minimize manual efforts required to oversee control implementation and status reporting.• Educated team members in IT, Finance, and HR organizations on their responsibilities as FedRAMP control owners and obtained timelines for issue remediation and control implementation. Created roadmap for FedRAMP compliance, allowing for go-to-market strategy for Federal agencies.
Information Security Manager
Implement NIST Cybersecurity Framework; evaluate IT risk and controls, remediate control deficiencies, ensure PCI DSS compliance, write and update Department of Commerce (Commerce) security policy, manage and coordinate Department of Technology Services (DTS) security and incident response for Commerce.• Began implementation of NIST Cybersecurity Framework and identified control gaps, improving oversight and performance of IT security services for Commerce.• Consolidated individual Division policies for Bureau of Criminal Identification (BCI) information security into Commerce-wide policy, satisfying requirements for FBI audit of Criminal Justice Information (CJI) security. • Inventoried Commerce systems, applications, and databases and performed initial assessment of risks and controls, identifying preliminary control gaps and initial prioritization of more detailed control testing to be scheduled.• Updated and improved Commerce Administration Business Continuity Plan (Continuity of Operations Plan), led successful tabletop exercise, and guided Divisions to update and enhance their plans based on results of exercise.
It Risk Manager
Oversaw implementation of IT risk program, including risk assessment, tracking and remediation of IT security / cybersecurity risks, evaluation of security tools, vendor IT risk assessment program, and implementation of controls to improve security and mitigate risk. Led cross-functional teams and managed projects to implement security tools, methodologies, and frameworks to meet security requirements, including PCI DSS compliance. Budgeted annual security projects and reported results of IT risk and security program activities.• Implemented vendor IT security assessment process in new GRC tool, streamlining the approach and ensuring consistency and timeliness of vendor reviews. Performed IT risk assessments of new vendors, ensuring vendor security controls meet business needs to limit risk. • Worked with DFC Legal team to enhance vendor contract language requiring appropriate IT and security controls to protect DFC data.• Developed and oversaw corrective action plans for security improvement, and managed the reduction of IT Risk Register open / unmitigated risks & vulnerabilities from 150+ to fewer than 20 open items.• Oversaw PCI DSS gap assessment by vendor, developed security strategy roadmap for PCI compliance, and planned and initiated project within an Agile development methodology to outsource Cardholder Data Environment (infrastructure & applications) to meet PCI requirements.• Managed security policy and standards updates to meet security and PCI DSS requirements.• Oversaw remediation of control gaps and implementation of processes to meet PCI DSS requirements and other relevant standards. Directed the delivery of targeted training to improve user awareness and enhance security.
Senior Manager
Led teams in providing IT risk, consulting, and internal audit services to clients in consumer products, technology, health care, and financial services industries. Managed client relationships, budgets, and maintain satisfaction with services. Develop, mentor, and provide feedback to team members.• Improved IT internal audit process and tools. Trained and coached consultants on audit and risk methodology and new tools, resulting in consistent risk-based services, improved security, and satisfied clients.• Advised growing technology client on best practices for maintaining evidence for audits, improving external auditor reliance on control environment and reducing external audit fees paid by client.
Senior Vice President, It Audit
Led audits and oversaw results of North America audit teams impacting GECB, including audits of IT governance, infrastructure, and related processes. Prepare audit reports and share findings with relevant stakeholders, including GECB Board of Directors, FDIC Examiners, and Information Security senior leaders. Evaluate and approve management action plans and test remediation of issues. Coordinate audits and share findings with auditors and stakeholders from other Capital businesses to ensure all relevant risks are mitigated across the organization.• Conduct and oversee audits covering all aspects of IT to comply with GLBA, including governance, 3rd party oversight, problem and incident management, business continuity/disaster recovery, IT operations, IT asset management, IT security (e.g. firewalls, IDS/IPS, SIEM / log management, anti-virus), application interface controls / file integrity, identity and access management, change and release management / application development / SDLC, capacity management, patch and vulnerability management and scanning, configuration management, and physical security. Identify issues, recommend and review improvement plans, and test effectiveness of remediation efforts, thereby mitigating risk and maintaining regulatory compliance for GECB.• Prepare risk assessments and develop four year audit plan, maximizing effective use of audit team resources to reduce organization risk.• Present audit plan, program, and findings to FDIC Examiners, resulting in improved exam ratings over previous years.• Developed project management guidance and tracking tool enabling North American audit teams to more accurately track progress and improve audit efficiency.
