Alisa Jones
Seattle,WA
Summary
Strategic IT Governance & Risk Leader with 20+ years of experience strengthening enterprise GRC programs across complex technology environments. Eliminated 100% of SOX deficiencies, reduced high-risk exposure by up to 35%, and improved control effectiveness through ITGC, PCI DSS, and SDLC security integration. Proven record of maturing compliance frameworks, embedding risk metrics and KRIs, and driving audit-ready operations with zero repeat findings. Trusted cross-functional partner to Security, Engineering, and Business leaders, delivering measurable risk reduction, operational resilience, and cost efficiencies exceeding $2M.
Overview
24
24
years of professional experience
1
1
Certification
Work History
Program & Product Release Manager
Alaska Airlines
SeaTac, WA
09.2023 - Current
- Eliminated 100% of SOX control deficiencies within 12 months by redesigning ITGC controls, strengthening control documentation, and partnering with Internal Audit—achieving zero repeat findings and increased audit maturity.
- Led enterprise IT risk assessments aligned to NIST CSF principles, identifying high-risk control gaps and reducing overall risk exposure by 35% through targeted remediation plans.
- Developed and operationalized risk dashboards and KRIs, providing real-time visibility into compliance posture, control effectiveness, and regulatory adherence across 50+ initiatives.
- Partnered with Information Security, Engineering, and Business teams to ensure confidentiality, integrity, and availability (CIA) controls were embedded into SDLC and release management processes.
- Implemented structured governance processes that improved change control compliance by 40% and reduced production security incidents by 25%.
People Team - Program & Product Release Manager
Expedia Group
Seattle, WA
02.2018 - 07.2023
- Increased governance effectiveness 92% by embedding IT risk checkpoints and SDLC controls into release lifecycle processes, reducing production risk exposure across 40+ applications.
- Achieved 100% sustained SOX ITGC compliance by maturing control frameworks and audit evidence processes—delivering zero repeat findings.
- Led enterprise PCI DSS remediation, closing 95% of payment-security gaps within one audit cycle and elevating external audit readiness.
- Designed executive IT risk metrics and KRIs, reducing high-risk exposure by 30% YoY through proactive monitoring and mitigation.
- Integrated CIA security controls into architecture and CI/CD pipelines, decreasing control exceptions by 30% and lowering post-release security incidents by 25%.
Enterprise Partner Solutions - Problem Management
Expedia Group
Seattle, WA
02.2018 - 07.2023
- Directed Major Incident and root cause governance processes, reducing recurring security and operational incidents by 28% through proactive trend analysis.
- Assessed information security events and collaborated with cross-functional teams to develop mitigation and response strategies, strengthening operational resilience.
Technical Account Manager - Vendor Risk & Platform
Expedia Group
Seattle, WA
02.2018 - 07.2023
- Conducted third-party risk assessments of strategic technology vendors, identifying control gaps and driving remediation plans that reduced vendor-related risk exposure by 20%.
- Developed vendor security scorecards aligned to internal compliance standards and regulatory expectations.
- Partnered with business and technical stakeholders to ensure vendor platforms met data protection and information security requirements.
Data Services Platform - Technical Account Manager
Expedia Group
Seattle, WA
02.2018 - 07.2023
- Accelerated enterprise platform adoption by 40% by embedding IT governance and security control requirements into deployment standards, reducing implementation risk across 15+ integrated technologies.
- Conducted 25+ third-party/vendor risk assessments annually, identifying control gaps and driving remediation plans that reduced vendor-related risk exposure by 20% and improved compliance alignment with internal security policies.
- Strengthened confidentiality, integrity, and availability (CIA) controls across partner integrations, decreasing partner-driven security incidents by 30% and improving audit transparency.
- Delivered quarterly executive risk briefings and roadmap reviews, influencing mitigation strategies that reduced high-severity platform vulnerabilities by 35%.
- Designed and implemented vendor security scorecards and KRIs, enabling continuous monitoring and improving vendor compliance performance ratings by 25% year-over-year.
