Mark Azzolina Email & Phone Number

Castle Rock, CO, US

London, United Kingdom, GB

• Virtual Chief Information Security Officer (vCISO), (2019 – Present)
• Serve as fractional vCISO for several multi-national corporations including a large multi-national medical device manufacturer with $1.25B+ in annual revenue, a aircraft leasing company, and a transportation company
• Provide oversight, strategic direction, and cybersecurity operations management for medical device manufacturer comprised of 11+ business units in 30+ locations with 8,000 employees utilizing both on-premise and cloud.
• Spearhead the implementation of new security solutions based on pre-defined cybersecurity requirements and the corporate risk profile and manage the development of all cybersecurity policies, plans, and procedures.
• Responsible for the governance, risk, and compliance of cybersecurity activities and performance.
• Direct all outsourced cybersecurity functions, including the security operations center, email protections, penetration tests, and cybersecurity-related professional services.

Denver, CO, US

• Conducted risk assessments, gap analyses, maturity assessments, and data flow analyses against industry best practices, standards, and regulatory requirements.
• Conducted ISO 27001/2, HIPAA, PCI, CIS CSC 20, NIST Cybersecurity Framework, NIST SP 800-53, FFIEC Cybersecurity Assessment Tool, and CSA CCM gap analyses, maturity assessments, risk assessments, and threat agent risk.
• Performed in-depth business unit analyses for strategic insurance industry clients to identify the point of exposure for sensitive data in hardcopy form.
• Completed PCI Reports on Compliance (ROC) for global retailer and ATM solutions developer.
• Developed PCI-compliant vulnerability management system corporate standards and procedures and information security policies that complied with various industry standards and frameworks.
• Conducted in-depth data flow analysis of PCI, PII, and PHI data for financial institutions and healthcare organizations.

Pleasanton, CA, US

• Served in an executive-level role with profit and loss (P&L) responsibility for the Cybersecurity Practice.
• Oversaw the development of security sales materials, educational webinars, and client presentations.
• Developed and implemented growth strategies for the penetration of various markets, including government (federal, state, local, DoD) and commercial (financial, healthcare, education).
• Utilized a consultative sales approach specifically targeted to clients with information security needs and developed security service offerings, including CISO as a Service.
• Made sales calls, wrote statements of work (SOWs), and developed pricing for all Cybersecurity practice-related opportunities.
• Conducted in-depth HIPAA-related risk assessments and developed gap analysis and a roadmap so the hospital could apply for HITECH Meaningful Use incentives.

Armonk, New York, NY, US

• Worked with large financial institutions' CxO-level personnel in a consultative sales approach to identify and analyze enterprise security requirements and develop appropriate security solutions.
• Responsible for the initial identification of security needs to the closing of the sale and transition to delivery.
• Re-established strategic client relationships with corporate security principals in dormant accounts.

Irvine, California, US

• Provided high-level consulting and NIST risk assessment services to publicly held companies to achieve FISMA/NIST compliance for their security management program.
• Developed and implemented risk management guides and templates now used by the largest client for the consistent, quality development of risk management sections on federal proposals.
• Led the development and delivery of the technical volume for the Social Security Administration Disability Claims Processing System proposal valued at $250M+.
• Directed numerous authors in the development of the technical volume for managed services for the United Health Network of Ontario, Canada.
• Drove the development of the technical solutions and volume for the Army Electronic Messaging and Collaboration System valued at approximately $240M.

Bs, Computer Science

Ma, Computer Resource Management