Summary
Overview
Work History
Skills
Security program development
Certification
Information Technology Leadership
Technical Support And Training
Communication Skills
Personal Information
Timeline
Generic

ROBERT MARTINO

San Francisco,California

Summary

Experienced Information Security Professional and CISSP with 20 years of successful leadership in cybersecurity management and global IT security governance. Skilled in risk analysis, priority planning, internal auditing, and compliance. Possessing strong business and IT acumen, adept at long-term planning and team building. Demonstrating expertise in navigating complex challenges through broad-based IT background and big picture understanding of cybersecurity trends and technical risk management. Committed to continuous research for staying ahead of the curve and maintaining up-to-date knowledge of cybersecurity issues.

Overview

9
9
years of professional experience
1
1
Certification

Work History

Director, Information Security and Compliance

SOURCEPOINT
09.2022 - Current
  • Developed all aspects of the Sourcepoint Information Security program including establishing and managing global programs covering corporate, product, engineering and GRC in 3 offices across 3 countries
  • Rescoped entire ISO27001:2013 program from an ISMS to an ISO 27001:2022 / 27701:2019 compliant PIMS
  • Bug bounty program
  • ENS compliance
  • Third party
  • ISO 42001 – AI Management System
  • Collaborated with Legal to develop a customer facing program for managing RFPs during the sales and renewal cycle
  • Partnered with Engineering and Legal to deliver trainings for corporate Information Security, Privacy and Engineering
  • Transitioned security operations duties to 3rd party vendor.

Associate Director, Customer Assurance and Compliance

NATERA
10.2021 - 05.2022
  • Responsible for compliance, third party risk management and customer assurance
  • Managed QSAs and external audit resources
  • Created program for upstream and downstream vendor management and risk analysis and integrated them with the OneTrust platform
  • Secured SOC2 Type2 compliance for 2021, drove remediation items and began preparations for 2022 review and audit
  • Began transition to ISO27701 framework and creation of a PIMS
  • Partnered with IT, Engineering and Lab Services to begin preparation for NIST-CSF audit in 2022.

Sr Manager, Information Security

ZYMERGEN
10.2020 - 10.2021
  • Tasked with full ownership of the security and compliance initiative and transitioning day to day management of it away from a third-party resource
  • Developed Zymergens compliance initiative including a 5 year road map that covered ISO and NIST frameworks
  • Rescoped entire ISO27001 posture for 27001:2022 and converted ISMS to an ISPIMS for ISO27701 certification
  • Hosted and managed remediation meetings and quarterly security round table
  • Began preparations for NIST 800-53 compliance initiative for 2022
  • Partnered with engineering and assisted in implementation of source code review tool (BlackDuck) and process
  • Coordinated with Internal Audit and Corporate Compliance for SOX deliverables.

Director, Information Security

REVEL SYSTEMS
10.2015 - 04.2020
  • Managed all aspects of information security and global compliance
  • Supervised staff of six; one team member in San Francisco, three in Atlanta, and two in Lithuania
  • Monitored all networks for security breaches, investigated violations, and conducted ongoing cyber risk assessments
  • Assessed systems and recommended security enhancements to IT managers
  • As one of the first hires in 2015, developed policies and procedures to govern the business and ensure maximum system effectiveness
  • Started with a budget of $0 which grew to just under $1 million in 2020
  • Built Revel’s Information Security posture from the ground up, including software and hardware assets, networks, services, and controls
  • Developed risk inventory and prioritized risks
  • Managed team that integrated security and threat modeling into the development lifecycle, utilizing tools such as BlackDuck and SonarCloud
  • Ensured PCI compliance
  • As an individual contributor, secured ISO27001:2013 compliance for the Lithuanian office and mentored a junior team member to assume management responsibility
  • Directed team that played key role in Revel’s move from a traditional colocation facility to AWS
  • This involved active participation in design and architecture discussions, establishment of security requirements within AWS, and deployment of full internal and external scanning systems
  • Coordinated team that performed PCI compliance project that brought Revel’s back-end system up to PCI standards
  • Oversaw Internal Audit and compliance functions
  • Ensured adherence to GDPR requirements that enabled European customers to ensure proper handling / storage of data in accordance with specific requirements
  • Also enabled customers’ customers to request information on data that had been collected on them, allowing users to request that personal information be deleted from systems
  • Oversaw the development of processes to align with CCPA requirements
  • Conducted contract reviews with vendors and customers to ensure adequate provisions for security and compliance
  • Handled customer escalations due to security or PCI related issues and worked with customers 1-on-1
  • Presented security and compliance-related tracks at Revelry, Revel’s annual customer event
  • Special Project: Partnered with CoalFire to develop testing framework that will enable Category 3 devices to be certified as payment devices
  • (This framework is an effort to certify iPads as payment devices.)

Skills

  • Strategic Planning
  • Verbal and written communication
  • People Management
  • Operations Management
  • Strategies and goals
  • Organizational Development
  • Budget Control
  • Budget Management
  • Business Planning
  • Program Management
  • Contract and Vendor Management
  • Legal and Regulatory Compliance
  • Project Management

Security program development

Expertise in developing, implementing, and managing cyber-security programs, standards, and best practices. Thoroughly familiar with global security standards, guidelines, technologies, and solutions. Able to leverage resources, technologies, and internal controls to minimize risks, threats, and incidents. First-hand knowledge of common vulnerabilities and mitigation methodologies; network protocols / encryption, PCI, ISO27001/27701/42001, ENS (Esquema Nacional de Seguridad), SOC2, ITGC, and GSE compliance frameworks.

Certification

  • C|EH – Certified Ethical Hacker, EC Council (2008)
  • CISSP – Certified Information systems Security Professional #105537 (2008)
  • SunGard DR/BCP Training (2008)
  • SANS Security Leadership (2007)

Information Technology Leadership

First-hand experience designing robust, business-aligned strategies for user and platform security. Up-to-date knowledge of internal / external information security trends, technical solutions, and regulatory requirements. Cross-functional experience in business continuity planning.

Technical Support And Training

Extensive experience supporting security installations, delivering training in cybersecurity practices, guiding the safe use of social media, and ensuring secure data collection, transfers, and storage.

Communication Skills

Persuasive leader who can work collaboratively with 3rd party service providers, vendors, management, and cross-functional team members and proactively improve awareness of cyber-security threats and issues.

Personal Information

Title: CISSP

Timeline

Director, Information Security and Compliance

SOURCEPOINT
09.2022 - Current

Associate Director, Customer Assurance and Compliance

NATERA
10.2021 - 05.2022

Sr Manager, Information Security

ZYMERGEN
10.2020 - 10.2021

Director, Information Security

REVEL SYSTEMS
10.2015 - 04.2020

Similar Profiles

CREATE PROFILE
ROBERT MARTINO