Steve Alameda Ctprp, Cissp, Ccsp, Crisc

Steve Alameda Ctprp, Cissp, Ccsp, Crisc Email and Phone Number

Founder | TPRM Consultant & Strategic Program Developer | Delivering Business Value by Transforming Third-Party Risk Management @ Ventara Risk Solutions, LLC
San Francisco, California, United States
Steve Alameda Ctprp, Cissp, Ccsp, Crisc's Location
Burlingame, California, United States, United States
Steve Alameda Ctprp, Cissp, Ccsp, Crisc's Contact Details

Steve Alameda Ctprp, Cissp, Ccsp, Crisc work email

Steve Alameda Ctprp, Cissp, Ccsp, Crisc personal email

About Steve Alameda Ctprp, Cissp, Ccsp, Crisc

I am currently building a Third-Party Risk Management (TPRM) service firm (Strategic Risk Solutions, LLC) focused on delivering custom solutions that align with organizational priorities and drive meaningful risk management outcomes. While in the development stages of my business, I am open and available to collaborate on TPRM projects or consulting opportunities, leveraging over a decade of expertise in third-party risk management, cybersecurity, and compliance.My focus is on helping organizations of all sizes develop or transform their TPRM programs into strategic functions that deliver business value. By aligning third-party risk management with organizational priorities, I enable businesses to understand and address their outsourcing risk exposure in clear, actionable terms. Through strategic program design, implementation support, risk assessments, and managed services, I help organizations mitigate business-critical risks and make more informed decisions. - Comprehensive Services: Offering a diverse portfolio of services, including TPRM program design, implementation support, managed services, and risk assessments. These services are designed to address the unique challenges of all business types and industries while aligning with their strategic objectives - Client-Centric Partnerships: Committed to providing expert advice and actionable solutions, frameworks, and tools that empower clients to achieve long-term risk management success and operational efficiency - Proprietary Solutions: Developing custom TPRM frameworks, questionnaires, and monitoring solutions designed to deliver actionable insights and measurable value, ensuring alignment with client priorities - Scalable and Future-Focused Offerings: Building scalable solutions that adapt to evolving business needs and regulatory requirements, ensuring a focus on addressing business-critical risks and driving operational excellence

Steve Alameda Ctprp, Cissp, Ccsp, Crisc's Current Company Details
Ventara Risk Solutions, LLC

