Sandra Rasmussen, Cissp Email & Phone Number

Zimmerman, MN, US

• Develop, implement, and continuously improve Vendor Risk Management program at Harver
• Complete Vendor Risk Reviews in accordance with Vendor Risk Management Program
• Process security requests from customers, including questionnaires, documentation requests, and RFIs / RFPs
• Develop, implement, and continuously improve Internal Audit program at Harver
• Conduct comprehensive internal security audits in alignment with ISO 27001 standards, identifying and mitigating vulnerabilities to ensure compliance and enhance the organization’s information security management.
• Lead process improvement in the customer facing security questionnaire request process to ensure timely and efficient completion of customer questionnaires and security requests

• Primary tool owner for file integrity monitoring tool o Maintained tool and documentation for tool, made recommendations for additional use cases, investigated unplanned changes
• Primary tool owner for security policies in next generation firewallo Subject matter expert for security policies within next generation firewall, built and maintained documentation for tool, made recommendations for.
• Primary subject matter expert on PCI Compliance for security department o Gathered evidence for PCI attestation, assisted in implementing projects to improve PCI program, coordinated annual penetration test
• Primary tool owner for cloud content management solutiono Conducted troubleshooting for users, responsible for security configuration, made recommendations to improve security posture the application, co-lead.
• Secondary subject matter expert for Computer Incident Response Team activitieso Trained Security Engineering teams on CSIRT Processo Developed, planned, and facilitated cyber security table top exerciseso Analyzed.
• Served as security representative at cross-functional meetings with Privacy, Security, and Compliance

• Assessed incoming technologies to ensure proper controls are in place and to reduce risk to Allina data and network
• Provided remediation guidance for incoming technologies that are found to be non-compliant with Allina policy
• Ran enterprise-wide Security Awareness and Education Program to promote a culture of security and reduce risk
• Created metrics pertaining to Security Awareness and Education Program to assess program performance
• Continuously improved Security Awareness and Education Program based on metrics and feedback
• Updated information security policies to align with relevant regulations and industry best practices

Minneapolis, MN

• Participated in implementation planning and gap analysis for optical character recognition project
• Gathered, analyzed and documented user requirements and functional requirements
• Developed and drafted communication, training, and implementation plans
• Facilitated and led technical meeting re: lessons learned in implementation of OCR software
• Presented findings to a variety of audiences, including executive leadership in Information Services department