Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Dustin MacFarlane

Manchester by the Sea,MA

Summary

Experienced leader in information security, privacy, and compliance with a strong background in enhancing security frameworks and managing regulatory compliance initiatives. Proven ability to lead cross-functional teams and implement robust security strategies. Certified Information Privacy Professional (CIPP/E) and Certified Information Privacy Manager (CIPM) with a focus on continuous improvement and innovation in security practices.

Overview

19
19
years of professional experience
1
1
Certification

Work History

Director, Security, Governance and Compliance

American Tower
Woburn, MA
01.2017 - Current
  • Led the implementation of ISO 27001 certification to align with data center industry standards.
  • Facilitated security-by-design and zero-trust security initiatives, including a Zscaler rollout.
  • Orchestrated GDPR readiness assessment, streamlining privacy processes across departments across over 20 international markets.
  • Built a global privacy program, addressing international privacy regulations, including GDPR, PIPEDA (Canada), POPIA (South Africa), and the Data Protection Act (Ghana).
  • Monitored United States federal and state privacy and breach notification regulations and initiatives.
  • Coordinated compliance efforts across departments for Data Subject Access Requests (DSAR), and served as de facto data privacy officer (DPO).
  • Spearheaded the development of a global third-party risk management program, including coordination with procurement teams, security posture assessments, and coordination with vendors on the remediation of findings.
  • Developed policies, procedures, and controls, including readiness assessments for new technologies, such as Robotic Process Automation (RPA) and Artificial Intelligence (AI).
  • Conducted global segregation of duties (SOD) SOX assessments for the global Oracle ERP system.
  • Developed and delivered a global security training program that covered 26 countries, in 5 languages, with a 99% completion rate.
  • Mentored team members to strengthen privacy and risk management capabilities.
  • Implemented and monitored data loss prevention efforts in collaboration with CybelAngel.

Senior Manager, Information Security

American Tower
Woburn, MA
05.2014 - 01.2017
  • Managed Security Operations team, including event and alert monitoring.
  • Developed Incident Response Playbook.
  • Maintained relationships with outside security vendors and government agencies (FBI) for the purpose of incident response coordination.
  • Coordinated Industrial Control Systems (ICS) Security Testing.
  • Enhanced access, segregation of duties, and change management controls.
  • Led an international Oracle security redesign project to create a scalable, global access design for the financial system.
  • Main point of contact for Sarbanes-Oxley (SOX) and Internal Audit engagements.
  • Developed and coordinated the Security Awareness and Simulated Phishing program.
  • Oversaw security operation controls for ISO 9001 certification.
  • Monthly presentations to executive management, including audit findings and remediation efforts, security metrics, audit findings, and security alert statistics.

Global Internal Audit IT Manager

American Tower
Woburn, MA
11.2012 - 05.2014
  • Conducted comprehensive risk assessments to aid senior management in technology investment choices.
  • Delivered audit results to executive leadership with suggestions for remediation and impact analyses.
  • Conducted health checks and application readiness assessments to verify that appropriate controls were in place.
  • Led information security and privacy compliance initiatives.
  • Developed and ran the global IT SOX control framework and testing.

IT Senior Internal Auditor

American Tower
Woburn, MA
12.2009 - 11.2012
  • Developed and led the IT Audit team, the SOX IT framework, and executed annual IT SOX testing.
  • Led annual IT risk assessments and presented identified risks to executive management.
  • Enhanced operational efficiency with risk-based audit plans and remediation efforts.
  • Led audits on access and segregation of duties, contributing to the financial system redesign.
  • Fostered strong relationships with stakeholders to ensure open communication during audits.
  • Implemented new software (TeamMate) to streamline audit documentation and increase efficiency.
  • Provided ongoing support to management with readiness assessments, health checks, and system control reviews.

Senior Associate - Systems and Process Assurance

PricewaterhouseCoopers (PwC)
Boston, MA
09.2006 - 12.2009
  • Managed the entire IT audit process, evaluated junior team members' work, and supported financial statement audits.
  • Established strong client relationships through consistent communication and excellent service delivery, both domestically and internationally
  • Identified and addressed control weaknesses during audits, leading to improved control and risk management practices.
  • Authored and maintained well-organized, efficient, and successful test cases, and audit plans for the entire team.
  • Collaborated with cross-functional teams to ensure seamless integration of IT controls during business process changes

Education

Bachelor of Science - Accounting

University of New Hampshire
Durham, NH

Master of Science - Accounting

Suffolk University - Sawyer Business School
Boston, MA

Skills

  • Risk Assessment / Security Framework Management
  • ISO 9001/27001 Certification Management
  • Third Party Risk Management (TPRM)
  • Internal and external audit, SOX, and SOC reports
  • RPA and AI control frameworks
  • Global Data Protection Standards
  • International Privacy Compliance (GDPR, LGPD, PIPEDA, POPIA, among others)
  • Security Training Development
  • Segregation of duties program implementation

Certification

  • Certified Information Privacy Professional, CIPP/E, IAPP
  • Certified Information Privacy Manager, CIPM, IAPP

Timeline

Director, Security, Governance and Compliance

American Tower
01.2017 - Current

Senior Manager, Information Security

American Tower
05.2014 - 01.2017

Global Internal Audit IT Manager

American Tower
11.2012 - 05.2014

IT Senior Internal Auditor

American Tower
12.2009 - 11.2012

Senior Associate - Systems and Process Assurance

PricewaterhouseCoopers (PwC)
09.2006 - 12.2009

Bachelor of Science - Accounting

University of New Hampshire

Master of Science - Accounting

Suffolk University - Sawyer Business School

Similar Profiles

  • Dustin MacFarlane

    Dustin MacFarlaneDustin MacFarlane

    Director, InfoSec, Governance and Compliance at American TowerDirector, InfoSec, Governance and Compliance at American Tower

    View Profile
  • Joshua Fong

    Joshua FongJoshua Fong

    Data Center Technician at American TowerData Center Technician at American Tower

    View Profile
  • JOSÉ CARLOS MORFÍN SÁNCHEZ DE LAS MATAS

    JOSÉ CARLOS MORFÍN SÁNCHEZ DE LAS MATASJOSÉ CARLOS MORFÍN SÁNCHEZ DE LAS MATAS

    Legal Manager at American Tower México (American Tower)Legal Manager at American Tower México (American Tower)

    View Profile
Dustin MacFarlane