Ventara Risk Solutions, Llc

View
Founder | TPRM Consultant & Strategic Program Developer | Delivering Business Value by Transforming Third-Party Risk Management
San Francisco, California, United States
Steve Alameda Ctprp, Cissp, Ccsp, Crisc Work Experience Details
  • Ventara Risk Solutions, Llc
    Ventara Risk Solutions, Llc
    San Francisco, California, United States
    View
  • Reddit, Inc.
    Head Of Third-Party Risk Management
    Reddit, Inc. Nov 2021 - Dec 2023
    San Francisco, California, Us
    Accountabilities:- Ownership, development, and operation of Reddit’s Third-Party Risk Management (TPRM) program- Align TPRM program with Reddit’s strategic goals and regulatory requirements- Oversee TPRM program governance, documentation, processes, and toolsResponsibilities:- Develop all aspects of Reddit’s TPRM program- Create TPRM strategy, framework, governance, and compliance requirements- Establish TPRM policies, standards, and processes- Oversee and execute TPRM operations- Manage stakeholder relationships and communications- Define risk classifications, criteria, monitoring, remediation, communication, reporting, assessment, due diligence, contract reviews, third-party profiling, and inventory- Implement and manage Reddit’s third-party risk management platformAchievements:- Designed and established Reddit’s TPRM program from inception, enabling effective risk management of third-party relationships and reducing liabilities- Authored comprehensive TPRM governance and operating documentation, ensuring standardization and regulatory adherence- Conducted comprehensive discovery, cataloging, and profiling of all third-party vendors, providing strategic insights- Defined risk classifications, qualifications, and mitigation requirements for effective risk decision-making- Planned and implemented a third-party risk management platform, enhancing program efficiency
    View
  • Gilead Sciences
    Sr. It Risk Management Consultant
    Gilead Sciences Feb 2019 - Nov 2021
    Foster City, Ca, Us
    Roles:- IT Risk Management Program Developer and Author- FAIR Cyber Risk Integration Team Member- Third-Party Risk Management LeadFAIR Cyber Risk Integration:- Key member of the FAIR Cyber Risk Integration Team- Strategically planned and executed the implementation of Risk Lens, a Quantitative Risk Management platformLeadership in Third-Party Risk Management:- Led Third-Party Risk Management (TPRM) initiatives- Ensured robust risk assessment and mitigation strategies for third-party vendors- Implemented effective strategies to mitigate identified risksAchievements:- Developed and authored the Gilead IT Risk Management Standard- Created a comprehensive IT Risk Management Methodology- Crafted standards and methodologies to guide IT risk management practices- Established supporting processes for IT risk management
    View
  • Ge Digital
    Principal Risk Advisor - Cyber Security Vendor Risk Management
    Ge Digital Jan 2016 - Feb 2018
    San Ramon, California, Us
    Responsibilities:- Third-Party Risk Management: Develop program standards for third-party risk management- Third-Party Risk Analysis: Conduct risk assessments of IT services and solutions integrated with GE’s Predix Industrial Cloud service- Cybersecurity Leadership: Facilitate cybersecurity efforts for GE Digital’s Predix Industrial Cloud FedRAMP compliance initiative- Security Control Development: Develop operational and technical security control requirements for Predix Industrial Cloud data centers in the U.S. and U.K., and collaborate with China Telecom to define and implement security requirements for the Beijing Data Center- Standard Development: Develop and author the GE Digital Data Center Cybersecurity StandardAchievements:- Developed third-party risk management program standards, enhancing risk identification, mitigation, regulatory compliance, data protection, decision-making, and collaboration with GE Predix Industrial Cloud third parties- Established robust security control requirements for data centers in multiple regions, significantly strengthening GE Digital’s cybersecurity posture- Collaborated internationally to define and implement security standards for the Beijing Data Center, ensuring global consistency in security practices- Authored the GE Digital Data Center Cybersecurity Standard, providing a comprehensive framework for data center security
    View
  • Gilead Sciences
    Information Security And Privacy Consultant
    Gilead Sciences Jul 2014 - Jan 2016
    Foster City, Ca, Us
    Responsibilities:- Enterprise IT Risk Management: Principal contributor to Gilead's Enterprise IT Risk Management program initiative- Cyber Risk Assessments: Managed and executed cyber risk assessments for Gilead IT and manufacturing systems- Third-Party Risk Assessments: Conducted and managed third-party cyber risk assessments- SOX Compliance: Accountable for annual SOX systems security baseline compliance analysis and audit reporting- Policy Development: Developed and authored various enterprise-level cybersecurity policies, standards, and IT system minimum security baselines (MSBs)- User Security Guides: Created user security guides on topics such as acceptable use of Gilead managed applications, data protection, and privacy protectionAchievements:- Played a key role in the successful implementation of Gilead's Enterprise IT Risk Management program, enhancing overall risk posture- Conducted comprehensive cyber risk assessments, improving the security of IT and manufacturing systems- Ensured thorough third-party risk assessments, mitigating potential risks from external partners- Successfully managed SOX compliance processes, ensuring annual security baseline compliance and accurate audit reporting- Authored critical cybersecurity policies and MSBs, establishing strong security frameworks- Developed user security guides that improved awareness and adherence to security best practices among employees
    View
  • Visa, Inc
    Information Security Risk Specialist
    Visa, Inc Feb 2011 - Mar 2014
    Foster City, California, Us
    Responsibilities and Achievements at Visa's Global Information Security GroupResponsibilities:- Principal cyber risk advisor, ensuring project alignment with VISA cybersecurity and regulatory requirements (PCI DSS, FFIEC)- Conduct, oversee, and report on third-party and M&A risk assessments- Collaborate with Global Information Security teams to develop a cyber risk life cycle process and centralized risk registry- Conduct cyber risk assessments and compliance analyses across all VISA lines of business- Perform security readiness evaluations of IT systems, applications, and solutions before production implementationAchievements:- Conducted cyber risk assessments of VISA’s Core Transaction and Processing ecosystem, including credit authorization and clearing & settlement processing- Provided expert cyber risk guidance, ensuring compliance with cybersecurity and regulatory standards across multiple business initiatives- Key developer of a centralized cyber risk registry, risk tracking, and management tool- Selected to serve on VISA’s Cyber Risk Management Committee
    View
  • Data Safeguard Solutions
    Owner | Principal Security Consultant
    Data Safeguard Solutions Jan 2007 - Feb 2011
    Founder and Principal Consultant/Engineer for Data Safeguard SolutionsServices and Responsibilities:- PCI QSA (Qualified Security Assessor): Conducted over 50 PCI DSS assessments for level 1 merchants and service providers; authored Reports on Compliance (ROC) and Attestations of Compliance (AOC)- PCI DSS Consulting: Provided consulting and readiness services for all merchant levels and service providers to ensure compliance with PCI DSS requirements- ISO27001 and FISMA Consulting: Offered consulting and planning services for ISO27001 and FISMA control implementations- Policy Development: Developed comprehensive security policies, standards, and guidelines at the enterprise, operational, and technical levels for clientsAchievements:- Successfully performed over 50 PCI DSS assessments, enhancing the security posture of numerous level 1 merchants and service providers- Authored detailed ROC and AOC reports, ensuring clear and thorough documentation of compliance- Guided clients through PCI DSS readiness, resulting in successful compliance across various merchant levels- Facilitated the implementation of ISO27001 and FISMA controls, helping clients achieve and maintain compliance with these standards- Created robust security policies and standards, significantly improving clients' overall security frameworks
  • Trustwave
    Senior Information Security Consultant
    Trustwave 2006 - 2007
    Chicago, Illinois, Us
    Responsibilities: - PCI QSA (Qualified Security Assessor): Conducted PCI DSS assessments for level 1 merchants and service providers; authored Reports on Compliance (ROC) and Attestations of Compliance (AOC)- PCI DSS Consulting: Provided consulting and readiness services for all merchant levels and service providers to ensure compliance with PCI DSS requirements
    View
  • Verizon Enterprise Solutions
    Security Professional
    Verizon Enterprise Solutions 2004 - 2006
    Basking Ridge, Nj, Us
    Responsibilities:- Conducted system and network vulnerability scans using a variety of scanning tools and applications to identify and report on security weaknesses.- Performed in-depth cybersecurity assessments, including network design analysis, control reviews, and compliance analysis
    View

