Mark Laba, Associate Certified Ciso, Cism, Csx-P, Cisa Email & Phone Number

Cleveland, Ohio, US

Pittsburgh, PA, US

• Provided oversight of the division security and compliance program and related execution activities, leading dedicated security and compliance resources and providing direction and consultation to over 20 IT personnel.
• Managed project for ongoing baseline security tool deployment on network systems.
• Organized and reported information security, compliance, and audit metrics to senior management.
• Reviewed SOC1/SOC2 reports to ensure effective controls at third party vendors
• Met corporate security initiative deadlines by driving key implementations including Java updates and privileged smart cards.
• Managed the documentation, resolution, and reporting of security incidents.

Cleveland, OH, US

• Led and directed IT Audit department in the performance of risk based audit procedures. Managed and directed IT SOX testing program. Served as IT audit subject matter expert on Audit Committee and Cyber Security.
• Built effective and collaborative relationship with an IT management team undergoing continuous restructuring.
• Proactively and collaboratively streamlined IT SOX testing to align with management's control environment.
• Recommended enhanced governance activities to Director of IT Security and CIO on information and cyber security risks.
• Trained and developed IT audit staff, reviewed employee performance, and planned staff assignments.
• Reported several IT SOX design and operating deficiencies and consulted management on remediation.

Columbus, Ohio, US

• Developed risk partner relationship with the information security business segment (CISO) after Huntington acquired FirstMerit in 2016. Assisted with the acquisition integration and open findings action plans to ensure.
• Assisted in development of information security risk register and worked with technology management to mature the overall information security risk and control environment.

Akron, OH, US

• Developed and managed risk based IT Audit plan and led staff audit assignments. Supervised, trained, and mentored IT Audit staff of four (4) on IT audits, IT SOX testing, and special project assignments including.
• Improved Audit Department value by enhancing structure, coverage, business alignment, and upgrading staff skills.
• Formulated audit recommendations leading to creation of a Privacy Officer role and establishment of an Information Security Program.
• Managed relationships between Audit Services Department and external auditors, contractors, and regulators.
• Established a formal IT SOX testing and management program providing greater executive visibility and significantly improving control design and operation.
• Completed multi-year IT audit plans and IT SOX testing with greater entity coverage bringing attention to unaddressed risk. Provided remediation consultation and recommended action plans that were largely adopted.

Marietta, Ohio, US

• Managed and performed all Information / Cyber security audits, IT audits, and IT SOX testing, included issue reporting and remediation, and control design and operating effectiveness evaluations. Audits primarily.
• Liaised with external auditors and regulators on inquiries, documentation requests and findings.
• Performed special projects including security reviews, compliance, and consultations as subject matter expert.
• Proposed first-time enhancements of the banks’ information security program and incident response plans.
• Completed IT audit plans on time and within budget for all years employed.
• Established audit programs for information security, business continuity, disaster recovery, and IBM mainframe.

• Designed, deployed, and managed various cyber security policies and controls.
• Performed targeted reviews of IT systems, processes, and applications.

Wickliffe, Ohio, US

Charlotte, North Carolina, US