Azure Cloud Tools Operations Release Manager
Microsoft Corporation
Redmond, WA
12.2001 - 10.2016
- Led governance and risk oversight for enterprise cloud tools supporting global engineering teams, embedding security-by-design and SDLC control checkpoints across release cycles.
- Reduced change-related risk exposure by 35% by automating repeatable operational processes (runbooks, APIs, tooling), strengthening operational security and control consistency.
- Decreased manual change tickets by 40% by implementing secure self-service capabilities, improving control traceability and compliance adherence.
- Partnered with engineering, service management, and operations teams to align releases with IT governance standards and risk mitigation strategies, improving release success rates and reducing post-deployment incidents.
Senior Service Mannager
Microsoft Corporation
Redmond, WA
12.2001 - 10.2016
- Strengthened enterprise IT governance by formalizing SDLC, risk assessment, and PMO control frameworks, improving audit readiness and reducing control gaps across regulated services.
- Led SOX-aligned service control reviews and documentation efforts, contributing to sustained compliance and improved audit outcomes.
- Developed KPI-driven Service Improvement Plans that reduced recurring operational incidents by 30% and enhanced risk transparency for leadership.
- Reduced ITSM platform risk and operational complexity by leading transition planning to ServiceNow, improving governance standardization and control visibility.
Program Manager and PMO Lead
Microsoft Corporation
Redmond, WA
12.2001 - 10.2016
- Directed global PMO governance for cross-functional technology initiatives, managing risk tracking, compliance reporting, and executive-level program transparency.
- Implemented enterprise reporting dashboards that reduced manual status reporting efforts by 50% and improved risk visibility across global teams.
- Established governance processes for new service launches, embedding compliance, risk assessment, and control validation prior to production deployment.
Regional Operations Manager
Microsoft Corporation
Redmond, WA
12.2001 - 10.2016
- Oversaw risk, compliance, and operational governance for 6 production data centers and 21 lab environments, supporting 125 user teams and 44 product groups.
- Managed lifecycle governance of 35,000+ enterprise assets, strengthening configuration control and reducing infrastructure-related risk exposure.
- Avoided $2M in lease extension costs through strategic risk-based planning; delivered site transitions 2 weeks early with 40% budget savings.
- Reduced vendor risk and operational spend by $240K annually by consolidating vendors, renegotiating contracts, and enforcing compliance with corporate policy and labor standards.
- Identified and recovered $40K in tax credits and eliminated $32K in non-compliant vendor expenses through enhanced contract governance and financial risk review.
Education
Biology
San Joaquin Delta College
Stockton, CASkills
- Compliance Program Management
- SOX, ITGC & Regulatory Controls
- Governance, Risk & Compliance (GRC)
- Audit Management (Internal & External)
- Risk Assessment & Mitigation
- Program & Release Management
- Agile / Scrum Methodologies
- Cross-Functional Leadership
- Stakeholder Engagement
- Process Improvement
- Data Analytics & KPI Reporting
- Vendor & Financial Management
Certification
- Certified Scrum Master (CSM)
- ITSM
- MCSE
- Advanced Excel
Timeline
Program & Product Release Manager
Alaska Airlines
09.2023 - Current
People Team - Program & Product Release Manager
Expedia Group
02.2018 - 07.2023
Enterprise Partner Solutions - Problem Management
Expedia Group
02.2018 - 07.2023
Technical Account Manager - Vendor Risk & Platform
Expedia Group
02.2018 - 07.2023
Data Services Platform - Technical Account Manager
Expedia Group
02.2018 - 07.2023
Azure Cloud Tools Operations Release Manager
Microsoft Corporation
12.2001 - 10.2016
Senior Service Mannager
Microsoft Corporation
12.2001 - 10.2016
Program Manager and PMO Lead
Microsoft Corporation
12.2001 - 10.2016
Regional Operations Manager
Microsoft Corporation
12.2001 - 10.2016
Biology
San Joaquin Delta College
Tools
AuditBoard, Jira, ADO, Confluence, ServiceNow, Cherwell, Smartsheet, Microsoft 365, SharePoint, ChatGPT, Copilot