Senior Manager, It Audit
Led audits and oversaw results of global audit teams impacting GECC CTO organization, including audits of IT infrastructure and related processes, including integrated (combined process and IT) and horizontal audits (audits of multiple business units). Prepared audit reports and shared findings with relevant stakeholders, including GECC Chief Technology Officer (CTO) organization and Information Security senior leaders. Reviewed management action plans and evaluated and tested remediation of IT issues. Coordinated audits and shared findings with auditors and stakeholders from other Capital businesses to ensure all relevant risks are mitigated across the organization. Maintained relationships with GECC CTO team members to monitor initiatives.• Conducted and oversaw audits, and evaluated and reported results from audits impacting GECC CTO organization. Identified and consolidated issues and evaluated remediation plans, thereby mitigating risk in all aspects of IT, including governance, 3rd party oversight, problem and incident management, business continuity/disaster recovery, IT operations, IT asset management, identity and access management, change and release management, capacity management, and configuration management.
Senior Information Security Analyst
Performed risk assessments and monitored compliance with University/Hospital IT security policy and regulations (e.g. HIPAA). Managed projects to improve business processes and controls. Designed and implemented University/Hospital controls and security standards. Coordinated investigation and reporting of security and privacy incidents. Developed and maintained security policy. Assisted in the design of security training, and awareness activities. Developed service provider assessment procedures and reviewed service contracts to maintain regulatory compliance.• Initiated and managed project to implement “security zones” (network segmentation) to isolate and protect critical systems, directing and coordinating the Networking, Architecture, Service Management, and Security Operations teams, to limit exposure to malicious Internet activity.• Designed a risk management framework and processes. Created risk and control survey templates, tools, and assessment methodology, allowing for streamlined, consistent measurement of compliance with control standards across University and hospital systems.• Developed and implemented University-wide IT security control standards and framework based on NIST SP 800-53, ISO 27001 / 27002, and HITRUST CSF, taking into account other standards, such as PCI DSS. Initiated improvement of the University’s control environment using the developed assessment and control framework and templates, starting with critical applications.• Performed risk and control assessments for the most critical University systems and identified control weaknesses, increasing risk awareness among IT leadership. Implemented a plan to remediate deficiencies prioritized by risk.• Developed enhanced procedures to ensure vendors, cloud-based software-as-a-service (SaaS) and other IT service providers undergo security and controls reviews prior to signing contracts, significantly reducing service provider risks and maintaining regulatory (HIPAA) compliance.
Senior Manager
Provided IT risk and audit services in both an internal and external capacity to clients in technology (hardware and software), health care and life sciences, manufacturing, and financial services industries, including reviews of IT operations and audits of IT general controls across various platforms in client / server, mini-computer, and mainframe environments, following methodologies and frameworks such as COBIT. • Scoped and planned audits by coordinating with Ernst & Young (EY) financial audit team, client internal audit team, client SOX team, and client functional / control owners, which resulted in the completion of 10 to 20 engagements annually (each between 100 and 10,000+ hours) while meeting budget and quality requirements. Reduced costs up to 20% each year.• Led the enhancement of IT audit and documentation methodology for the Pacific Northwest (PNW) Sub-Area, which resulted in more efficient audits, consistent quality, and up to 20% lower cost.• Co-directed the PNW IT Quality team, whereby quality standards were developed and communicated and team members were trained.• Performed data analytics services, including process efficiency assessment and fraud investigation.• Served as the PNW IT GAMx Champion and directed all GAMx IT training activities and communication in the PNW surrounding the implementation and rollout of GAMx (EY’s new audit tool) between National and the PNW. Identified 12 trainers and scheduled them to cover more than 45 two-day training events throughout the PNW, resulting in the successful training of over 1000 professionals on the use of the new software and related audit methodology.• Completed business process improvement assessments and identified opportunities to streamline procedures and make them more effective.• Served as counselor, coach, and mentor, and represented counselees in roundtables that determine annual ratings.
System Programmer
Set up, maintained, and configured computers for faculty and for student computer labs. Managed Novell NetWare network.Resolved faculty and student problems with estimated average response times less than one hour.
David Clift education
-
Brigham Young University
Frequently asked questions about David Clift
Quick answers generated from the profile data available on this page.
What company does David Clift work for?
David Clift works for Mountain America Credit Union.
What is David Clift's role at Mountain America Credit Union?
David Clift is listed as VP Information Security Risk Officer at Mountain America Credit Union.
What is David Clift's email address?
AeroLeads has found 1 work email signal at @macu.com for David Clift at Mountain America Credit Union.
What is David Clift's phone number?
AeroLeads has found 5 phone signal(s) with area code 801, 610 for David Clift at Mountain America Credit Union.
Where is David Clift based?
David Clift is based in South Jordan, Utah, United States while working with Mountain America Credit Union.
What companies has David Clift worked for?
David Clift has worked for Mountain America Credit Union, Zions Bancorporation, Workfront, Utah Department Of Commerce, and Dfc Global Corp..
How can I contact David Clift?
You can use AeroLeads to view verified contact signals for David Clift at Mountain America Credit Union, including work email, phone, and LinkedIn data when available.
What schools did David Clift attend?
David Clift holds Master Of Accountancy, Accounting And Information Systems from Brigham Young University.
Search by job title, company, industry, location, and seniority. Export verified B2B contact data when you need it.
Start free trial