Steve Alameda Ctprp, Cissp, Ccsp, Crisc Skills

Pci Dss Security Information Security Cissp Information Technology Risk Management Risk Assessment Cisa Information Security Management Vulnerability Assessment Security Audits Business Continuity Iso 27001 Security Awareness It Audit Cobit Network Security Penetration Testing Computer Security Vulnerability Management Payment Industry Governance Information Security Governance Application Security Disaster Recovery Cism Security Architecture Design Identity Management Ids Data Security Identity And Access Management Payment Card Industry Data Security Standard Security Policy Web Application Security

Steve Alameda Ctprp, Cissp, Ccsp, Crisc Education Details

  • University Of California, Berkeley
    University Of California, Berkeley
    Telecommunications Engineering

Frequently Asked Questions about Steve Alameda Ctprp, Cissp, Ccsp, Crisc

What company does Steve Alameda Ctprp, Cissp, Ccsp, Crisc work for?

Steve Alameda Ctprp, Cissp, Ccsp, Crisc works for Ventara Risk Solutions, Llc

What is Steve Alameda Ctprp, Cissp, Ccsp, Crisc's role at the current company?

Steve Alameda Ctprp, Cissp, Ccsp, Crisc's current role is Founder | TPRM Consultant & Strategic Program Developer | Delivering Business Value by Transforming Third-Party Risk Management.

What is Steve Alameda Ctprp, Cissp, Ccsp, Crisc's email address?

Steve Alameda Ctprp, Cissp, Ccsp, Crisc's email address is st****@****ead.com

What schools did Steve Alameda Ctprp, Cissp, Ccsp, Crisc attend?

Steve Alameda Ctprp, Cissp, Ccsp, Crisc attended University Of California, Berkeley.

What skills is Steve Alameda Ctprp, Cissp, Ccsp, Crisc known for?

Steve Alameda Ctprp, Cissp, Ccsp, Crisc has skills like Pci Dss, Security, Information Security, Cissp, Information Technology, Risk Management, Risk Assessment, Cisa, Information Security Management, Vulnerability Assessment, Security Audits, Business Continuity.

Free Chrome Extension

Find emails, phones & company data instantly

Find verified emails from LinkedIn profiles
Get direct phone numbers & mobile contacts
Access company data & employee information
Works directly on LinkedIn - no copy/paste needed
Get Chrome Extension - Free

Aero Online

Your AI prospecting assistant

Download 750 million emails and 100 million phone numbers

Access emails and phone numbers of over 750 million business users. Instantly download verified profiles using 20+ filters, including location, job title, company, function, and industry.