Stephanie Rae Gass Email and Phone Number

Responsibilities•Work closely with all levels within the organization to provide internal support and consultative advice pertaining to information security, privacy and artificial intelligence •Oversee the process with external auditors on behalf of the Information Security Office•Perform Risk Assessments and Regulatory Assessments •Evaluate Organizational Risks based on audit findings•Evaluate Organizational Compliance with applicable laws and regulations (GDPR, NIST 800-171, NIST CSF, NIST RMF)•Building of a sustainable audit program•Developing a privacy program, including integration of a privacy platform •In coordination with legal, incorporated a Cybersecurity Plan and Data Protection Plan into the CIS contractsEngagements•Speaker, MS/EI-ISAC Annual Meeting - Managing Cyber Threats through Effective Governance (2022 and 2023)•Speaker, MS/EI-ISAC Annual Meeting - Security and Compliance: Understanding the Difference; Hoping for the Best, Preparing for the Worst: Why Incident Response and GRC Go Hand-in-Hand (2024)Project•ISO 27001/27701 - Lead•FISMA Moderate- Lead•Continuing to oversee the SOC 2 and SOC for Cybersecurity programsBoard•AI Governance Board, Co-Chair 2024-

Responsibilities•Work closely with all levels within the organization to provide internal support and consultative advice pertaining to information security•Work closely with external auditors on behalf of the Information Security Office•Perform Risk Assessments and Regulatory Assessments •Evaluate Organizational Risks based on audit findings•Evaluate Organizational Compliance with applicable laws and regulations (GDPR, NIST 800-171, NIST CSF, NIST RMF)Paper•Managing Cyber Threats through Effective Governance: A Call to Action for Governors and Legislatures - Contributing Author and Whitepaper LeadProject•SOC 2 Type 1 Organizational Alignment - Lead•SOC 2 Type 2 - Lead•SOC for Cybersecurity - Lead

Responsibilities•Work closely with all levels within the organization to provide internal support and consultative advice pertaining to information security•Work closely with external and internal auditors on behalf of the IT organization - DHS, DoD, Certification Bodies, among others•Risk Management Lead, implemented and established the Risk Management Framework - Oversee the Global Risk Review Committee for IT Organizational Risks•Review Data Control Plans in collaboration with the Cyber Defense Team to ensure the Data Flow is secured based on the Data Types•Ensure information security compliance - DFAR/CDI/CUI, Export Controls (ITAR/EAR), NIST Risk Management Framework, ISO 27001, ISO 9001, Common Criteria, CFATS•Key Stakeholder in the Global Data Classification Project•Cleared employeeISO27001 Lead Auditor

•Ensure the credit union is in compliance with all internal, Federal and State regulations.Responsibilities•Conduct financial, operational and compliance audits as outlined in the Annual Internal Audit Plan•Review operations and programs to determine if results are consistent with established objectives and goals, and if the operations or programs are being carried out as intended•Create audit reports outlining strengths and weaknesses in the control environment and compliance to all policies and procedures on Federal, State, and Credit Union level•Perform audits/reviews regarding operations, but not limited to audit program development, data collection and analysis, procedural analysis, internal control assessment, and preparation of finding summary and recommendation for corrective action •Conduct investigations or special audits as requested, including fraud investigations •Work closely with credit union management and staff to provide internal support and consultative advice•Participate in the monthly Fraud Committee Meetings

•Ensure that all lenders in the credit union are in compliance with all internal and Federal regulations pertaining to consumer lending.Responsibilities•Completed Branch Level & Individual Quality Control Audits on current lending processes and procedures•Presented weekly reports on select findings, utilizing Excel, Word and system generated reports•Design recommendations for areas of improvement with lenders•Assisted in the development of Lending Refreshers •Performed special audits on individual loans or lenders at the request of Management of Consumer and Indirect Lending or the Director of Retail Lending•Structured and outlined the procedures for the Consumer and Indirect Lending Quality Control Process•Participate in the monthly Fraud Committee Meetings

•Maintained the highest standards for management practices and business ethics while adhering to all State, Federal, and local regulations.•Developed action plans to increase branch growth opportunities and staff developmentResponsibilities•Responsible for all operations of the branch in the absence of the manager•Maintained compliance with all Federal / State / Local regulations and guidelines•Lead in audits of all negotiable inventory and branch procedures•Lending Authority, utilizing open-ended lending practices•Reviewed and detected counterfeit items attempted to be negotiated by members •Proposed and implemented branch specific policies and procedures to increase operational efficiency

•Performed due diligence investigations for financial, private, and government institutions•Conducted legal research for on-going cases•United States Court Project: Created a database for investigators to utilize when conducting investigations between different states and jurisdictions. The database also lays out each states’ court system