Mark Glasby Email & Phone Number

Portland, Oregon, US

• Responsible for Vendor Risk Review process. Reviewed vendors for risk, issued findings, and assisted business owners with recommendations and remediation. Assist Privacy, Legal, and Procurement with contract language.
• Establish and perform enterprise Information Security Risk Assessment.
• Establish risk register for tracking of vendor related and internal risks.
• Advise on various information security challenges.

Portland, OR, US

• Established policy and standards on various aspects of cloud technology in a multi-cloud environment using NIST 800 series, CSA, CIS Benchmarks, and others. Worked with stakeholders on achieving compliance to standards.
• Reviewed third parties for risk, issue findings, and assisted business owners with recommendations and remediation. Worked with legal on potential contract issues pertaining to information security and protection of.
• Advised on various information security challenges. Made recommendations on how to achieve security goals in various cloud provider environments.

Beaverton, OR, US

• Performed enterprise wide information security risk assessments (including cloud infrastructure and unique cloud projects, and others).
• Assessed special vendors for information risk.
• Advised on various information security challenges including cloud technologies (AWS, Azure, and GCP), control frameworks, security best practices, and privacy issues (including GDPR and CCPA).
• Worked with business partners to address and remediate risk findings.
• Acted as a liaison between information risk and application security teams to ensure risks were being communicated and addressed.

Beaverton, OR, US

• Performed enterprise wide information security risk assessments (including cloud infrastructure and unique cloud projects, and others).
• Assessed special vendors for information risk.
• Advised on various information security challenges including cloud technologies (AWS, Azure, and GCP), control frameworks, security best practices, and privacy issues (including GDPR and CCPA).
• Worked with business partners to address and remediate risk findings.
• Acted as a liaison between information risk and application security teams to ensure risks were being communicated and addressed.

Hillsboro, Oregon, US

• Performed examiner required information security assessments (NCUA ACET). Issued findings where appropriate, and issued report for Executive Team and Board. Caretaker of examiner required evidence. Worked with Federal.
• Was responsible for IT-GRC Vendor Risk Review process. Reviewed vendors for risk, issued findings, and assisted business owners with recommendations and remediation.
• Mapped compliance with NIST Cyber Security Framework. Recommended improvements using NIST 800-53.
• Advised on various information security challenges and privacy issues (GDPR and CCPA).

Beaverton, Oregon, US

• Managed Information Security Program. Developed information security policies, processes, and standards. Implemented security program enhancements, including periodic phishing testing, password strength testing, and.
• Managed periodic penetration testing and presented to leadership team and board on findings and planned remediation.
• Performed risk assessments and worked with State of Oregon examiners to ensured compliance with NCUA and FFIEC requirements.

London, GB

• Developed risk assessment processes (application, third party, etc.), and administered RSA Archer eGRC systems.
• Performed Internal IT Risk Assessments to various lines of business as well as provided expertise to management.

London, GB

• Performed on-site security audits on third party providers (reviewed physical security, internal policies, etc.).
• Developed assessment solution for third party risk assessments.
• Administered RSA eGRC systems, and designed solutions using Archer framework.
• Performed computer forensics, investigations, network and vulnerability scanning.
• Provided training and support to facilities in India (hotline calls, vulnerability risk rating, and Archer administration).

London, GB

Performed computer forensics and electronic investigations. Custodian of electronic evidence. Performed network scanning and penetration testing, design and implement solutions utilizing Archer Framework. Provided training and support to off shore facilities in India (hotline calls, vulnerability risk rating and Archer administration).

Fort Mill, SC, US

Responsibilities include handling of all new workstation deployments within Corporate Information Technology and Pfizer Consumer Health divisions. Provide support for recently deployed workstations within the Pfizer Consumer Health Field sales division. Troubleshoot and resolve issues with newly deployed equipment. Provide support and instruction on asset.

Oldwick, NJ, US

Responsible for computer builds for new users and the upgrade of existing users. This entails the monitoring of vendor sites for hot patches (security/vulnerability and system related patches) and new releases of the operating system. Duties included support of desktop users and some production server builds and support. Create backup schedule of systems.

Washington, DC, US

Served in the United States Navy. Completed Interior Communications Electrician "A" school. Completed Basic Enlisted Submarine School. Honorable Discharge.

Education record

High School/Secondary Diplomas And Certificates