Manage the process for achieving and maintaining relevant cybersecurity certifications and attestations; including, but not limited to, FedRAMP, StateRAMP, SOC 2, and ISO.Ensure the organization’s cybersecurity practices comply with relevant laws and regulations.Create and maintain policies to reflect the organization’s cybersecurity requirements and practices.Work with stakeholders to ensure controls are implemented to achieve control objectives enumerated in security policies.Plan and conduct regular internal audits to assess the organization’s compliance with cybersecurity requirements.Work with external auditors and penetration testers to assess the organization’s compliance with cybersecurity requirements.Develop and oversee the implementation of corrective action plans to address gaps identified during internal and external audits.

In conjunction with the Director of Governance, Risk & Compliance, lead our efforts to mature CLA’s risk management program, processes, and strategy. Facilitating organizational change through utilization of various risk identification, mitigation, and remediation strategies.Lead CLA's security compliance and certification program as related to various security and privacy control frameworks such as CMMC, NIST 800-171, CISv8, HIPAA, and SOC 2.

Managing a team leading the facilitation of Thomson Reuters' Service Organization Control (SOC) reporting. Work with cross-functional teams and leaders of Business Units to create efficiencies in reporting, assisting commercial teams to make a positive impact on customer revenue, and improving overall security maturity against industry standards.

•Execute on all aspects of information security SOC 1 and SOC 2 efforts including working with stakeholders, planning, preparation, control documentation, reporting and follow-up activities•Developing controls and terms of reference to ensure documentation is aligned to the internal risks and regulatory requirements of Thomson Reuters•Complete walkthrough and process documentation of controls to ensure effective control design•Support the identification of appropriate sample sizes and testing to ensure effectiveness of controls•Review and agree findings with the respective auditor•Define remediation plans for agreed findings with all stakeholders including Control Owners and Program Owners that mitigate the risks identified•Oversee the activities of assessment team members as required•Support the implementation of controls for new processes, products and solutions across Thomson Reuters•Ensure all documentation and reporting meets the process and quality requirements of the Thomson Reuters ISRM Compliance function•Build and maintain relationships with key stakeholders to improve risk awareness and compliance as a subject matter expert and identify process improvement opportunities

Safeguard the organization’s information through the performance of risk assessments, influencing policies and standards, while also contributing to the organization's security awareness. Ensure the organization's vendors, applications and organizational changes occur within the boundaries of the organization’s risk tolerance. Participate in projects and assessments as a security consultant or advisor on risk. Research general and industry specific security trends. Analyze and define security policies and information security standards. Provide detail to project teams regarding security requirements. Create and present risk reports, policies, results and deliverables.Participate in projects and assessments on risk determination. Identify, quantify and communicate risk to customers with a wide variety of backgrounds (technical and business).Utilize of regulations/security standards such as GLBA, PCI, HIPAA, FFIEC. Utilize industry standard Risk Assessment approaches such as NIST 800-30.Adhere to Technical, Administrative and Physical controls to safeguard information security. Drive assessments through interviews and relationships to understand and quantifyappropriate risks.Maintain holistic view of an Information Security Program and the role of key components to ensure protection of information. Interpret, author and analyze security policies and standards. Influence and participate in building and administering security awareness in the organization.

We help you protect your brand, both business AND personal. Your success is our success.By building from the great truth "There is no such thing as 100% secure", we will help you to tell and defend your "story" and reap the benefits of strategic information security program design and execution.Orange Parachute is a management consulting firm that helps our clients to clarify & simplify your vision for Information Security and gain traction by designing custom systems that optimize and continuously improve your people, processes & technology to enhance information asset confidentiality, integrity & availability. Starting with solid strategy and simplifying execution at the tactical and operational levels, our clients leverage a defensible, risk-based approach and realize the numerous benefits of doing so, not limited to protecting your brand, the power of informed decision, and program sustainability. We are well known for Information Security Management Systems (ISMS) design and implementation (ISO 27001 certification), and C-level leaders now realize the value of systematic improvement of your information security program. The quality in an Orange Parachute designed ISMS allows our clients to meet the spirit and intent of security related compliance initiatives efficiently and effectively. Our intellectual property and subject matter expertise is leveraged throughout the U.S. and abroad. Services: Information Security Program Strategy (Vision + Traction), Security Breach Strategy, Viral Vision (Security Culture & Awareness), Information Security Management Systems (ISMS)(ISO 27001 certification), Information Asset Management, Data Privacy Integration, Certification/Compliance Consulting.Product: Proven Process Security Program DocumentationCertification Readiness: ISO 27001, FedRAMP ATO Compliance Readiness: HIPAA/HITECH/HITRUST, ISO 27018, ISO 29100, ISO 27005, ISO 31000, PCI-DSS, SOC 2, CSA STAR, FISMA, DIACAP, NIST, FIPS, MPAA, FERPA, etc.